src/providers/dp_pam_data_util.c

1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose/*
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    SSSD
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    Utilities to for tha pam_data structure
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    Authors:
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose        Sumit Bose <sbose@redhat.com>
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    Copyright (C) 2009 Red Hat
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    This program is free software; you can redistribute it and/or modify
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    it under the terms of the GNU General Public License as published by
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    the Free Software Foundation; either version 3 of the License, or
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    (at your option) any later version.
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    This program is distributed in the hope that it will be useful,
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    but WITHOUT ANY WARRANTY; without even the implied warranty of
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    GNU General Public License for more details.
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    You should have received a copy of the GNU General Public License
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    along with this program.  If not, see <http://www.gnu.org/licenses/>.
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose*/
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
d0d79b53a5a16831169a3d854fd59402a99a1dd6Sumit Bose#include <security/pam_modules.h>
d0d79b53a5a16831169a3d854fd59402a99a1dd6Sumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose#include "providers/data_provider.h"
11e8f3ecdddf8edd8b1bbe9f41b49ce8b709b92aPetr Cech#include "util/sss_cli_cmd.h"
de9fa0156b6cad1c824803283f15dfc360fb3f64Stephen Gallagher
bd09ead65cded3207cf228c44a31bbc87c2979bdJakub Hrozek#define PAM_SAFE_ITEM(item) item ? item : "not set"
bd09ead65cded3207cf228c44a31bbc87c2979bdJakub Hrozek
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Boseint pam_data_destructor(void *ptr)
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose{
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    struct pam_data *pd = talloc_get_type(ptr, struct pam_data);
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    /* make sure to wipe any password from memory before freeing */
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    sss_authtok_wipe_password(pd->authtok);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    sss_authtok_wipe_password(pd->newauthtok);
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    return 0;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose}
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bosestruct pam_data *create_pam_data(TALLOC_CTX *mem_ctx)
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose{
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    struct pam_data *pd;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    pd = talloc_zero(mem_ctx, struct pam_data);
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    if (pd == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        goto failed;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
d0d79b53a5a16831169a3d854fd59402a99a1dd6Sumit Bose    pd->pam_status = PAM_SYSTEM_ERR;
d0d79b53a5a16831169a3d854fd59402a99a1dd6Sumit Bose
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    pd->authtok = sss_authtok_new(pd);
4d09e8abf9f4306d3d6add88ee9100373c421c74Jakub Hrozek    if (pd->authtok == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        goto failed;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    pd->newauthtok = sss_authtok_new(pd);
4d09e8abf9f4306d3d6add88ee9100373c421c74Jakub Hrozek    if (pd->newauthtok == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        goto failed;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    }
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    talloc_set_destructor((TALLOC_CTX *) pd, pam_data_destructor);
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    return pd;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikfailed:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    talloc_free(pd);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    return NULL;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose}
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorceerrno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src,
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce                      struct pam_data **dst)
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose{
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    struct pam_data *pd = NULL;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    errno_t ret;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    pd = create_pam_data(mem_ctx);
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    if (pd == NULL) {
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        ret =  ENOMEM;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->cmd  = src->cmd;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->priv = src->priv;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->domain = talloc_strdup(pd, src->domain);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    if (pd->domain == NULL && src->domain != NULL) {
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        ret =  ENOMEM;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->user = talloc_strdup(pd, src->user);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    if (pd->user == NULL && src->user != NULL) {
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        ret =  ENOMEM;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->service = talloc_strdup(pd, src->service);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    if (pd->service == NULL && src->service != NULL) {
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        ret =  ENOMEM;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->tty = talloc_strdup(pd, src->tty);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    if (pd->tty == NULL && src->tty != NULL) {
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        ret =  ENOMEM;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->ruser = talloc_strdup(pd, src->ruser);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    if (pd->ruser == NULL && src->ruser != NULL) {
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        ret =  ENOMEM;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->rhost = talloc_strdup(pd, src->rhost);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    if (pd->rhost == NULL && src->rhost != NULL) {
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        ret =  ENOMEM;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce        goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    pd->cli_pid = src->cli_pid;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    /* if structure pam_data was allocated on stack and zero initialized,
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik     * than src->authtok and src->newauthtok are NULL, therefore
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik     * instead of copying, new empty authtok will be created.
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik     */
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    if (src->authtok) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        ret = sss_authtok_copy(src->authtok, pd->authtok);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        if (ret) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik            goto failed;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    } else {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        pd->authtok = sss_authtok_new(pd);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        if (pd->authtok == NULL) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik            ret = ENOMEM;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik            goto failed;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    }
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    if (src->newauthtok) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        ret = sss_authtok_copy(src->newauthtok, pd->newauthtok);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        if (ret) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik            goto failed;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    } else {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        pd->newauthtok = sss_authtok_new(pd);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        if (pd->newauthtok == NULL) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik            ret = ENOMEM;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik            goto failed;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        }
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    }
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    *dst = pd;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    return EOK;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bosefailed:
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose    talloc_free(pd);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov    DEBUG(SSSDBG_CRIT_FAILURE,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov          "copy_pam_data failed: (%d) %s.\n", ret, strerror(ret));
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce    return ret;
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose}
02e38eae1b9cb5df2036a707dafd86f6047c17deSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bosevoid pam_print_data(int l, struct pam_data *pd)
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose{
11e8f3ecdddf8edd8b1bbe9f41b49ce8b709b92aPetr Cech    DEBUG(l, "command: %s\n", sss_cmd2str(pd->cmd));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "domain: %s\n", PAM_SAFE_ITEM(pd->domain));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "user: %s\n", PAM_SAFE_ITEM(pd->user));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "service: %s\n", PAM_SAFE_ITEM(pd->service));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "tty: %s\n", PAM_SAFE_ITEM(pd->tty));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "ruser: %s\n", PAM_SAFE_ITEM(pd->ruser));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "rhost: %s\n", PAM_SAFE_ITEM(pd->rhost));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "authtok type: %d\n", sss_authtok_get_type(pd->authtok));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "newauthtok type: %d\n", sss_authtok_get_type(pd->newauthtok));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "priv: %d\n", pd->priv);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(l, "cli_pid: %d\n", pd->cli_pid);
cda952ca3e00d324c7e53eeaeda394eb0d142818Sumit Bose    DEBUG(l, "logon name: %s\n", PAM_SAFE_ITEM(pd->logon_name));
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose}
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Boseint pam_add_response(struct pam_data *pd, enum response_type type,
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose                     int len, const uint8_t *data)
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose{
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    struct response_data *new;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    new = talloc(pd, struct response_data);
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    if (new == NULL) return ENOMEM;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    new->type = type;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    new->len = len;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    new->data = talloc_memdup(pd, data, len);
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    if (new->data == NULL) return ENOMEM;
9468a58f9bd191ef80c114943a288037c635a835Sumit Bose    new->do_not_send_to_client = false;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    new->next = pd->resp_list;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    pd->resp_list = new;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose    return EOK;
1b18a3fc310932e5afcdaa4bb401c8d368e79c0bSumit Bose}