summaryrefslogtreecommitdiffstats
path: root/server/providers
diff options
context:
space:
mode:
Diffstat (limited to 'server/providers')
-rw-r--r--server/providers/data_provider.c1
-rw-r--r--server/providers/data_provider.h47
-rw-r--r--server/providers/dp_auth_util.c208
-rw-r--r--server/providers/dp_backend.h1
4 files changed, 255 insertions, 2 deletions
diff --git a/server/providers/data_provider.c b/server/providers/data_provider.c
index 4614250c7..e8f190ea9 100644
--- a/server/providers/data_provider.c
+++ b/server/providers/data_provider.c
@@ -41,7 +41,6 @@
#include "dp_interfaces.h"
#include "monitor/monitor_sbus.h"
#include "monitor/monitor_interfaces.h"
-#include "responder/pam/pamsrv.h"
#define DP_CONF_ENTRY "config/services/dp"
diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h
index 4b68a0bd7..2c828fab3 100644
--- a/server/providers/data_provider.h
+++ b/server/providers/data_provider.h
@@ -34,6 +34,7 @@
#include "sbus/sssd_dbus.h"
#include "sbus/sbus_client.h"
#include "providers/dp_interfaces.h"
+#include "../sss_client/sss_cli.h"
#define DATA_PROVIDER_VERSION 0x0001
#define DATA_PROVIDER_SERVICE_NAME "dp"
@@ -80,4 +81,50 @@
#define BE_REQ_GROUP 2
#define BE_REQ_INITGROUPS 3
+/* AUTH related common data and functions */
+
+#define DEBUG_PAM_DATA(level, pd) do { \
+ if (level <= debug_level) pam_print_data(level, pd); \
+} while(0);
+
+
+struct response_data {
+ int32_t type;
+ int32_t len;
+ uint8_t *data;
+ struct response_data *next;
+};
+
+struct pam_data {
+ int cmd;
+ uint32_t authtok_type;
+ uint32_t authtok_size;
+ uint32_t newauthtok_type;
+ uint32_t newauthtok_size;
+ char *domain;
+ char *user;
+ char *service;
+ char *tty;
+ char *ruser;
+ char *rhost;
+ uint8_t *authtok;
+ uint8_t *newauthtok;
+
+ int pam_status;
+ int response_delay;
+ struct response_data *resp_list;
+
+ bool offline_auth;
+};
+
+void pam_print_data(int l, struct pam_data *pd);
+
+int pam_add_response(struct pam_data *pd, enum response_type type,
+ int len, const uint8_t *data);
+
+bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd);
+bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error);
+bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd);
+bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error);
+
#endif /* __DATA_PROVIDER_ */
diff --git a/server/providers/dp_auth_util.c b/server/providers/dp_auth_util.c
new file mode 100644
index 000000000..99e57e2e8
--- /dev/null
+++ b/server/providers/dp_auth_util.c
@@ -0,0 +1,208 @@
+/*
+ SSSD
+
+ Data Provider, auth utils
+
+ Copyright (C) Sumit Bose <sbose@redhat.com> 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "data_provider.h"
+
+void pam_print_data(int l, struct pam_data *pd)
+{
+ DEBUG(l, ("command: %d\n", pd->cmd));
+ DEBUG(l, ("domain: %s\n", pd->domain));
+ DEBUG(l, ("user: %s\n", pd->user));
+ DEBUG(l, ("service: %s\n", pd->service));
+ DEBUG(l, ("tty: %s\n", pd->tty));
+ DEBUG(l, ("ruser: %s\n", pd->ruser));
+ DEBUG(l, ("rhost: %s\n", pd->rhost));
+ DEBUG(l, ("authtok type: %d\n", pd->authtok_type));
+ DEBUG(l, ("authtok size: %d\n", pd->authtok_size));
+ DEBUG(l, ("newauthtok type: %d\n", pd->newauthtok_type));
+ DEBUG(l, ("newauthtok size: %d\n", pd->newauthtok_size));
+}
+
+int pam_add_response(struct pam_data *pd, enum response_type type,
+ int len, const uint8_t *data)
+{
+ struct response_data *new;
+
+ new = talloc(pd, struct response_data);
+ if (new == NULL) return ENOMEM;
+
+ new->type = type;
+ new->len = len;
+ new->data = talloc_memdup(pd, data, len);
+ if (new->data == NULL) return ENOMEM;
+ new->next = pd->resp_list;
+ pd->resp_list = new;
+
+ return EOK;
+}
+
+bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd)
+{
+ int ret;
+
+ ret = dbus_message_append_args(msg,
+ DBUS_TYPE_INT32, &(pd->cmd),
+ DBUS_TYPE_STRING, &(pd->domain),
+ DBUS_TYPE_STRING, &(pd->user),
+ DBUS_TYPE_STRING, &(pd->service),
+ DBUS_TYPE_STRING, &(pd->tty),
+ DBUS_TYPE_STRING, &(pd->ruser),
+ DBUS_TYPE_STRING, &(pd->rhost),
+ DBUS_TYPE_INT32, &(pd->authtok_type),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+ &(pd->authtok),
+ (pd->authtok_size),
+ DBUS_TYPE_INT32, &(pd->newauthtok_type),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+ &(pd->newauthtok),
+ pd->newauthtok_size,
+ DBUS_TYPE_INVALID);
+
+ return ret;
+}
+
+bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error)
+{
+ int ret;
+
+ ret = dbus_message_get_args(msg, dbus_error,
+ DBUS_TYPE_INT32, &(pd->cmd),
+ DBUS_TYPE_STRING, &(pd->domain),
+ DBUS_TYPE_STRING, &(pd->user),
+ DBUS_TYPE_STRING, &(pd->service),
+ DBUS_TYPE_STRING, &(pd->tty),
+ DBUS_TYPE_STRING, &(pd->ruser),
+ DBUS_TYPE_STRING, &(pd->rhost),
+ DBUS_TYPE_INT32, &(pd->authtok_type),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+ &(pd->authtok),
+ &(pd->authtok_size),
+ DBUS_TYPE_INT32, &(pd->newauthtok_type),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+ &(pd->newauthtok),
+ &(pd->newauthtok_size),
+ DBUS_TYPE_INVALID);
+
+ return ret;
+}
+
+bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd)
+{
+ int ret;
+ struct response_data *resp;
+
+ ret = dbus_message_append_args(msg,
+ DBUS_TYPE_UINT32, &(pd->pam_status),
+ DBUS_TYPE_STRING, &(pd->domain),
+ DBUS_TYPE_INVALID);
+ if (!ret) return ret;
+
+ resp = pd->resp_list;
+ while (resp != NULL) {
+ ret=dbus_message_append_args(msg,
+ DBUS_TYPE_UINT32, &(resp->type),
+ DBUS_TYPE_UINT32, &(resp->len),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+ &(resp->data),
+ resp->len,
+ DBUS_TYPE_INVALID);
+ if (!ret) return ret;
+
+ resp = resp->next;
+ }
+
+ return true;
+}
+
+bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error)
+{
+ DBusMessageIter iter;
+ DBusMessageIter sub_iter;
+ int type;
+ int len;
+ int len_msg;
+ const uint8_t *data;
+
+ if (!dbus_message_iter_init(msg, &iter)) {
+ DEBUG(1, ("pam response has no arguments.\n"));
+ return false;
+ }
+
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+ dbus_message_iter_get_basic(&iter, &(pd->pam_status));
+
+ if (!dbus_message_iter_next(&iter)) {
+ DEBUG(1, ("pam response has too few arguments.\n"));
+ return false;
+ }
+
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_STRING) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+ dbus_message_iter_get_basic(&iter, &(pd->domain));
+
+ while(dbus_message_iter_next(&iter)) {
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+ dbus_message_iter_get_basic(&iter, &type);
+
+ if (!dbus_message_iter_next(&iter)) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_UINT32) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+ dbus_message_iter_get_basic(&iter, &len);
+
+ if (!dbus_message_iter_next(&iter)) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+
+ if (dbus_message_iter_get_arg_type(&iter) != DBUS_TYPE_ARRAY ||
+ dbus_message_iter_get_element_type(&iter) != DBUS_TYPE_BYTE) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+
+ dbus_message_iter_recurse(&iter, &sub_iter);
+ dbus_message_iter_get_fixed_array(&sub_iter, &data, &len_msg);
+ if (len != len_msg) {
+ DEBUG(1, ("pam response format error.\n"));
+ return false;
+ }
+
+ pam_add_response(pd, type, len, data);
+
+ }
+
+ return true;
+}
+
diff --git a/server/providers/dp_backend.h b/server/providers/dp_backend.h
index da71e753c..27f79eb7a 100644
--- a/server/providers/dp_backend.h
+++ b/server/providers/dp_backend.h
@@ -24,7 +24,6 @@
#include "providers/data_provider.h"
#include "db/sysdb.h"
-#include "responder/pam/pamsrv.h"
struct be_ctx;
struct be_id_ops;
generated by cgit (git 2.34.1) at 2024-05-24 11:15:01 +0000