proxy_child.c revision 545f49b72cdf8453fb0b85c9d87e7d4711da57da
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher/*
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher SSSD
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher Pam Proxy Child
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher Authors:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher Sumit Bose <sbose@redhat.com>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher Copyright (C) 2010 Red Hat
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher This program is free software; you can redistribute it and/or modify
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher it under the terms of the GNU General Public License as published by
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher the Free Software Foundation; either version 3 of the License, or
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher (at your option) any later version.
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher This program is distributed in the hope that it will be useful,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher GNU General Public License for more details.
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher You should have received a copy of the GNU General Public License
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher*/
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <stdio.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <unistd.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <fcntl.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <sys/types.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <sys/stat.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <sys/socket.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <sys/un.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <string.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <sys/time.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <errno.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <dlfcn.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <security/pam_appl.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include <security/pam_modules.h>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include "popt.h"
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include "util/util.h"
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include "confdb/confdb.h"
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include "dbus/dbus.h"
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include "sbus/sssd_dbus.h"
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include "providers/proxy/proxy.h"
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#include "providers/dp_backend.h"
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstatic int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstruct sbus_method pc_methods[] = {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher { DP_METHOD_PAMHANDLER, pc_pam_handler },
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher { NULL, NULL }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher};
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstruct sbus_interface pc_interface = {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DP_INTERFACE,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DP_PATH,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher SBUS_DEFAULT_VTABLE,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pc_methods,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher NULL
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher};
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstruct pc_ctx {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct tevent_context *ev;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct confdb_ctx *cdb;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct sss_domain_info *domain;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher const char *identity;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher const char *conf_path;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct sbus_connection *mon_conn;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct sbus_connection *conn;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher const char *pam_target;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher uint32_t id;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher};
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstatic int proxy_internal_conv(int num_msg, const struct pam_message **msgm,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct pam_response **response,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher void *appdata_ptr) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int i;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct pam_response *reply;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct authtok_conv *auth_data;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce const char *password;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce size_t pwlen;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce errno_t ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher auth_data = talloc_get_type(appdata_ptr, struct authtok_conv);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (num_msg <= 0) return PAM_CONV_ERR;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher reply = (struct pam_response *) calloc(num_msg,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher sizeof(struct pam_response));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (reply == NULL) return PAM_CONV_ERR;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher for (i=0; i < num_msg; i++) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher switch( msgm[i]->msg_style ) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case PAM_PROMPT_ECHO_OFF:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(4, ("Conversation message: [%s]\n", msgm[i]->msg));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher reply[i].resp_retcode = 0;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik ret = sss_authtok_get_password(auth_data->authtok,
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce &password, &pwlen);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce if (ret) goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce reply[i].resp = calloc(pwlen + 1, sizeof(char));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (reply[i].resp == NULL) goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce memcpy(reply[i].resp, password, pwlen + 1);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher default:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Conversation style %d not supported.\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher msgm[i]->msg_style));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher goto failed;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher *response = reply;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher reply = NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return PAM_SUCCESS;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherfailed:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher free(reply);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return PAM_CONV_ERR;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher}
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagherstatic int proxy_chauthtok_conv(int num_msg, const struct pam_message **msgm,
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher struct pam_response **response,
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher void *appdata_ptr) {
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher int i;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher struct pam_response *reply;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher struct authtok_conv *auth_data;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce const char *password;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce size_t pwlen;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce errno_t ret;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher auth_data = talloc_get_type(appdata_ptr, struct authtok_conv);
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher if (num_msg <= 0) return PAM_CONV_ERR;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher reply = (struct pam_response *) calloc(num_msg,
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher sizeof(struct pam_response));
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher if (reply == NULL) return PAM_CONV_ERR;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher for (i=0; i < num_msg; i++) {
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher switch( msgm[i]->msg_style ) {
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher case PAM_PROMPT_ECHO_OFF:
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher DEBUG(4, ("Conversation message: [%s]\n", msgm[i]->msg));
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher reply[i].resp_retcode = 0;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher if (!auth_data->sent_old) {
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher /* The first prompt will be asking for the old authtok */
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik ret = sss_authtok_get_password(auth_data->authtok,
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce &password, &pwlen);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce if (ret) goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce reply[i].resp = calloc(pwlen + 1, sizeof(char));
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher if (reply[i].resp == NULL) goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce memcpy(reply[i].resp, password, pwlen + 1);
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher auth_data->sent_old = true;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher }
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher else {
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher /* Subsequent prompts are looking for the new authtok */
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik ret = sss_authtok_get_password(auth_data->newauthtok,
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce &password, &pwlen);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce if (ret) goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce reply[i].resp = calloc(pwlen + 1, sizeof(char));
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher if (reply[i].resp == NULL) goto failed;
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce memcpy(reply[i].resp, password, pwlen + 1);
64af76e2bef2565caa9738f675c108a4b3789237Simo Sorce auth_data->sent_old = true;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher }
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher break;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher default:
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher DEBUG(1, ("Conversation style %d not supported.\n",
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher msgm[i]->msg_style));
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher goto failed;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher }
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher }
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher *response = reply;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher reply = NULL;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher return PAM_SUCCESS;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagherfailed:
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher free(reply);
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher return PAM_CONV_ERR;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher}
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstatic errno_t call_pam_stack(const char *pam_target, struct pam_data *pd)
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher{
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int pam_status;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_handle_t *pamh=NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct authtok_conv *auth_data;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct pam_conv conv;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher if (pd->cmd == SSS_PAM_CHAUTHTOK) {
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher conv.conv=proxy_chauthtok_conv;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher }
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher else {
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher conv.conv=proxy_internal_conv;
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher auth_data = talloc_zero(pd, struct authtok_conv);
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik if (auth_data == NULL) {
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n"));
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik return ENOMEM;
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik }
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik auth_data->authtok = sss_authtok_new(auth_data);
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik if (auth_data->authtok == NULL) {
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik DEBUG(SSSDBG_CRIT_FAILURE, ("sss_authtok_new failed.\n"));
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik ret = ENOMEM;
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik goto fail;
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik }
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik auth_data->newauthtok = sss_authtok_new(auth_data);
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik if (auth_data->newauthtok == NULL) {
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik DEBUG(SSSDBG_CRIT_FAILURE, ("sss_authtok_new failed.\n"));
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik ret = ENOMEM;
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik goto fail;
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik }
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher conv.appdata_ptr=auth_data;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = pam_start(pam_target, pd->user, &conv, &pamh);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret == PAM_SUCCESS) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(7, ("Pam transaction started with service name [%s].\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_target));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = pam_set_item(pamh, PAM_TTY, pd->tty);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != PAM_SUCCESS) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Setting PAM_TTY failed: %s.\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_strerror(pamh, ret)));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = pam_set_item(pamh, PAM_RUSER, pd->ruser);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != PAM_SUCCESS) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Setting PAM_RUSER failed: %s.\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_strerror(pamh, ret)));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = pam_set_item(pamh, PAM_RHOST, pd->rhost);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != PAM_SUCCESS) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Setting PAM_RHOST failed: %s.\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_strerror(pamh, ret)));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher switch (pd->cmd) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case SSS_PAM_AUTHENTICATE:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik sss_authtok_copy(pd->authtok, auth_data->authtok);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status = pam_authenticate(pamh, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case SSS_PAM_SETCRED:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status=pam_setcred(pamh, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case SSS_PAM_ACCT_MGMT:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status=pam_acct_mgmt(pamh, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case SSS_PAM_OPEN_SESSION:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status=pam_open_session(pamh, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case SSS_PAM_CLOSE_SESSION:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status=pam_close_session(pamh, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case SSS_PAM_CHAUTHTOK:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik sss_authtok_copy(pd->authtok, auth_data->authtok);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (pd->priv != 1) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status = pam_authenticate(pamh, 0);
35c70c767d366fc82a50f6f29793ab7f1477f79dStephen Gallagher auth_data->sent_old = false;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (pam_status != PAM_SUCCESS) break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik sss_authtok_copy(pd->newauthtok, auth_data->newauthtok);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status = pam_chauthtok(pamh, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher case SSS_PAM_CHAUTHTOK_PRELIM:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (pd->priv != 1) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik sss_authtok_copy(pd->authtok, auth_data->authtok);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status = pam_authenticate(pamh, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher } else {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status = PAM_SUCCESS;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher break;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher default:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("unknown PAM call\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status=PAM_ABORT;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(4, ("Pam result: [%d][%s]\n", pam_status,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_strerror(pamh, pam_status)));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = pam_end(pamh, pam_status);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != PAM_SUCCESS) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pamh=NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Cannot terminate pam transaction.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher } else {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Failed to initialize pam transaction.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pam_status = PAM_SYSTEM_ERR;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pd->pam_status = pam_status;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return EOK;
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnikfail:
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik talloc_free(auth_data);
545f49b72cdf8453fb0b85c9d87e7d4711da57daLukas Slebodnik return ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher}
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstatic int pc_pam_handler(DBusMessage *message, struct sbus_connection *conn)
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher{
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DBusError dbus_error;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DBusMessage *reply;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct pc_ctx *pc_ctx;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher errno_t ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher void *user_data;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct pam_data *pd = NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher user_data = sbus_conn_get_private_data(conn);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!user_data) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = EINVAL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher goto done;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pc_ctx = talloc_get_type(user_data, struct pc_ctx);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!pc_ctx) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = EINVAL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher goto done;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher reply = dbus_message_new_method_return(message);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!reply) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("dbus_message_new_method_return failed, "
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher "cannot send reply.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = ENOMEM;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher goto done;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher dbus_error_init(&dbus_error);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = dp_unpack_pam_request(message, pc_ctx, &pd, &dbus_error);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!ret) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1,("Failed, to parse message!\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = EIO;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher goto done;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pd->pam_status = PAM_SYSTEM_ERR;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pd->domain = talloc_strdup(pd, pc_ctx->domain->name);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (pd->domain == NULL) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher talloc_free(pd);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = ENOMEM;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher goto done;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(4, ("Got request with the following data\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG_PAM_DATA(4, pd);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = call_pam_stack(pc_ctx->pam_target, pd);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("call_pam_stack failed.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(4, ("Sending result [%d][%s]\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pd->pam_status, pd->domain));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = dp_pack_pam_response(reply, pd);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!ret) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Failed to generate dbus reply\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher talloc_free(pd);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher dbus_message_unref(reply);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = EIO;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher goto done;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher sbus_conn_send_reply(conn, reply);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher dbus_message_unref(reply);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher talloc_free(pd);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher /* We'll return the message and let the
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher * parent process kill us.
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher */
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return EOK;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherdone:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher exit(ret);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher}
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherint proxy_child_send_id(struct sbus_connection *conn,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher uint16_t version,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher uint32_t id);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherstatic int proxy_cli_init(struct pc_ctx *ctx)
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher{
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher char *sbus_address;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher sbus_address = talloc_asprintf(ctx, "unix:path=%s/%s_%s",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher PIPE_PATH, PROXY_CHILD_PIPE,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ctx->domain->name);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (sbus_address == NULL) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("talloc_asprintf failed.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ENOMEM;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = sbus_client_init(ctx, ctx->ev, sbus_address,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher &pc_interface, &ctx->conn,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher NULL, ctx);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("sbus_client_init failed.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = proxy_child_send_id(ctx->conn, DATA_PROVIDER_VERSION, ctx->id);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("dp_common_send_id failed.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return EOK;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher}
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherint proxy_child_send_id(struct sbus_connection *conn,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher uint16_t version,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher uint32_t id)
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher{
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DBusMessage *msg;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher dbus_bool_t ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int retval;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher /* create the message */
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher msg = dbus_message_new_method_call(NULL,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DP_PATH,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DP_INTERFACE,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DP_METHOD_REGISTER);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (msg == NULL) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("Out of memory?!\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ENOMEM;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(4, ("Sending ID to Proxy Backend: (%d,%ld)\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher version, id));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = dbus_message_append_args(msg,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DBUS_TYPE_UINT16, &version,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DBUS_TYPE_UINT32, &id,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DBUS_TYPE_INVALID);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!ret) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Failed to build message\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return EIO;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher retval = sbus_conn_send(conn, msg, 30000, dp_id_callback, NULL, NULL);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher dbus_message_unref(msg);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return retval;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher}
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherint proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct tevent_context *ev, struct confdb_ctx *cdb,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher const char *pam_target, uint32_t id)
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher{
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct pc_ctx *ctx;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ctx = talloc_zero(mem_ctx, struct pc_ctx);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!ctx) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("fatal error initializing pc_ctx\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ENOMEM;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ctx->ev = ev;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ctx->cdb = cdb;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ctx->pam_target = talloc_steal(ctx, pam_target);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ctx->id = id;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ctx->conf_path = talloc_asprintf(ctx, CONFDB_DOMAIN_PATH_TMPL, domain);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!ctx->conf_path) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("Out of memory!?\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ENOMEM;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = confdb_get_domain(cdb, domain, &ctx->domain);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("fatal error retrieving domain configuration\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = proxy_cli_init(ctx);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("fatal error setting up server bus\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return EOK;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher}
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagherint main(int argc, const char *argv[])
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher{
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int opt;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher poptContext pc;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher char *domain = NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher char *srv_name = NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher char *conf_entry = NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct main_context *main_ctx;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher int ret;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher long id;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher char *pam_target = NULL;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher struct poptOption long_options[] = {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher POPT_AUTOHELP
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher SSSD_MAIN_OPTS
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher {"domain", 0, POPT_ARG_STRING, &domain, 0,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher _("Domain of the information provider (mandatory)"), NULL },
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher {"id", 0, POPT_ARG_LONG, &id, 0,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher _("Child identifier (mandatory)"), NULL },
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher POPT_TABLEEND
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher };
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
89caf5edcc99f5731e89bd51e6ffaad3ec11c304Pavel Březina /* Set debug level to invalid value so we can deside if -d 0 was used. */
89caf5edcc99f5731e89bd51e6ffaad3ec11c304Pavel Březina debug_level = SSSDBG_INVALID;
89caf5edcc99f5731e89bd51e6ffaad3ec11c304Pavel Březina
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher pc = poptGetContext(argv[0], argc, argv, long_options, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher while((opt = poptGetNextOpt(pc)) != -1) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher switch(opt) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher default:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher fprintf(stderr, "\nInvalid option %s: %s\n\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher poptBadOption(pc, 0), poptStrerror(opt));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher poptPrintUsage(pc, stderr, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 1;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (domain == NULL) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher fprintf(stderr, "\nMissing option, "
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher "--domain is a mandatory option.\n\n");
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher poptPrintUsage(pc, stderr, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 1;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (id == 0) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher fprintf(stderr, "\nMissing option, "
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher "--id is a mandatory option.\n\n");
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher poptPrintUsage(pc, stderr, 0);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 1;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher poptFreeContext(pc);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
9e2c64c6d4f5560e27207193efea6536a566865eMichal Zidek DEBUG_INIT(debug_level);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher /* set up things like debug , signals, daemonization, etc... */
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher debug_log_file = talloc_asprintf(NULL, "proxy_child_%s", domain);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!debug_log_file) return 2;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher srv_name = talloc_asprintf(NULL, "sssd[proxy_child[%s]]", domain);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!srv_name) return 2;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher conf_entry = talloc_asprintf(NULL, CONFDB_DOMAIN_PATH_TMPL, domain);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (!conf_entry) return 2;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = server_setup(srv_name, 0, conf_entry, &main_ctx);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("Could not set up mainloop [%d]\n", ret));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 2;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = unsetenv("_SSS_LOOPS");
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Failed to unset _SSS_LOOPS, "
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher "pam modules might not work as expected.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = confdb_get_string(main_ctx->confdb_ctx, main_ctx, conf_entry,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher CONFDB_PROXY_PAM_TARGET, NULL, &pam_target);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("Error reading from confdb (%d) [%s]\n",
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret, strerror(ret)));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 4;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (pam_target == NULL) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Missing option proxy_pam_target.\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 4;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = die_if_parent_died();
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher /* This is not fatal, don't return */
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(2, ("Could not set up to exit when parent process does\n"));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher ret = proxy_child_process_init(main_ctx, domain, main_ctx->event_ctx,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher main_ctx->confdb_ctx, pam_target,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher (uint32_t)id);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher if (ret != EOK) {
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(0, ("Could not initialize proxy child [%d].\n", ret));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 3;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher }
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher DEBUG(1, ("Proxy child for domain [%s] started!\n", domain));
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher /* loop on main */
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher server_loop(main_ctx);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher return 0;
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher}