diff options
author | Sumit Bose <sbose@redhat.com> | 2010-04-19 11:59:09 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-07 16:38:23 -0400 |
commit | fc7ec12f1b851bab1eedf3ecdcb094ea80b46dd2 (patch) | |
tree | 9aa674b262b92ebe2f66c745a42f6cec4a0a1c18 /src/providers/dp_pam_data_util.c | |
parent | ca6aa84e20e445fb04dfce416a8c3a1912b26451 (diff) | |
download | sssd-fc7ec12f1b851bab1eedf3ecdcb094ea80b46dd2.tar.gz sssd-fc7ec12f1b851bab1eedf3ecdcb094ea80b46dd2.tar.xz sssd-fc7ec12f1b851bab1eedf3ecdcb094ea80b46dd2.zip |
Add support for delayed kinit if offline
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
Diffstat (limited to 'src/providers/dp_pam_data_util.c')
-rw-r--r-- | src/providers/dp_pam_data_util.c | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c index 308bd7c73..93db7f6f9 100644 --- a/src/providers/dp_pam_data_util.c +++ b/src/providers/dp_pam_data_util.c @@ -24,6 +24,94 @@ #include "providers/data_provider.h" +#define PD_STR_COPY(el) do { \ + if (old_pd->el != NULL) { \ + pd->el = talloc_strdup(pd, old_pd->el); \ + if (pd->el == NULL) { \ + DEBUG(1, ("talloc_strdup failed.\n")); \ + goto failed; \ + } \ + } \ +} while(0); + +#define PD_MEM_COPY(el, size) do { \ + if (old_pd->el != NULL) { \ + pd->el = talloc_memdup(pd, old_pd->el, (size)); \ + if (pd->el == NULL) { \ + DEBUG(1, ("talloc_memdup failed.\n")); \ + goto failed; \ + } \ + } \ +} while(0); + +int pam_data_destructor(void *ptr) +{ + struct pam_data *pd = talloc_get_type(ptr, struct pam_data); + + if (pd->authtok_size != 0 && pd->authtok != NULL) { + memset(pd->authtok, 0, pd->authtok_size); + pd->authtok_size = 0; + } + + if (pd->newauthtok_size != 0 && pd->newauthtok != NULL) { + memset(pd->newauthtok, 0, pd->newauthtok_size); + pd->newauthtok_size = 0; + } + + return EOK; +} + +struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx) +{ + struct pam_data *pd; + + pd = talloc_zero(mem_ctx, struct pam_data); + if (pd == NULL) { + DEBUG(1, ("talloc_zero failed.\n")); + return NULL; + } + + talloc_set_destructor((TALLOC_CTX *) pd, pam_data_destructor); + + return pd; +} + +errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *old_pd, + struct pam_data **new_pd) +{ + struct pam_data *pd = NULL; + + pd = create_pam_data(mem_ctx); + if (pd == NULL) { + DEBUG(1, ("create_pam_data failed.\n")); + return ENOMEM; + } + + pd->cmd = old_pd->cmd; + pd->authtok_type = old_pd->authtok_type; + pd->authtok_size = old_pd->authtok_size; + pd->newauthtok_type = old_pd->newauthtok_type; + pd->newauthtok_size = old_pd->newauthtok_size; + + PD_STR_COPY(domain); + PD_STR_COPY(user); + PD_STR_COPY(service); + PD_STR_COPY(tty); + PD_STR_COPY(ruser); + PD_STR_COPY(rhost); + PD_MEM_COPY(authtok, old_pd->authtok_size); + PD_MEM_COPY(newauthtok, old_pd->newauthtok_size); + pd->cli_pid = old_pd->cli_pid; + + *new_pd = pd; + + return EOK; + +failed: + talloc_free(pd); + return ENOMEM; +} + void pam_print_data(int l, struct pam_data *pd) { DEBUG(l, ("command: %d\n", pd->cmd)); |