diff options
Diffstat (limited to 'src/sss_client/pam_sss.c')
| -rw-r--r-- | src/sss_client/pam_sss.c | 177 |
1 files changed, 1 insertions, 176 deletions
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 0e20d9600..e4fa83e12 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -40,6 +40,7 @@ #include "sss_pam_macros.h" #include "sss_cli.h" +#include "pam_message.h" #include "util/atomic_io.h" #include "util/authtok-utils.h" @@ -65,36 +66,6 @@ #define EXP_ACC_MSG _("Permission denied. ") #define SRV_MSG _("Server message: ") -struct pam_items { - const char* pam_service; - const char* pam_user; - const char* pam_tty; - const char* pam_ruser; - const char* pam_rhost; - char* pam_authtok; - char* pam_newauthtok; - const char* pamstack_authtok; - const char* pamstack_oldauthtok; - size_t pam_service_size; - size_t pam_user_size; - size_t pam_tty_size; - size_t pam_ruser_size; - size_t pam_rhost_size; - int pam_authtok_type; - size_t pam_authtok_size; - int pam_newauthtok_type; - size_t pam_newauthtok_size; - pid_t cli_pid; - const char *login_name; - char *domain_name; - const char *requested_domains; - size_t requested_domains_size; - char *otp_vendor; - char *otp_token_id; - char *otp_challenge; - char *first_factor; -}; - #define DEBUG_MGS_LEN 1024 #define MAX_AUTHTOK_SIZE (1024*1024) #define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)") @@ -145,75 +116,6 @@ static void close_fd(pam_handle_t *pamh, void *ptr, int err) sss_pam_close_fd(); } -static size_t add_authtok_item(enum pam_item_type type, - enum sss_authtok_type authtok_type, - const char *tok, const size_t size, - uint8_t *buf) { - size_t rp=0; - uint32_t c; - - if (tok == NULL) return 0; - - c = type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = size + sizeof(uint32_t); - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = authtok_type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf[rp], tok, size); - rp += size; - - return rp; -} - - -static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val, - uint8_t *buf) { - size_t rp=0; - uint32_t c; - - c = type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = sizeof(uint32_t); - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = val; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - return rp; -} - -static size_t add_string_item(enum pam_item_type type, const char *str, - const size_t size, uint8_t *buf) { - size_t rp=0; - uint32_t c; - - if (str == NULL || *str == '\0') return 0; - - c = type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = size; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf[rp], str, size); - rp += size; - - return rp; -} - static void overwrite_and_free_authtoks(struct pam_items *pi) { if (pi->pam_authtok != NULL) { @@ -255,83 +157,6 @@ static void overwrite_and_free_pam_items(struct pam_items *pi) pi->otp_challenge = NULL; } -static int pack_message_v3(struct pam_items *pi, size_t *size, - uint8_t **buffer) { - int len; - uint8_t *buf; - size_t rp; - - len = sizeof(uint32_t) + - 2*sizeof(uint32_t) + pi->pam_user_size + - sizeof(uint32_t); - len += *pi->pam_service != '\0' ? - 2*sizeof(uint32_t) + pi->pam_service_size : 0; - len += *pi->pam_tty != '\0' ? - 2*sizeof(uint32_t) + pi->pam_tty_size : 0; - len += *pi->pam_ruser != '\0' ? - 2*sizeof(uint32_t) + pi->pam_ruser_size : 0; - len += *pi->pam_rhost != '\0' ? - 2*sizeof(uint32_t) + pi->pam_rhost_size : 0; - len += pi->pam_authtok != NULL ? - 3*sizeof(uint32_t) + pi->pam_authtok_size : 0; - len += pi->pam_newauthtok != NULL ? - 3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0; - len += 3*sizeof(uint32_t); /* cli_pid */ - len += *pi->requested_domains != '\0' ? - 2*sizeof(uint32_t) + pi->requested_domains_size : 0; - - - buf = malloc(len); - if (buf == NULL) { - D(("malloc failed.")); - return PAM_BUF_ERR; - } - - rp = 0; - SAFEALIGN_SETMEM_UINT32(buf, SSS_START_OF_PAM_REQUEST, &rp); - - rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service, - pi->pam_service_size, &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_REQUESTED_DOMAINS, pi->requested_domains, pi->requested_domains_size, - &buf[rp]); - - rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, - &buf[rp]); - - rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type, - pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); - - rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, - pi->pam_newauthtok, pi->pam_newauthtok_size, - &buf[rp]); - - SAFEALIGN_SETMEM_UINT32(buf + rp, SSS_END_OF_PAM_REQUEST, &rp); - - if (rp != len) { - D(("error during packet creation.")); - free(buf); - return PAM_BUF_ERR; - } - - *size = len; - *buffer = buf; - - return 0; -} - static int null_strcmp(const char *s1, const char *s2) { if (s1 == NULL && s2 == NULL) return 0; if (s1 == NULL && s2 != NULL) return -1; |