diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-04-19 11:59:09 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-26 15:14:40 -0400 |
| commit | 02e38eae1b9cb5df2036a707dafd86f6047c17de (patch) | |
| tree | 970b10c1df9bfe101a3d84ec1ff87dedd5364186 /src/providers/dp_pam_data_util.c | |
| parent | 06c03627c81a5252420931383a68eb67ba551667 (diff) | |
| download | sssd_unused-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.gz sssd_unused-02e38eae1b9cb5df2036a707dafd86f6047c17de.tar.xz sssd_unused-02e38eae1b9cb5df2036a707dafd86f6047c17de.zip | |
Add support for delayed kinit if offline
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
Diffstat (limited to 'src/providers/dp_pam_data_util.c')
| -rw-r--r-- | src/providers/dp_pam_data_util.c | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c index 02eb6e91..d709447d 100644 --- a/src/providers/dp_pam_data_util.c +++ b/src/providers/dp_pam_data_util.c @@ -25,6 +25,26 @@ #include "providers/data_provider.h" +#define PD_STR_COPY(el) do { \ + if (old_pd->el != NULL) { \ + pd->el = talloc_strdup(pd, old_pd->el); \ + if (pd->el == NULL) { \ + DEBUG(1, ("talloc_strdup failed.\n")); \ + goto failed; \ + } \ + } \ +} while(0); + +#define PD_MEM_COPY(el, size) do { \ + if (old_pd->el != NULL) { \ + pd->el = talloc_memdup(pd, old_pd->el, (size)); \ + if (pd->el == NULL) { \ + DEBUG(1, ("talloc_memdup failed.\n")); \ + goto failed; \ + } \ + } \ +} while(0); + static const char *pamcmd2str(int cmd) { switch (cmd) { case SSS_PAM_AUTHENTICATE: @@ -46,6 +66,74 @@ static const char *pamcmd2str(int cmd) { } } +int pam_data_destructor(void *ptr) +{ + struct pam_data *pd = talloc_get_type(ptr, struct pam_data); + + if (pd->authtok_size != 0 && pd->authtok != NULL) { + memset(pd->authtok, 0, pd->authtok_size); + pd->authtok_size = 0; + } + + if (pd->newauthtok_size != 0 && pd->newauthtok != NULL) { + memset(pd->newauthtok, 0, pd->newauthtok_size); + pd->newauthtok_size = 0; + } + + return EOK; +} + +struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx) +{ + struct pam_data *pd; + + pd = talloc_zero(mem_ctx, struct pam_data); + if (pd == NULL) { + DEBUG(1, ("talloc_zero failed.\n")); + return NULL; + } + + talloc_set_destructor((TALLOC_CTX *) pd, pam_data_destructor); + + return pd; +} + +errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *old_pd, + struct pam_data **new_pd) +{ + struct pam_data *pd = NULL; + + pd = create_pam_data(mem_ctx); + if (pd == NULL) { + DEBUG(1, ("create_pam_data failed.\n")); + return ENOMEM; + } + + pd->cmd = old_pd->cmd; + pd->authtok_type = old_pd->authtok_type; + pd->authtok_size = old_pd->authtok_size; + pd->newauthtok_type = old_pd->newauthtok_type; + pd->newauthtok_size = old_pd->newauthtok_size; + + PD_STR_COPY(domain); + PD_STR_COPY(user); + PD_STR_COPY(service); + PD_STR_COPY(tty); + PD_STR_COPY(ruser); + PD_STR_COPY(rhost); + PD_MEM_COPY(authtok, old_pd->authtok_size); + PD_MEM_COPY(newauthtok, old_pd->newauthtok_size); + pd->cli_pid = old_pd->cli_pid; + + *new_pd = pd; + + return EOK; + +failed: + talloc_free(pd); + return ENOMEM; +} + void pam_print_data(int l, struct pam_data *pd) { DEBUG(l, ("command: %s\n", pamcmd2str(pd->cmd))); |