diff options
Diffstat (limited to '')
-rw-r--r-- | src/responder/pam/pamsrv_dp.c | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/src/responder/pam/pamsrv_dp.c b/src/responder/pam/pamsrv_dp.c new file mode 100644 index 0000000..881352e --- /dev/null +++ b/src/responder/pam/pamsrv_dp.c @@ -0,0 +1,106 @@ +/* + SSSD + + NSS Responder - Data Provider Interfaces + + Copyright (C) Simo Sorce <ssorce@redhat.com> 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <talloc.h> +#include <tevent.h> +#include <security/pam_modules.h> + +#include "util/util.h" +#include "util/sss_pam_data.h" +#include "responder/pam/pamsrv.h" +#include "sss_iface/sss_iface_async.h" + +static void +pam_dp_send_req_done(struct tevent_req *subreq); + +errno_t +pam_dp_send_req(struct pam_auth_req *preq) +{ + struct tevent_req *subreq; + struct be_conn *be_conn; + errno_t ret; + + ret = sss_dp_get_domain_conn(preq->cctx->rctx, preq->domain->conn_name, + &be_conn); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "The Data Provider connection for %s is not " + "available! This maybe a bug, it shouldn't happen!\n", + preq->domain->conn_name); + return EIO; + } + + DEBUG(SSSDBG_CONF_SETTINGS, "Sending request with the following data:\n"); + DEBUG_PAM_DATA(SSSDBG_CONF_SETTINGS, preq->pd); + + subreq = sbus_call_dp_dp_pamHandler_send(preq, be_conn->conn, + be_conn->bus_name, SSS_BUS_PATH, preq->pd); + if (subreq == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n"); + return ENOMEM; + } + + tevent_req_set_callback(subreq, pam_dp_send_req_done, preq); + + return EOK; +} + +static void +pam_dp_send_req_done(struct tevent_req *subreq) +{ + struct pam_data *pam_response; + struct response_data *resp; + struct pam_auth_req *preq; + errno_t ret; + + preq = tevent_req_callback_data(subreq, struct pam_auth_req); + + ret = sbus_call_dp_dp_pamHandler_recv(preq, subreq, &pam_response); + talloc_zfree(subreq); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "PAM handler failed [%d]: %s\n", + ret, sss_strerror(ret)); + preq->pd->pam_status = PAM_SYSTEM_ERR; + goto done; + } + + preq->pd->pam_status = pam_response->pam_status; + preq->pd->account_locked = pam_response->account_locked; + + DEBUG(SSSDBG_FUNC_DATA, "received: [%d (%s)][%s]\n", + pam_response->pam_status, + pam_strerror(NULL, pam_response->pam_status), + preq->pd->domain); + + for (resp = pam_response->resp_list; resp != NULL; resp = resp->next) { + talloc_steal(preq->pd, resp); + + if (resp->next == NULL) { + resp->next = preq->pd->resp_list; + preq->pd->resp_list = pam_response->resp_list; + break; + } + } + + talloc_zfree(pam_response); + +done: + preq->callback(preq); +} |