diff options
| author | Sumit Bose <sbose@redhat.com> | 2017-02-22 17:58:15 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-23 10:15:11 +0100 |
| commit | ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3 (patch) | |
| tree | db5939116e6d35e6486266c7112c3ff0c81deb80 /src/sss_client | |
| parent | 82c5971fafe6063a90289ebba08035fc49ae8590 (diff) | |
| download | sssd-ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3.tar.gz sssd-ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3.tar.xz sssd-ead25e32c52c8c2f5fd9abd179e9e81de58f9ca3.zip | |
p11: return name of PKCS#11 module and key id to pam_sss
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/sss_client')
| -rw-r--r-- | src/sss_client/pam_message.h | 2 | ||||
| -rw-r--r-- | src/sss_client/pam_sss.c | 49 |
2 files changed, 49 insertions, 2 deletions
diff --git a/src/sss_client/pam_message.h b/src/sss_client/pam_message.h index 34889e074..3f4a770ac 100644 --- a/src/sss_client/pam_message.h +++ b/src/sss_client/pam_message.h @@ -61,6 +61,8 @@ struct pam_items { char *cert_user; char *token_name; + char *module_name; + char *key_id; }; int pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer); diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 8f97af77e..fa30889e7 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -162,6 +162,12 @@ static void overwrite_and_free_pam_items(struct pam_items *pi) free(pi->token_name); pi->token_name = NULL; + + free(pi->module_name); + pi->module_name = NULL; + + free(pi->key_id); + pi->key_id = NULL; } static int null_strcmp(const char *s1, const char *s2) { @@ -1019,10 +1025,47 @@ static int eval_response(pam_handle_t *pamh, size_t buflen, uint8_t *buf, pi->token_name = strdup((char *) &buf[p + offset]); if (pi->token_name == NULL) { D(("strdup failed")); + free(pi->cert_user); + pi->cert_user = NULL; + break; + } + + offset += strlen(pi->token_name) + 1; + if (offset >= len) { + D(("Cert message size mismatch")); + free(pi->cert_user); + pi->cert_user = NULL; + free(pi->token_name); + pi->token_name = NULL; + break; + } + free(pi->module_name); + pi->module_name = strdup((char *) &buf[p + offset]); + if (pi->module_name == NULL) { + D(("strdup failed")); + break; + } + + offset += strlen(pi->module_name) + 1; + if (offset >= len) { + D(("Cert message size mismatch")); + free(pi->cert_user); + pi->cert_user = NULL; + free(pi->token_name); + pi->token_name = NULL; + free(pi->module_name); + pi->module_name = NULL; + break; + } + free(pi->key_id); + pi->key_id = strdup((char *) &buf[p + offset]); + if (pi->key_id == NULL) { + D(("strdup failed")); break; } - D(("cert user: [%s] token name: [%s]", pi->cert_user, - pi->token_name)); + D(("cert user: [%s] token name: [%s] module: [%s] key id: [%s]", + pi->cert_user, pi->token_name, pi->module_name, + pi->key_id)); break; case SSS_PASSWORD_PROMPTING: D(("Password prompting available.")); @@ -1120,6 +1163,8 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t flags, pi->cert_user = NULL; pi->token_name = NULL; + pi->module_name = NULL; + pi->key_id = NULL; return PAM_SUCCESS; } |