Hi,
with this patch the client sends its PID to sssd. This is at least
needed by the krb5 provider if the client PID should be part of the
credential cache file.
bye,
Sumit
>From 462499218e1757aacdb897eb34aae09ffeabe47d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Fri, 11 Sep 2009 11:45:19 +0200
Subject: [PATCH] Let the PAM client send its PID
- the client sends the PID as uint32_t and sssd will use uint32_t too
- fix a possible type issue where a uint32_t is sent as int32 in internal
dbus communication
---
server/providers/data_provider.h | 1 +
server/providers/dp_auth_util.c | 11 ++++++---
server/responder/pam/pamsrv_cmd.c | 15 +++++++++++++
sss_client/pam_sss.c | 40 ++++++++++++++++++++++++++++--------
sss_client/sss_cli.h | 3 +-
5 files changed, 56 insertions(+), 14 deletions(-)
diff --git a/server/providers/data_provider.h b/server/providers/data_provider.h
index 91adecb..201ad02 100644
--- a/server/providers/data_provider.h
+++ b/server/providers/data_provider.h
@@ -110,6 +110,7 @@ struct pam_data {
char *rhost;
uint8_t *authtok;
uint8_t *newauthtok;
+ uint32_t cli_pid;
int pam_status;
int response_delay;
diff --git a/server/providers/dp_auth_util.c b/server/providers/dp_auth_util.c
index 492ac7c..80e9f16 100644
--- a/server/providers/dp_auth_util.c
+++ b/server/providers/dp_auth_util.c
@@ -37,6 +37,7 @@ void pam_print_data(int l, struct pam_data *pd)
DEBUG(l, ("priv: %d\n", pd->priv));
DEBUG(l, ("pw_uid: %d\n", pd->pw_uid));
DEBUG(l, ("gr_gid: %d\n", pd->gr_gid));
+ DEBUG(l, ("cli_pid: %d\n", pd->cli_pid));
}
int pam_add_response(struct pam_data *pd, enum response_type type,
@@ -76,17 +77,18 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data
*pd)
DBUS_TYPE_STRING, &(pd->tty),
DBUS_TYPE_STRING, &(pd->ruser),
DBUS_TYPE_STRING, &(pd->rhost),
- DBUS_TYPE_INT32, &(pd->authtok_type),
+ DBUS_TYPE_UINT32, &(pd->authtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->authtok),
(pd->authtok_size),
- DBUS_TYPE_INT32, &(pd->newauthtok_type),
+ DBUS_TYPE_UINT32, &(pd->newauthtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->newauthtok),
pd->newauthtok_size,
DBUS_TYPE_INT32, &(pd->priv),
DBUS_TYPE_INT32, &(pd->pw_uid),
DBUS_TYPE_INT32, &(pd->gr_gid),
+ DBUS_TYPE_UINT32, &(pd->cli_pid),
DBUS_TYPE_INVALID);
return ret;
@@ -104,17 +106,18 @@ bool dp_unpack_pam_request(DBusMessage *msg, struct
pam_data *pd, DBusError *dbu
DBUS_TYPE_STRING, &(pd->tty),
DBUS_TYPE_STRING, &(pd->ruser),
DBUS_TYPE_STRING, &(pd->rhost),
- DBUS_TYPE_INT32, &(pd->authtok_type),
+ DBUS_TYPE_UINT32, &(pd->authtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->authtok),
&(pd->authtok_size),
- DBUS_TYPE_INT32, &(pd->newauthtok_type),
+ DBUS_TYPE_UINT32, &(pd->newauthtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
&(pd->newauthtok),
&(pd->newauthtok_size),
DBUS_TYPE_INT32, &(pd->priv),
DBUS_TYPE_INT32, &(pd->pw_uid),
DBUS_TYPE_INT32, &(pd->gr_gid),
+ DBUS_TYPE_UINT32, &(pd->cli_pid),
DBUS_TYPE_INVALID);
return ret;
diff --git a/server/responder/pam/pamsrv_cmd.c
b/server/responder/pam/pamsrv_cmd.c
index 1204e32..0dcf157 100644
--- a/server/responder/pam/pamsrv_cmd.c
+++ b/server/responder/pam/pamsrv_cmd.c
@@ -71,6 +71,16 @@ static int extract_string(char **var, uint8_t *body, size_t
blen, size_t *c) {
return EOK;
}
+static int extract_uint32_t(uint32_t *var, uint8_t *body, size_t blen, size_t
*c) {
+
+ if (blen-(*c) < sizeof(uint32_t)+1) return EINVAL;
+
+ *var = ((uint32_t *)&body[*c])[0];
+ *c += sizeof(uint32_t);
+
+ return EOK;
+}
+
static int pam_parse_in_data_v2(struct sss_names_ctx *snctx,
struct pam_data *pd,
uint8_t *body, size_t blen)
@@ -119,6 +129,11 @@ static int pam_parse_in_data_v2(struct sss_names_ctx
*snctx,
ret = extract_string(&pd->rhost, body, blen, &c);
if (ret != EOK) return ret;
break;
+ case PAM_ITEM_CLI_PID:
+ ret = extract_uint32_t(&pd->cli_pid,
+ body, blen, &c);
+ if (ret != EOK) return ret;
+ break;
case PAM_ITEM_AUTHTOK:
ret = extract_authtok(&pd->authtok_type, &pd->authtok_size,
&pd->authtok, body, blen, &c);
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
index 5173d65..f7e1654 100644
--- a/sss_client/pam_sss.c
+++ b/sss_client/pam_sss.c
@@ -46,6 +46,7 @@ struct pam_items {
size_t pam_newauthtok_size;
char *pam_cli_locale;
size_t pam_cli_locale_size;
+ pid_t cli_pid;
};
#define DEBUG_MGS_LEN 1024
@@ -104,11 +105,26 @@ static size_t add_authtok_item(enum pam_item_type type,
return rp;
}
+
+static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val,
+ uint8_t *buf) {
+ size_t rp=0;
+
+
+ ((uint32_t *)(&buf[rp]))[0] = type;
+ rp += sizeof(uint32_t);
+
+ ((uint32_t *)(&buf[rp]))[0] = val;
+ rp += sizeof(uint32_t);
+
+ return rp;
+}
+
static size_t add_string_item(enum pam_item_type type, const char *str,
const size_t size, uint8_t *buf) {
size_t rp=0;
- if (*str == '\0') return 0;
+ if (str == NULL || *str == '\0') return 0;
((uint32_t *)(&buf[rp]))[0] = type;
rp += sizeof(uint32_t);
@@ -131,20 +147,21 @@ static int pack_message_v2(struct pam_items *pi, size_t
*size,
len = sizeof(uint32_t) +
2*sizeof(uint32_t) + pi->pam_user_size +
sizeof(uint32_t);
- len += *pi->pam_service != '\0' ?
+ len += *pi->pam_service != '\0' ?
2*sizeof(uint32_t) + pi->pam_service_size : 0;
- len += *pi->pam_tty != '\0' ?
+ len += *pi->pam_tty != '\0' ?
2*sizeof(uint32_t) + pi->pam_tty_size : 0;
- len += *pi->pam_ruser != '\0' ?
+ len += *pi->pam_ruser != '\0' ?
2*sizeof(uint32_t) + pi->pam_ruser_size : 0;
- len += *pi->pam_rhost != '\0' ?
+ len += *pi->pam_rhost != '\0' ?
2*sizeof(uint32_t) + pi->pam_rhost_size : 0;
- len += *pi->pam_cli_locale != '\0' ?
+ len += *pi->pam_cli_locale != '\0' ?
2*sizeof(uint32_t) + pi->pam_cli_locale_size : 0;
- len += pi->pam_authtok != NULL ?
+ len += pi->pam_authtok != NULL ?
3*sizeof(uint32_t) + pi->pam_authtok_size : 0;
- len += pi->pam_newauthtok != NULL ?
+ len += pi->pam_newauthtok != NULL ?
3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0;
+ len += 2*sizeof(uint32_t); /* cli_pid */
buf = malloc(len);
if (buf == NULL) {
@@ -171,9 +188,11 @@ static int pack_message_v2(struct pam_items *pi, size_t
*size,
rp += add_string_item(PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size,
&buf[rp]);
- rp += add_string_item(PAM_CLI_LOCALE, pi->pam_cli_locale,
+ rp += add_string_item(PAM_ITEM_CLI_LOCALE, pi->pam_cli_locale,
pi->pam_cli_locale_size, &buf[rp]);
+ rp += add_uint32_t_item(PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid,
&buf[rp]);
+
rp += add_authtok_item(PAM_ITEM_AUTHTOK, pi->pam_authtok_type,
pi->pam_authtok, pi->pam_authtok_size, &buf[rp]);
_pam_overwrite_n((void *)pi->pam_authtok, pi->pam_authtok_size);
@@ -466,6 +485,8 @@ static int get_pam_items(pam_handle_t *pamh, struct
pam_items *pi)
}
pi->pam_cli_locale_size = strlen(pi->pam_cli_locale)+1;
+ pi->cli_pid = getpid();
+
return PAM_SUCCESS;
}
@@ -485,6 +506,7 @@ static void print_pam_items(struct pam_items *pi)
D(("Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_authtok)));
D(("Newauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_newauthtok)));
D(("Locale: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_cli_locale)));
+ D(("Cli_PID: %d", pi->cli_pid));
}
static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index 7e0d4db..2b4e502 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -149,7 +149,8 @@ enum pam_item_type {
PAM_ITEM_RHOST,
PAM_ITEM_AUTHTOK,
PAM_ITEM_NEWAUTHTOK,
- PAM_CLI_LOCALE,
+ PAM_ITEM_CLI_LOCALE,
+ PAM_ITEM_CLI_PID,
};
#define SSS_NSS_MAX_ENTRIES 256
--
1.6.2.5
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
