krb5_child_handler.c revision a3c8390d19593b1e5277d95bfb4ab206d4785150
/*
SSSD
Kerberos 5 Backend Module - Manage krb5_child
Authors:
Sumit Bose <sbose@redhat.com>
Copyright (C) 2010 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "util/child_common.h"
#include "providers/krb5/krb5_common.h"
#include "providers/krb5/krb5_auth.h"
#include "src/providers/krb5/krb5_utils.h"
#ifndef KRB5_CHILD_DIR
#ifndef SSSD_LIBEXEC_PATH
#error "SSSD_LIBEXEC_PATH not defined"
#endif /* SSSD_LIBEXEC_PATH */
#define KRB5_CHILD_DIR SSSD_LIBEXEC_PATH
#endif /* KRB5_CHILD_DIR */
#define TIME_T_MAX LONG_MAX
struct io {
int read_from_child_fd;
int write_to_child_fd;
};
struct handle_child_state {
struct tevent_context *ev;
struct krb5child_req *kr;
struct tevent_timer *timeout_handler;
};
static int child_io_destructor(void *ptr)
{
int ret;
}
}
}
}
return EOK;
}
struct sss_auth_token *tok)
{
const char *data;
switch (auth_token_type) {
case SSS_AUTHTOK_TYPE_EMPTY:
auth_token_length = 0;
data = "";
break;
break;
case SSS_AUTHTOK_TYPE_CCFILE:
break;
default:
}
}
return ret;
}
{
const char *keytab;
size_t username_len = 0;
return EINVAL;
}
/* Always send PAC except for local IPA users and IPA server mode */
case K5C_IPA_CLIENT:
break;
case K5C_IPA_SERVER:
send_pac = 0;
break;
default:
send_pac = 1;
break;
}
use_enterprise_principal = false;
} else {
KRB5_USE_ENTERPRISE_PRINCIPAL) ? 1 : 0;
}
return ENOMEM;
}
}
}
}
return ENOMEM;
}
rp = 0;
if (ret) {
return ret;
}
}
if (ret) {
return ret;
}
}
}
return EOK;
}
struct tevent_timer *te,
{
struct handle_child_state);
int ret;
return;
}
"Timeout for child [%d] reached. In case KDC is distant or network "
"is slow you may consider increasing value of krb5_auth_timeout.\n",
if (ret == -1) {
}
}
struct tevent_context *ev,
const uint32_t timeout_seconds)
{
struct handle_child_state);
tv = tevent_timeval_current();
return ENOMEM;
}
return EOK;
}
{
int pipefd_to_child[2];
int pipefd_from_child[2];
int ret;
struct handle_child_state);
if (ret == -1) {
return err;
}
if (ret == -1) {
return err;
}
if (pid == 0) { /* child */
return ret;
}
}
return err;
}
} else if (pid > 0) { /* parent */
close(pipefd_to_child[0]);
return ret;
}
}
} else { /* error */
return err;
}
return EOK;
}
struct tevent_context *ev,
struct krb5child_req *kr)
{
struct handle_child_state *state;
int ret;
return NULL;
}
goto fail;
}
goto fail;
}
goto fail;
}
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct handle_child_state);
int ret;
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct handle_child_state);
int ret;
return;
}
return;
}
{
struct handle_child_state);
return EOK;
}
struct krb5_child_response **_res)
{
size_t p;
bool skip;
size_t ccname_len = 0;
struct krb5_child_response *res;
bool otp = false;
return EINVAL;
}
if (pwd_exp_warning < 0) {
}
/* A buffer with the following structure is expected.
* int32_t status of the request (required)
* message (zero or more)
*
* A message consists of:
* int32_t type of the message
* int32_t length of the following data
* uint8_t[len] data
*/
p=0;
while (p < len) {
skip = false;
return EINVAL;
}
/* We need to save the name of the credential cache file. To find it
* we check if the data part of a message starts with
* CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because
* sizeof() counts the trailing '\0' of a string. */
pref_len = sizeof(CCACHE_ENV_NAME);
if ((msg_type == SSS_PAM_ENV_ITEM) &&
}
if (msg_type == SSS_KRB5_INFO_TGT_LIFETIME &&
}
if (msg_type == SSS_KRB5_INFO_UPN) {
}
if (msg_type == SSS_PAM_USER_INFO) {
if (msg_subtype == SSS_PAM_USER_INFO_EXPIRE_WARN) {
if (pwd_exp_warning > 0 &&
skip = true;
}
}
}
otp = true;
skip = true;
}
if (!skip) {
/* This is not a fatal error */
}
}
p += msg_len;
"The remainder of the message is too short.\n");
return EINVAL;
}
}
if (ccname) {
return ENOMEM;
}
}
return ENOMEM;
}
}
return EOK;
}