From b8919e480b4ad25fa03fa3961043e6dcfa28991b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 6 Mar 2009 13:33:40 +0100
Subject: added generic PAM return messages and a false login delay

---
 sss_client/pam_sss.c | 74 +++++++++++++++++++++++++++++++++++++++++-----------
 sss_client/sss_cli.h |  5 ++++
 2 files changed, 64 insertions(+), 15 deletions(-)

(limited to 'sss_client')

diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 5b56bb0a..f045602b 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -11,7 +11,8 @@
 #include <security/pam_modules.h>
 #include <security/pam_misc.h>
 
-#include "sss_cli.h" 
+#include "sss_cli.h"
+#include "sss/responder.h"
 
 struct pam_items {
     const char* pam_service;
@@ -34,8 +35,44 @@ struct pam_items {
     int pam_newauthtok_size;
 };
 
+static int eval_response(pam_handle_t *pamh, int buflen, uint8_t *buf)
+{
+    int p=0;
+    int32_t *c;
+    int32_t *type;
+    int32_t *len;
+    int32_t *pam_status;
+
+    pam_status = ((int32_t *)(buf+p));
+    p += sizeof(int32_t);
+
+
+    c = ((int32_t *)(buf+p));
+    p += sizeof(int32_t);
+
+    while(*c>0) {
+        type = ((int32_t *)(buf+p));
+        p += sizeof(int32_t);
+        len = ((int32_t *)(buf+p));
+        p += sizeof(int32_t);
+        switch(*type) {
+            case PAM_USER_INFO:
+                D(("user info: [%s]", &buf[p]));
+                break;
+            case PAM_DOMAIN_NAME:
+                D(("domain name: [%s]", &buf[p]));
+                break;
+        }
+        p += *len;
+
+        --(*c);
+    }
+
+    return 0;
+}
 
-static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi) {
+static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi)
+{
     int ret;
 
     ret = pam_get_item(pamh, PAM_SERVICE, (const void **) &(pi->pam_service));
@@ -74,7 +111,8 @@ static int get_pam_items(pam_handle_t *pamh, struct pam_items *pi) {
     return PAM_SUCCESS;
 }
 
-static void print_pam_items(struct pam_items pi) {
+static void print_pam_items(struct pam_items pi)
+{
     D(("Service: %s", *pi.pam_service!='\0' ? pi.pam_service : "(not available)"));
     D(("User: %s", *pi.pam_user!='\0' ? pi.pam_user : "(not available)"));
     D(("Tty: %s", *pi.pam_tty!='\0' ? pi.pam_tty : "(not available)"));
@@ -85,7 +123,8 @@ static void print_pam_items(struct pam_items pi) {
 }
 
 static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
-                   const char **argv) {
+                   const char **argv)
+{
     int ret;
     int errnop;
     int c;
@@ -99,7 +138,6 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
     struct pam_message *mesg[1];
     struct pam_response *resp=NULL;
     int pam_status;
-    char *domain;
     char *newpwd[2];
 
     D(("Hello pam_sssd: %d", task));
@@ -277,16 +315,16 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
             goto done;
         }
 
-        if (replen<sizeof(int) || repbuf[replen-1]!='\0') {
+/* FIXME: add an end signature */
+        if (replen<sizeof(int)) {
             D(("response not in expected format."));
             pam_status=PAM_SYSTEM_ERR;
             goto done;
         }
 
         pam_status = ((int32_t *)repbuf)[0];
-        domain = (char *)(repbuf + sizeof(uint32_t));
+        eval_response(pamh, replen, repbuf);
         D(("received: %d (%s)", pam_status, pam_strerror(pamh,pam_status)));
-        D(("received: %s", domain));
     } else {
         D(("no user found, doing nothing"));
         return PAM_SUCCESS;
@@ -306,33 +344,39 @@ done:
 }
 
 PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-                                   const char **argv ) {
+                                   const char **argv )
+{
     return pam_sss(SSS_PAM_AUTHENTICATE, pamh, flags, argc, argv);
 }
 
 
 PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
-                              const char **argv ) {
+                              const char **argv )
+{
     return pam_sss(SSS_PAM_SETCRED, pamh, flags, argc, argv);
 }
 
 PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
-                                const char **argv ) {
+                                const char **argv )
+{
     return pam_sss(SSS_PAM_ACCT_MGMT, pamh, flags, argc, argv);
 }
 
 PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
-                                const char **argv ) {
+                                const char **argv )
+{
     return pam_sss(SSS_PAM_CHAUTHTOK, pamh, flags, argc, argv);
 }
 
 PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
-                                   const char **argv ) {
+                                   const char **argv )
+{
     return pam_sss(SSS_PAM_OPEN_SESSION, pamh, flags, argc, argv);
 }
 
 PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
-                                    const char **argv ) {
+                                    const char **argv )
+{
     return pam_sss(SSS_PAM_CLOSE_SESSION, pamh, flags, argc, argv);
 }
 
@@ -341,7 +385,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc,
 
 /* static module data */
 
-struct pam_module _pam_sssd_modstruct = {
+struct pam_module _pam_sssd_modstruct ={
      "pam_sssd",
      pam_sm_authenticate,
      pam_sm_setcred,
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index dfb6380c..d0eec991 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -154,6 +154,11 @@ enum sss_status {
     SSS_STATUS_SUCCESS
 };
 
+enum response_type {
+    PAM_USER_INFO = 0x01,
+    PAM_DOMAIN_NAME,
+};
+
 enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
                                      struct sss_cli_req_data *rd,
                                      uint8_t **repbuf, size_t *replen,
-- 
cgit