918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce/*
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce SSSD - auth utils
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce Copyright (C) Simo Sorce <simo@redhat.com> 2012
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce This program is free software; you can redistribute it and/or modify
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce it under the terms of the GNU General Public License as published by
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce the Free Software Foundation; either version 3 of the License, or
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce (at your option) any later version.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce This program is distributed in the hope that it will be useful,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce but WITHOUT ANY WARRANTY; without even the implied warranty of
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce GNU General Public License for more details.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce You should have received a copy of the GNU General Public License
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce along with this program. If not, see <http://www.gnu.org/licenses/>.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce*/
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce#include "authtok.h"
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstruct sss_auth_token {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik enum sss_authtok_type type;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik uint8_t *data;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik size_t length;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik};
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceenum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return tok->type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcesize_t sss_authtok_get_size(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha return 0;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_CCFILE:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return tok->length;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return 0;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceuint8_t *sss_authtok_get_data(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha return NULL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceerrno_t sss_authtok_get_password(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce const char **pwd, size_t *len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha return EFAULT;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return ENOENT;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce *pwd = (const char *)tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce if (len) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce *len = tok->length - 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_CCFILE:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EACCES;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceerrno_t sss_authtok_get_ccfile(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce const char **ccfile, size_t *len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha return EINVAL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return ENOENT;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_CCFILE:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce *ccfile = (const char *)tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce if (len) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce *len = tok->length - 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_PASSWORD:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EACCES;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstatic errno_t sss_authtok_set_string(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce enum sss_authtok_type type,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce const char *context_name,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce const char *str, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce size_t size;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce if (len == 0) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce len = strlen(str);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce } else {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce while (len > 0 && str[len - 1] == '\0') len--;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce if (len == 0) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce /* we do not allow zero length typed tokens */
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce size = len + 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik tok->data = talloc_named(tok, size, "%s", context_name);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce if (!tok->data) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return ENOMEM;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce memcpy(tok->data, str, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce tok->data[len] = '\0';
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce tok->type = type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce tok->length = size;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcevoid sss_authtok_set_empty(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha return;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_PASSWORD:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_PIN:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce safezero(tok->data, tok->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce break;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_CCFILE:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce break;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce tok->type = SSS_AUTHTOK_TYPE_EMPTY;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce talloc_zfree(tok->data);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce tok->length = 0;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set_password(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce const char *password, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_PASSWORD,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce "password", password, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set_ccfile(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce const char *ccfile, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_CCFILE,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce "ccfile", ccfile, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bosestatic errno_t sss_authtok_set_2fa_from_blob(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose const uint8_t *data, size_t len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce enum sss_authtok_type type,
4b8021779e4db2a212a8214c17e778e843ae2b3aStef Walter const uint8_t *data, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce switch (type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_PASSWORD:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik return sss_authtok_set_password(tok, (const char *)data, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_CCFILE:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik return sss_authtok_set_ccfile(tok, (const char *)data, len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose case SSS_AUTHTOK_TYPE_2FA:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return sss_authtok_set_2fa_from_blob(tok, data, len);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_PIN:
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return sss_authtok_set_sc_from_blob(tok, data, len);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_KEYPAD:
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return sss_authtok_set_sc_from_blob(tok, data, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_copy(struct sss_auth_token *src,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce struct sss_auth_token *dst)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha if (!src || !dst) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha return EINVAL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce sss_authtok_set_empty(dst);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce if (src->type == SSS_AUTHTOK_TYPE_EMPTY) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik dst->data = talloc_memdup(dst, src->data, src->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce if (!dst->data) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return ENOMEM;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce dst->length = src->length;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce dst->type = src->type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstruct sss_auth_token *sss_authtok_new(TALLOC_CTX *mem_ctx)
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik{
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik struct sss_auth_token *token;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik token = talloc_zero(mem_ctx, struct sss_auth_token);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik if (token == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik return token;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik}
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcevoid sss_authtok_wipe_password(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha if (!tok || tok->type != SSS_AUTHTOK_TYPE_PASSWORD) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce return;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce safezero(tok->data, tok->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_auth_unpack_2fa_blob(TALLOC_CTX *mem_ctx,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose const uint8_t *blob, size_t blob_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose char **fa1, size_t *_fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose char **fa2, size_t *_fa2_len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose size_t c;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose uint32_t fa1_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose uint32_t fa2_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (blob_len < 2 * sizeof(uint32_t)) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob too small.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose c = 0;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose SAFEALIGN_COPY_UINT32(&fa1_len, blob, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose SAFEALIGN_COPY_UINT32(&fa2_len, blob + c, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (blob_len != 2 * sizeof(uint32_t) + fa1_len + fa2_len) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob size mismatch.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (fa1_len != 0) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa1 = talloc_strndup(mem_ctx, (const char *) blob + c, fa1_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (*fa1 == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose } else {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa1 = NULL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (fa2_len != 0) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa2 = talloc_strndup(mem_ctx, (const char *) blob + c + fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose fa2_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (*fa2 == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose talloc_free(*fa1);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose } else {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa2 = NULL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose /* Re-calculate length for the case where \0 was missing in the blob */
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *_fa1_len = (*fa1 == NULL) ? 0 : strlen(*fa1);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *_fa2_len = (*fa2 == NULL) ? 0 : strlen(*fa2);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bosestatic errno_t sss_authtok_set_2fa_from_blob(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose const uint8_t *data, size_t len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose TALLOC_CTX *tmp_ctx;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose int ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose char *fa1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose size_t fa1_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose char *fa2;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose size_t fa2_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose tmp_ctx = talloc_new(NULL);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (tmp_ctx == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose ret = ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose goto done;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose ret = sss_auth_unpack_2fa_blob(tmp_ctx, data, len, &fa1, &fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose &fa2, &fa2_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_auth_unpack_2fa_blob failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose goto done;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose ret = sss_authtok_set_2fa(tok, fa1, fa1_len, fa2, fa2_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_authtok_set_2fa failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose goto done;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose ret = EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bosedone:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose talloc_free(tmp_ctx);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose sss_authtok_set_empty(tok);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_authtok_get_2fa(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose const char **fa1, size_t *fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose const char **fa2, size_t *fa2_len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose size_t c;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose uint32_t tmp_uint32_t;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (tok->type != SSS_AUTHTOK_TYPE_2FA) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return (tok->type == SSS_AUTHTOK_TYPE_EMPTY) ? ENOENT : EACCES;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (tok->length < 2 * sizeof(uint32_t)) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob too small.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose c = 0;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa1_len = tmp_uint32_t - 1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data + c, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa2_len = tmp_uint32_t - 1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (*fa1_len == 0 || *fa2_len == 0
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose || tok->length != 2 * sizeof(uint32_t) + *fa1_len + *fa2_len + 2) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob size mismatch.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (tok->data[c + *fa1_len] != '\0'
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose || tok->data[c + *fa1_len + 1 + *fa2_len] != '\0') {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Missing terminating null character.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa1 = (const char *) tok->data + c;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose *fa2 = (const char *) tok->data + c + *fa1_len + 1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_authtok_set_2fa(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose const char *fa1, size_t fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose const char *fa2, size_t fa2_len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose int ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose size_t needed_size;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (tok == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose sss_authtok_set_empty(tok);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose ret = sss_auth_pack_2fa_blob(fa1, fa1_len, fa2, fa2_len, NULL, 0,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose &needed_size);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (ret != EAGAIN) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose "sss_auth_pack_2fa_blob unexpectedly returned [%d].\n", ret);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose tok->data = talloc_size(tok, needed_size);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (tok->data == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose ret = sss_auth_pack_2fa_blob(fa1, fa1_len, fa2, fa2_len, tok->data,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose needed_size, &needed_size);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose talloc_free(tok->data);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_auth_pack_2fa_blob failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose tok->length = needed_size;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose tok->type = SSS_AUTHTOK_TYPE_2FA;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose return EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Boseerrno_t sss_authtok_set_sc(struct sss_auth_token *tok,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose enum sss_authtok_type type,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char *pin, size_t pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char *token_name, size_t token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char *module_name, size_t module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char *key_id, size_t key_id_len)
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose{
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose int ret;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t needed_size;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (type != SSS_AUTHTOK_TYPE_SC_PIN
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose && type != SSS_AUTHTOK_TYPE_SC_KEYPAD) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Invalid type [%d].\n", type);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EINVAL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose sss_authtok_set_empty(tok);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose ret = sss_auth_pack_sc_blob(pin, pin_len, token_name, token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose module_name, module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose key_id, key_id_len, NULL, 0,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose &needed_size);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (ret != EAGAIN) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_auth_pack_sc_blob failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ret;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose tok->data = talloc_size(tok, needed_size);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (tok->data == NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ENOMEM;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose ret = sss_auth_pack_sc_blob(pin, pin_len, token_name, token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose module_name, module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose key_id, key_id_len, tok->data,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose needed_size, &needed_size);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (ret != EOK) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_auth_pack_sc_blob failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(tok->data);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ret;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose tok->length = needed_size;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose tok->type = type;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EOK;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose}
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Boseerrno_t sss_authtok_set_sc_from_blob(struct sss_auth_token *tok,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const uint8_t *data,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t len)
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose{
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose int ret;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char *pin = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t pin_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char *token_name = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t token_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char *module_name = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t module_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char *key_id = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t key_id_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose TALLOC_CTX *tmp_ctx;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (tok == NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EFAULT;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (data == NULL || len == 0) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EINVAL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose tmp_ctx = talloc_new(NULL);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (tmp_ctx == NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose ret = ENOMEM;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose goto done;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose ret = sss_auth_unpack_sc_blob(tmp_ctx, data, len, &pin, &pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose &token_name, &token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose &module_name, &module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose &key_id, &key_id_len);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (ret != EOK) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_auth_unpack_sc_blob failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose goto done;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose ret = sss_authtok_set_sc(tok, SSS_AUTHTOK_TYPE_SC_PIN, pin, pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose token_name, token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose module_name, module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose key_id, key_id_len);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bosedone:
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(tmp_ctx);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ret;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose}
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Boseerrno_t sss_authtok_set_sc_pin(struct sss_auth_token *tok, const char *pin,
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose size_t len)
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose{
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose if (tok == NULL) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return EFAULT;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose if (pin == NULL) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return EINVAL;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return sss_authtok_set_sc(tok, SSS_AUTHTOK_TYPE_SC_PIN, pin, len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose NULL, 0, NULL, 0, NULL, 0);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose}
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Boseerrno_t sss_authtok_get_sc_pin(struct sss_auth_token *tok, const char **_pin,
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose size_t *len)
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose{
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose int ret;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char *pin = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t pin_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose if (!tok) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return EFAULT;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose switch (tok->type) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_EMPTY:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return ENOENT;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_PIN:
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose ret = sss_authtok_get_sc(tok, &pin, &pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose NULL, NULL, NULL, NULL, NULL, NULL);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (ret != EOK) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_authtok_get_sc failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ret;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_pin = pin;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose if (len) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *len = pin_len;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return EOK;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_PASSWORD:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_CCFILE:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose case SSS_AUTHTOK_TYPE_SC_KEYPAD:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return EACCES;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return EINVAL;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose}
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bosevoid sss_authtok_set_sc_keypad(struct sss_auth_token *tok)
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose{
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (tok == NULL) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose return;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose sss_authtok_set_empty(tok);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose tok->type = SSS_AUTHTOK_TYPE_SC_KEYPAD;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose}
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Boseerrno_t sss_auth_unpack_sc_blob(TALLOC_CTX *mem_ctx,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const uint8_t *blob, size_t blob_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char **pin, size_t *_pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char **token_name, size_t *_token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char **module_name, size_t *_module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose char **key_id, size_t *_key_id_len)
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose{
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t c;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose uint32_t pin_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose uint32_t token_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose uint32_t module_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose uint32_t key_id_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose c = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (blob == NULL || blob_len == 0) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose pin_len = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose token_name_len = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose module_name_len = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose key_id_len = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose } else if (blob_len > 0
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose && strnlen((const char *) blob, blob_len) == blob_len - 1) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose pin_len = blob_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose token_name_len = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose module_name_len = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose key_id_len = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose } else {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (blob_len < 4 * sizeof(uint32_t)) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob too small.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EINVAL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&pin_len, blob, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&token_name_len, blob + c, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&module_name_len, blob + c, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&key_id_len, blob + c, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (blob_len != 4 * sizeof(uint32_t) + pin_len + token_name_len
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose + module_name_len + key_id_len) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob size mismatch.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EINVAL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (pin_len != 0) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *pin = talloc_strndup(mem_ctx, (const char *) blob + c, pin_len);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (*pin == NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ENOMEM;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose } else {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *pin = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (token_name_len != 0) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *token_name = talloc_strndup(mem_ctx, (const char *) blob + c + pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose token_name_len);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (*token_name == NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(*pin);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ENOMEM;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose } else {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *token_name = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (module_name_len != 0) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *module_name = talloc_strndup(mem_ctx,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose (const char *) blob + c + pin_len
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose + token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose module_name_len);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (*module_name == NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(*pin);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(*token_name);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ENOMEM;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose } else {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *module_name = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (key_id_len != 0) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *key_id = talloc_strndup(mem_ctx,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose (const char *) blob + c + pin_len
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose + token_name_len
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose + module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose key_id_len);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (*key_id == NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(*pin);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(*token_name);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose talloc_free(*module_name);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return ENOMEM;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose } else {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *key_id = NULL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose /* Re-calculate length for the case where \0 was missing in the blob */
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_pin_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_pin_len = (*pin == NULL) ? 0 : strlen(*pin);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_token_name_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_token_name_len = (*token_name == NULL) ? 0 : strlen(*token_name);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_module_name_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_module_name_len = (*module_name == NULL) ? 0 : strlen(*module_name);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_key_id_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_key_id_len = (*key_id == NULL) ? 0 : strlen(*key_id);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EOK;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose}
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Boseerrno_t sss_authtok_get_sc(struct sss_auth_token *tok,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char **_pin, size_t *_pin_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char **_token_name, size_t *_token_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char **_module_name, size_t *_module_name_len,
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose const char **_key_id, size_t *_key_id_len)
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose{
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t c = 0;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t pin_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t token_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t module_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose size_t key_id_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose uint32_t tmp_uint32_t;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (!tok) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EFAULT;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (tok->type != SSS_AUTHTOK_TYPE_SC_PIN
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose && tok->type != SSS_AUTHTOK_TYPE_SC_KEYPAD) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return (tok->type == SSS_AUTHTOK_TYPE_EMPTY) ? ENOENT : EACCES;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (tok->length < 4 * sizeof(uint32_t)) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob too small.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EINVAL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose pin_len = tmp_uint32_t - 1;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data + c, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose token_name_len = tmp_uint32_t - 1;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data + c, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose module_name_len = tmp_uint32_t -1;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data + c, &c);
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose key_id_len = tmp_uint32_t -1;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (tok->length != 4 * sizeof(uint32_t) + 4 + pin_len + token_name_len
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose + module_name_len + key_id_len) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Blob size mismatch.\n");
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EINVAL;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_pin != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_pin = (const char *) tok->data + c;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_pin_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_pin_len = pin_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_token_name != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_token_name = (const char *) tok->data + c + pin_len + 1;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_token_name_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_token_name_len = token_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_module_name != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_module_name = (const char *) tok->data + c + pin_len + 1
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose + token_name_len + 1;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_module_name_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_module_name_len = module_name_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_key_id != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_key_id = (const char *) tok->data + c + pin_len + 1
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose + token_name_len + 1 + module_name_len + 1;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose if (_key_id_len != NULL) {
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose *_key_id_len = key_id_len;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose }
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose return EOK;
dd17a3aaddab6f122dff3bd15b7005464c07c0eaSumit Bose}