7bddea6c90
Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
file from package sssd-common-1.15.1-1.fc25.x86_64
Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
359 lines
14 KiB
Diff
359 lines
14 KiB
Diff
From 4a9160e2b3b9c531e2b4a7884f49bfbb4a07a992 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Thu, 30 Mar 2017 16:21:15 +0200
|
|
Subject: [PATCH 105/135] sssctl: integrate pam_test_client into sssctl
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
---
|
|
Makefile.am | 16 +--
|
|
po/POTFILES.in | 1 -
|
|
src/tools/sssctl/sssctl.c | 1 +
|
|
src/tools/sssctl/sssctl.h | 4 +
|
|
.../sssctl/sssctl_user_checks.c} | 122 +++++++++++----------
|
|
5 files changed, 72 insertions(+), 72 deletions(-)
|
|
rename src/{sss_client/pam_test_client.c => tools/sssctl/sssctl_user_checks.c} (62%)
|
|
|
|
diff --git a/Makefile.am b/Makefile.am
|
|
index 05a5ae89cbe5dccf39ce9bdfd95c1b115a64c768..c947e31e5530c842d0d0024a5825ddd7b593d518 100644
|
|
--- a/Makefile.am
|
|
+++ b/Makefile.am
|
|
@@ -1724,11 +1724,15 @@ sssctl_SOURCES = \
|
|
src/tools/sssctl/sssctl_domains.c \
|
|
src/tools/sssctl/sssctl_sifp.c \
|
|
src/tools/sssctl/sssctl_config.c \
|
|
+ src/tools/sssctl/sssctl_user_checks.c \
|
|
$(SSSD_TOOLS_OBJ) \
|
|
$(NULL)
|
|
sssctl_LDADD = \
|
|
$(TOOLS_LIBS) \
|
|
$(SSSD_INTERNAL_LTLIBS) \
|
|
+ $(PAM_LIBS) \
|
|
+ $(PAM_MISC_LIBS) \
|
|
+ $(LIBADD_DL) \
|
|
libsss_simpleifp.la \
|
|
$(NULL)
|
|
sssctl_CFLAGS = \
|
|
@@ -3450,7 +3454,7 @@ endif # BUILD_KCM
|
|
|
|
endif # HAVE_CMOCKA
|
|
|
|
-noinst_PROGRAMS = pam_test_client
|
|
+noinst_PROGRAMS =
|
|
if BUILD_SUDO
|
|
noinst_PROGRAMS += sss_sudo_cli
|
|
endif
|
|
@@ -3461,16 +3465,6 @@ if BUILD_WITH_LIBCURL
|
|
noinst_PROGRAMS += tcurl-test-tool
|
|
endif
|
|
|
|
-pam_test_client_SOURCES = \
|
|
- src/sss_client/pam_test_client.c \
|
|
- $(NULL)
|
|
-pam_test_client_LDADD = \
|
|
- $(PAM_LIBS) \
|
|
- $(PAM_MISC_LIBS) \
|
|
- $(LIBADD_DL) \
|
|
- libsss_simpleifp.la \
|
|
- $(NULL)
|
|
-
|
|
if BUILD_AUTOFS
|
|
autofs_test_client_SOURCES = \
|
|
src/sss_client/autofs/autofs_test_client.c \
|
|
diff --git a/po/POTFILES.in b/po/POTFILES.in
|
|
index ee532def223fdd5db632ad98fd11a57e38d0e125..f4e4e095f9e4025d129b6b13422bdd0bc07c8e1a 100644
|
|
--- a/po/POTFILES.in
|
|
+++ b/po/POTFILES.in
|
|
@@ -9,7 +9,6 @@ src/sss_client/common.c
|
|
src/sss_client/nss_group.c
|
|
src/sss_client/nss_passwd.c
|
|
src/sss_client/pam_sss.c
|
|
-src/sss_client/pam_test_client.c
|
|
src/sss_client/ssh/sss_ssh_authorizedkeys.c
|
|
src/sss_client/ssh/sss_ssh_knownhostsproxy.c
|
|
src/tools/sss_useradd.c
|
|
diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
|
|
index e1cf46382cd1dee54cd372ca500368f149411b78..509d2e1a00d3b57b541590ce7db5f94d2ff43add 100644
|
|
--- a/src/tools/sssctl/sssctl.c
|
|
+++ b/src/tools/sssctl/sssctl.c
|
|
@@ -263,6 +263,7 @@ int main(int argc, const char **argv)
|
|
SSS_TOOL_DELIMITER("SSSD Status:"),
|
|
SSS_TOOL_COMMAND("domain-list", "List available domains", 0, sssctl_domain_list),
|
|
SSS_TOOL_COMMAND("domain-status", "Print information about domain", 0, sssctl_domain_status),
|
|
+ SSS_TOOL_COMMAND("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks),
|
|
SSS_TOOL_DELIMITER("Information about cached content:"),
|
|
SSS_TOOL_COMMAND("user-show", "Information about cached user", 0, sssctl_user_show),
|
|
SSS_TOOL_COMMAND("group-show", "Information about cached group", 0, sssctl_group_show),
|
|
diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h
|
|
index 5270a9ec62dfb288511af179a99e9a542ea26ec4..22626e2210252e5e3fadeb6c5d01d4620cd60e5b 100644
|
|
--- a/src/tools/sssctl/sssctl.h
|
|
+++ b/src/tools/sssctl/sssctl.h
|
|
@@ -121,4 +121,8 @@ errno_t sssctl_netgroup_show(struct sss_cmdline *cmdline,
|
|
errno_t sssctl_config_check(struct sss_cmdline *cmdline,
|
|
struct sss_tool_ctx *tool_ctx,
|
|
void *pvt);
|
|
+
|
|
+errno_t sssctl_user_checks(struct sss_cmdline *cmdline,
|
|
+ struct sss_tool_ctx *tool_ctx,
|
|
+ void *pvt);
|
|
#endif /* _SSSCTL_H_ */
|
|
diff --git a/src/sss_client/pam_test_client.c b/src/tools/sssctl/sssctl_user_checks.c
|
|
similarity index 62%
|
|
rename from src/sss_client/pam_test_client.c
|
|
rename to src/tools/sssctl/sssctl_user_checks.c
|
|
index 40ef3f6d480c0108c985fce7e34e983d145f237e..7c7b564bd29100382c9bbef7a3131c379e9aa97e 100644
|
|
--- a/src/sss_client/pam_test_client.c
|
|
+++ b/src/tools/sssctl/sssctl_user_checks.c
|
|
@@ -35,6 +35,9 @@
|
|
#include <security/pam_appl.h>
|
|
|
|
#include "lib/sifp/sss_sifp.h"
|
|
+#include "util/util.h"
|
|
+#include "tools/common/sss_tools.h"
|
|
+#include "tools/sssctl/sssctl.h"
|
|
|
|
#ifdef HAVE_SECURITY_PAM_MISC_H
|
|
# include <security/pam_misc.h>
|
|
@@ -85,17 +88,17 @@ static int get_ifp_user(const char *user)
|
|
|
|
error = sss_sifp_init(&sifp);
|
|
if (error != SSS_SIFP_OK) {
|
|
- fprintf(stderr, "Unable to connect to the InfoPipe");
|
|
+ fprintf(stderr, _("Unable to connect to the InfoPipe"));
|
|
return EFAULT;
|
|
}
|
|
|
|
error = sss_sifp_fetch_user_by_name(sifp, user, &user_obj);
|
|
if (error != SSS_SIFP_OK) {
|
|
- fprintf(stderr, "Unable to get user object");
|
|
+ fprintf(stderr, _("Unable to get user object"));
|
|
return EIO;
|
|
}
|
|
|
|
- fprintf(stdout, "SSSD InfoPipe user lookup result:\n");
|
|
+ fprintf(stdout, _("SSSD InfoPipe user lookup result:\n"));
|
|
for (c = 0; ifp_user_attr[c].name != NULL; c++) {
|
|
if (ifp_user_attr[c].is_string) {
|
|
error = sss_sifp_find_attr_as_string(user_obj->attrs,
|
|
@@ -107,7 +110,7 @@ static int get_ifp_user(const char *user)
|
|
&tmp_uint32);
|
|
}
|
|
if (error != SSS_SIFP_OK) {
|
|
- fprintf(stderr, "Unable to get user name attr");
|
|
+ fprintf(stderr, _("Unable to get user name attr"));
|
|
return EIO;
|
|
}
|
|
|
|
@@ -118,6 +121,7 @@ static int get_ifp_user(const char *user)
|
|
tmp_uint32);
|
|
}
|
|
}
|
|
+ fprintf(stdout, "\n");
|
|
|
|
sss_sifp_free_object(sifp, &user_obj);
|
|
sss_sifp_free(&sifp);
|
|
@@ -139,14 +143,14 @@ static int sss_getpwnam_check(const char *user)
|
|
|
|
dl_handle = dlopen("libnss_sss.so.2", RTLD_NOW);
|
|
if (dl_handle == NULL) {
|
|
- fprintf(stderr, "dlopen failed with [%s].\n", dlerror());
|
|
+ fprintf(stderr, _("dlopen failed with [%s].\n"), dlerror());
|
|
ret = EIO;
|
|
goto done;
|
|
}
|
|
|
|
sss_getpwnam_r = dlsym(dl_handle, "_nss_sss_getpwnam_r");
|
|
if (sss_getpwnam_r == NULL) {
|
|
- fprintf(stderr, "dlsym failed with [%s].\n", dlerror());
|
|
+ fprintf(stderr, _("dlsym failed with [%s].\n"), dlerror());
|
|
ret = EIO;
|
|
goto done;
|
|
}
|
|
@@ -154,25 +158,25 @@ static int sss_getpwnam_check(const char *user)
|
|
buflen = DEFAULT_BUFSIZE;
|
|
buffer = malloc(buflen);
|
|
if (buffer == NULL) {
|
|
- fprintf(stderr, "malloc failed.\n");
|
|
+ fprintf(stderr, _("malloc failed.\n"));
|
|
ret = ENOMEM;
|
|
goto done;
|
|
}
|
|
|
|
status = sss_getpwnam_r(user, &pwd, buffer, buflen, &nss_errno);
|
|
if (status != NSS_STATUS_SUCCESS) {
|
|
- fprintf(stderr, "sss_getpwnam_r failed with [%d].\n", status);
|
|
+ fprintf(stderr, _("sss_getpwnam_r failed with [%d].\n"), status);
|
|
ret = EIO;
|
|
goto done;
|
|
}
|
|
|
|
- fprintf(stdout, "SSSD nss user lookup result:\n");
|
|
- fprintf(stdout, " - user name: %s\n", pwd.pw_name);
|
|
- fprintf(stdout, " - user id: %d\n", pwd.pw_uid);
|
|
- fprintf(stdout, " - group id: %d\n", pwd.pw_gid);
|
|
- fprintf(stdout, " - gecos: %s\n", pwd.pw_gecos);
|
|
- fprintf(stdout, " - home directory: %s\n", pwd.pw_dir);
|
|
- fprintf(stdout, " - shell: %s\n", pwd.pw_shell);
|
|
+ fprintf(stdout, _("SSSD nss user lookup result:\n"));
|
|
+ fprintf(stdout, _(" - user name: %s\n"), pwd.pw_name);
|
|
+ fprintf(stdout, _(" - user id: %d\n"), pwd.pw_uid);
|
|
+ fprintf(stdout, _(" - group id: %d\n"), pwd.pw_gid);
|
|
+ fprintf(stdout, _(" - gecos: %s\n"), pwd.pw_gecos);
|
|
+ fprintf(stdout, _(" - home directory: %s\n"), pwd.pw_dir);
|
|
+ fprintf(stdout, _(" - shell: %s\n\n"), pwd.pw_shell);
|
|
|
|
ret = 0;
|
|
|
|
@@ -186,87 +190,89 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
-int main(int argc, char *argv[]) {
|
|
+errno_t sssctl_user_checks(struct sss_cmdline *cmdline,
|
|
+ struct sss_tool_ctx *tool_ctx,
|
|
+ void *pvt)
|
|
+{
|
|
|
|
pam_handle_t *pamh;
|
|
- char *user;
|
|
- char *action;
|
|
- char *service;
|
|
+ const char *user = NULL;
|
|
+ const char *action = DEFAULT_ACTION;
|
|
+ const char *service = DEFAULT_SERVICE;
|
|
int ret;
|
|
size_t c;
|
|
char **pam_env;
|
|
|
|
- if (argc == 1) {
|
|
- fprintf(stderr, "Usage: pam_test_client USERNAME "
|
|
- "[auth|acct|setc|chau|open|clos] [pam_service]\n");
|
|
- return 0;
|
|
- } else if (argc == 2) {
|
|
- fprintf(stderr, "using first argument as user name and default action "
|
|
- "and service\n");
|
|
- } else if (argc == 3) {
|
|
- fprintf(stderr, "using first argument as user name, second as action "
|
|
- "and default service\n");
|
|
- }
|
|
-
|
|
- user = strdup(argv[1]);
|
|
- action = argc > 2 ? strdup(argv[2]) : strdup(DEFAULT_ACTION);
|
|
- service = argc > 3 ? strdup(argv[3]) : strdup(DEFAULT_SERVICE);
|
|
+ /* Parse command line. */
|
|
+ struct poptOption options[] = {
|
|
+ { "action", 'a', POPT_ARG_STRING, &action, 0,
|
|
+ _("PAM action [auth|acct|setc|chau|open|clos], default: "
|
|
+ DEFAULT_ACTION), NULL },
|
|
+ { "service", 's', POPT_ARG_STRING, &service, 0,
|
|
+ _("PAM service, default: " DEFAULT_SERVICE), NULL },
|
|
+ POPT_TABLEEND
|
|
+ };
|
|
|
|
- if (action == NULL || user == NULL || service == NULL) {
|
|
- fprintf(stderr, "Out of memory!\n");
|
|
- return 1;
|
|
+ ret = sss_tool_popt_ex(cmdline, options, SSS_TOOL_OPT_OPTIONAL,
|
|
+ NULL, NULL, "USERNAME", _("Specify user name."),
|
|
+ &user, NULL);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse command arguments\n");
|
|
+ return ret;
|
|
}
|
|
|
|
- fprintf(stdout, "user: %s\naction: %s\nservice: %s\n",
|
|
+ fprintf(stdout, _("user: %s\naction: %s\nservice: %s\n\n"),
|
|
user, action, service);
|
|
|
|
if (*user != '\0') {
|
|
ret = sss_getpwnam_check(user);
|
|
if (ret != 0) {
|
|
- fprintf(stderr, "User name lookup with [%s] failed.\n", user);
|
|
+ fprintf(stderr, _("User name lookup with [%s] failed.\n"), user);
|
|
}
|
|
|
|
ret = get_ifp_user(user);
|
|
if (ret != 0) {
|
|
- fprintf(stderr, "InforPipe User lookup with [%s] failed.\n", user);
|
|
+ fprintf(stderr, _("InforPipe User lookup with [%s] failed.\n"),
|
|
+ user);
|
|
}
|
|
}
|
|
|
|
ret = pam_start(service, user, &conv, &pamh);
|
|
if (ret != PAM_SUCCESS) {
|
|
- fprintf(stderr, "pam_start failed: %s\n", pam_strerror(pamh, ret));
|
|
+ fprintf(stderr, _("pam_start failed: %s\n"), pam_strerror(pamh, ret));
|
|
return 1;
|
|
}
|
|
|
|
if ( strncmp(action, "auth", 4)== 0 ) {
|
|
- fprintf(stdout, "testing pam_authenticate\n");
|
|
+ fprintf(stdout, _("testing pam_authenticate\n\n"));
|
|
ret = pam_authenticate(pamh, 0);
|
|
- fprintf(stderr, "pam_authenticate: %s\n", pam_strerror(pamh, ret));
|
|
+ fprintf(stderr, _("pam_authenticate: %s\n\n"), pam_strerror(pamh, ret));
|
|
} else if ( strncmp(action, "chau", 4)== 0 ) {
|
|
- fprintf(stdout, "testing pam_chauthtok\n");
|
|
+ fprintf(stdout, _("testing pam_chauthtok\n\n"));
|
|
ret = pam_chauthtok(pamh, 0);
|
|
- fprintf(stderr, "pam_chauthtok: %s\n", pam_strerror(pamh, ret));
|
|
+ fprintf(stderr, _("pam_chauthtok: %s\n\n"), pam_strerror(pamh, ret));
|
|
} else if ( strncmp(action, "acct", 4)== 0 ) {
|
|
- fprintf(stdout, "testing pam_acct_mgmt\n");
|
|
+ fprintf(stdout, _("testing pam_acct_mgmt\n\n"));
|
|
ret = pam_acct_mgmt(pamh, 0);
|
|
- fprintf(stderr, "pam_acct_mgmt: %s\n", pam_strerror(pamh, ret));
|
|
+ fprintf(stderr, _("pam_acct_mgmt: %s\n\n"), pam_strerror(pamh, ret));
|
|
} else if ( strncmp(action, "setc", 4)== 0 ) {
|
|
- fprintf(stdout, "testing pam_setcred\n");
|
|
+ fprintf(stdout, _("testing pam_setcred\n\n"));
|
|
ret = pam_setcred(pamh, 0);
|
|
- fprintf(stderr, "pam_setcred: %d[%s]\n", ret, pam_strerror(pamh, ret));
|
|
+ fprintf(stderr, _("pam_setcred: [%s]\n\n"), pam_strerror(pamh, ret));
|
|
} else if ( strncmp(action, "open", 4)== 0 ) {
|
|
- fprintf(stdout, "testing pam_open_session\n");
|
|
+ fprintf(stdout, _("testing pam_open_session\n\n"));
|
|
ret = pam_open_session(pamh, 0);
|
|
- fprintf(stderr, "pam_open_session: %s\n", pam_strerror(pamh, ret));
|
|
+ fprintf(stderr, _("pam_open_session: %s\n\n"), pam_strerror(pamh, ret));
|
|
} else if ( strncmp(action, "clos", 4)== 0 ) {
|
|
- fprintf(stdout, "testing pam_close_session\n");
|
|
+ fprintf(stdout, _("testing pam_close_session\n\n"));
|
|
ret = pam_close_session(pamh, 0);
|
|
- fprintf(stderr, "pam_close_session: %s\n", pam_strerror(pamh, ret));
|
|
+ fprintf(stderr, _("pam_close_session: %s\n\n"),
|
|
+ pam_strerror(pamh, ret));
|
|
} else {
|
|
- fprintf(stderr, "unknown action\n");
|
|
+ fprintf(stderr, _("unknown action\n"));
|
|
}
|
|
|
|
- fprintf(stderr, "PAM Environment:\n");
|
|
+ fprintf(stderr, _("PAM Environment:\n"));
|
|
pam_env = pam_getenvlist(pamh);
|
|
if (pam_env != NULL && pam_env[0] != NULL) {
|
|
for (c = 0; pam_env[c] != NULL; c++) {
|
|
@@ -274,15 +280,11 @@ int main(int argc, char *argv[]) {
|
|
free(pam_env[c]);
|
|
}
|
|
} else {
|
|
- fprintf(stderr, " - no env -\n");
|
|
+ fprintf(stderr, _(" - no env -\n"));
|
|
}
|
|
free(pam_env);
|
|
|
|
pam_end(pamh, ret);
|
|
|
|
- free(user);
|
|
- free(action);
|
|
- free(service);
|
|
-
|
|
return 0;
|
|
}
|
|
--
|
|
2.12.2
|
|
|