dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Pavel Březina <pbrezina@redhat.com>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Copyright (C) 2016 Red Hat
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina This program is free software; you can redistribute it and/or modify
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina it under the terms of the GNU General Public License as published by
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the Free Software Foundation; either version 3 of the License, or
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina (at your option) any later version.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina This program is distributed in the hope that it will be useful,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina GNU General Public License for more details.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina You should have received a copy of the GNU General Public License
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#include "providers/data_provider/dp_private.h"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void dp_pam_reply(struct sbus_request *sbus_req,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Sending result [%d][%s]", pd->pam_status, pd->domain);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina reply = dbus_message_new_method_return(sbus_req->message);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Unable to acquire reply message");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Unable to generate reply message");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t pam_data_create(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina bret = dp_unpack_pam_request(sbus_req->message, mem_ctx, &pd, &dbus_error);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (bret == false) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse message!\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina pd->domain = talloc_strdup(pd, be_ctx->domain->name);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void choose_target(struct data_provider *provider,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio if (dp_method_enabled(provider, DPT_SESSION, DPM_SESSION_HANDLER)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_LIBS, "Unsupported PAM command [%d].\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Check that target is configured. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina && !dp_target_enabled(provider, NULL, target)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinavoid dp_pam_handler_step_done(struct tevent_req *req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinavoid dp_pam_handler_selinux_done(struct tevent_req *req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t dp_pam_handler(struct sbus_request *sbus_req, void *sbus_data)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_cli = talloc_get_type(sbus_data, struct dp_client);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = talloc_zero(sbus_req, struct dp_pam_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = pam_data_create(state, sbus_req, provider->be_ctx, &pd);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CONF_SETTINGS, "Got request with the following data\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina choose_target(provider, pd, &target, &method, &req_name);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Just send the result. Pam data are freed with this call. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = dp_req_send(state, provider, dp_cli, pd->domain, req_name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(req, dp_pam_handler_step_done, state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic bool should_invoke_selinux(struct data_provider *provider,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (!dp_method_enabled(provider, DPT_SELINUX, DPM_SELINUX_HANDLER)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return false;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (pd->cmd == SSS_PAM_ACCT_MGMT && pd->pam_status == PAM_SUCCESS) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return false;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinavoid dp_pam_handler_step_done(struct tevent_req *req)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_callback_data(req, struct dp_pam_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = dp_req_recv(state, req, struct pam_data *, &pd);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_req_reply_error(state->sbus_req, state->request_name, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (!should_invoke_selinux(state->provider, pd)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* State and request related data are freed with sbus_req. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_pam_reply(state->sbus_req, state->request_name, pd);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = dp_req_send(state, state->provider, state->dp_cli, pd->domain,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "PAM SELinux", DPT_SELINUX, DPM_SELINUX_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DP_REQ_DEBUG(SSSDBG_CRIT_FAILURE, state->request_name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Unable to process SELinux, killing request...");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(req, dp_pam_handler_selinux_done, state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinavoid dp_pam_handler_selinux_done(struct tevent_req *req)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_callback_data(req, struct dp_pam_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = dp_req_recv(state, req, struct pam_data *, &pd);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_req_reply_error(state->sbus_req, state->request_name, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* State and request related data are freed with sbus_req. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_pam_reply(state->sbus_req, state->request_name, pd);
e737cdfa225e0d455c0e574bcb82c2cc16a17d9dPavel Březinaerrno_t dp_access_control_refresh_rules_handler(struct sbus_request *sbus_req,
e737cdfa225e0d455c0e574bcb82c2cc16a17d9dPavel Březina dp_req_with_reply(dp_cli, NULL, "Refresh Access Control Rules", key,