src/sss_client/pam_message.c

bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose/*
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    Authors:
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose        Sumit Bose <sbose@redhat.com>
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    PAM client - create message blob
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    Copyright (C) 2015 Red Hat
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    This program is free software; you can redistribute it and/or modify
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    it under the terms of the GNU Lesser General Public License as published by
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    the Free Software Foundation; either version 3 of the License, or
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    (at your option) any later version.
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    This program is distributed in the hope that it will be useful,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    but WITHOUT ANY WARRANTY; without even the implied warranty of
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    GNU Lesser General Public License for more details.
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    You should have received a copy of the GNU Lesser General Public License
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    along with this program.  If not, see <http://www.gnu.org/licenses/>.
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose*/
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose#include <stdlib.h>
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose#include <security/pam_modules.h>
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose#include "sss_pam_compat.h"
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose#include "sss_pam_macros.h"
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose#include "pam_message.h"
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose#include "sss_cli.h"
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bosestatic size_t add_authtok_item(enum pam_item_type type,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                               enum sss_authtok_type authtok_type,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                               const char *tok, const size_t size,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                               uint8_t *buf)
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose{
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    size_t rp = 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    uint32_t c;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    if (tok == NULL) return 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = type;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = size + sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = authtok_type;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], tok, size);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += size;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    return rp;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose}
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bosestatic size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                                uint8_t *buf)
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose{
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    size_t rp = 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    uint32_t c;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = type;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = val;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    return rp;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose}
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bosestatic size_t add_string_item(enum pam_item_type type, const char *str,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                              const size_t size, uint8_t *buf)
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose{
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    size_t rp = 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    uint32_t c;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    if (str == NULL || *str == '\0') return 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = type;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    c = size;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], &c, sizeof(uint32_t));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += sizeof(uint32_t);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    memcpy(&buf[rp], str, size);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += size;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    return rp;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose}
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Boseint pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer)
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose{
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    int len;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    uint8_t *buf;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    size_t rp;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
35f3a213e0f0f2c60e9b5f095a05388e21092ae2Sumit Bose    len = sizeof(uint32_t) + sizeof(uint32_t);
35f3a213e0f0f2c60e9b5f095a05388e21092ae2Sumit Bose
35f3a213e0f0f2c60e9b5f095a05388e21092ae2Sumit Bose    len +=  *pi->pam_user != '\0' ?
35f3a213e0f0f2c60e9b5f095a05388e21092ae2Sumit Bose                2*sizeof(uint32_t) + pi->pam_user_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += *pi->pam_service != '\0' ?
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                2*sizeof(uint32_t) + pi->pam_service_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += *pi->pam_tty != '\0' ?
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                2*sizeof(uint32_t) + pi->pam_tty_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += *pi->pam_ruser != '\0' ?
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                2*sizeof(uint32_t) + pi->pam_ruser_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += *pi->pam_rhost != '\0' ?
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                2*sizeof(uint32_t) + pi->pam_rhost_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += pi->pam_authtok != NULL ?
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                3*sizeof(uint32_t) + pi->pam_authtok_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += pi->pam_newauthtok != NULL ?
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += 3*sizeof(uint32_t); /* cli_pid */
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    len += *pi->requested_domains != '\0' ?
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                2*sizeof(uint32_t) + pi->requested_domains_size : 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    buf = malloc(len);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    if (buf == NULL) {
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose        D(("malloc failed."));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose        return PAM_BUF_ERR;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    }
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp = 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    SAFEALIGN_SETMEM_UINT32(buf, SSS_START_OF_PAM_REQUEST, &rp);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                          &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                          pi->pam_service_size, &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                          &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                          &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                          &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_string_item(SSS_PAM_ITEM_REQUESTED_DOMAINS, pi->requested_domains, pi->requested_domains_size,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                          &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                            &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                           pi->pam_authtok, pi->pam_authtok_size, &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                           pi->pam_newauthtok, pi->pam_newauthtok_size,
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose                           &buf[rp]);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    SAFEALIGN_SETMEM_UINT32(buf + rp, SSS_END_OF_PAM_REQUEST, &rp);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    if (rp != len) {
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose        D(("error during packet creation."));
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose        free(buf);
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose        return PAM_BUF_ERR;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    }
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    *size = len;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    *buffer = buf;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose    return 0;
bf6c3f07d653d474da9e43b2b7cced57fc4ea069Sumit Bose}