summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/providers/data_provider.h1
-rw-r--r--server/providers/dp_auth_util.c11
-rw-r--r--server/responder/pam/pamsrv_cmd.c19
-rw-r--r--sss_client/pam_sss.c43
-rw-r--r--sss_client/sss_cli.h3
5 files changed, 63 insertions, 14 deletions
diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h
index 18863409..790194ce 100644
--- a/server/providers/data_provider.h
+++ b/server/providers/data_provider.h
@@ -110,6 +110,7 @@ struct pam_data {
char *rhost;
uint8_t *authtok;
uint8_t *newauthtok;
+ uint32_t cli_pid;
int pam_status;
int response_delay;
diff --git a/server/providers/dp_auth_util.c b/server/providers/dp_auth_util.c
index 492ac7cf..80e9f167 100644
--- a/server/providers/dp_auth_util.c
+++ b/server/providers/dp_auth_util.c
@@ -37,6 +37,7 @@ void pam_print_data(int l, struct pam_data *pd)
DEBUG(l, ("priv: %d\n", pd->priv));
DEBUG(l, ("pw_uid: %d\n", pd->pw_uid));
DEBUG(l, ("gr_gid: %d\n", pd->gr_gid));
+ DEBUG(l, ("cli_pid: %d\n", pd->cli_pid));
}
int pam_add_response(struct pam_data *pd, enum response_type type,
@@ -76,17 +77,18 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd)
DBUS_TYPE_STRING, &(pd->tty),
DBUS_TYPE_STRING, &(pd->ruser),
DBUS_TYPE_STRING, &(pd->rhost),
- DBUS_TYPE_INT32, &(pd->authtok_type),
+ DBUS_TYPE_UINT32, &(pd->authtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->authtok),
(pd->authtok_size),
- DBUS_TYPE_INT32, &(pd->newauthtok_type),
+ DBUS_TYPE_UINT32, &(pd->newauthtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->newauthtok),
pd->newauthtok_size,
DBUS_TYPE_INT32, &(pd->priv),
DBUS_TYPE_INT32, &(pd->pw_uid),
DBUS_TYPE_INT32, &(pd->gr_gid),
+ DBUS_TYPE_UINT32, &(pd->cli_pid),
DBUS_TYPE_INVALID);
return ret;
@@ -104,17 +106,18 @@ bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbu
DBUS_TYPE_STRING, &(pd->tty),
DBUS_TYPE_STRING, &(pd->ruser),
DBUS_TYPE_STRING, &(pd->rhost),
- DBUS_TYPE_INT32, &(pd->authtok_type),
+ DBUS_TYPE_UINT32, &(pd->authtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->authtok),
&(pd->authtok_size),
- DBUS_TYPE_INT32, &(pd->newauthtok_type),
+ DBUS_TYPE_UINT32, &(pd->newauthtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->newauthtok),
&(pd->newauthtok_size),
DBUS_TYPE_INT32, &(pd->priv),
DBUS_TYPE_INT32, &(pd->pw_uid),
DBUS_TYPE_INT32, &(pd->gr_gid),
+ DBUS_TYPE_UINT32, &(pd->cli_pid),
DBUS_TYPE_INVALID);
return ret;
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c
index 1204e325..62cd2a50 100644
--- a/server/responder/pam/pamsrv_cmd.c
+++ b/server/responder/pam/pamsrv_cmd.c
@@ -71,6 +71,20 @@ static int extract_string(char **var, uint8_t *body, size_t blen, size_t *c) {
return EOK;
}
+static int extract_uint32_t(uint32_t *var, uint8_t *body, size_t blen, size_t *c) {
+ uint32_t size;
+
+ if (blen-(*c) < 2*sizeof(uint32_t)) return EINVAL;
+
+ size = ((uint32_t *)&body[*c])[0];
+ *c += sizeof(uint32_t);
+
+ *var = ((uint32_t *)&body[*c])[0];
+ *c += sizeof(uint32_t);
+
+ return EOK;
+}
+
static int pam_parse_in_data_v2(struct sss_names_ctx *snctx,
struct pam_data *pd,
uint8_t *body, size_t blen)
@@ -119,6 +133,11 @@ static int pam_parse_in_data_v2(struct sss_names_ctx *snctx,
ret = extract_string(&pd->rhost, body, blen, &c);
if (ret != EOK) return ret;
break;
+ case PAM_ITEM_CLI_PID:
+ ret = extract_uint32_t(&pd->cli_pid,
+ body, blen, &c);
+ if (ret != EOK) return ret;
+ break;
case PAM_ITEM_AUTHTOK:
ret = extract_authtok(&pd->authtok_type, &pd->authtok_size,
&pd->authtok, body, blen, &c);
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 3d00e289..41dc32bf 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -66,6 +66,7 @@ struct pam_items {
size_t pam_newauthtok_size;
char *pam_cli_locale;
size_t pam_cli_locale_size;
+ pid_t cli_pid;
};
#define DEBUG_MGS_LEN 1024
@@ -124,11 +125,29 @@ static size_t add_authtok_item(enum pam_item_type type,
return rp;
}
+
+static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val,
+ uint8_t *buf) {
+ size_t rp=0;
+
+
+ ((uint32_t *)(&buf[rp]))[0] = type;
+ rp += sizeof(uint32_t);
+
+ ((uint32_t *)(&buf[rp]))[0] = sizeof(uint32_t);
+ rp += sizeof(uint32_t);
+
+ ((uint32_t *)(&buf[rp]))[0] = val;
+ rp += sizeof(uint32_t);
+
+ return rp;
+}
+
static size_t add_string_item(enum pam_item_type type, const char *str,
const size_t size, uint8_t *buf) {
size_t rp=0;
- if (*str == '\0') return 0;
+ if (str == NULL || *str == '\0') return 0;
((uint32_t *)(&buf[rp]))[0] = type;
rp += sizeof(uint32_t);
@@ -151,20 +170,21 @@ static int pack_message_v2(struct pam_items *pi, size_t *size,
len = sizeof(uint32_t) +
2*sizeof(uint32_t) + pi->pam_user_size +
sizeof(uint32_t);
- len += *pi->pam_service != '\0' ?
+ len += *pi->pam_service != '\0' ?
2*sizeof(uint32_t) + pi->pam_service_size : 0;
- len += *pi->pam_tty != '\0' ?
+ len += *pi->pam_tty != '\0' ?
2*sizeof(uint32_t) + pi->pam_tty_size : 0;
- len += *pi->pam_ruser != '\0' ?
+ len += *pi->pam_ruser != '\0' ?
2*sizeof(uint32_t) + pi->pam_ruser_size : 0;
- len += *pi->pam_rhost != '\0' ?
+ len += *pi->pam_rhost != '\0' ?
2*sizeof(uint32_t) + pi->pam_rhost_size : 0;
- len += *pi->pam_cli_locale != '\0' ?
+ len += *pi->pam_cli_locale != '\0' ?
2*sizeof(uint32_t) + pi->pam_cli_locale_size : 0;
- len += pi->pam_authtok != NULL ?
+ len += pi->pam_authtok != NULL ?
3*sizeof(uint32_t) + pi->pam_authtok_size : 0;
- len += pi->pam_newauthtok != NULL ?
+ len += pi->pam_newauthtok != NULL ?
3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0;
+ len += 3*sizeof(uint32_t); /* cli_pid */
buf = malloc(len);
if (buf == NULL) {
@@ -191,9 +211,11 @@ static int pack_message_v2(struct pam_items *pi, size_t *size,
rp += add_string_item(PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size,
&buf[rp]);
- rp += add_string_item(PAM_CLI_LOCALE, pi->pam_cli_locale,
+ rp += add_string_item(PAM_ITEM_CLI_LOCALE, pi->pam_cli_locale,
pi->pam_cli_locale_size, &buf[rp]);
+ rp += add_uint32_t_item(PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, &buf[rp]);
+
rp += add_authtok_item(PAM_ITEM_AUTHTOK, pi->pam_authtok_type,
pi->pam_authtok, pi->pam_authtok_size, &buf[rp]);
_pam_overwrite_n((void *)pi->pam_authtok, pi->pam_authtok_size);
@@ -486,6 +508,8 @@ static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi)
}
pi->pam_cli_locale_size = strlen(pi->pam_cli_locale)+1;
+ pi->cli_pid = getpid();
+
return PAM_SUCCESS;
}
@@ -505,6 +529,7 @@ static void print_pam_items(struct pam_items *pi)
D(("Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_authtok)));
D(("Newauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_newauthtok)));
D(("Locale: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_cli_locale)));
+ D(("Cli_PID: %d", pi->cli_pid));
}
static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index 7e0d4dbd..2b4e5027 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -149,7 +149,8 @@ enum pam_item_type {
PAM_ITEM_RHOST,
PAM_ITEM_AUTHTOK,
PAM_ITEM_NEWAUTHTOK,
- PAM_CLI_LOCALE,
+ PAM_ITEM_CLI_LOCALE,
+ PAM_ITEM_CLI_PID,
};
#define SSS_NSS_MAX_ENTRIES 256