diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/sss_client/common.c | 110 | ||||
-rw-r--r-- | src/sss_client/pam_sss.c | 2 | ||||
-rw-r--r-- | src/sss_client/sss_cli.h | 1 |
3 files changed, 64 insertions, 49 deletions
diff --git a/src/sss_client/common.c b/src/sss_client/common.c index d4b230889..0e5795f72 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -71,7 +71,7 @@ static void sss_cli_close_socket(void) * byte 12-15: 32bit unsigned (reserved) * byte 16-X: (optional) request structure associated to the command code used */ -static enum nss_status sss_nss_send_req(enum sss_cli_command cmd, +static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, struct sss_cli_req_data *rd, int *errnop) { @@ -126,7 +126,7 @@ static enum nss_status sss_nss_send_req(enum sss_cli_command cmd, } if (*errnop) { sss_cli_close_socket(); - return NSS_STATUS_UNAVAIL; + return SSS_STATUS_UNAVAIL; } errno = 0; @@ -153,13 +153,13 @@ static enum nss_status sss_nss_send_req(enum sss_cli_command cmd, /* Write failed */ sss_cli_close_socket(); *errnop = errno; - return NSS_STATUS_UNAVAIL; + return SSS_STATUS_UNAVAIL; } datasent += res; } - return NSS_STATUS_SUCCESS; + return SSS_STATUS_SUCCESS; } /* Replies: @@ -171,7 +171,7 @@ static enum nss_status sss_nss_send_req(enum sss_cli_command cmd, * byte 16-X: (optional) reply structure associated to the command code used */ -static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, +static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, uint8_t **_buf, int *_len, int *errnop) { @@ -231,7 +231,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, } if (*errnop) { sss_cli_close_socket(); - ret = NSS_STATUS_UNAVAIL; + ret = SSS_STATUS_UNAVAIL; goto failed; } @@ -263,7 +263,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, sss_cli_close_socket(); *errnop = errno; - ret = NSS_STATUS_UNAVAIL; + ret = SSS_STATUS_UNAVAIL; goto failed; } @@ -278,10 +278,10 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, sss_cli_close_socket(); *errnop = header[2]; if (*errnop == EAGAIN) { - ret = NSS_STATUS_TRYAGAIN; + ret = SSS_STATUS_TRYAGAIN; goto failed; } else { - ret = NSS_STATUS_UNAVAIL; + ret = SSS_STATUS_UNAVAIL; goto failed; } } @@ -289,7 +289,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, /* wrong command id */ sss_cli_close_socket(); *errnop = EBADMSG; - ret = NSS_STATUS_UNAVAIL; + ret = SSS_STATUS_UNAVAIL; goto failed; } if (header[0] > SSS_NSS_HEADER_SIZE) { @@ -298,7 +298,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, if (!buf) { sss_cli_close_socket(); *errnop = ENOMEM; - ret = NSS_STATUS_UNAVAIL; + ret = SSS_STATUS_UNAVAIL; goto failed; } } @@ -308,7 +308,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd, *_len = len; *_buf = buf; - return NSS_STATUS_SUCCESS; + return SSS_STATUS_SUCCESS; failed: free(buf); @@ -317,25 +317,25 @@ failed: /* this function will check command codes match and returned length is ok */ /* repbuf and replen report only the data section not the header */ -static enum nss_status sss_nss_make_request_nochecks( +static enum sss_status sss_cli_make_request_nochecks( enum sss_cli_command cmd, struct sss_cli_req_data *rd, uint8_t **repbuf, size_t *replen, int *errnop) { - enum nss_status ret; + enum sss_status ret; uint8_t *buf = NULL; int len = 0; /* send data */ - ret = sss_nss_send_req(cmd, rd, errnop); - if (ret != NSS_STATUS_SUCCESS) { + ret = sss_cli_send_req(cmd, rd, errnop); + if (ret != SSS_STATUS_SUCCESS) { return ret; } /* data sent, now get reply */ - ret = sss_nss_recv_rep(cmd, &buf, &len, errnop); - if (ret != NSS_STATUS_SUCCESS) { + ret = sss_cli_recv_rep(cmd, &buf, &len, errnop); + if (ret != SSS_STATUS_SUCCESS) { return ret; } @@ -353,21 +353,21 @@ static enum nss_status sss_nss_make_request_nochecks( } } - return NSS_STATUS_SUCCESS; + return SSS_STATUS_SUCCESS; } /* GET_VERSION Reply: * 0-3: 32bit unsigned version number */ -static int sss_nss_check_version(const char *socket_name) +static bool sss_cli_check_version(const char *socket_name) { uint8_t *repbuf; size_t replen; - enum nss_status nret; + enum sss_status nret; int errnop; - int res = NSS_STATUS_UNAVAIL; uint32_t expected_version; + uint32_t obtained_version; struct sss_cli_req_data req; if (strcmp(socket_name, SSS_NSS_SOCKET_NAME) == 0) { @@ -376,28 +376,26 @@ static int sss_nss_check_version(const char *socket_name) strcmp(socket_name, SSS_PAM_PRIV_SOCKET_NAME) == 0) { expected_version = SSS_PAM_PROTOCOL_VERSION; } else { - return NSS_STATUS_UNAVAIL; + return false; } req.len = sizeof(expected_version); req.data = &expected_version; - nret = sss_nss_make_request_nochecks(SSS_GET_VERSION, &req, + nret = sss_cli_make_request_nochecks(SSS_GET_VERSION, &req, &repbuf, &replen, &errnop); - if (nret != NSS_STATUS_SUCCESS) { - return nret; + if (nret != SSS_STATUS_SUCCESS) { + return false; } if (!repbuf) { - return res; - } - - if (((uint32_t *)repbuf)[0] == expected_version) { - res = NSS_STATUS_SUCCESS; + return false; } + obtained_version = ((uint32_t *)repbuf)[0]; free(repbuf); - return res; + + return (obtained_version == expected_version); } /* this 2 functions are adapted from samba3 winbinbd's wb_common.c */ @@ -494,7 +492,7 @@ static int make_safe_fd(int fd) return new_fd; } -static int sss_nss_open_socket(int *errnop, const char *socket_name) +static int sss_cli_open_socket(int *errnop, const char *socket_name) { struct sockaddr_un nssaddr; bool inprogress = true; @@ -663,14 +661,14 @@ static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name sss_cli_close_socket(); } - mysd = sss_nss_open_socket(errnop, socket_name); + mysd = sss_cli_open_socket(errnop, socket_name); if (mysd == -1) { return SSS_STATUS_UNAVAIL; } sss_cli_sd = mysd; - if (sss_nss_check_version(socket_name) == NSS_STATUS_SUCCESS) { + if (sss_cli_check_version(socket_name)) { return SSS_STATUS_SUCCESS; } @@ -700,7 +698,16 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, return NSS_STATUS_UNAVAIL; } - return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + switch (ret) { + case SSS_STATUS_TRYAGAIN: + return NSS_STATUS_TRYAGAIN; + case SSS_STATUS_SUCCESS: + return NSS_STATUS_SUCCESS; + case SSS_STATUS_UNAVAIL: + default: + return NSS_STATUS_UNAVAIL; + } } errno_t check_server_cred(int sockfd) @@ -731,7 +738,9 @@ int sss_pam_make_request(enum sss_cli_command cmd, uint8_t **repbuf, size_t *replen, int *errnop) { - int ret; + int ret, statret; + errno_t error; + enum sss_status status; char *envval; struct stat stat_buf; @@ -746,8 +755,8 @@ int sss_pam_make_request(enum sss_cli_command cmd, /* only root shall use the privileged pipe */ if (getuid() == 0 && getgid() == 0) { - ret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf); - if (ret != 0) { + statret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf); + if (statret != 0) { ret = PAM_SERVICE_ERR; goto out; } @@ -760,10 +769,10 @@ int sss_pam_make_request(enum sss_cli_command cmd, goto out; } - ret = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME); + status = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME); } else { - ret = stat(SSS_PAM_SOCKET_NAME, &stat_buf); - if (ret != 0) { + statret = stat(SSS_PAM_SOCKET_NAME, &stat_buf); + if (statret != 0) { ret = PAM_SERVICE_ERR; goto out; } @@ -776,22 +785,27 @@ int sss_pam_make_request(enum sss_cli_command cmd, goto out; } - ret = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME); + status = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME); } - if (ret != NSS_STATUS_SUCCESS) { + if (status != SSS_STATUS_SUCCESS) { ret = PAM_SERVICE_ERR; goto out; } - ret = check_server_cred(sss_cli_sd); - if (ret != 0) { + error = check_server_cred(sss_cli_sd); + if (error != 0) { sss_cli_close_socket(); - *errnop = ret; + *errnop = error; ret = PAM_SERVICE_ERR; goto out; } - ret = sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + status = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + if (status == SSS_STATUS_SUCCESS) { + ret = PAM_SUCCESS; + } else { + ret = PAM_SERVICE_ERR; + } out: sss_pam_unlock(); diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 6155e49d8..66de232d5 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1092,7 +1092,7 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi, errnop = 0; ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop); - if (ret != NSS_STATUS_SUCCESS) { + if (ret != PAM_SUCCESS) { if (errnop != 0) { logger(pamh, LOG_ERR, "Request to sssd failed. %s", ssscli_err2string(errnop)); } diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index 7f579da67..1caa2fc8f 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -267,6 +267,7 @@ struct sss_cli_req_data { #define SSS_CLI_SOCKET_TIMEOUT 300000 enum sss_status { + SSS_STATUS_TRYAGAIN, SSS_STATUS_UNAVAIL, SSS_STATUS_SUCCESS }; |