diff options
| -rw-r--r-- | src/responder/pam/pamsrv_p11.c | 25 | ||||
| -rw-r--r-- | src/tests/cmocka/test_pam_srv.c | 14 |
2 files changed, 38 insertions, 1 deletions
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index 4d35e1d34..8a9497a09 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -504,10 +504,15 @@ errno_t pam_check_cert_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, return EOK; } +/* The PKCS11_LOGIN_TOKEN_NAME environment variable is e.g. used by the Gnome + * Settings Daemon to determine the name of the token used for login */ +#define PKCS11_LOGIN_TOKEN_ENV_NAME "PKCS11_LOGIN_TOKEN_NAME" + errno_t add_pam_cert_response(struct pam_data *pd, const char *user, const char *token_name) { uint8_t *msg = NULL; + char *env = NULL; size_t user_len; size_t msg_len; size_t slot_len; @@ -533,6 +538,26 @@ errno_t add_pam_cert_response(struct pam_data *pd, const char *user, ret = pam_add_response(pd, SSS_PAM_CERT_INFO, msg_len, msg); talloc_free(msg); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "pam_add_response failed to add certificate info.\n"); + return ret; + } + + env = talloc_asprintf(pd, "%s=%s", PKCS11_LOGIN_TOKEN_ENV_NAME, token_name); + if (env == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n"); + return ENOMEM; + } + + ret = pam_add_response(pd, SSS_PAM_ENV_ITEM, strlen(env) + 1, + (uint8_t *)env); + talloc_free(env); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "pam_add_response failed to add environment variable.\n"); + return ret; + } return ret; } diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index fdce524ce..2d4677e34 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -596,6 +596,8 @@ static int test_pam_simple_check(uint32_t status, uint8_t *body, size_t blen) return EOK; } +#define PKCS11_LOGIN_TOKEN_ENV_NAME "PKCS11_LOGIN_TOKEN_NAME" + static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen) { size_t rp = 0; @@ -607,7 +609,7 @@ static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen) assert_int_equal(val, pam_test_ctx->exp_pam_status); SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); - assert_int_equal(val, 2); + assert_int_equal(val, 3); SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); assert_int_equal(val, SSS_PAM_DOMAIN_NAME); @@ -620,6 +622,16 @@ static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen) rp += val; SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); + assert_int_equal(val, SSS_PAM_ENV_ITEM); + + SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); + assert_int_equal(val, (strlen(PKCS11_LOGIN_TOKEN_ENV_NAME "=") + + sizeof(TEST_TOKEN_NAME))); + assert_string_equal(body + rp, + PKCS11_LOGIN_TOKEN_ENV_NAME "=" TEST_TOKEN_NAME); + rp += val; + + SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); assert_int_equal(val, SSS_PAM_CERT_INFO); SAFEALIGN_COPY_UINT32(&val, body + rp, &rp); |