Lines Matching defs:preq
54 static void pam_reply(struct pam_auth_req *preq);
428 static errno_t set_last_login(struct pam_auth_req *preq)
433 attrs = sysdb_new_attrs(preq);
456 ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs,
460 preq->pd->pam_status = PAM_SYSTEM_ERR;
463 preq->pd->last_auth_saved = true;
465 preq->callback(preq);
641 struct pam_auth_req *preq;
645 preq = talloc_get_type(pvt, struct pam_auth_req);
647 pam_reply(preq);
679 static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
682 static void pam_reply(struct pam_auth_req *preq)
704 pd = preq->pd;
705 cctx = preq->cctx;
706 pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
721 if (pd->pam_status == PAM_AUTHINFO_UNAVAIL || preq->use_cached_auth) {
725 if ((preq->domain != NULL) &&
726 (preq->domain->cache_credentials == true) &&
731 /* backup value of preq->use_cached_auth*/
732 use_cached_auth = preq->use_cached_auth;
735 preq->use_cached_auth = false;
740 if (preq->domain->sysdb == NULL) {
743 " [%s]!\n", preq->domain->name);
754 ret = sysdb_cache_auth(preq->domain,
759 pam_handle_cached_login(preq, ret, exp_date, delay_until,
795 ret = pam_null_last_online_auth_with_curr_token(preq->domain,
816 te = tevent_add_timer(cctx->ev, cctx, tv, pam_reply_delay, preq);
829 preq->domain->cache_credentials &&
832 NEED_CHECK_PROVIDER(preq->domain->provider)) {
833 ret = set_last_login(preq);
940 sss_cmd_done(cctx, preq);
943 static void pam_dom_forwarder(struct pam_auth_req *preq);
945 static void pam_handle_cached_login(struct pam_auth_req *preq, int ret,
954 preq->pd->pam_status = cached_login_pam_status(ret);
956 switch (preq->pd->pam_status) {
960 resp = talloc_size(preq->pd, resp_len);
968 ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
979 resp = talloc_size(preq->pd, resp_len);
987 ret = pam_add_response(preq->pd, SSS_PAM_USER_INFO, resp_len,
1002 preq->pd->user);
1003 preq->cached_auth_failed = true;
1004 pam_dom_forwarder(preq);
1010 "cached login returned: %d\n", preq->pd->pam_status);
1013 pam_reply(preq);
1021 static int pam_check_user_search(struct pam_auth_req *preq);
1022 static int pam_check_user_done(struct pam_auth_req *preq, int ret);
1024 static errno_t pam_cmd_assume_upn(struct pam_auth_req *preq)
1028 if (!preq->pd->name_is_upn
1029 && preq->pd->logon_name != NULL
1030 && strchr(preq->pd->logon_name, '@') != NULL) {
1033 preq->pd->logon_name);
1035 preq->domain = preq->cctx->rctx->domains;
1036 preq->check_provider =
1037 NEED_CHECK_PROVIDER(preq->domain->provider);
1038 preq->pd->user = talloc_strdup(preq->pd, preq->pd->logon_name);
1039 if (preq->pd->user == NULL) {
1043 preq->pd->name_is_upn = true;
1044 preq->pd->domain = NULL;
1046 ret = pam_check_user_search(preq);
1048 pam_dom_forwarder(preq);
1127 static int pam_auth_req_destructor(struct pam_auth_req *preq)
1129 if (preq && preq->dpreq_spy) {
1133 preq->dpreq_spy->preq = NULL;
1177 struct pam_auth_req *preq,
1215 tevent_req_set_callback(req, pam_forwarder_cert_cb, preq);
1222 struct pam_auth_req *preq;
1231 preq = talloc_zero(cctx, struct pam_auth_req);
1232 if (!preq) {
1235 talloc_set_destructor(preq, pam_auth_req_destructor);
1236 preq->cctx = cctx;
1238 preq->pd = create_pam_data(preq);
1239 if (!preq->pd) {
1240 talloc_free(preq);
1243 pd = preq->pd;
1245 preq->is_uid_trusted = is_uid_trusted(cctx->creds,
1249 if (!preq->is_uid_trusted) {
1264 tevent_req_set_callback(req, pam_forwarder_cb, preq);
1275 preq->domain = responder_get_domain(cctx->rctx, pd->domain);
1276 if (!preq->domain) {
1281 name = sss_resp_create_fqname(preq, pctx->rctx, preq->domain,
1282 preq->pd->name_is_upn,
1283 preq->pd->user);
1289 preq->domain, name);
1297 for (dom = preq->cctx->rctx->domains;
1302 name = sss_resp_create_fqname(preq, pctx->rctx, dom,
1303 preq->pd->name_is_upn,
1304 preq->pd->user);
1329 preq->domain = dom;
1335 ret = check_cert(cctx, cctx->ev, pctx, preq, pd);
1341 if (preq->domain->provider == NULL) {
1343 "Domain [%s] has no auth provider.\n", preq->domain->name);
1348 preq->check_provider = NEED_CHECK_PROVIDER(preq->domain->provider);
1350 ret = pam_check_user_search(preq);
1352 pam_dom_forwarder(preq);
1354 ret = pam_cmd_assume_upn(preq);
1358 return pam_check_user_done(preq, ret);
1364 struct pam_auth_req *preq = tevent_req_callback_data(req,
1366 struct cli_ctx *cctx = preq->cctx;
1371 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1373 ret = pam_check_cert_recv(req, preq, &cert, &preq->token_name);
1380 pd = preq->pd;
1394 ret = pam_check_user_search(preq);
1396 pam_dom_forwarder(preq);
1405 req = cache_req_user_by_cert_send(preq, cctx->ev, cctx->rctx,
1412 tevent_req_set_callback(req, pam_forwarder_lookup_by_cert_done, preq);
1416 pam_check_user_done(preq, ret);
1424 struct pam_auth_req *preq = tevent_req_callback_data(req,
1429 ret = cache_req_user_by_cert_recv(preq, req, &res, &domain, NULL);
1444 if (preq->domain == NULL) {
1445 preq->domain = domain;
1448 preq->cert_user_obj = talloc_steal(preq, res->msgs[0]);
1450 if (preq->pd->logon_name == NULL) {
1451 cert_user = ldb_msg_find_attr_as_string(preq->cert_user_obj,
1463 ret = add_pam_cert_response(preq->pd, cert_user, preq->token_name);
1468 preq->pd->domain = talloc_strdup(preq->pd, domain->name);
1469 if (preq->pd->domain == NULL) {
1474 preq->pd->pam_status = PAM_SUCCESS;
1475 pam_reply(preq);
1479 if (preq->pd->logon_name == NULL) {
1487 ret = pam_check_user_search(preq);
1489 pam_dom_forwarder(preq);
1493 pam_check_user_done(preq, ret);
1498 struct pam_auth_req *preq = tevent_req_callback_data(req,
1500 struct cli_ctx *cctx = preq->cctx;
1504 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1512 pd = preq->pd;
1516 if (strchr(preq->pd->logon_name, '@') == NULL) {
1520 preq->domain = preq->cctx->rctx->domains;
1521 preq->check_provider = NEED_CHECK_PROVIDER(preq->domain->provider);
1522 preq->pd->user = talloc_strdup(preq->pd, preq->pd->logon_name);
1523 if (preq->pd->user == NULL) {
1528 preq->pd->name_is_upn = true;
1529 preq->pd->domain = NULL;
1535 if (preq->pd->domain) {
1536 preq->domain = responder_get_domain(cctx->rctx, preq->pd->domain);
1537 if (preq->domain == NULL) {
1544 ret = check_cert(cctx, cctx->ev, pctx, preq, pd);
1549 ret = pam_check_user_search(preq);
1551 pam_dom_forwarder(preq);
1553 ret = pam_cmd_assume_upn(preq);
1557 pam_check_user_done(preq, ret);
1561 static int pam_check_user_search(struct pam_auth_req *preq)
1563 struct sss_domain_info *dom = preq->domain;
1570 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1579 while (dom && !preq->pd->domain && !preq->pd->name_is_upn
1586 if (dom != preq->domain) {
1589 preq->check_provider = NEED_CHECK_PROVIDER(dom->provider);
1592 /* make sure to update the preq if we changed domain */
1593 preq->domain = dom;
1597 name = sss_resp_create_fqname(preq, pctx->rctx, dom,
1598 preq->pd->name_is_upn,
1599 preq->pd->user);
1608 if (preq->check_provider) {
1610 preq->pd->logon_name);
1628 preq->pd->pam_status = PAM_SYSTEM_ERR;
1632 if (preq->pd->name_is_upn) {
1633 ret = sysdb_search_user_by_upn(preq, dom, name, user_attrs, &msg);
1643 preq->domain = find_domain_by_object_name(
1646 if (preq->domain == NULL) {
1654 ret = sysdb_getpwnam_with_views(preq, dom, name, &res);
1676 if (preq->check_provider == false) {
1679 false, dom, preq->pd->user);
1689 if (!preq->pd->domain) {
1704 if (preq->check_provider) {
1716 ret = pd_set_primary_name(msg, preq->pd);
1729 preq->check_provider = false;
1732 if (preq->check_provider) {
1735 preq->check_provider = false;
1737 dpreq = sss_dp_get_account_send(preq, preq->cctx->rctx,
1739 preq->pd->name_is_upn ? EXTRA_NAME_IS_UPN : NULL);
1746 cb_ctx = talloc_zero(preq, struct dp_callback_ctx);
1753 cb_ctx->ptr = preq;
1754 cb_ctx->cctx = preq->cctx;
1755 cb_ctx->mem_ctx = preq;
1764 "No matching domain found for [%s], fail!\n", preq->pd->user);
1792 static int pam_check_user_done(struct pam_auth_req *preq, int ret)
1803 preq->pd->pam_status = PAM_USER_UNKNOWN;
1804 pam_reply(preq);
1808 preq->pd->pam_status = PAM_CRED_INSUFFICIENT;
1809 pam_reply(preq);
1813 preq->pd->pam_status = PAM_SYSTEM_ERR;
1814 pam_reply(preq);
1824 struct pam_auth_req *preq = talloc_get_type(ptr, struct pam_auth_req);
1827 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1836 ret = pam_check_user_search(preq);
1840 preq->pd->logon_name, pctx->id_timeout);
1850 pam_dom_forwarder(preq);
1852 ret = pam_cmd_assume_upn(preq);
1855 ret = pam_check_user_done(preq, ret);
1858 preq->pd->pam_status = PAM_SYSTEM_ERR;
1859 pam_reply(preq);
1949 static void pam_dom_forwarder(struct pam_auth_req *preq)
1953 talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx);
1956 if (!preq->pd->domain) {
1957 preq->pd->domain = preq->domain->name;
1961 if (!preq->is_uid_trusted &&
1962 !is_domain_public(preq->pd->domain, pctx->public_domains,
1966 client_euid(preq->cctx->creds), preq->pd->domain);
1967 preq->pd->pam_status = PAM_PERM_DENIED;
1968 pam_reply(preq);
1974 if (preq->is_uid_trusted &&
1975 !is_domain_requested(preq->pd, preq->pd->domain)) {
1976 preq->pd->pam_status = PAM_USER_UNKNOWN;
1977 pam_reply(preq);
1981 if (pam_can_user_cache_auth(preq->domain,
1982 preq->pd->cmd,
1983 preq->pd->authtok,
1984 preq->pd->user,
1985 preq->cached_auth_failed)) {
1986 preq->use_cached_auth = true;
1987 pam_reply(preq);
1991 if (may_do_cert_auth(pctx, preq->pd) && preq->cert_user_obj != NULL) {
1993 cert_user = ldb_msg_find_attr_as_string(preq->cert_user_obj, SYSDB_NAME,
1998 preq->pd->pam_status = PAM_USER_UNKNOWN;
1999 pam_reply(preq);
2006 if (strcmp(cert_user, preq->pd->user) == 0) {
2008 preq->pd->pam_status = PAM_SUCCESS;
2010 if (preq->pd->cmd == SSS_PAM_PREAUTH) {
2011 ret = add_pam_cert_response(preq->pd, cert_user,
2012 preq->token_name);
2015 preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL;
2019 preq->callback = pam_reply;
2020 pam_reply(preq);
2023 if (preq->pd->cmd == SSS_PAM_PREAUTH) {
2030 preq->pd->pam_status = PAM_AUTH_ERR;
2031 pam_reply(preq);
2037 if (!NEED_CHECK_PROVIDER(preq->domain->provider) ) {
2038 preq->callback = pam_reply;
2039 ret = LOCAL_pam_handler(preq);
2042 preq->callback = pam_reply;
2043 ret = pam_dp_send_req(preq, SSS_CLI_SOCKET_TIMEOUT/2);
2048 preq->pd->pam_status = PAM_SYSTEM_ERR;
2049 pam_reply(preq);