diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2016-03-15 14:29:02 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-07 10:26:20 +0200 |
commit | 2b62d5a414b8b7dba4f714dc5033e28dc4b1f4fe (patch) | |
tree | d9d2af19cf2f711b9e4c3f824d244d7bc154b562 /src/responder/pam/pamsrv_p11.c | |
parent | 29071a9e2df823a2cdc13cea996ece1c996e1172 (diff) | |
download | sssd-2b62d5a414b8b7dba4f714dc5033e28dc4b1f4fe.tar.gz sssd-2b62d5a414b8b7dba4f714dc5033e28dc4b1f4fe.tar.xz sssd-2b62d5a414b8b7dba4f714dc5033e28dc4b1f4fe.zip |
PAM: Use qualified names internally in the PAM responder
The name is converted from whatever we receive on input to the internal
format before processing the data further.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/responder/pam/pamsrv_p11.c')
-rw-r--r-- | src/responder/pam/pamsrv_p11.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index 8a9497a09..a2514f6a1 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -508,7 +508,7 @@ errno_t pam_check_cert_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, * Settings Daemon to determine the name of the token used for login */ #define PKCS11_LOGIN_TOKEN_ENV_NAME "PKCS11_LOGIN_TOKEN_NAME" -errno_t add_pam_cert_response(struct pam_data *pd, const char *user, +errno_t add_pam_cert_response(struct pam_data *pd, const char *sysdb_username, const char *token_name) { uint8_t *msg = NULL; @@ -517,24 +517,33 @@ errno_t add_pam_cert_response(struct pam_data *pd, const char *user, size_t msg_len; size_t slot_len; int ret; + char *username; - if (user == NULL || token_name == NULL) { + if (sysdb_username == NULL || token_name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Missing mandatory user or slot name.\n"); return EINVAL; } - user_len = strlen(user) + 1; + ret = sss_parse_internal_fqname(pd, sysdb_username, &username, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse [%s]\n", sysdb_username); + return ret; + } + + user_len = strlen(username) + 1; slot_len = strlen(token_name) + 1; msg_len = user_len + slot_len; msg = talloc_zero_size(pd, msg_len); if (msg == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_size failed.\n"); + talloc_free(username); return ENOMEM; } - memcpy(msg, user, user_len); + memcpy(msg, username, user_len); memcpy(msg + user_len, token_name, slot_len); + talloc_free(username); ret = pam_add_response(pd, SSS_PAM_CERT_INFO, msg_len, msg); talloc_free(msg); |