Lines Matching refs:preq
54 static void pam_reply(struct pam_auth_req *preq);
59 struct pam_auth_req *preq,
62 static int pam_check_user_done(struct pam_auth_req *preq, int ret);
431 static errno_t set_last_login(struct pam_auth_req *preq)
436 attrs = sysdb_new_attrs(preq);
459 ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs,
463 preq->pd->pam_status = PAM_SYSTEM_ERR;
466 preq->pd->last_auth_saved = true;
468 preq->callback(preq);
644 struct pam_auth_req *preq;
648 preq = talloc_get_type(pvt, struct pam_auth_req);
650 pam_reply(preq);
682 static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
689 static int pam_reply_sr_export_shell(struct pam_auth_req *preq,
708 if (preq->cctx->rctx->sr_conf.scope ==
711 } else if (preq->cctx->rctx->sr_conf.scope ==
715 enabled_str = ldb_msg_find_attr_as_string(preq->user_obj,
737 shell = sss_resp_get_shell_override(preq->user_obj,
738 preq->cctx->rctx, preq->domain);
754 ret = pam_add_response(preq->pd, SSS_PAM_ENV_ITEM,
769 static void pam_reply(struct pam_auth_req *preq)
791 pd = preq->pd;
792 cctx = preq->cctx;
793 pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
824 preq->cert_auth_local = true;
825 ret = check_cert(cctx, cctx->ev, pctx, preq, pd);
826 pam_check_user_done(preq, ret);
830 if (pd->pam_status == PAM_AUTHINFO_UNAVAIL || preq->use_cached_auth) {
834 if ((preq->domain != NULL) &&
835 (preq->domain->cache_credentials == true) &&
840 /* backup value of preq->use_cached_auth*/
841 use_cached_auth = preq->use_cached_auth;
844 preq->use_cached_auth = false;
849 if (preq->domain->sysdb == NULL) {
852 " [%s]!\n", preq->domain->name);
863 ret = sysdb_cache_auth(preq->domain,
868 pam_handle_cached_login(preq, ret, exp_date, delay_until,
904 ret = pam_null_last_online_auth_with_curr_token(preq->domain,
925 te = tevent_add_timer(cctx->ev, cctx, tv, pam_reply_delay, preq);
938 preq->domain->cache_credentials &&
941 NEED_CHECK_PROVIDER(preq->domain->provider)) {
942 ret = set_last_login(preq);
1009 ret = pam_reply_sr_export_shell(preq, "TLOG_REC_SESSION_SHELL");
1061 sss_cmd_done(cctx, preq);
1064 static void pam_dom_forwarder(struct pam_auth_req *preq);
1066 static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
1075 preq->pd->pam_status = cached_login_pam_status(ret);
1077 switch (preq->pd->pam_status) {
1081 resp = talloc_size(preq->pd, resp_len);
1089 ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
1100 resp = talloc_size(preq->pd, resp_len);
1108 ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
1123 preq->pd->user);
1124 preq->cached_auth_failed = true;
1125 pam_dom_forwarder(preq);
1131 "cached login returned: %d\n", preq->pd->pam_status);
1134 pam_reply(preq);
1140 static int pam_check_user_search(struct pam_auth_req *preq);
1238 static int pam_auth_req_destructor(struct pam_auth_req *preq)
1240 if (preq && preq->dpreq_spy) {
1244 preq->dpreq_spy->preq = NULL;
1286 get_domain_request_type(struct pam_auth_req *preq,
1295 if (strcmp(pctx->app_services[i], preq->pd->service) == 0) {
1307 struct pam_auth_req *preq,
1346 tevent_req_set_callback(req, pam_forwarder_cert_cb, preq);
1352 struct pam_auth_req *preq;
1359 preq = talloc_zero(cctx, struct pam_auth_req);
1360 if (!preq) {
1363 talloc_set_destructor(preq, pam_auth_req_destructor);
1364 preq->cctx = cctx;
1365 preq->cert_auth_local = false;
1367 preq->pd = create_pam_data(preq);
1368 if (!preq->pd) {
1369 talloc_free(preq);
1372 pd = preq->pd;
1374 preq->is_uid_trusted = is_uid_trusted(cctx->creds,
1378 if (!preq->is_uid_trusted) {
1393 tevent_req_set_callback(req, pam_forwarder_cb, preq);
1402 preq->req_dom_type = get_domain_request_type(preq, pctx);
1410 ret = check_cert(cctx, cctx->ev, pctx, preq, pd);
1415 ret = pam_check_user_search(preq);
1418 return pam_check_user_done(preq, ret);
1421 static errno_t pam_user_by_cert_step(struct pam_auth_req *preq);
1425 struct pam_auth_req *preq = tevent_req_callback_data(req,
1431 ret = pam_check_cert_recv(req, preq, &preq->cert_list);
1438 pd = preq->pd;
1440 cert = sss_cai_get_cert(preq->cert_list);
1454 ret = pam_check_user_search(preq);
1461 preq->current_cert = preq->cert_list;
1462 ret = pam_user_by_cert_step(preq);
1471 pam_check_user_done(preq, ret);
1474 static errno_t pam_user_by_cert_step(struct pam_auth_req *preq)
1476 struct cli_ctx *cctx = preq->cctx;
1479 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1481 if (preq->current_cert == NULL) {
1486 req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx,
1488 preq->req_dom_type, NULL,
1489 sss_cai_get_cert(preq->current_cert));
1495 tevent_req_set_callback(req, pam_forwarder_lookup_by_cert_done, preq);
1559 struct pam_auth_req *preq = tevent_req_callback_data(req,
1566 ret = cache_req_recv(preq, req, &results);
1574 ret = get_results_from_all_domains(preq, results,
1581 sss_cai_set_cert_user_objs(preq->current_cert, cert_user_objs);
1584 preq->current_cert = sss_cai_get_next(preq->current_cert);
1585 if (preq->current_cert != NULL) {
1586 ret = pam_user_by_cert_step(preq);
1594 sss_cai_check_users(&preq->cert_list, &cert_count, &cert_user_count);
1600 if (preq->pd->logon_name == NULL) {
1608 if (preq->pd->logon_name == NULL) {
1609 if (preq->pd->cmd != SSS_PAM_PREAUTH
1610 && preq->pd->cmd != SSS_PAM_AUTHENTICATE) {
1618 for (preq->current_cert = preq->cert_list;
1619 preq->current_cert != NULL;
1620 preq->current_cert = sss_cai_get_next(preq->current_cert)) {
1622 ret = add_pam_cert_response(preq->pd, "",
1623 preq->current_cert,
1624 preq->cctx->rctx->domains->user_name_hint
1630 preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL;
1635 preq->pd->pam_status = PAM_SUCCESS;
1636 pam_reply(preq);
1641 cert_user_objs = sss_cai_get_cert_user_objs(preq->cert_list);
1661 ret = sss_parse_name_for_domains(preq->pd,
1662 preq->cctx->rctx->domains,
1663 preq->cctx->rctx->default_domain,
1665 &preq->pd->domain,
1666 &preq->pd->user);
1674 if (preq->cctx->rctx->domains->user_name_hint
1675 && preq->pd->cmd == SSS_PAM_PREAUTH) {
1676 ret = add_pam_cert_response(preq->pd, cert_user,
1677 preq->cert_list,
1679 preq->pd->pam_status = PAM_SUCCESS;
1682 preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL;
1685 pam_reply(preq);
1700 if (preq->pd->cmd == SSS_PAM_AUTHENTICATE
1701 && preq->pd->logon_name == NULL) {
1702 ret = add_pam_cert_response(preq->pd, cert_user,
1703 preq->cert_list,
1707 preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL;
1714 preq->pd->logon_name = talloc_strdup(preq->pd, cert_user);
1715 if (preq->pd->logon_name == NULL) {
1723 if (preq->user_obj == NULL) {
1724 ret = pam_check_user_search(preq);
1730 pam_dom_forwarder(preq);
1734 pam_check_user_done(preq, ret);
1739 struct pam_auth_req *preq = tevent_req_callback_data(req,
1741 struct cli_ctx *cctx = preq->cctx;
1745 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1760 pd = preq->pd;
1780 ret = check_cert(cctx, cctx->ev, pctx, preq, pd);
1785 ret = pam_check_user_search(preq);
1788 pam_check_user_done(preq, ret);
1792 static int pam_check_user_search(struct pam_auth_req *preq)
1799 data = cache_req_data_name(preq,
1801 preq->pd->logon_name);
1806 pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1812 ret = pam_initgr_check_timeout(pctx->id_table, preq->pd->logon_name);
1824 dpreq = cache_req_send(preq,
1825 preq->cctx->rctx->ev,
1826 preq->cctx->rctx,
1827 preq->cctx->rctx->ncache,
1829 preq->req_dom_type,
1838 tevent_req_set_callback(dpreq, pam_dp_send_acct_req_done, preq);
1847 struct pam_auth_req *preq;
1851 preq = tevent_req_callback_data(req, struct pam_auth_req);
1852 pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1854 ret = cache_req_single_domain_recv(preq, req, &result);
1859 talloc_zfree(preq->cctx);
1864 preq->user_obj = result->msgs[0];
1865 pd_set_primary_name(preq->user_obj, preq->pd);
1866 preq->domain = result->domain;
1870 preq->pd->logon_name,
1878 pam_dom_forwarder(preq);
1881 ret = pam_check_user_done(preq, ret);
1883 preq->pd->pam_status = PAM_SYSTEM_ERR;
1884 pam_reply(preq);
1888 static int pam_check_user_done(struct pam_auth_req *preq, int ret)
1899 preq->pd->pam_status = PAM_USER_UNKNOWN;
1900 pam_reply(preq);
1904 preq->pd->pam_status = PAM_CRED_INSUFFICIENT;
1905 pam_reply(preq);
1909 preq->pd->pam_status = PAM_SYSTEM_ERR;
1910 pam_reply(preq);
2003 static void pam_dom_forwarder(struct pam_auth_req *preq)
2007 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
2013 if (!preq->pd->domain) {
2014 preq->pd->domain = preq->domain->name;
2018 if (!preq->is_uid_trusted &&
2019 !is_domain_public(preq->pd->domain, pctx->public_domains,
2023 client_euid(preq->cctx->creds), preq->pd->domain);
2024 preq->pd->pam_status = PAM_PERM_DENIED;
2025 pam_reply(preq);
2031 if (preq->is_uid_trusted &&
2032 !is_domain_requested(preq->pd, preq->pd->domain)) {
2033 preq->pd->pam_status = PAM_USER_UNKNOWN;
2034 pam_reply(preq);
2038 if (pam_can_user_cache_auth(preq->domain,
2039 preq->pd->cmd,
2040 preq->pd->authtok,
2041 preq->pd->user,
2042 preq->cached_auth_failed)) {
2043 preq->use_cached_auth = true;
2044 pam_reply(preq);
2048 if (may_do_cert_auth(pctx, preq->pd) && preq->cert_list != NULL) {
2051 for (preq->current_cert = preq->cert_list;
2052 preq->current_cert != NULL;
2053 preq->current_cert = sss_cai_get_next(preq->current_cert)) {
2055 cert_user_objs = sss_cai_get_cert_user_objs(preq->current_cert);
2073 preq->pd->pam_status = PAM_USER_UNKNOWN;
2074 pam_reply(preq);
2079 preq->user_obj->dn) == 0) {
2081 if (preq->pd->cmd == SSS_PAM_PREAUTH) {
2082 ret = sss_authtok_set_sc(preq->pd->authtok,
2084 sss_cai_get_token_name(preq->current_cert), 0,
2085 sss_cai_get_module_name(preq->current_cert), 0,
2086 sss_cai_get_key_id(preq->current_cert), 0);
2094 ret = add_pam_cert_response(preq->pd, cert_user,
2095 preq->current_cert,
2099 preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL;
2109 if (preq->pd->cmd == SSS_PAM_AUTHENTICATE
2110 && preq->cert_auth_local) {
2111 preq->pd->pam_status = PAM_SUCCESS;
2112 preq->callback = pam_reply;
2113 pam_reply(preq);
2117 if (preq->pd->cmd == SSS_PAM_PREAUTH) {
2124 preq->pd->pam_status = PAM_AUTH_ERR;
2125 pam_reply(preq);
2131 if (!NEED_CHECK_AUTH_PROVIDER(preq->domain->provider) ) {
2132 preq->callback = pam_reply;
2133 ret = LOCAL_pam_handler(preq);
2135 preq->callback = pam_reply;
2136 ret = pam_dp_send_req(preq, SSS_CLI_SOCKET_TIMEOUT/2);
2141 preq->pd->pam_status = PAM_SYSTEM_ERR;
2142 pam_reply(preq);