From 02e38eae1b9cb5df2036a707dafd86f6047c17de Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 19 Apr 2010 11:59:09 +0200
Subject: Add support for delayed kinit if offline

If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
---
 src/providers/dp_pam_data_util.c | 88 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)

(limited to 'src/providers/dp_pam_data_util.c')

diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c
index 02eb6e91a..d709447d1 100644
--- a/src/providers/dp_pam_data_util.c
+++ b/src/providers/dp_pam_data_util.c
@@ -25,6 +25,26 @@
 #include "providers/data_provider.h"
 
 
+#define PD_STR_COPY(el) do { \
+    if (old_pd->el != NULL) { \
+        pd->el = talloc_strdup(pd, old_pd->el); \
+        if (pd->el == NULL) { \
+            DEBUG(1, ("talloc_strdup failed.\n")); \
+            goto failed; \
+        } \
+    } \
+} while(0);
+
+#define PD_MEM_COPY(el, size) do { \
+    if (old_pd->el != NULL) { \
+        pd->el = talloc_memdup(pd, old_pd->el, (size)); \
+        if (pd->el == NULL) { \
+            DEBUG(1, ("talloc_memdup failed.\n")); \
+            goto failed; \
+        } \
+    } \
+} while(0);
+
 static const char *pamcmd2str(int cmd) {
     switch (cmd) {
     case SSS_PAM_AUTHENTICATE:
@@ -46,6 +66,74 @@ static const char *pamcmd2str(int cmd) {
     }
 }
 
+int pam_data_destructor(void *ptr)
+{
+    struct pam_data *pd = talloc_get_type(ptr, struct pam_data);
+
+    if (pd->authtok_size != 0 && pd->authtok != NULL) {
+        memset(pd->authtok, 0, pd->authtok_size);
+        pd->authtok_size = 0;
+    }
+
+    if (pd->newauthtok_size != 0 && pd->newauthtok != NULL) {
+        memset(pd->newauthtok, 0, pd->newauthtok_size);
+        pd->newauthtok_size = 0;
+    }
+
+    return EOK;
+}
+
+struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx)
+{
+    struct pam_data *pd;
+
+    pd = talloc_zero(mem_ctx, struct pam_data);
+    if (pd == NULL) {
+        DEBUG(1, ("talloc_zero failed.\n"));
+        return NULL;
+    }
+
+    talloc_set_destructor((TALLOC_CTX *) pd, pam_data_destructor);
+
+    return pd;
+}
+
+errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *old_pd,
+                      struct pam_data **new_pd)
+{
+    struct pam_data *pd = NULL;
+
+    pd = create_pam_data(mem_ctx);
+    if (pd == NULL) {
+        DEBUG(1, ("create_pam_data failed.\n"));
+        return ENOMEM;
+    }
+
+    pd->cmd  = old_pd->cmd;
+    pd->authtok_type = old_pd->authtok_type;
+    pd->authtok_size = old_pd->authtok_size;
+    pd->newauthtok_type = old_pd->newauthtok_type;
+    pd->newauthtok_size = old_pd->newauthtok_size;
+
+    PD_STR_COPY(domain);
+    PD_STR_COPY(user);
+    PD_STR_COPY(service);
+    PD_STR_COPY(tty);
+    PD_STR_COPY(ruser);
+    PD_STR_COPY(rhost);
+    PD_MEM_COPY(authtok, old_pd->authtok_size);
+    PD_MEM_COPY(newauthtok, old_pd->newauthtok_size);
+    pd->cli_pid = old_pd->cli_pid;
+
+    *new_pd = pd;
+
+    return EOK;
+
+failed:
+    talloc_free(pd);
+    return ENOMEM;
+}
+
 void pam_print_data(int l, struct pam_data *pd)
 {
     DEBUG(l, ("command: %s\n", pamcmd2str(pd->cmd)));
-- 
cgit