From 7eb1f0611ad5df755a981dcc86e10b01439e3618 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 18 Mar 2015 16:02:47 +0100 Subject: [PATCH 29/30] pam_sss: move message encoding into separate file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Lukáš Slebodník (cherry picked from commit bf6c3f07d653d474da9e43b2b7cced57fc4ea069) --- Makefile.am | 2 + src/sss_client/pam_message.c | 178 +++++++++++++++++++++++++++++++++++++++++++ src/sss_client/pam_message.h | 61 +++++++++++++++ src/sss_client/pam_sss.c | 177 +----------------------------------------- 4 files changed, 242 insertions(+), 176 deletions(-) create mode 100644 src/sss_client/pam_message.c create mode 100644 src/sss_client/pam_message.h diff --git a/Makefile.am b/Makefile.am index 793a2a67be11232aefa67e57b986f6304b8a68b3..e8bd8b3237a9b533a3a102059ab9ca083714abe0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -614,6 +614,7 @@ dist_noinst_HEADERS = \ src/tests/cmocka/common_mock_resp.h \ src/tests/cmocka/common_mock_sdap.h \ src/tests/cmocka/common_mock_sysdb_objects.h \ + src/sss_client/pam_message.h \ src/sss_client/ssh/sss_ssh_client.h \ src/sss_client/sudo/sss_sudo.h \ src/sss_client/libwbclient/libwbclient.h \ @@ -2358,6 +2359,7 @@ endif pamlib_LTLIBRARIES = pam_sss.la pam_sss_la_SOURCES = \ src/sss_client/pam_sss.c \ + src/sss_client/pam_message.c \ src/sss_client/common.c \ src/sss_client/sss_cli.h \ src/util/atomic_io.c \ diff --git a/src/sss_client/pam_message.c b/src/sss_client/pam_message.c new file mode 100644 index 0000000000000000000000000000000000000000..b8104c680d0e733b713c665e6206dc4b0d379237 --- /dev/null +++ b/src/sss_client/pam_message.c @@ -0,0 +1,178 @@ +/* + Authors: + Sumit Bose + + PAM client - create message blob + + Copyright (C) 2015 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#include +#include + +#include "sss_pam_compat.h" +#include "sss_pam_macros.h" + +#include "pam_message.h" + +#include "sss_cli.h" + +static size_t add_authtok_item(enum pam_item_type type, + enum sss_authtok_type authtok_type, + const char *tok, const size_t size, + uint8_t *buf) +{ + size_t rp = 0; + uint32_t c; + + if (tok == NULL) return 0; + + c = type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = size + sizeof(uint32_t); + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = authtok_type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + memcpy(&buf[rp], tok, size); + rp += size; + + return rp; +} + +static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val, + uint8_t *buf) +{ + size_t rp = 0; + uint32_t c; + + c = type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = sizeof(uint32_t); + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = val; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + return rp; +} + +static size_t add_string_item(enum pam_item_type type, const char *str, + const size_t size, uint8_t *buf) +{ + size_t rp = 0; + uint32_t c; + + if (str == NULL || *str == '\0') return 0; + + c = type; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + c = size; + memcpy(&buf[rp], &c, sizeof(uint32_t)); + rp += sizeof(uint32_t); + + memcpy(&buf[rp], str, size); + rp += size; + + return rp; +} + +int pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer) +{ + int len; + uint8_t *buf; + size_t rp; + + len = sizeof(uint32_t) + + 2*sizeof(uint32_t) + pi->pam_user_size + + sizeof(uint32_t); + len += *pi->pam_service != '\0' ? + 2*sizeof(uint32_t) + pi->pam_service_size : 0; + len += *pi->pam_tty != '\0' ? + 2*sizeof(uint32_t) + pi->pam_tty_size : 0; + len += *pi->pam_ruser != '\0' ? + 2*sizeof(uint32_t) + pi->pam_ruser_size : 0; + len += *pi->pam_rhost != '\0' ? + 2*sizeof(uint32_t) + pi->pam_rhost_size : 0; + len += pi->pam_authtok != NULL ? + 3*sizeof(uint32_t) + pi->pam_authtok_size : 0; + len += pi->pam_newauthtok != NULL ? + 3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0; + len += 3*sizeof(uint32_t); /* cli_pid */ + len += *pi->requested_domains != '\0' ? + 2*sizeof(uint32_t) + pi->requested_domains_size : 0; + + buf = malloc(len); + if (buf == NULL) { + D(("malloc failed.")); + return PAM_BUF_ERR; + } + + rp = 0; + SAFEALIGN_SETMEM_UINT32(buf, SSS_START_OF_PAM_REQUEST, &rp); + + rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size, + &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service, + pi->pam_service_size, &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size, + &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size, + &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, + &buf[rp]); + + rp += add_string_item(SSS_PAM_ITEM_REQUESTED_DOMAINS, pi->requested_domains, pi->requested_domains_size, + &buf[rp]); + + rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, + &buf[rp]); + + rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type, + pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); + + rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, + pi->pam_newauthtok, pi->pam_newauthtok_size, + &buf[rp]); + + SAFEALIGN_SETMEM_UINT32(buf + rp, SSS_END_OF_PAM_REQUEST, &rp); + + if (rp != len) { + D(("error during packet creation.")); + free(buf); + return PAM_BUF_ERR; + } + + *size = len; + *buffer = buf; + + return 0; +} diff --git a/src/sss_client/pam_message.h b/src/sss_client/pam_message.h new file mode 100644 index 0000000000000000000000000000000000000000..8ade6d871b840d4d0153bbf56e0d458861ab3816 --- /dev/null +++ b/src/sss_client/pam_message.h @@ -0,0 +1,61 @@ +/* + Authors: + Sumit Bose + + Copyright (C) 2015 Red Hat + + PAM client - create message blob + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#ifndef _PAM_MESSAGE_H_ +#define _PAM_MESSAGE_H_ + +#include +#include + +struct pam_items { + const char *pam_service; + const char *pam_user; + const char *pam_tty; + const char *pam_ruser; + const char *pam_rhost; + char *pam_authtok; + char *pam_newauthtok; + const char *pamstack_authtok; + const char *pamstack_oldauthtok; + size_t pam_service_size; + size_t pam_user_size; + size_t pam_tty_size; + size_t pam_ruser_size; + size_t pam_rhost_size; + int pam_authtok_type; + size_t pam_authtok_size; + int pam_newauthtok_type; + size_t pam_newauthtok_size; + pid_t cli_pid; + const char *login_name; + char *domain_name; + const char *requested_domains; + size_t requested_domains_size; + char *otp_vendor; + char *otp_token_id; + char *otp_challenge; + char *first_factor; +}; + +int pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer); + +#endif /* _PAM_MESSAGE_H_ */ diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index f11871a47d1b29f44c179e57a33d8f41be79078d..e01c5031650d3837a23f8a7404d334a9d2f55441 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -40,6 +40,7 @@ #include "sss_pam_macros.h" #include "sss_cli.h" +#include "pam_message.h" #include "util/atomic_io.h" #include "util/authtok-utils.h" @@ -65,36 +66,6 @@ #define EXP_ACC_MSG _("Permission denied. ") #define SRV_MSG _("Server message: ") -struct pam_items { - const char* pam_service; - const char* pam_user; - const char* pam_tty; - const char* pam_ruser; - const char* pam_rhost; - char* pam_authtok; - char* pam_newauthtok; - const char* pamstack_authtok; - const char* pamstack_oldauthtok; - size_t pam_service_size; - size_t pam_user_size; - size_t pam_tty_size; - size_t pam_ruser_size; - size_t pam_rhost_size; - int pam_authtok_type; - size_t pam_authtok_size; - int pam_newauthtok_type; - size_t pam_newauthtok_size; - pid_t cli_pid; - const char *login_name; - char *domain_name; - const char *requested_domains; - size_t requested_domains_size; - char *otp_vendor; - char *otp_token_id; - char *otp_challenge; - char *first_factor; -}; - #define DEBUG_MGS_LEN 1024 #define MAX_AUTHTOK_SIZE (1024*1024) #define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)") @@ -146,75 +117,6 @@ static void close_fd(pam_handle_t *pamh, void *ptr, int err) sss_pam_close_fd(); } -static size_t add_authtok_item(enum pam_item_type type, - enum sss_authtok_type authtok_type, - const char *tok, const size_t size, - uint8_t *buf) { - size_t rp=0; - uint32_t c; - - if (tok == NULL) return 0; - - c = type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = size + sizeof(uint32_t); - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = authtok_type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf[rp], tok, size); - rp += size; - - return rp; -} - - -static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val, - uint8_t *buf) { - size_t rp=0; - uint32_t c; - - c = type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = sizeof(uint32_t); - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = val; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - return rp; -} - -static size_t add_string_item(enum pam_item_type type, const char *str, - const size_t size, uint8_t *buf) { - size_t rp=0; - uint32_t c; - - if (str == NULL || *str == '\0') return 0; - - c = type; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - c = size; - memcpy(&buf[rp], &c, sizeof(uint32_t)); - rp += sizeof(uint32_t); - - memcpy(&buf[rp], str, size); - rp += size; - - return rp; -} - static void overwrite_and_free_authtoks(struct pam_items *pi) { if (pi->pam_authtok != NULL) { @@ -256,83 +158,6 @@ static void overwrite_and_free_pam_items(struct pam_items *pi) pi->otp_challenge = NULL; } -static int pack_message_v3(struct pam_items *pi, size_t *size, - uint8_t **buffer) { - int len; - uint8_t *buf; - size_t rp; - - len = sizeof(uint32_t) + - 2*sizeof(uint32_t) + pi->pam_user_size + - sizeof(uint32_t); - len += *pi->pam_service != '\0' ? - 2*sizeof(uint32_t) + pi->pam_service_size : 0; - len += *pi->pam_tty != '\0' ? - 2*sizeof(uint32_t) + pi->pam_tty_size : 0; - len += *pi->pam_ruser != '\0' ? - 2*sizeof(uint32_t) + pi->pam_ruser_size : 0; - len += *pi->pam_rhost != '\0' ? - 2*sizeof(uint32_t) + pi->pam_rhost_size : 0; - len += pi->pam_authtok != NULL ? - 3*sizeof(uint32_t) + pi->pam_authtok_size : 0; - len += pi->pam_newauthtok != NULL ? - 3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0; - len += 3*sizeof(uint32_t); /* cli_pid */ - len += *pi->requested_domains != '\0' ? - 2*sizeof(uint32_t) + pi->requested_domains_size : 0; - - - buf = malloc(len); - if (buf == NULL) { - D(("malloc failed.")); - return PAM_BUF_ERR; - } - - rp = 0; - SAFEALIGN_SETMEM_UINT32(buf, SSS_START_OF_PAM_REQUEST, &rp); - - rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service, - pi->pam_service_size, &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size, - &buf[rp]); - - rp += add_string_item(SSS_PAM_ITEM_REQUESTED_DOMAINS, pi->requested_domains, pi->requested_domains_size, - &buf[rp]); - - rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid, - &buf[rp]); - - rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type, - pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); - - rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, - pi->pam_newauthtok, pi->pam_newauthtok_size, - &buf[rp]); - - SAFEALIGN_SETMEM_UINT32(buf + rp, SSS_END_OF_PAM_REQUEST, &rp); - - if (rp != len) { - D(("error during packet creation.")); - free(buf); - return PAM_BUF_ERR; - } - - *size = len; - *buffer = buf; - - return 0; -} - static int null_strcmp(const char *s1, const char *s2) { if (s1 == NULL && s2 == NULL) return 0; if (s1 == NULL && s2 != NULL) return -1; -- 2.4.3