/* Authors: Pavel Březina Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include #include #include #include #include "util/util.h" #include "responder/sudo/sudosrv_private.h" static int sudosrv_response_append_string(TALLOC_CTX *mem_ctx, const char *str, size_t str_len, uint8_t **_response_body, size_t *_response_len) { size_t response_len = *_response_len; uint8_t *response_body = *_response_body; response_body = talloc_realloc(mem_ctx, response_body, uint8_t, response_len + (str_len * sizeof(char))); if (response_body == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc() failed\n"); return ENOMEM; } memcpy(response_body + response_len, str, str_len); response_len += str_len; *_response_body = response_body; *_response_len = response_len; return EOK; } static int sudosrv_response_append_uint32(TALLOC_CTX *mem_ctx, uint32_t number, uint8_t **_response_body, size_t *_response_len) { size_t response_len = *_response_len; uint8_t *response_body = *_response_body; response_body = talloc_realloc(mem_ctx, response_body, uint8_t, response_len + sizeof(uint32_t)); if (response_body == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_realloc() failed\n"); return ENOMEM; } SAFEALIGN_SET_UINT32(response_body + response_len, number, &response_len); *_response_body = response_body; *_response_len = response_len; return EOK; } static int sudosrv_response_append_attr(TALLOC_CTX *mem_ctx, const char *name, unsigned int values_num, struct ldb_val *values, uint8_t **_response_body, size_t *_response_len) { uint8_t *response_body = *_response_body; size_t response_len = *_response_len; TALLOC_CTX *tmp_ctx = NULL; unsigned int i = 0; int ret = EOK; const char *strval; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); return ENOMEM; } /* attr name */ ret = sudosrv_response_append_string(tmp_ctx, name, strlen(name) + 1, &response_body, &response_len); if (ret != EOK) { goto done; } /* values count */ ret = sudosrv_response_append_uint32(tmp_ctx, values_num, &response_body, &response_len); if (ret != EOK) { goto done; } /* values */ for (i = 0; i < values_num; i++) { strval = (const char *) values[i].data; if (strlen((strval)) != values[i].length) { DEBUG(SSSDBG_CRIT_FAILURE, "value is not a string\n"); ret = EINVAL; goto done; } ret = sudosrv_response_append_string(tmp_ctx, strval, values[i].length + 1, &response_body, &response_len); DEBUG(SSSDBG_TRACE_INTERNAL, "%s:%s\n", name, strval); if (ret != EOK) { goto done; } } *_response_body = talloc_steal(mem_ctx, response_body); *_response_len = response_len; ret = EOK; done: talloc_free(tmp_ctx); return ret; } static int sudosrv_response_append_rule(TALLOC_CTX *mem_ctx, int attrs_num, struct ldb_message_element *attrs, uint8_t **_response_body, size_t *_response_len) { uint8_t *response_body = *_response_body; size_t response_len = *_response_len; TALLOC_CTX *tmp_ctx = NULL; int i = 0; int ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); return ENOMEM; } /* attrs count */ ret = sudosrv_response_append_uint32(tmp_ctx, attrs_num, &response_body, &response_len); if (ret != EOK) { goto done; } /* attrs */ for (i = 0; i < attrs_num; i++) { ret = sudosrv_response_append_attr(tmp_ctx, attrs[i].name, attrs[i].num_values, attrs[i].values, &response_body, &response_len); if (ret != EOK) { goto done; } } *_response_body = talloc_steal(mem_ctx, response_body); *_response_len = response_len; ret = EOK; done: talloc_free(tmp_ctx); return ret; } /* * Response format: * \0... * = ... * = \0\0\0... * * if is not SSS_SUDO_ERROR_OK, the rest of the data is skipped. */ errno_t sudosrv_build_response(TALLOC_CTX *mem_ctx, uint32_t error, uint32_t rules_num, struct sysdb_attrs **rules, uint8_t **_response_body, size_t *_response_len) { uint8_t *response_body = NULL; size_t response_len = 0; TALLOC_CTX *tmp_ctx = NULL; uint32_t i = 0; errno_t ret = EOK; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); return ENOMEM; } /* error code */ ret = sudosrv_response_append_uint32(tmp_ctx, error, &response_body, &response_len); if (ret != EOK) { goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, "error: [%"PRIu32"]\n", error); if (error != SSS_SUDO_ERROR_OK) { goto done; } /* domain name - deprecated * TODO: when possible change the protocol */ ret = sudosrv_response_append_string(tmp_ctx, "\0", 1, &response_body, &response_len); if (ret != EOK) { goto fail; } /* rules count */ ret = sudosrv_response_append_uint32(tmp_ctx, rules_num, &response_body, &response_len); if (ret != EOK) { goto fail; } DEBUG(SSSDBG_TRACE_INTERNAL, "rules_num: [%"PRIu32"]\n", error); /* rules */ for (i = 0; i < rules_num; i++) { DEBUG(SSSDBG_TRACE_INTERNAL, "rule [%"PRIu32"]/[%"PRIu32"]\n", i+1, rules_num); ret = sudosrv_response_append_rule(tmp_ctx, rules[i]->num, rules[i]->a, &response_body, &response_len); if (ret != EOK) { goto fail; } } done: *_response_body = talloc_steal(mem_ctx, response_body); *_response_len = response_len; ret = EOK; fail: talloc_free(tmp_ctx); return ret; } errno_t sudosrv_parse_query(TALLOC_CTX *mem_ctx, uint8_t *query_body, size_t query_len, char **_rawname, uid_t *_uid) { size_t offset = 0; size_t rawname_len; char *rawname; uid_t uid; /* uid */ if (query_len < sizeof(uid_t)) { DEBUG(SSSDBG_CRIT_FAILURE, "Query is too small\n"); return EINVAL; } safealign_memcpy(&uid, query_body, sizeof(uid_t), &offset); /* username[@domain] */ rawname = (char*)(query_body + offset); rawname_len = query_len - offset; /* strlen + zero */ if (rawname[rawname_len - 1] != '\0') { DEBUG(SSSDBG_CRIT_FAILURE, "Username is not zero terminated\n"); return EINVAL; } if (rawname_len < 2) { /* at least one character and zero */ DEBUG(SSSDBG_CRIT_FAILURE, "Query does not contain username\n"); return EINVAL; } if (!sss_utf8_check((uint8_t*)rawname, rawname_len - 1)) { DEBUG(SSSDBG_CRIT_FAILURE, "Supplied data is not valid UTF-8 string\n"); return EINVAL; } rawname = talloc_strdup(mem_ctx, rawname); if (rawname == NULL) { return ENOMEM; } *_uid = uid; *_rawname = rawname; return EOK; }