On Fri, 11 Feb 2011 09:02:37 -0500
Stephen Gallagher <sgall...@redhat.com> wrote:
> >> New patch that also changes error codes.
> >
> >
> > Ack.
> >
>
>
> Revoking my ack. Further testing reveals that this broke something in
> pam_sss and auth is now failing.
Changing the error codes revealed an issue in the pam paths.
Updated patch to properly map errors from SST_STATUS_ errors to PAM_
errors and properly check for PAM_ errors in the caller instead of
NSS_STATUS_ errors.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
>From f0e2d05ee4456d73560a35282a95f7062576f6b6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 7 Feb 2011 10:07:24 -0500
Subject: [PATCH] Use neutral name for functions used by both pam and nss
---
src/sss_client/common.c | 89 ++++++++++++++++++++++++++-------------------
src/sss_client/pam_sss.c | 2 +-
src/sss_client/sss_cli.h | 1 +
3 files changed, 53 insertions(+), 39 deletions(-)
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
index d4b230889396df73c82394369d03cc0a6c979ddc..92396f24d1c346131e7965e88a1d7d0604765ae2 100644
--- a/src/sss_client/common.c
+++ b/src/sss_client/common.c
@@ -71,7 +71,7 @@ static void sss_cli_close_socket(void)
* byte 12-15: 32bit unsigned (reserved)
* byte 16-X: (optional) request structure associated to the command code used
*/
-static enum nss_status sss_nss_send_req(enum sss_cli_command cmd,
+static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,
struct sss_cli_req_data *rd,
int *errnop)
{
@@ -126,7 +126,7 @@ static enum nss_status sss_nss_send_req(enum sss_cli_command cmd,
}
if (*errnop) {
sss_cli_close_socket();
- return NSS_STATUS_UNAVAIL;
+ return SSS_STATUS_UNAVAIL;
}
errno = 0;
@@ -153,13 +153,13 @@ static enum nss_status sss_nss_send_req(enum sss_cli_command cmd,
/* Write failed */
sss_cli_close_socket();
*errnop = errno;
- return NSS_STATUS_UNAVAIL;
+ return SSS_STATUS_UNAVAIL;
}
datasent += res;
}
- return NSS_STATUS_SUCCESS;
+ return SSS_STATUS_SUCCESS;
}
/* Replies:
@@ -171,7 +171,7 @@ static enum nss_status sss_nss_send_req(enum sss_cli_command cmd,
* byte 16-X: (optional) reply structure associated to the command code used
*/
-static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
+static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,
uint8_t **_buf, int *_len,
int *errnop)
{
@@ -231,7 +231,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
}
if (*errnop) {
sss_cli_close_socket();
- ret = NSS_STATUS_UNAVAIL;
+ ret = SSS_STATUS_UNAVAIL;
goto failed;
}
@@ -263,7 +263,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
sss_cli_close_socket();
*errnop = errno;
- ret = NSS_STATUS_UNAVAIL;
+ ret = SSS_STATUS_UNAVAIL;
goto failed;
}
@@ -278,10 +278,10 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
sss_cli_close_socket();
*errnop = header[2];
if (*errnop == EAGAIN) {
- ret = NSS_STATUS_TRYAGAIN;
+ ret = SSS_STATUS_TRYAGAIN;
goto failed;
} else {
- ret = NSS_STATUS_UNAVAIL;
+ ret = SSS_STATUS_UNAVAIL;
goto failed;
}
}
@@ -289,7 +289,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
/* wrong command id */
sss_cli_close_socket();
*errnop = EBADMSG;
- ret = NSS_STATUS_UNAVAIL;
+ ret = SSS_STATUS_UNAVAIL;
goto failed;
}
if (header[0] > SSS_NSS_HEADER_SIZE) {
@@ -298,7 +298,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
if (!buf) {
sss_cli_close_socket();
*errnop = ENOMEM;
- ret = NSS_STATUS_UNAVAIL;
+ ret = SSS_STATUS_UNAVAIL;
goto failed;
}
}
@@ -308,7 +308,7 @@ static enum nss_status sss_nss_recv_rep(enum sss_cli_command cmd,
*_len = len;
*_buf = buf;
- return NSS_STATUS_SUCCESS;
+ return SSS_STATUS_SUCCESS;
failed:
free(buf);
@@ -317,25 +317,25 @@ failed:
/* this function will check command codes match and returned length is ok */
/* repbuf and replen report only the data section not the header */
-static enum nss_status sss_nss_make_request_nochecks(
+static enum sss_status sss_cli_make_request_nochecks(
enum sss_cli_command cmd,
struct sss_cli_req_data *rd,
uint8_t **repbuf, size_t *replen,
int *errnop)
{
- enum nss_status ret;
+ enum sss_status ret;
uint8_t *buf = NULL;
int len = 0;
/* send data */
- ret = sss_nss_send_req(cmd, rd, errnop);
- if (ret != NSS_STATUS_SUCCESS) {
+ ret = sss_cli_send_req(cmd, rd, errnop);
+ if (ret != SSS_STATUS_SUCCESS) {
return ret;
}
/* data sent, now get reply */
- ret = sss_nss_recv_rep(cmd, &buf, &len, errnop);
- if (ret != NSS_STATUS_SUCCESS) {
+ ret = sss_cli_recv_rep(cmd, &buf, &len, errnop);
+ if (ret != SSS_STATUS_SUCCESS) {
return ret;
}
@@ -353,21 +353,21 @@ static enum nss_status sss_nss_make_request_nochecks(
}
}
- return NSS_STATUS_SUCCESS;
+ return SSS_STATUS_SUCCESS;
}
/* GET_VERSION Reply:
* 0-3: 32bit unsigned version number
*/
-static int sss_nss_check_version(const char *socket_name)
+static bool sss_cli_check_version(const char *socket_name)
{
uint8_t *repbuf;
size_t replen;
- enum nss_status nret;
+ enum sss_status nret;
int errnop;
- int res = NSS_STATUS_UNAVAIL;
uint32_t expected_version;
+ uint32_t obtained_version;
struct sss_cli_req_data req;
if (strcmp(socket_name, SSS_NSS_SOCKET_NAME) == 0) {
@@ -376,28 +376,26 @@ static int sss_nss_check_version(const char *socket_name)
strcmp(socket_name, SSS_PAM_PRIV_SOCKET_NAME) == 0) {
expected_version = SSS_PAM_PROTOCOL_VERSION;
} else {
- return NSS_STATUS_UNAVAIL;
+ return false;
}
req.len = sizeof(expected_version);
req.data = &expected_version;
- nret = sss_nss_make_request_nochecks(SSS_GET_VERSION, &req,
+ nret = sss_cli_make_request_nochecks(SSS_GET_VERSION, &req,
&repbuf, &replen, &errnop);
- if (nret != NSS_STATUS_SUCCESS) {
- return nret;
+ if (nret != SSS_STATUS_SUCCESS) {
+ return false;
}
if (!repbuf) {
- return res;
- }
-
- if (((uint32_t *)repbuf)[0] == expected_version) {
- res = NSS_STATUS_SUCCESS;
+ return false;
}
+ obtained_version = ((uint32_t *)repbuf)[0];
free(repbuf);
- return res;
+
+ return (obtained_version == expected_version);
}
/* this 2 functions are adapted from samba3 winbinbd's wb_common.c */
@@ -494,7 +492,7 @@ static int make_safe_fd(int fd)
return new_fd;
}
-static int sss_nss_open_socket(int *errnop, const char *socket_name)
+static int sss_cli_open_socket(int *errnop, const char *socket_name)
{
struct sockaddr_un nssaddr;
bool inprogress = true;
@@ -663,14 +661,14 @@ static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name
sss_cli_close_socket();
}
- mysd = sss_nss_open_socket(errnop, socket_name);
+ mysd = sss_cli_open_socket(errnop, socket_name);
if (mysd == -1) {
return SSS_STATUS_UNAVAIL;
}
sss_cli_sd = mysd;
- if (sss_nss_check_version(socket_name) == NSS_STATUS_SUCCESS) {
+ if (sss_cli_check_version(socket_name)) {
return SSS_STATUS_SUCCESS;
}
@@ -700,7 +698,16 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
return NSS_STATUS_UNAVAIL;
}
- return sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
+ ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
+ switch (ret) {
+ case SSS_STATUS_TRYAGAIN:
+ return NSS_STATUS_TRYAGAIN;
+ case SSS_STATUS_SUCCESS:
+ return NSS_STATUS_SUCCESS;
+ case SSS_STATUS_UNAVAIL:
+ default:
+ return NSS_STATUS_UNAVAIL;
+ }
}
errno_t check_server_cred(int sockfd)
@@ -778,7 +785,7 @@ int sss_pam_make_request(enum sss_cli_command cmd,
ret = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME);
}
- if (ret != NSS_STATUS_SUCCESS) {
+ if (ret != SSS_STATUS_SUCCESS) {
ret = PAM_SERVICE_ERR;
goto out;
}
@@ -791,7 +798,13 @@ int sss_pam_make_request(enum sss_cli_command cmd,
goto out;
}
- ret = sss_nss_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
+ ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
+ switch (ret) {
+ case SSS_STATUS_SUCCESS:
+ ret = PAM_SUCCESS;
+ default:
+ ret = PAM_SERVICE_ERR;
+ }
out:
sss_pam_unlock();
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index 6155e49d891b9b0ca9566ecb1cd2def903f18036..66de232d538605c352861d6272c754ee666159b7 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -1092,7 +1092,7 @@ static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
errnop = 0;
ret = sss_pam_make_request(task, &rd, &repbuf, &replen, &errnop);
- if (ret != NSS_STATUS_SUCCESS) {
+ if (ret != PAM_SUCCESS) {
if (errnop != 0) {
logger(pamh, LOG_ERR, "Request to sssd failed. %s", ssscli_err2string(errnop));
}
diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h
index 7f579da67a7685e4766df9ce93d9fb0aff122b42..1caa2fc8f9fea5abf91905a47ba0c6d9e2cae0bc 100644
--- a/src/sss_client/sss_cli.h
+++ b/src/sss_client/sss_cli.h
@@ -267,6 +267,7 @@ struct sss_cli_req_data {
#define SSS_CLI_SOCKET_TIMEOUT 300000
enum sss_status {
+ SSS_STATUS_TRYAGAIN,
SSS_STATUS_UNAVAIL,
SSS_STATUS_SUCCESS
};
--
1.7.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
