src/sss_client/pam_message.c

25f72e2845c89a153ca9d3279d7feccbc912524ematthew/*
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    Authors:
25f72e2845c89a153ca9d3279d7feccbc912524ematthew        Sumit Bose <sbose@redhat.com>
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    PAM client - create message blob
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    Copyright (C) 2015 Red Hat
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    This program is free software; you can redistribute it and/or modify
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    it under the terms of the GNU Lesser General Public License as published by
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    the Free Software Foundation; either version 3 of the License, or
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    (at your option) any later version.
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    This program is distributed in the hope that it will be useful,
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    but WITHOUT ANY WARRANTY; without even the implied warranty of
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    GNU Lesser General Public License for more details.
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    You should have received a copy of the GNU Lesser General Public License
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    along with this program.  If not, see <http://www.gnu.org/licenses/>.
25f72e2845c89a153ca9d3279d7feccbc912524ematthew*/
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew#include <stdlib.h>
25f72e2845c89a153ca9d3279d7feccbc912524ematthew#include <security/pam_modules.h>
a5b9f8fb834b1b2208e59a2fa76714bd91a5f147violette
25f72e2845c89a153ca9d3279d7feccbc912524ematthew#include "sss_pam_compat.h"
25f72e2845c89a153ca9d3279d7feccbc912524ematthew#include "sss_pam_macros.h"
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew#include "pam_message.h"
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew#include "sss_cli.h"
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthewstatic size_t add_authtok_item(enum pam_item_type type,
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                               enum sss_authtok_type authtok_type,
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                               const char *tok, const size_t size,
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                               uint8_t *buf)
25f72e2845c89a153ca9d3279d7feccbc912524ematthew{
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    size_t rp = 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    uint32_t c;
b01d258c572743c78c89899e0a49199bac91a7dfmatthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    if (tok == NULL) return 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    c = type;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], &c, sizeof(uint32_t));
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += sizeof(uint32_t);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    c = size + sizeof(uint32_t);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], &c, sizeof(uint32_t));
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += sizeof(uint32_t);
7edeca432448c9eb6a7618b130fccc3eb04459aemark
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    c = authtok_type;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], &c, sizeof(uint32_t));
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += sizeof(uint32_t);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], tok, size);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += size;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    return rp;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew}
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthewstatic size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val,
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                                uint8_t *buf)
25f72e2845c89a153ca9d3279d7feccbc912524ematthew{
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    size_t rp = 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    uint32_t c;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    c = type;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], &c, sizeof(uint32_t));
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += sizeof(uint32_t);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
a5b9f8fb834b1b2208e59a2fa76714bd91a5f147violette    c = sizeof(uint32_t);
8890d0c686adc8442c156956735470bf289ba2d8mark    memcpy(&buf[rp], &c, sizeof(uint32_t));
8890d0c686adc8442c156956735470bf289ba2d8mark    rp += sizeof(uint32_t);
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8mark    c = val;
8890d0c686adc8442c156956735470bf289ba2d8mark    memcpy(&buf[rp], &c, sizeof(uint32_t));
8890d0c686adc8442c156956735470bf289ba2d8mark    rp += sizeof(uint32_t);
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8mark    return rp;
8890d0c686adc8442c156956735470bf289ba2d8mark}
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8markstatic size_t add_string_item(enum pam_item_type type, const char *str,
8890d0c686adc8442c156956735470bf289ba2d8mark                              const size_t size, uint8_t *buf)
8890d0c686adc8442c156956735470bf289ba2d8mark{
8890d0c686adc8442c156956735470bf289ba2d8mark    size_t rp = 0;
8890d0c686adc8442c156956735470bf289ba2d8mark    uint32_t c;
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8mark    if (str == NULL || *str == '\0') return 0;
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8mark    c = type;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], &c, sizeof(uint32_t));
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += sizeof(uint32_t);
28a3ff3fa0d3b5e1c774217425cf609cc6339df7matthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    c = size;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], &c, sizeof(uint32_t));
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += sizeof(uint32_t);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    memcpy(&buf[rp], str, size);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    rp += size;
8890d0c686adc8442c156956735470bf289ba2d8mark
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    return rp;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew}
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthewint pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer)
25f72e2845c89a153ca9d3279d7feccbc912524ematthew{
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    int len;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    uint8_t *buf;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    size_t rp;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len = sizeof(uint32_t) + sizeof(uint32_t);
25f72e2845c89a153ca9d3279d7feccbc912524ematthew
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len +=  *pi->pam_user != '\0' ?
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                2*sizeof(uint32_t) + pi->pam_user_size : 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len += *pi->pam_service != '\0' ?
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                2*sizeof(uint32_t) + pi->pam_service_size : 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len += *pi->pam_tty != '\0' ?
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                2*sizeof(uint32_t) + pi->pam_tty_size : 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len += *pi->pam_ruser != '\0' ?
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                2*sizeof(uint32_t) + pi->pam_ruser_size : 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len += *pi->pam_rhost != '\0' ?
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                2*sizeof(uint32_t) + pi->pam_rhost_size : 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len += pi->pam_authtok != NULL ?
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                3*sizeof(uint32_t) + pi->pam_authtok_size : 0;
341664ce1d0029ac39e10f21cebc2d57bac59ce1matthew    len += pi->pam_newauthtok != NULL ?
25f72e2845c89a153ca9d3279d7feccbc912524ematthew                3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0;
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len += 3*sizeof(uint32_t); /* cli_pid */
25f72e2845c89a153ca9d3279d7feccbc912524ematthew    len += *pi->requested_domains != '\0' ?
8890d0c686adc8442c156956735470bf289ba2d8mark                2*sizeof(uint32_t) + pi->requested_domains_size : 0;
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8mark    buf = malloc(len);
8890d0c686adc8442c156956735470bf289ba2d8mark    if (buf == NULL) {
8890d0c686adc8442c156956735470bf289ba2d8mark        D(("malloc failed."));
8890d0c686adc8442c156956735470bf289ba2d8mark        return PAM_BUF_ERR;
8890d0c686adc8442c156956735470bf289ba2d8mark    }
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8mark    rp = 0;
8890d0c686adc8442c156956735470bf289ba2d8mark    SAFEALIGN_SETMEM_UINT32(buf, SSS_START_OF_PAM_REQUEST, &rp);
8890d0c686adc8442c156956735470bf289ba2d8mark
8890d0c686adc8442c156956735470bf289ba2d8mark    rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size,
c474d6853192b277a73b133d56970bbf118d3fe3mark                          &buf[rp]);
820ed286b08eac25f26a4904ca06e9d600b612aemark
c474d6853192b277a73b133d56970bbf118d3fe3mark    rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service,
c474d6853192b277a73b133d56970bbf118d3fe3mark                          pi->pam_service_size, &buf[rp]);
5ffeac9af157b599c7fb34a23d6c50161fbd6a6cmatthew
c474d6853192b277a73b133d56970bbf118d3fe3mark    rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size,
c474d6853192b277a73b133d56970bbf118d3fe3mark                          &buf[rp]);
5ffeac9af157b599c7fb34a23d6c50161fbd6a6cmatthew
5ffeac9af157b599c7fb34a23d6c50161fbd6a6cmatthew    rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size,
5ffeac9af157b599c7fb34a23d6c50161fbd6a6cmatthew                          &buf[rp]);
5ffeac9af157b599c7fb34a23d6c50161fbd6a6cmatthew
c474d6853192b277a73b133d56970bbf118d3fe3mark    rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size,
c474d6853192b277a73b133d56970bbf118d3fe3mark                          &buf[rp]);
c474d6853192b277a73b133d56970bbf118d3fe3mark
820ed286b08eac25f26a4904ca06e9d600b612aemark    rp += add_string_item(SSS_PAM_ITEM_REQUESTED_DOMAINS, pi->requested_domains, pi->requested_domains_size,
820ed286b08eac25f26a4904ca06e9d600b612aemark                          &buf[rp]);
c474d6853192b277a73b133d56970bbf118d3fe3mark
c474d6853192b277a73b133d56970bbf118d3fe3mark    rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid,
c474d6853192b277a73b133d56970bbf118d3fe3mark                            &buf[rp]);
c474d6853192b277a73b133d56970bbf118d3fe3mark
c474d6853192b277a73b133d56970bbf118d3fe3mark    rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type,
c474d6853192b277a73b133d56970bbf118d3fe3mark                           pi->pam_authtok, pi->pam_authtok_size, &buf[rp]);
c474d6853192b277a73b133d56970bbf118d3fe3mark
c474d6853192b277a73b133d56970bbf118d3fe3mark    rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type,
820ed286b08eac25f26a4904ca06e9d600b612aemark                           pi->pam_newauthtok, pi->pam_newauthtok_size,
820ed286b08eac25f26a4904ca06e9d600b612aemark                           &buf[rp]);
820ed286b08eac25f26a4904ca06e9d600b612aemark
c474d6853192b277a73b133d56970bbf118d3fe3mark    SAFEALIGN_SETMEM_UINT32(buf + rp, SSS_END_OF_PAM_REQUEST, &rp);
c474d6853192b277a73b133d56970bbf118d3fe3mark
c474d6853192b277a73b133d56970bbf118d3fe3mark    if (rp != len) {
25f72e2845c89a153ca9d3279d7feccbc912524ematthew        D(("error during packet creation."));
25f72e2845c89a153ca9d3279d7feccbc912524ematthew        free(buf);
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark        return PAM_BUF_ERR;
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark    }
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark    *size = len;
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark    *buffer = buf;
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark    return 0;
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark}
9eda38ceea9e23ecaf607534cd0f6954b2df0e0amark