diff options
-rw-r--r-- | server/providers/data_provider.h | 1 | ||||
-rw-r--r-- | server/providers/dp_auth_util.c | 11 | ||||
-rw-r--r-- | server/responder/pam/pamsrv_cmd.c | 19 | ||||
-rw-r--r-- | sss_client/pam_sss.c | 43 | ||||
-rw-r--r-- | sss_client/sss_cli.h | 3 |
5 files changed, 63 insertions, 14 deletions
diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h index 18863409..790194ce 100644 --- a/server/providers/data_provider.h +++ b/server/providers/data_provider.h @@ -110,6 +110,7 @@ struct pam_data { char *rhost; uint8_t *authtok; uint8_t *newauthtok; + uint32_t cli_pid; int pam_status; int response_delay; diff --git a/server/providers/dp_auth_util.c b/server/providers/dp_auth_util.c index 492ac7cf..80e9f167 100644 --- a/server/providers/dp_auth_util.c +++ b/server/providers/dp_auth_util.c @@ -37,6 +37,7 @@ void pam_print_data(int l, struct pam_data *pd) DEBUG(l, ("priv: %d\n", pd->priv)); DEBUG(l, ("pw_uid: %d\n", pd->pw_uid)); DEBUG(l, ("gr_gid: %d\n", pd->gr_gid)); + DEBUG(l, ("cli_pid: %d\n", pd->cli_pid)); } int pam_add_response(struct pam_data *pd, enum response_type type, @@ -76,17 +77,18 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd) DBUS_TYPE_STRING, &(pd->tty), DBUS_TYPE_STRING, &(pd->ruser), DBUS_TYPE_STRING, &(pd->rhost), - DBUS_TYPE_INT32, &(pd->authtok_type), + DBUS_TYPE_UINT32, &(pd->authtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &(pd->authtok), (pd->authtok_size), - DBUS_TYPE_INT32, &(pd->newauthtok_type), + DBUS_TYPE_UINT32, &(pd->newauthtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &(pd->newauthtok), pd->newauthtok_size, DBUS_TYPE_INT32, &(pd->priv), DBUS_TYPE_INT32, &(pd->pw_uid), DBUS_TYPE_INT32, &(pd->gr_gid), + DBUS_TYPE_UINT32, &(pd->cli_pid), DBUS_TYPE_INVALID); return ret; @@ -104,17 +106,18 @@ bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbu DBUS_TYPE_STRING, &(pd->tty), DBUS_TYPE_STRING, &(pd->ruser), DBUS_TYPE_STRING, &(pd->rhost), - DBUS_TYPE_INT32, &(pd->authtok_type), + DBUS_TYPE_UINT32, &(pd->authtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &(pd->authtok), &(pd->authtok_size), - DBUS_TYPE_INT32, &(pd->newauthtok_type), + DBUS_TYPE_UINT32, &(pd->newauthtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, &(pd->newauthtok), &(pd->newauthtok_size), DBUS_TYPE_INT32, &(pd->priv), DBUS_TYPE_INT32, &(pd->pw_uid), DBUS_TYPE_INT32, &(pd->gr_gid), + DBUS_TYPE_UINT32, &(pd->cli_pid), DBUS_TYPE_INVALID); return ret; diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c index 1204e325..62cd2a50 100644 --- a/server/responder/pam/pamsrv_cmd.c +++ b/server/responder/pam/pamsrv_cmd.c @@ -71,6 +71,20 @@ static int extract_string(char **var, uint8_t *body, size_t blen, size_t *c) { return EOK; } +static int extract_uint32_t(uint32_t *var, uint8_t *body, size_t blen, size_t *c) { + uint32_t size; + + if (blen-(*c) < 2*sizeof(uint32_t)) return EINVAL; + + size = ((uint32_t *)&body[*c])[0]; + *c += sizeof(uint32_t); + + *var = ((uint32_t *)&body[*c])[0]; + *c += sizeof(uint32_t); + + return EOK; +} + static int pam_parse_in_data_v2(struct sss_names_ctx *snctx, struct pam_data *pd, uint8_t *body, size_t blen) @@ -119,6 +133,11 @@ static int pam_parse_in_data_v2(struct sss_names_ctx *snctx, ret = extract_string(&pd->rhost, body, blen, &c); if (ret != EOK) return ret; break; + case PAM_ITEM_CLI_PID: + ret = extract_uint32_t(&pd->cli_pid, + body, blen, &c); + if (ret != EOK) return ret; + break; case PAM_ITEM_AUTHTOK: ret = extract_authtok(&pd->authtok_type, &pd->authtok_size, &pd->authtok, body, blen, &c); diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 3d00e289..41dc32bf 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -66,6 +66,7 @@ struct pam_items { size_t pam_newauthtok_size; char *pam_cli_locale; size_t pam_cli_locale_size; + pid_t cli_pid; }; #define DEBUG_MGS_LEN 1024 @@ -124,11 +125,29 @@ static size_t add_authtok_item(enum pam_item_type type, return rp; } + +static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val, + uint8_t *buf) { + size_t rp=0; + + + ((uint32_t *)(&buf[rp]))[0] = type; + rp += sizeof(uint32_t); + + ((uint32_t *)(&buf[rp]))[0] = sizeof(uint32_t); + rp += sizeof(uint32_t); + + ((uint32_t *)(&buf[rp]))[0] = val; + rp += sizeof(uint32_t); + + return rp; +} + static size_t add_string_item(enum pam_item_type type, const char *str, const size_t size, uint8_t *buf) { size_t rp=0; - if (*str == '\0') return 0; + if (str == NULL || *str == '\0') return 0; ((uint32_t *)(&buf[rp]))[0] = type; rp += sizeof(uint32_t); @@ -151,20 +170,21 @@ static int pack_message_v2(struct pam_items *pi, size_t *size, len = sizeof(uint32_t) + 2*sizeof(uint32_t) + pi->pam_user_size + sizeof(uint32_t); - len += *pi->pam_service != '\0' ? + len += *pi->pam_service != '\0' ? 2*sizeof(uint32_t) + pi->pam_service_size : 0; - len += *pi->pam_tty != '\0' ? + len += *pi->pam_tty != '\0' ? 2*sizeof(uint32_t) + pi->pam_tty_size : 0; - len += *pi->pam_ruser != '\0' ? + len += *pi->pam_ruser != '\0' ? 2*sizeof(uint32_t) + pi->pam_ruser_size : 0; - len += *pi->pam_rhost != '\0' ? + len += *pi->pam_rhost != '\0' ? 2*sizeof(uint32_t) + pi->pam_rhost_size : 0; - len += *pi->pam_cli_locale != '\0' ? + len += *pi->pam_cli_locale != '\0' ? 2*sizeof(uint32_t) + pi->pam_cli_locale_size : 0; - len += pi->pam_authtok != NULL ? + len += pi->pam_authtok != NULL ? 3*sizeof(uint32_t) + pi->pam_authtok_size : 0; - len += pi->pam_newauthtok != NULL ? + len += pi->pam_newauthtok != NULL ? 3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0; + len += 3*sizeof(uint32_t); /* cli_pid */ buf = malloc(len); if (buf == NULL) { @@ -191,9 +211,11 @@ static int pack_message_v2(struct pam_items *pi, size_t *size, rp += add_string_item(PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, &buf[rp]); - rp += add_string_item(PAM_CLI_LOCALE, pi->pam_cli_locale, + rp += add_string_item(PAM_ITEM_CLI_LOCALE, pi->pam_cli_locale, pi->pam_cli_locale_size, &buf[rp]); + rp += add_uint32_t_item(PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, &buf[rp]); + rp += add_authtok_item(PAM_ITEM_AUTHTOK, pi->pam_authtok_type, pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); _pam_overwrite_n((void *)pi->pam_authtok, pi->pam_authtok_size); @@ -486,6 +508,8 @@ static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi) } pi->pam_cli_locale_size = strlen(pi->pam_cli_locale)+1; + pi->cli_pid = getpid(); + return PAM_SUCCESS; } @@ -505,6 +529,7 @@ static void print_pam_items(struct pam_items *pi) D(("Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_authtok))); D(("Newauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_newauthtok))); D(("Locale: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_cli_locale))); + D(("Cli_PID: %d", pi->cli_pid)); } static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi, diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h index 7e0d4dbd..2b4e5027 100644 --- a/sss_client/sss_cli.h +++ b/sss_client/sss_cli.h @@ -149,7 +149,8 @@ enum pam_item_type { PAM_ITEM_RHOST, PAM_ITEM_AUTHTOK, PAM_ITEM_NEWAUTHTOK, - PAM_CLI_LOCALE, + PAM_ITEM_CLI_LOCALE, + PAM_ITEM_CLI_PID, }; #define SSS_NSS_MAX_ENTRIES 256 |