diff options
-rw-r--r-- | server/providers/data_provider_be.c | 2 | ||||
-rw-r--r-- | server/providers/krb5/krb5_auth.c | 8 | ||||
-rw-r--r-- | server/providers/krb5/krb5_child.c | 7 | ||||
-rw-r--r-- | server/responder/pam/pamsrv.c | 8 | ||||
-rw-r--r-- | server/responder/pam/pamsrv_cmd.c | 26 | ||||
-rw-r--r-- | sss_client/pam_sss.c | 55 | ||||
-rw-r--r-- | sss_client/sss_cli.h | 34 |
7 files changed, 71 insertions, 69 deletions
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c index 72b671ba..fa26c145 100644 --- a/server/providers/data_provider_be.c +++ b/server/providers/data_provider_be.c @@ -587,7 +587,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) if (!becli->bectx->bet_info[target].bet_ops) { DEBUG(7, ("Undefined backend target.\n")); pd->pam_status = PAM_MODULE_UNKNOWN; - ret = pam_add_response(pd, PAM_SYSTEM_INFO, + ret = pam_add_response(pd, SSS_PAM_SYSTEM_INFO, sizeof(MSG_TARGET_NO_CONFIGURED), (const uint8_t *) MSG_TARGET_NO_CONFIGURED); if (ret != EOK) { diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c index 1ac8c4c5..c013ea89 100644 --- a/server/providers/krb5/krb5_auth.c +++ b/server/providers/krb5/krb5_auth.c @@ -66,7 +66,7 @@ static errno_t add_krb5_env(struct dp_option *opts, const char *ccname, ret = ENOMEM; goto done; } - ret = pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, + ret = pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); @@ -82,7 +82,7 @@ static errno_t add_krb5_env(struct dp_option *opts, const char *ccname, ret = ENOMEM; goto done; } - ret = pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, + ret = pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); @@ -98,7 +98,7 @@ static errno_t add_krb5_env(struct dp_option *opts, const char *ccname, ret = ENOMEM; goto done; } - ret = pam_add_response(pd, PAM_ENV_ITEM, strlen(env)+1, + ret = pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(env)+1, (uint8_t *) env); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); @@ -945,7 +945,7 @@ static void krb5_resolve_done(struct tevent_req *req) goto done; } - ret = pam_add_response(pd, PAM_ENV_ITEM, strlen(msg) + 1, + ret = pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(msg) + 1, (uint8_t *) msg); if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index a8eed714..8ff9259b 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -300,7 +300,7 @@ static struct response *prepare_response_message(struct krb5_req *kr, if (kerr == 0) { if(kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) { - ret = pack_response_packet(resp, PAM_SUCCESS, PAM_SYSTEM_INFO, + ret = pack_response_packet(resp, PAM_SUCCESS, SSS_PAM_SYSTEM_INFO, "success"); } else { if (kr->ccname == NULL) { @@ -314,7 +314,7 @@ static struct response *prepare_response_message(struct krb5_req *kr, return NULL; } - ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg); + ret = pack_response_packet(resp, PAM_SUCCESS, SSS_PAM_ENV_ITEM, msg); talloc_zfree(msg); } } else { @@ -324,7 +324,8 @@ static struct response *prepare_response_message(struct krb5_req *kr, return NULL; } - ret = pack_response_packet(resp, pam_status, PAM_SYSTEM_INFO, krb5_msg); + ret = pack_response_packet(resp, pam_status, SSS_PAM_SYSTEM_INFO, + krb5_msg); sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); } diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c index 626d2c55..84b13dc4 100644 --- a/server/responder/pam/pamsrv.c +++ b/server/responder/pam/pamsrv.c @@ -43,8 +43,8 @@ #include "sbus/sbus_client.h" #include "responder/pam/pamsrv.h" -#define PAM_SBUS_SERVICE_VERSION 0x0001 -#define PAM_SBUS_SERVICE_NAME "pam" +#define SSS_PAM_SBUS_SERVICE_VERSION 0x0001 +#define SSS_PAM_SBUS_SERVICE_NAME "pam" static int service_reload(DBusMessage *message, struct sbus_connection *conn); @@ -142,8 +142,8 @@ static int pam_process_init(TALLOC_CTX *mem_ctx, SSS_PAM_SOCKET_NAME, SSS_PAM_PRIV_SOCKET_NAME, CONFDB_PAM_CONF_ENTRY, - PAM_SBUS_SERVICE_NAME, - PAM_SBUS_SERVICE_VERSION, + SSS_PAM_SBUS_SERVICE_NAME, + SSS_PAM_SBUS_SERVICE_VERSION, &monitor_pam_interface, "PAM", &pam_dp_interface, &pctx->rctx); diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c index bc768536..f89e73c8 100644 --- a/server/responder/pam/pamsrv_cmd.c +++ b/server/responder/pam/pamsrv_cmd.c @@ -96,10 +96,10 @@ static int pam_parse_in_data_v2(struct sss_names_ctx *snctx, uint32_t size; char *pam_user; int ret; - uint32_t terminator = END_OF_PAM_REQUEST; + uint32_t terminator = SSS_END_OF_PAM_REQUEST; if (blen < 4*sizeof(uint32_t)+2 || - ((uint32_t *)body)[0] != START_OF_PAM_REQUEST || + ((uint32_t *)body)[0] != SSS_START_OF_PAM_REQUEST || memcmp(&body[blen - sizeof(uint32_t)], &terminator, sizeof(uint32_t)) != 0) { DEBUG(1, ("Received data is invalid.\n")); return EINVAL; @@ -112,7 +112,7 @@ static int pam_parse_in_data_v2(struct sss_names_ctx *snctx, if (c > blen) return EINVAL; switch(type) { - case PAM_ITEM_USER: + case SSS_PAM_ITEM_USER: ret = extract_string(&pam_user, body, blen, &c); if (ret != EOK) return ret; @@ -120,39 +120,39 @@ static int pam_parse_in_data_v2(struct sss_names_ctx *snctx, &pd->domain, &pd->user); if (ret != EOK) return ret; break; - case PAM_ITEM_SERVICE: + case SSS_PAM_ITEM_SERVICE: ret = extract_string(&pd->service, body, blen, &c); if (ret != EOK) return ret; break; - case PAM_ITEM_TTY: + case SSS_PAM_ITEM_TTY: ret = extract_string(&pd->tty, body, blen, &c); if (ret != EOK) return ret; break; - case PAM_ITEM_RUSER: + case SSS_PAM_ITEM_RUSER: ret = extract_string(&pd->ruser, body, blen, &c); if (ret != EOK) return ret; break; - case PAM_ITEM_RHOST: + case SSS_PAM_ITEM_RHOST: ret = extract_string(&pd->rhost, body, blen, &c); if (ret != EOK) return ret; break; - case PAM_ITEM_CLI_PID: + case SSS_PAM_ITEM_CLI_PID: ret = extract_uint32_t(&pd->cli_pid, body, blen, &c); if (ret != EOK) return ret; break; - case PAM_ITEM_AUTHTOK: + case SSS_PAM_ITEM_AUTHTOK: ret = extract_authtok(&pd->authtok_type, &pd->authtok_size, &pd->authtok, body, blen, &c); if (ret != EOK) return ret; break; - case PAM_ITEM_NEWAUTHTOK: + case SSS_PAM_ITEM_NEWAUTHTOK: ret = extract_authtok(&pd->newauthtok_type, &pd->newauthtok_size, &pd->newauthtok, body, blen, &c); if (ret != EOK) return ret; break; - case END_OF_PAM_REQUEST: + case SSS_END_OF_PAM_REQUEST: if (c != blen) return EINVAL; break; default: @@ -574,7 +574,7 @@ static void pam_reply(struct pam_auth_req *preq) } if (pd->domain != NULL) { - pam_add_response(pd, PAM_DOMAIN_NAME, strlen(pd->domain)+1, + pam_add_response(pd, SSS_PAM_DOMAIN_NAME, strlen(pd->domain)+1, (uint8_t *) pd->domain); } @@ -671,7 +671,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) size_t blen; int timeout; int ret; - uint32_t terminator = END_OF_PAM_REQUEST; + uint32_t terminator = SSS_END_OF_PAM_REQUEST; preq = talloc_zero(cctx, struct pam_auth_req); if (!preq) { return ENOMEM; diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c index 03d902f1..8e31cc6f 100644 --- a/sss_client/pam_sss.c +++ b/sss_client/pam_sss.c @@ -189,7 +189,7 @@ static int pack_message_v3(struct pam_items *pi, size_t *size, int len; uint8_t *buf; int rp; - uint32_t terminator = END_OF_PAM_REQUEST; + uint32_t terminator = SSS_END_OF_PAM_REQUEST; len = sizeof(uint32_t) + 2*sizeof(uint32_t) + pi->pam_user_size + @@ -215,30 +215,31 @@ static int pack_message_v3(struct pam_items *pi, size_t *size, } rp = 0; - ((uint32_t *)(&buf[rp]))[0] = START_OF_PAM_REQUEST; + ((uint32_t *)(&buf[rp]))[0] = SSS_START_OF_PAM_REQUEST; rp += sizeof(uint32_t); - rp += add_string_item(PAM_ITEM_USER, pi->pam_user, pi->pam_user_size, + rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size, &buf[rp]); - rp += add_string_item(PAM_ITEM_SERVICE, pi->pam_service, + rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service, pi->pam_service_size, &buf[rp]); - rp += add_string_item(PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size, + rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size, &buf[rp]); - rp += add_string_item(PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size, + rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size, &buf[rp]); - rp += add_string_item(PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, + rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, &buf[rp]); - rp += add_uint32_t_item(PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, &buf[rp]); + rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, + &buf[rp]); - rp += add_authtok_item(PAM_ITEM_AUTHTOK, pi->pam_authtok_type, + rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type, pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); - rp += add_authtok_item(PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, + rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, pi->pam_newauthtok, pi->pam_newauthtok_size, &buf[rp]); @@ -264,9 +265,9 @@ static int null_strcmp(const char *s1, const char *s2) { } enum { - PAM_CONV_DONE = 0, - PAM_CONV_STD, - PAM_CONV_REENTER, + SSS_PAM_CONV_DONE = 0, + SSS_PAM_CONV_STD, + SSS_PAM_CONV_REENTER, }; static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, @@ -275,7 +276,7 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, char **answer) { int ret; - int state = PAM_CONV_STD; + int state = SSS_PAM_CONV_STD; struct pam_conv *conv; struct pam_message *mesg[1]; struct pam_response *resp=NULL; @@ -298,7 +299,7 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, } mesg[0]->msg_style = msg_style; - if (state == PAM_CONV_REENTER) { + if (state == SSS_PAM_CONV_REENTER) { mesg[0]->msg = reenter_msg; } else { mesg[0]->msg = msg; @@ -319,7 +320,7 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, return PAM_SYSTEM_ERR; } - if (state == PAM_CONV_REENTER) { + if (state == SSS_PAM_CONV_REENTER) { if (null_strcmp(*answer, resp[0].resp) != 0) { logger(pamh, LOG_NOTICE, "Passwords do not match."); _pam_overwrite((void *)resp[0].resp); @@ -358,12 +359,12 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, resp = NULL; } - if (reenter_msg != NULL && state == PAM_CONV_STD) { - state = PAM_CONV_REENTER; + if (reenter_msg != NULL && state == SSS_PAM_CONV_STD) { + state = SSS_PAM_CONV_REENTER; } else { - state = PAM_CONV_DONE; + state = SSS_PAM_CONV_DONE; } - } while (state != PAM_CONV_DONE); + } while (state != SSS_PAM_CONV_DONE); return PAM_SUCCESS; } @@ -408,26 +409,26 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf) } switch(type) { - case PAM_SYSTEM_INFO: + case SSS_PAM_SYSTEM_INFO: if (buf[p + (len -1)] != '\0') { D(("user info does not end with \\0.")); break; } logger(pamh, LOG_INFO, "system info: [%s]", &buf[p]); break; - case PAM_DOMAIN_NAME: + case SSS_PAM_DOMAIN_NAME: D(("domain name: [%s]", &buf[p])); break; - case ENV_ITEM: - case PAM_ENV_ITEM: - case ALL_ENV_ITEM: + case SSS_ENV_ITEM: + case SSS_PAM_ENV_ITEM: + case SSS_ALL_ENV_ITEM: if (buf[p + (len -1)] != '\0') { D(("env item does not end with \\0.")); break; } D(("env item: [%s]", &buf[p])); - if (type == PAM_ENV_ITEM || type == ALL_ENV_ITEM) { + if (type == SSS_PAM_ENV_ITEM || type == SSS_ALL_ENV_ITEM) { ret = pam_putenv(pamh, (char *)&buf[p]); if (ret != PAM_SUCCESS) { D(("pam_putenv failed.")); @@ -435,7 +436,7 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf) } } - if (type == ENV_ITEM || type == ALL_ENV_ITEM) { + if (type == SSS_ENV_ITEM || type == SSS_ALL_ENV_ITEM) { env_item = strdup((char *)&buf[p]); if (env_item == NULL) { D(("strdup failed")); diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h index 3996fff2..7d25711b 100644 --- a/sss_client/sss_cli.h +++ b/sss_client/sss_cli.h @@ -137,20 +137,20 @@ enum sss_authtok_type { SSS_AUTHTOK_TYPE_PASSWORD = 0x0001, }; -#define START_OF_PAM_REQUEST 0x4d415049 -#define END_OF_PAM_REQUEST 0x4950414d +#define SSS_START_OF_PAM_REQUEST 0x4d415049 +#define SSS_END_OF_PAM_REQUEST 0x4950414d enum pam_item_type { - PAM_ITEM_EMPTY = 0x0000, - PAM_ITEM_USER, - PAM_ITEM_SERVICE, - PAM_ITEM_TTY, - PAM_ITEM_RUSER, - PAM_ITEM_RHOST, - PAM_ITEM_AUTHTOK, - PAM_ITEM_NEWAUTHTOK, - PAM_ITEM_CLI_LOCALE, - PAM_ITEM_CLI_PID, + SSS_PAM_ITEM_EMPTY = 0x0000, + SSS_PAM_ITEM_USER, + SSS_PAM_ITEM_SERVICE, + SSS_PAM_ITEM_TTY, + SSS_PAM_ITEM_RUSER, + SSS_PAM_ITEM_RHOST, + SSS_PAM_ITEM_AUTHTOK, + SSS_PAM_ITEM_NEWAUTHTOK, + SSS_PAM_ITEM_CLI_LOCALE, + SSS_PAM_ITEM_CLI_PID, }; #define SSS_NSS_MAX_ENTRIES 256 @@ -169,11 +169,11 @@ enum sss_status { }; enum response_type { - PAM_SYSTEM_INFO = 0x01, - PAM_DOMAIN_NAME, - PAM_ENV_ITEM, /* only pam environment */ - ENV_ITEM, /* only user environment */ - ALL_ENV_ITEM, /* pam and user environment */ + SSS_PAM_SYSTEM_INFO = 0x01, + SSS_PAM_DOMAIN_NAME, + SSS_PAM_ENV_ITEM, /* only pam environment */ + SSS_ENV_ITEM, /* only user environment */ + SSS_ALL_ENV_ITEM, /* pam and user environment */ }; enum nss_status sss_nss_make_request(enum sss_cli_command cmd, |