Lines Matching defs:pi
165 static void overwrite_and_free_authtoks(struct pam_items *pi)
167 if (pi->pam_authtok != NULL) {
168 _pam_overwrite_n((void *)pi->pam_authtok, pi->pam_authtok_size);
169 free((void *)pi->pam_authtok);
170 pi->pam_authtok = NULL;
173 if (pi->pam_newauthtok != NULL) {
174 _pam_overwrite_n((void *)pi->pam_newauthtok, pi->pam_newauthtok_size);
175 free((void *)pi->pam_newauthtok);
176 pi->pam_newauthtok = NULL;
179 if (pi->first_factor != NULL) {
180 _pam_overwrite_n((void *)pi->first_factor, strlen(pi->first_factor));
181 free((void *)pi->first_factor);
182 pi->first_factor = NULL;
185 pi->pamstack_authtok = NULL;
186 pi->pamstack_oldauthtok = NULL;
189 static void overwrite_and_free_pam_items(struct pam_items *pi)
191 overwrite_and_free_authtoks(pi);
193 free(pi->domain_name);
194 pi->domain_name = NULL;
196 free(pi->otp_vendor);
197 pi->otp_vendor = NULL;
199 free(pi->otp_token_id);
200 pi->otp_token_id = NULL;
202 free(pi->otp_challenge);
203 pi->otp_challenge = NULL;
205 free_cert_list(pi->cert_list);
206 pi->cert_list = NULL;
207 pi->selected_cert = NULL;
463 static errno_t select_pw_reset_message(pam_handle_t *pamh, struct pam_items *pi)
469 domain_name = pi->domain_name;
860 static int parse_cert_info(struct pam_items *pi, uint8_t *buf, size_t len,
949 DLIST_ADD(pi->cert_list, cai);
961 struct pam_items *pi)
1016 free(pi->domain_name);
1017 pi->domain_name = strdup((char *) &buf[p]);
1018 if (pi->domain_name == NULL) {
1072 overwrite_and_free_authtoks(pi);
1085 free(pi->otp_vendor);
1086 pi->otp_vendor = strdup((char *) &buf[p]);
1087 if (pi->otp_vendor == NULL) {
1092 offset = strlen(pi->otp_vendor) + 1;
1095 free(pi->otp_vendor);
1096 pi->otp_vendor = NULL;
1099 free(pi->otp_token_id);
1100 pi->otp_token_id = strdup((char *) &buf[p + offset]);
1101 if (pi->otp_token_id == NULL) {
1106 offset += strlen(pi->otp_token_id) + 1;
1109 free(pi->otp_token_id);
1110 pi->otp_token_id = NULL;
1113 free(pi->otp_challenge);
1114 pi->otp_challenge = strdup((char *) &buf[p + offset]);
1115 if (pi->otp_challenge == NULL) {
1129 pi->user_name_hint = true;
1131 pi->user_name_hint = false;
1134 ret = parse_cert_info(pi, buf, len, &p, &cert_user);
1140 if ((pi->pam_user == NULL || *(pi->pam_user) == '\0')
1151 (const void **)&(pi->pam_user));
1159 pi->pam_user_size = strlen(pi->pam_user) + 1;
1164 pi->password_prompting = true;
1178 struct pam_items *pi)
1182 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
1183 pi->pam_authtok = NULL;
1184 pi->pam_authtok_size = 0;
1185 pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY;
1186 pi->pam_newauthtok = NULL;
1187 pi->pam_newauthtok_size = 0;
1188 pi->first_factor = NULL;
1190 ret = pam_get_item(pamh, PAM_SERVICE, (const void **) &(pi->pam_service));
1192 if (pi->pam_service == NULL) pi->pam_service="";
1193 pi->pam_service_size=strlen(pi->pam_service)+1;
1195 ret = pam_get_item(pamh, PAM_USER, (const void **) &(pi->pam_user));
1197 pi->pam_user = "";
1201 if (pi->pam_user == NULL) {
1203 pi->pam_user = "";
1209 if (strcmp(pi->pam_user, "root") == 0) {
1213 pi->pam_user_size=strlen(pi->pam_user)+1;
1216 ret = pam_get_item(pamh, PAM_TTY, (const void **) &(pi->pam_tty));
1218 if (pi->pam_tty == NULL) pi->pam_tty="";
1219 pi->pam_tty_size=strlen(pi->pam_tty)+1;
1221 ret = pam_get_item(pamh, PAM_RUSER, (const void **) &(pi->pam_ruser));
1223 if (pi->pam_ruser == NULL) pi->pam_ruser="";
1224 pi->pam_ruser_size=strlen(pi->pam_ruser)+1;
1226 ret = pam_get_item(pamh, PAM_RHOST, (const void **) &(pi->pam_rhost));
1228 if (pi->pam_rhost == NULL) pi->pam_rhost="";
1229 pi->pam_rhost_size=strlen(pi->pam_rhost)+1;
1232 (const void **) &(pi->pamstack_authtok));
1234 if (pi->pamstack_authtok == NULL) pi->pamstack_authtok="";
1237 (const void **) &(pi->pamstack_oldauthtok));
1239 if (pi->pamstack_oldauthtok == NULL) pi->pamstack_oldauthtok="";
1241 pi->cli_pid = getpid();
1243 pi->login_name = pam_modutil_getlogin(pamh);
1244 if (pi->login_name == NULL) pi->login_name="";
1246 pi->domain_name = NULL;
1248 if (pi->requested_domains == NULL) pi->requested_domains = "";
1249 pi->requested_domains_size = strlen(pi->requested_domains) + 1;
1251 pi->otp_vendor = NULL;
1252 pi->otp_token_id = NULL;
1253 pi->otp_challenge = NULL;
1254 pi->password_prompting = false;
1256 pi->cert_list = NULL;
1257 pi->selected_cert = NULL;
1262 static void print_pam_items(struct pam_items *pi)
1264 if (pi == NULL) return;
1266 D(("Service: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_service)));
1267 D(("User: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_user)));
1268 D(("Tty: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_tty)));
1269 D(("Ruser: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_ruser)));
1270 D(("Rhost: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_rhost)));
1272 CHECK_AND_RETURN_PI_STRING(pi->pamstack_authtok)));
1274 CHECK_AND_RETURN_PI_STRING(pi->pamstack_oldauthtok)));
1275 D(("Authtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_authtok)));
1276 D(("Newauthtok: %s", CHECK_AND_RETURN_PI_STRING(pi->pam_newauthtok)));
1277 D(("Cli_PID: %d", pi->cli_pid));
1278 D(("Requested domains: %s", pi->requested_domains));
1281 static int send_and_receive(pam_handle_t *pamh, struct pam_items *pi,
1293 print_pam_items(pi);
1295 ret = pack_message_v3(pi, &rd.len, &buf);
1327 ret = eval_response(pamh, replen, repbuf, pi);
1340 pi->login_name, getuid(), (unsigned long) geteuid(),
1341 pi->pam_tty, pi->pam_ruser, pi->pam_rhost, pi->pam_user);
1348 pi->pam_user, pam_status,
1361 pi->pam_user, pam_status,
1370 pi->pam_user, pam_status,
1382 pi->pam_user, pam_status,
1407 static int prompt_password(pam_handle_t *pamh, struct pam_items *pi,
1420 pi->pam_authtok = NULL;
1421 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
1422 pi->pam_authtok_size=0;
1424 pi->pam_authtok = strdup(answer);
1428 if (pi->pam_authtok == NULL) {
1431 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
1432 pi->pam_authtok_size=strlen(pi->pam_authtok);
1438 static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi,
1490 || (pi->pam_service != NULL && strcmp(pi->pam_service, "sshd") == 0
1497 pi->pam_authtok = strndup(resp[0].resp, MAX_AUTHTOK_SIZE);
1498 if (pi->pam_authtok == NULL) {
1503 pi->pam_authtok_size = strlen(pi->pam_authtok) + 1;
1504 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
1515 pi->pam_authtok = malloc(needed_size);
1516 if (pi->pam_authtok == NULL) {
1523 (uint8_t *) pi->pam_authtok, needed_size,
1531 pi->pam_authtok_size = needed_size;
1532 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_2FA;
1533 pi->first_factor = strndup(resp[0].resp, MAX_AUTHTOK_SIZE);
1534 if (pi->first_factor == NULL) {
1570 static int prompt_multi_cert_gdm(pam_handle_t *pamh, struct pam_items *pi)
1589 if (pi->cert_list == NULL) {
1593 DLIST_FOR_EACH(cai, pi->cert_list) {
1611 DLIST_FOR_EACH(cai, pi->cert_list) {
1637 DLIST_FOR_EACH(cai, pi->cert_list) {
1640 pi->selected_cert = cai;
1665 static int prompt_multi_cert(pam_handle_t *pamh, struct pam_items *pi)
1678 ret = prompt_multi_cert_gdm(pamh, pi);
1683 if (pi->cert_list == NULL) {
1692 DLIST_FOR_EACH(cai, pi->cert_list) {
1724 pi->selected_cert = NULL;
1728 DLIST_FOR_EACH(cai, pi->cert_list) {
1732 pi->selected_cert = cai;
1742 static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi)
1753 struct cert_auth_info *cai = pi->selected_cert;
1773 if (pi->user_name_hint) {
1838 ret = pam_get_item(pamh, PAM_USER, (const void **)&(pi->pam_user));
1845 pi->pam_user_size = strlen(pi->pam_user) + 1;
1858 pi->pam_authtok = NULL;
1859 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
1860 pi->pam_authtok_size=0;
1873 pi->pam_authtok = malloc(needed_size);
1874 if (pi->pam_authtok == NULL) {
1883 (uint8_t *) pi->pam_authtok, needed_size,
1887 free((void *)pi->pam_authtok);
1892 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_SC_PIN;
1893 pi->pam_authtok_size = needed_size;
1920 static int prompt_new_password(pam_handle_t *pamh, struct pam_items *pi)
1934 pi->pam_newauthtok = NULL;
1935 pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY;
1936 pi->pam_newauthtok_size=0;
1938 pi->pam_newauthtok = strdup(answer);
1942 if (pi->pam_newauthtok == NULL) {
1945 pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
1946 pi->pam_newauthtok_size=strlen(pi->pam_newauthtok);
2018 struct pam_items *pi,
2024 || ( pi->pamstack_authtok != NULL
2025 && *(pi->pamstack_authtok) != '\0'
2027 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
2028 pi->pam_authtok = strdup(pi->pamstack_authtok);
2029 if (pi->pam_authtok == NULL) {
2033 pi->pam_authtok_size = strlen(pi->pam_authtok);
2036 || (pi->otp_vendor != NULL && pi->otp_token_id != NULL
2037 && pi->otp_challenge != NULL)) {
2038 if (pi->password_prompting) {
2039 ret = prompt_2fa(pamh, pi, _("First Factor: "),
2042 ret = prompt_2fa(pamh, pi, _("First Factor: "),
2045 } else if (pi->cert_list != NULL) {
2046 if (pi->cert_list->next == NULL) {
2048 pi->selected_cert = pi->cert_list;
2050 ret = prompt_multi_cert(pamh, pi);
2056 ret = prompt_sc_pin(pamh, pi);
2058 ret = prompt_password(pamh, pi, _("Password: "));
2066 if (pi->pam_authtok_type == SSS_AUTHTOK_TYPE_PASSWORD) {
2067 ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_authtok);
2068 } else if (pi->pam_authtok_type == SSS_AUTHTOK_TYPE_2FA
2069 && pi->first_factor != NULL) {
2070 ret = pam_set_item(pamh, PAM_AUTHTOK, pi->first_factor);
2085 static int check_authtok_data(pam_handle_t *pamh, struct pam_items *pi)
2113 pi->pam_authtok = malloc(*authtok_size);
2114 if (pi->pam_authtok == NULL) {
2118 memcpy(pi->pam_authtok, authtok_data, *authtok_size);
2120 pi->pam_authtok_type = *authtok_type;
2121 pi->pam_authtok_size = *authtok_size;
2126 static int keep_authtok_data(pam_handle_t *pamh, struct pam_items *pi)
2138 *authtok_type = pi->pam_authtok_type;
2153 *authtok_size = pi->pam_authtok_size;
2163 authtok_data = malloc(pi->pam_authtok_size);
2168 memcpy(authtok_data, pi->pam_authtok, pi->pam_authtok_size);
2182 struct pam_items *pi,
2198 || (pi->otp_vendor != NULL && pi->otp_token_id != NULL
2199 && pi->otp_challenge != NULL)) {
2200 if (pi->password_prompting) {
2201 ret = prompt_2fa(pamh, pi, _("First Factor (Current Password): "),
2204 ret = prompt_2fa(pamh, pi, _("First Factor (Current Password): "),
2208 ret = prompt_password(pamh, pi, _("Current Password: "));
2215 ret = pam_set_item(pamh, PAM_OLDAUTHTOK, pi->pam_authtok);
2223 if (pi->pam_authtok_type == SSS_AUTHTOK_TYPE_2FA) {
2224 ret = keep_authtok_data(pamh, pi);
2235 if (check_authtok_data(pamh, pi) != 0) {
2236 if (pi->pamstack_oldauthtok == NULL) {
2241 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
2242 pi->pam_authtok = NULL;
2243 pi->pam_authtok_size = 0;
2246 pi->pam_authtok = strdup(pi->pamstack_oldauthtok);
2247 if (pi->pam_authtok == NULL) {
2251 pi->pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
2252 pi->pam_authtok_size = strlen(pi->pam_authtok);
2257 pi->pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
2258 pi->pam_newauthtok = strdup(pi->pamstack_authtok);
2259 if (pi->pam_newauthtok == NULL) {
2263 pi->pam_newauthtok_size = strlen(pi->pam_newauthtok);
2265 ret = prompt_new_password(pamh, pi);
2272 ret = pam_set_item(pamh, PAM_AUTHTOK, pi->pam_newauthtok);
2286 static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
2296 struct cert_auth_info *cai = pi->cert_list;
2335 pam_status = send_and_receive(pamh, pi, SSS_PAM_PREAUTH, quiet_mode);
2353 struct pam_items pi;
2374 pi.requested_domains = domains;
2376 ret = get_pam_items(pamh, flags, &pi);
2401 && (pi.pam_authtok == NULL
2404 pam_status = send_and_receive(pamh, &pi, SSS_PAM_PREAUTH,
2417 if (strcmp(pi.pam_service, "gdm-smartcard") == 0) {
2418 ret = check_login_token_name(pamh, &pi, quiet_mode);
2425 ret = get_authtok_for_authentication(pamh, &pi, flags);
2452 && (pi.pam_authtok == NULL
2455 pam_status = send_and_receive(pamh, &pi, SSS_PAM_PREAUTH,
2468 ret = get_authtok_for_password_change(pamh, &pi, flags, pam_flags);
2472 overwrite_and_free_pam_items(&pi);
2477 if (pi.pam_authtok_type == SSS_AUTHTOK_TYPE_2FA) {
2498 pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
2559 if (pam_status == PAM_PERM_DENIED && pi.pam_authtok_size == 0 &&
2564 ret = select_pw_reset_message(pamh, &pi);
2574 overwrite_and_free_pam_items(&pi);