diff options
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_auth.h | 1 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child.c | 29 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 16 |
3 files changed, 41 insertions, 5 deletions
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h index a23b8b47..bf49f7cf 100644 --- a/src/providers/krb5/krb5_auth.h +++ b/src/providers/krb5/krb5_auth.h @@ -80,6 +80,7 @@ struct krb5_child_response { int32_t msg_status; struct tgt_times tgtt; char *ccname; + char *correct_upn; }; errno_t diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 4bfbf4bf..3e64a865 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -785,10 +785,13 @@ static errno_t sendresponse(int fd, krb5_error_code kerr, int pam_status, return EOK; } -static errno_t add_ticket_times_to_response(struct krb5_req *kr) +static errno_t add_ticket_times_and_upn_to_response(struct krb5_req *kr) { int ret; int64_t t[4]; + krb5_error_code kerr; + char *upn = NULL; + unsigned int upn_len = 0; t[0] = (int64_t) kr->creds->times.authtime; t[1] = (int64_t) kr->creds->times.starttime; @@ -799,8 +802,24 @@ static errno_t add_ticket_times_to_response(struct krb5_req *kr) 4*sizeof(int64_t), (uint8_t *) t); if (ret != EOK) { DEBUG(1, ("pack_response_packet failed.\n")); + goto done; + } + + kerr = krb5_unparse_name_ext(kr->ctx, kr->creds->client, &upn, &upn_len); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, ("krb5_unparse_name failed.\n")); + goto done; + } + + ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len, + (uint8_t *) upn); + krb5_free_unparsed_name(kr->ctx, upn); + if (ret != EOK) { + DEBUG(1, ("pack_response_packet failed.\n")); + goto done; } +done: return ret; } @@ -1054,9 +1073,9 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, goto done; } - ret = add_ticket_times_to_response(kr); + ret = add_ticket_times_and_upn_to_response(kr); if (ret != EOK) { - DEBUG(1, ("add_ticket_times_to_response failed.\n")); + DEBUG(1, ("add_ticket_times_and_upn_to_response failed.\n")); } kerr = 0; @@ -1447,9 +1466,9 @@ static errno_t renew_tgt_child(int fd, struct krb5_req *kr) goto done; } - ret = add_ticket_times_to_response(kr); + ret = add_ticket_times_and_upn_to_response(kr); if (ret != EOK) { - DEBUG(1, ("add_ticket_times_to_response failed.\n")); + DEBUG(1, ("add_ticket_times_and_upn_to_response failed.\n")); } status = PAM_SUCCESS; diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index f0fe81b6..e792db3f 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -441,6 +441,8 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, uint32_t *expiration; uint32_t *msg_subtype; struct krb5_child_response *res; + const char *upn = NULL; + size_t upn_len; if ((size_t) len < sizeof(int32_t)) { DEBUG(SSSDBG_CRIT_FAILURE, ("message too short.\n")); @@ -505,6 +507,11 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, tgtt.authtime, tgtt.starttime, tgtt.endtime, tgtt.renew_till)); } + if (msg_type == SSS_KRB5_INFO_UPN) { + upn = (char *) buf + p; + upn_len = msg_len; + } + if (msg_type == SSS_PAM_USER_INFO) { msg_subtype = (uint32_t *)&buf[p]; if (*msg_subtype == SSS_PAM_USER_INFO_EXPIRE_WARN) @@ -549,6 +556,15 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, } } + if (upn != NULL) { + res->correct_upn = talloc_strndup(res, upn, upn_len); + if (res->correct_upn == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strndup failed.\n")); + talloc_free(res); + return ENOMEM; + } + } + *_res = res; return EOK; } |