diff options
author | Sumit Bose <sbose@redhat.com> | 2016-09-16 11:47:40 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-09-16 15:05:15 +0200 |
commit | 3649b959709f1ab187092f054d4aace0798c98fa (patch) | |
tree | 5efd85b0e473f68a6dc226607b3305566c0b8ca1 | |
parent | 71cd9f98150577224559bdc12c53c01ce6f2c3d9 (diff) | |
download | sssd-3649b959709f1ab187092f054d4aace0798c98fa.tar.gz sssd-3649b959709f1ab187092f054d4aace0798c98fa.tar.xz sssd-3649b959709f1ab187092f054d4aace0798c98fa.zip |
p11: return a fully-qualified name
Related to https://fedorahosted.org/sssd/ticket/3165
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/responder/pam/pamsrv_p11.c | 20 | ||||
-rw-r--r-- | src/tests/cmocka/test_pam_srv.c | 16 |
2 files changed, 17 insertions, 19 deletions
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index 22da33067..570bfe09d 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -521,33 +521,31 @@ errno_t add_pam_cert_response(struct pam_data *pd, const char *sysdb_username, size_t msg_len; size_t slot_len; int ret; - char *username; if (sysdb_username == NULL || token_name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Missing mandatory user or slot name.\n"); return EINVAL; } - ret = sss_parse_internal_fqname(pd, sysdb_username, &username, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse [%s]\n", sysdb_username); - return ret; - } - - user_len = strlen(username) + 1; + user_len = strlen(sysdb_username) + 1; slot_len = strlen(token_name) + 1; msg_len = user_len + slot_len; msg = talloc_zero_size(pd, msg_len); if (msg == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_size failed.\n"); - talloc_free(username); return ENOMEM; } - memcpy(msg, username, user_len); + /* sysdb_username is a fully-qualified name which is used by pam_sss when + * prompting the user for the PIN and as login name if it wasn't set by + * the PAM caller but has to be determined based on the inserted + * Smartcard. If this type of name is irritating at the PIN prompt or the + * re_expression config option was set in a way that user@domain cannot be + * handled anymore some more logic has to be added here. But for the time + * being I think using sysdb_username is fine. */ + memcpy(msg, sysdb_username, user_len); memcpy(msg + user_len, token_name, slot_len); - talloc_free(username); ret = pam_add_response(pd, SSS_PAM_CERT_INFO, msg_len, msg); talloc_free(msg); diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index 02199e6f1..4b2dea4be 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -664,11 +664,11 @@ static int test_pam_cert_check_gdm_smartcard(uint32_t status, uint8_t *body, assert_int_equal(val, SSS_PAM_CERT_INFO); SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); - assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME))); + assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME))); - assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0); - assert_string_equal(body + rp, "pamuser"); - rp += sizeof("pamuser"); + assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0); + assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME); + rp += sizeof("pamuser@"TEST_DOM_NAME); assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0); assert_string_equal(body + rp, TEST_TOKEN_NAME); @@ -703,11 +703,11 @@ static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen) assert_int_equal(val, SSS_PAM_CERT_INFO); SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); - assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME))); + assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME))); - assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0); - assert_string_equal(body + rp, "pamuser"); - rp += sizeof("pamuser"); + assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0); + assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME); + rp += sizeof("pamuser@"TEST_DOM_NAME); assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0); assert_string_equal(body + rp, TEST_TOKEN_NAME); |