PAM: extract checks from parsing routines

This patch saves the original name given at a login prompt and send to the PAM responder in the logon_name member of the pam_data struct for later use. Additionally it separates the parsing of the data send by the PAM client and the checks of this data.
author: Sumit Bose <sbose@redhat.com> 2014-06-24 18:29:20 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-09-01 13:56:57 +0200
commit: cda952ca3e00d324c7e53eeaeda394eb0d142818 (patch)
tree: e9d127e731c8558e554adb576c4b7bc6b4d6e09c /src/responder/pam
parent: 25a387c2e90c74b27a26ea207503df8e4b6a1a76 (diff)
download: sssd-cda952ca3e00d324c7e53eeaeda394eb0d142818.tar.gz
sssd-cda952ca3e00d324c7e53eeaeda394eb0d142818.tar.xz
sssd-cda952ca3e00d324c7e53eeaeda394eb0d142818.zip
1 files changed, 18 insertions, 34 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index d58ef64b7..46a44e055 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -134,15 +134,12 @@ static int pd_set_primary_name(const struct ldb_message *msg,struct pam_data *pd
     return EOK;
 }
 
-static int pam_parse_in_data_v2(struct sss_domain_info *domains,
-                                const char *default_domain,
-                                struct pam_data *pd,
+static int pam_parse_in_data_v2(struct pam_data *pd,
                                 uint8_t *body, size_t blen)
 {
     size_t c;
     uint32_t type;
     uint32_t size;
-    char *pam_user;
     int ret;
     uint32_t start;
     uint32_t terminator;
@@ -178,12 +175,7 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
 
             switch(type) {
                 case SSS_PAM_ITEM_USER:
-                    ret = extract_string(&pam_user, size, body, blen, &c);
-                    if (ret != EOK) return ret;
-
-                    ret = sss_parse_name_for_domains(pd, domains,
-                                                     default_domain, pam_user,
-                                                     &pd->domain, &pd->user);
+                    ret = extract_string(&pd->logon_name, size, body, blen, &c);
                     if (ret != EOK) return ret;
                     break;
                 case SSS_PAM_ITEM_SERVICE:
@@ -226,22 +218,16 @@ static int pam_parse_in_data_v2(struct sss_domain_info *domains,
 
     } while(c < blen);
 
-    if (pd->user == NULL || *pd->user == '\0') return EINVAL;
-
-    DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
-
     return EOK;
 
 }
 
-static int pam_parse_in_data_v3(struct sss_domain_info *domains,
-                                const char *default_domain,
-                                struct pam_data *pd,
+static int pam_parse_in_data_v3(struct pam_data *pd,
                                 uint8_t *body, size_t blen)
 {
     int ret;
 
-    ret = pam_parse_in_data_v2(domains, default_domain, pd, body, blen);
+    ret = pam_parse_in_data_v2(pd, body, blen);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "pam_parse_in_data_v2 failed.\n");
         return ret;
@@ -284,9 +270,7 @@ static int extract_authtok_v1(struct sss_auth_token *tok,
     return ret;
 }
 
-static int pam_parse_in_data(struct sss_domain_info *domains,
-                             const char *default_domain,
-                             struct pam_data *pd,
+static int pam_parse_in_data(struct pam_data *pd,
                              uint8_t *body, size_t blen)
 {
     size_t start;
@@ -300,10 +284,7 @@ static int pam_parse_in_data(struct sss_domain_info *domains,
     /* user name */
     for (start = end; end < last; end++) if (body[end] == '\0') break;
     if (body[end++] != '\0') return EINVAL;
-
-    ret = sss_parse_name_for_domains(pd, domains, default_domain,
-                                     (char *)&body[start], &pd->domain, &pd->user);
-    if (ret != EOK) return ret;
+    pd->logon_name = (char *) &body[start];
 
     for (start = end; end < last; end++) if (body[end] == '\0') break;
     if (body[end++] != '\0') return EINVAL;
@@ -743,25 +724,28 @@ errno_t pam_forwarder_parse_data(struct cli_ctx *cctx, struct pam_data *pd)
 
     switch (cctx->cli_protocol_version->version) {
         case 1:
-            ret = pam_parse_in_data(cctx->rctx->domains,
-                                    cctx->rctx->default_domain, pd,
-                                    body, blen);
+            ret = pam_parse_in_data(pd, body, blen);
             break;
         case 2:
-            ret = pam_parse_in_data_v2(cctx->rctx->domains,
-                                       cctx->rctx->default_domain, pd,
-                                       body, blen);
+            ret = pam_parse_in_data_v2(pd, body, blen);
             break;
         case 3:
-            ret = pam_parse_in_data_v3(cctx->rctx->domains,
-                                       cctx->rctx->default_domain, pd,
-                                       body, blen);
+            ret = pam_parse_in_data_v3(pd, body, blen);
             break;
         default:
             DEBUG(SSSDBG_CRIT_FAILURE, "Illegal protocol version [%d].\n",
                       cctx->cli_protocol_version->version);
             ret = EINVAL;
     }
+    if (ret != EOK) {
+        goto done;
+    }
+
+    ret = sss_parse_name_for_domains(pd, cctx->rctx->domains,
+                                     cctx->rctx->default_domain, pd->logon_name,
+                                     &pd->domain, &pd->user);
+
+    DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, pd);
 
 done:
     return ret;
author	Sumit Bose <sbose@redhat.com>	2014-06-24 18:29:20 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-09-01 13:56:57 +0200
commit	cda952ca3e00d324c7e53eeaeda394eb0d142818 (patch)
tree	e9d127e731c8558e554adb576c4b7bc6b4d6e09c /src/responder/pam
parent	25a387c2e90c74b27a26ea207503df8e4b6a1a76 (diff)
download	sssd-cda952ca3e00d324c7e53eeaeda394eb0d142818.tar.gz sssd-cda952ca3e00d324c7e53eeaeda394eb0d142818.tar.xz sssd-cda952ca3e00d324c7e53eeaeda394eb0d142818.zip