sssd/0029-pam_sss-move-message-encoding-into-separate-file.patch

From 7eb1f0611ad5df755a981dcc86e10b01439e3618 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 18 Mar 2015 16:02:47 +0100
Subject: [PATCH 29/30] pam_sss: move message encoding into separate file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit bf6c3f07d653d474da9e43b2b7cced57fc4ea069)
---
 Makefile.am                  |   2 +
 src/sss_client/pam_message.c | 178 +++++++++++++++++++++++++++++++++++++++++++
 src/sss_client/pam_message.h |  61 +++++++++++++++
 src/sss_client/pam_sss.c     | 177 +-----------------------------------------
 4 files changed, 242 insertions(+), 176 deletions(-)
 create mode 100644 src/sss_client/pam_message.c
 create mode 100644 src/sss_client/pam_message.h

diff --git a/Makefile.am b/Makefile.am
index 793a2a67be11232aefa67e57b986f6304b8a68b3..e8bd8b3237a9b533a3a102059ab9ca083714abe0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -614,6 +614,7 @@ dist_noinst_HEADERS = \
     src/tests/cmocka/common_mock_resp.h \
     src/tests/cmocka/common_mock_sdap.h \
     src/tests/cmocka/common_mock_sysdb_objects.h \
+    src/sss_client/pam_message.h \
     src/sss_client/ssh/sss_ssh_client.h \
     src/sss_client/sudo/sss_sudo.h \
     src/sss_client/libwbclient/libwbclient.h \
@@ -2358,6 +2359,7 @@ endif
 pamlib_LTLIBRARIES = pam_sss.la
 pam_sss_la_SOURCES = \
     src/sss_client/pam_sss.c \
+    src/sss_client/pam_message.c \
     src/sss_client/common.c \
     src/sss_client/sss_cli.h \
     src/util/atomic_io.c \
diff --git a/src/sss_client/pam_message.c b/src/sss_client/pam_message.c
new file mode 100644
index 0000000000000000000000000000000000000000..b8104c680d0e733b713c665e6206dc4b0d379237
--- /dev/null
+++ b/src/sss_client/pam_message.c
@@ -0,0 +1,178 @@
+/*
+    Authors:
+        Sumit Bose <sbose@redhat.com>
+
+    PAM client - create message blob
+
+    Copyright (C) 2015 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdlib.h>
+#include <security/pam_modules.h>
+
+#include "sss_pam_compat.h"
+#include "sss_pam_macros.h"
+
+#include "pam_message.h"
+
+#include "sss_cli.h"
+
+static size_t add_authtok_item(enum pam_item_type type,
+                               enum sss_authtok_type authtok_type,
+                               const char *tok, const size_t size,
+                               uint8_t *buf)
+{
+    size_t rp = 0;
+    uint32_t c;
+
+    if (tok == NULL) return 0;
+
+    c = type;
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    c = size + sizeof(uint32_t);
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    c = authtok_type;
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    memcpy(&buf[rp], tok, size);
+    rp += size;
+
+    return rp;
+}
+
+static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val,
+                                uint8_t *buf)
+{
+    size_t rp = 0;
+    uint32_t c;
+
+    c = type;
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    c = sizeof(uint32_t);
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    c = val;
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    return rp;
+}
+
+static size_t add_string_item(enum pam_item_type type, const char *str,
+                              const size_t size, uint8_t *buf)
+{
+    size_t rp = 0;
+    uint32_t c;
+
+    if (str == NULL || *str == '\0') return 0;
+
+    c = type;
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    c = size;
+    memcpy(&buf[rp], &c, sizeof(uint32_t));
+    rp += sizeof(uint32_t);
+
+    memcpy(&buf[rp], str, size);
+    rp += size;
+
+    return rp;
+}
+
+int pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer)
+{
+    int len;
+    uint8_t *buf;
+    size_t rp;
+
+    len = sizeof(uint32_t) +
+          2*sizeof(uint32_t) + pi->pam_user_size +
+          sizeof(uint32_t);
+    len += *pi->pam_service != '\0' ?
+                2*sizeof(uint32_t) + pi->pam_service_size : 0;
+    len += *pi->pam_tty != '\0' ?
+                2*sizeof(uint32_t) + pi->pam_tty_size : 0;
+    len += *pi->pam_ruser != '\0' ?
+                2*sizeof(uint32_t) + pi->pam_ruser_size : 0;
+    len += *pi->pam_rhost != '\0' ?
+                2*sizeof(uint32_t) + pi->pam_rhost_size : 0;
+    len += pi->pam_authtok != NULL ?
+                3*sizeof(uint32_t) + pi->pam_authtok_size : 0;
+    len += pi->pam_newauthtok != NULL ?
+                3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0;
+    len += 3*sizeof(uint32_t); /* cli_pid */
+    len += *pi->requested_domains != '\0' ?
+                2*sizeof(uint32_t) + pi->requested_domains_size : 0;
+
+    buf = malloc(len);
+    if (buf == NULL) {
+        D(("malloc failed."));
+        return PAM_BUF_ERR;
+    }
+
+    rp = 0;
+    SAFEALIGN_SETMEM_UINT32(buf, SSS_START_OF_PAM_REQUEST, &rp);
+
+    rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size,
+                          &buf[rp]);
+
+    rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service,
+                          pi->pam_service_size, &buf[rp]);
+
+    rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size,
+                          &buf[rp]);
+
+    rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size,
+                          &buf[rp]);
+
+    rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size,
+                          &buf[rp]);
+
+    rp += add_string_item(SSS_PAM_ITEM_REQUESTED_DOMAINS, pi->requested_domains, pi->requested_domains_size,
+                          &buf[rp]);
+
+    rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid,
+                            &buf[rp]);
+
+    rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type,
+                           pi->pam_authtok, pi->pam_authtok_size, &buf[rp]);
+
+    rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type,
+                           pi->pam_newauthtok, pi->pam_newauthtok_size,
+                           &buf[rp]);
+
+    SAFEALIGN_SETMEM_UINT32(buf + rp, SSS_END_OF_PAM_REQUEST, &rp);
+
+    if (rp != len) {
+        D(("error during packet creation."));
+        free(buf);
+        return PAM_BUF_ERR;
+    }
+
+    *size = len;
+    *buffer = buf;
+
+    return 0;
+}
diff --git a/src/sss_client/pam_message.h b/src/sss_client/pam_message.h
new file mode 100644
index 0000000000000000000000000000000000000000..8ade6d871b840d4d0153bbf56e0d458861ab3816
--- /dev/null
+++ b/src/sss_client/pam_message.h
@@ -0,0 +1,61 @@
+/*
+    Authors:
+        Sumit Bose <sbose@redhat.com>
+
+    Copyright (C) 2015 Red Hat
+
+    PAM client - create message blob
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _PAM_MESSAGE_H_
+#define _PAM_MESSAGE_H_
+
+#include <unistd.h>
+#include <stdint.h>
+
+struct pam_items {
+    const char *pam_service;
+    const char *pam_user;
+    const char *pam_tty;
+    const char *pam_ruser;
+    const char *pam_rhost;
+    char *pam_authtok;
+    char *pam_newauthtok;
+    const char *pamstack_authtok;
+    const char *pamstack_oldauthtok;
+    size_t pam_service_size;
+    size_t pam_user_size;
+    size_t pam_tty_size;
+    size_t pam_ruser_size;
+    size_t pam_rhost_size;
+    int pam_authtok_type;
+    size_t pam_authtok_size;
+    int pam_newauthtok_type;
+    size_t pam_newauthtok_size;
+    pid_t cli_pid;
+    const char *login_name;
+    char *domain_name;
+    const char *requested_domains;
+    size_t requested_domains_size;
+    char *otp_vendor;
+    char *otp_token_id;
+    char *otp_challenge;
+    char *first_factor;
+};
+
+int pack_message_v3(struct pam_items *pi, size_t *size, uint8_t **buffer);
+
+#endif /* _PAM_MESSAGE_H_ */
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index f11871a47d1b29f44c179e57a33d8f41be79078d..e01c5031650d3837a23f8a7404d334a9d2f55441 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -40,6 +40,7 @@
 #include "sss_pam_macros.h"
 
 #include "sss_cli.h"
+#include "pam_message.h"
 #include "util/atomic_io.h"
 #include "util/authtok-utils.h"
 
@@ -65,36 +66,6 @@
 #define EXP_ACC_MSG _("Permission denied. ")
 #define SRV_MSG     _("Server message: ")
 
-struct pam_items {
-    const char* pam_service;
-    const char* pam_user;
-    const char* pam_tty;
-    const char* pam_ruser;
-    const char* pam_rhost;
-    char* pam_authtok;
-    char* pam_newauthtok;
-    const char* pamstack_authtok;
-    const char* pamstack_oldauthtok;
-    size_t pam_service_size;
-    size_t pam_user_size;
-    size_t pam_tty_size;
-    size_t pam_ruser_size;
-    size_t pam_rhost_size;
-    int pam_authtok_type;
-    size_t pam_authtok_size;
-    int pam_newauthtok_type;
-    size_t pam_newauthtok_size;
-    pid_t cli_pid;
-    const char *login_name;
-    char *domain_name;
-    const char *requested_domains;
-    size_t requested_domains_size;
-    char *otp_vendor;
-    char *otp_token_id;
-    char *otp_challenge;
-    char *first_factor;
-};
-
 #define DEBUG_MGS_LEN 1024
 #define MAX_AUTHTOK_SIZE (1024*1024)
 #define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)")
@@ -146,75 +117,6 @@ static void close_fd(pam_handle_t *pamh, void *ptr, int err)
     sss_pam_close_fd();
 }
 
-static size_t add_authtok_item(enum pam_item_type type,
-                               enum sss_authtok_type authtok_type,
-                               const char *tok, const size_t size,
-                               uint8_t *buf) {
-    size_t rp=0;
-    uint32_t c;
-
-    if (tok == NULL) return 0;
-
-    c = type;
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    c = size + sizeof(uint32_t);
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    c = authtok_type;
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    memcpy(&buf[rp], tok, size);
-    rp += size;
-
-    return rp;
-}
-
-
-static size_t add_uint32_t_item(enum pam_item_type type, const uint32_t val,
-                                uint8_t *buf) {
-    size_t rp=0;
-    uint32_t c;
-
-    c = type;
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    c = sizeof(uint32_t);
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    c = val;
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    return rp;
-}
-
-static size_t add_string_item(enum pam_item_type type, const char *str,
-                           const size_t size, uint8_t *buf) {
-    size_t rp=0;
-    uint32_t c;
-
-    if (str == NULL || *str == '\0') return 0;
-
-    c = type;
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    c = size;
-    memcpy(&buf[rp], &c, sizeof(uint32_t));
-    rp += sizeof(uint32_t);
-
-    memcpy(&buf[rp], str, size);
-    rp += size;
-
-    return rp;
-}
-
 static void overwrite_and_free_authtoks(struct pam_items *pi)
 {
     if (pi->pam_authtok != NULL) {
@@ -256,83 +158,6 @@ static void overwrite_and_free_pam_items(struct pam_items *pi)
     pi->otp_challenge = NULL;
 }
 
-static int pack_message_v3(struct pam_items *pi, size_t *size,
-                           uint8_t **buffer) {
-    int len;
-    uint8_t *buf;
-    size_t rp;
-
-    len = sizeof(uint32_t) +
-          2*sizeof(uint32_t) + pi->pam_user_size +
-          sizeof(uint32_t);
-    len += *pi->pam_service != '\0' ?
-                2*sizeof(uint32_t) + pi->pam_service_size : 0;
-    len += *pi->pam_tty != '\0' ?
-                2*sizeof(uint32_t) + pi->pam_tty_size : 0;
-    len += *pi->pam_ruser != '\0' ?
-                2*sizeof(uint32_t) + pi->pam_ruser_size : 0;
-    len += *pi->pam_rhost != '\0' ?
-                2*sizeof(uint32_t) + pi->pam_rhost_size : 0;
-    len += pi->pam_authtok != NULL ?
-                3*sizeof(uint32_t) + pi->pam_authtok_size : 0;
-    len += pi->pam_newauthtok != NULL ?
-                3*sizeof(uint32_t) + pi->pam_newauthtok_size : 0;
-    len += 3*sizeof(uint32_t); /* cli_pid */
-    len += *pi->requested_domains != '\0' ?
-                2*sizeof(uint32_t) + pi->requested_domains_size : 0;
-
-
-    buf = malloc(len);
-    if (buf == NULL) {
-        D(("malloc failed."));
-        return PAM_BUF_ERR;
-    }
-
-    rp = 0;
-    SAFEALIGN_SETMEM_UINT32(buf, SSS_START_OF_PAM_REQUEST, &rp);
-
-    rp += add_string_item(SSS_PAM_ITEM_USER, pi->pam_user, pi->pam_user_size,
-                          &buf[rp]);
-
-    rp += add_string_item(SSS_PAM_ITEM_SERVICE, pi->pam_service,
-                          pi->pam_service_size, &buf[rp]);
-
-    rp += add_string_item(SSS_PAM_ITEM_TTY, pi->pam_tty, pi->pam_tty_size,
-                          &buf[rp]);
-
-    rp += add_string_item(SSS_PAM_ITEM_RUSER, pi->pam_ruser, pi->pam_ruser_size,
-                          &buf[rp]);
-
-    rp += add_string_item(SSS_PAM_ITEM_RHOST, pi->pam_rhost, pi->pam_rhost_size,
-                          &buf[rp]);
-
-    rp += add_string_item(SSS_PAM_ITEM_REQUESTED_DOMAINS, pi->requested_domains, pi->requested_domains_size,
-                          &buf[rp]);
-
-    rp += add_uint32_t_item(SSS_PAM_ITEM_CLI_PID, (uint32_t) pi->cli_pid,
-                            &buf[rp]);
-
-    rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type,
-                           pi->pam_authtok, pi->pam_authtok_size, &buf[rp]);
-
-    rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type,
-                           pi->pam_newauthtok, pi->pam_newauthtok_size,
-                           &buf[rp]);
-
-    SAFEALIGN_SETMEM_UINT32(buf + rp, SSS_END_OF_PAM_REQUEST, &rp);
-
-    if (rp != len) {
-        D(("error during packet creation."));
-        free(buf);
-        return PAM_BUF_ERR;
-    }
-
-    *size = len;
-    *buffer = buf;
-
-    return 0;
-}
-
 static int null_strcmp(const char *s1, const char *s2) {
     if (s1 == NULL && s2 == NULL) return 0;
     if (s1 == NULL && s2 != NULL) return -1;
-- 
2.4.3