summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2012-10-18 16:25:57 +0200
committerJakub Hrozek <jhrozek@redhat.com>2012-11-05 00:14:05 +0100
commit0331d26dc982df015568cd75a8c6a7ed1049854c (patch)
tree5ac6bc27ab50a442db0725c2a0522510ce4fd7ec /src
parentc0680269167475aa9172b20d13ec3ace721a37ff (diff)
downloadsssd-0331d26dc982df015568cd75a8c6a7ed1049854c.tar.gz
sssd-0331d26dc982df015568cd75a8c6a7ed1049854c.tar.xz
sssd-0331d26dc982df015568cd75a8c6a7ed1049854c.zip
krb5_auth: send different_realm flag to krb5_child
The different_realm flag which was set by the responder is send to the krb5_child so that it can act differently on users from other realms. To avoid code duplication and inconsistent behaviour the krb5_child will not set the flag on its own but use the one from the provider.
Diffstat (limited to 'src')
-rw-r--r--src/providers/krb5/krb5_child.c4
-rw-r--r--src/providers/krb5/krb5_child_handler.c5
2 files changed, 8 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index a92ba57bf..6e27df0d4 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -89,6 +89,7 @@ struct krb5_req {
char *ccname;
char *keytab;
bool validate;
+ bool upn_from_different_realm;
char *fast_ccname;
const char *upn;
@@ -1359,6 +1360,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
size_t p = 0;
uint32_t len;
uint32_t validate;
+ uint32_t different_realm;
DEBUG(SSSDBG_TRACE_LIBS, ("total buffer size: [%d]\n", size));
@@ -1370,6 +1372,8 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
SAFEALIGN_COPY_UINT32_CHECK(&validate, buf + p, size, &p);
kr->validate = (validate == 0) ? false : true;
SAFEALIGN_COPY_UINT32_CHECK(offline, buf + p, size, &p);
+ SAFEALIGN_COPY_UINT32_CHECK(&different_realm, buf + p, size, &p);
+ kr->upn_from_different_realm = (different_realm == 0) ? false : true;
SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len ) > size) return EINVAL;
kr->upn = talloc_strndup(pd, (char *)(buf + p), len);
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index 768d8c7dc..f0fe81b6f 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -92,6 +92,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
size_t rp;
const char *keytab;
uint32_t validate;
+ uint32_t different_realm;
size_t username_len = 0;
keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB);
@@ -101,6 +102,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
}
validate = dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_VALIDATE) ? 1 : 0;
+ different_realm = kr->upn_from_different_realm ? 1 : 0;
buf = talloc(kr, struct io_buffer);
if (buf == NULL) {
@@ -108,7 +110,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
return ENOMEM;
}
- buf->size = 6*sizeof(uint32_t) + strlen(kr->upn);
+ buf->size = 7*sizeof(uint32_t) + strlen(kr->upn);
if (kr->pd->cmd == SSS_PAM_AUTHENTICATE ||
kr->pd->cmd == SSS_CMD_RENEW ||
@@ -140,6 +142,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->gid, &rp);
SAFEALIGN_COPY_UINT32(&buf->data[rp], &validate, &rp);
SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->is_offline, &rp);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &different_realm, &rp);
SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(kr->upn), &rp);
safealign_memcpy(&buf->data[rp], kr->upn, strlen(kr->upn), &rp);