640e44ca24
- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
default if nonexistent domain is mentioned
101 lines
4.3 KiB
Diff
101 lines
4.3 KiB
Diff
From aeb1038017723e473eeb2f405d3b5ff4f5d4af02 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Fri, 16 Sep 2016 11:47:40 +0200
|
|
Subject: [PATCH 62/79] p11: return a fully-qualified name
|
|
|
|
Related to https://fedorahosted.org/sssd/ticket/3165
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
(cherry picked from commit 3649b959709f1ab187092f054d4aace0798c98fa)
|
|
---
|
|
src/responder/pam/pamsrv_p11.c | 20 +++++++++-----------
|
|
src/tests/cmocka/test_pam_srv.c | 16 ++++++++--------
|
|
2 files changed, 17 insertions(+), 19 deletions(-)
|
|
|
|
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
|
|
index 22da33067d5c479153376927855dcd6b43322d8b..570bfe09d4385a038e7e03fcb64c72dd794774a6 100644
|
|
--- a/src/responder/pam/pamsrv_p11.c
|
|
+++ b/src/responder/pam/pamsrv_p11.c
|
|
@@ -521,33 +521,31 @@ errno_t add_pam_cert_response(struct pam_data *pd, const char *sysdb_username,
|
|
size_t msg_len;
|
|
size_t slot_len;
|
|
int ret;
|
|
- char *username;
|
|
|
|
if (sysdb_username == NULL || token_name == NULL) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Missing mandatory user or slot name.\n");
|
|
return EINVAL;
|
|
}
|
|
|
|
- ret = sss_parse_internal_fqname(pd, sysdb_username, &username, NULL);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse [%s]\n", sysdb_username);
|
|
- return ret;
|
|
- }
|
|
-
|
|
- user_len = strlen(username) + 1;
|
|
+ user_len = strlen(sysdb_username) + 1;
|
|
slot_len = strlen(token_name) + 1;
|
|
msg_len = user_len + slot_len;
|
|
|
|
msg = talloc_zero_size(pd, msg_len);
|
|
if (msg == NULL) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_size failed.\n");
|
|
- talloc_free(username);
|
|
return ENOMEM;
|
|
}
|
|
|
|
- memcpy(msg, username, user_len);
|
|
+ /* sysdb_username is a fully-qualified name which is used by pam_sss when
|
|
+ * prompting the user for the PIN and as login name if it wasn't set by
|
|
+ * the PAM caller but has to be determined based on the inserted
|
|
+ * Smartcard. If this type of name is irritating at the PIN prompt or the
|
|
+ * re_expression config option was set in a way that user@domain cannot be
|
|
+ * handled anymore some more logic has to be added here. But for the time
|
|
+ * being I think using sysdb_username is fine. */
|
|
+ memcpy(msg, sysdb_username, user_len);
|
|
memcpy(msg + user_len, token_name, slot_len);
|
|
- talloc_free(username);
|
|
|
|
ret = pam_add_response(pd, SSS_PAM_CERT_INFO, msg_len, msg);
|
|
talloc_free(msg);
|
|
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
|
|
index 02199e6f121cab0784389256cdaac38baf9d73e3..4b2dea4be6a819b23afd243ba99cd9bd57c16c20 100644
|
|
--- a/src/tests/cmocka/test_pam_srv.c
|
|
+++ b/src/tests/cmocka/test_pam_srv.c
|
|
@@ -664,11 +664,11 @@ static int test_pam_cert_check_gdm_smartcard(uint32_t status, uint8_t *body,
|
|
assert_int_equal(val, SSS_PAM_CERT_INFO);
|
|
|
|
SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
|
|
- assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME)));
|
|
+ assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME)));
|
|
|
|
- assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0);
|
|
- assert_string_equal(body + rp, "pamuser");
|
|
- rp += sizeof("pamuser");
|
|
+ assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0);
|
|
+ assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME);
|
|
+ rp += sizeof("pamuser@"TEST_DOM_NAME);
|
|
|
|
assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
|
|
assert_string_equal(body + rp, TEST_TOKEN_NAME);
|
|
@@ -703,11 +703,11 @@ static int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen)
|
|
assert_int_equal(val, SSS_PAM_CERT_INFO);
|
|
|
|
SAFEALIGN_COPY_UINT32(&val, body + rp, &rp);
|
|
- assert_int_equal(val, (sizeof("pamuser") + sizeof(TEST_TOKEN_NAME)));
|
|
+ assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME)));
|
|
|
|
- assert_int_equal(*(body + rp + sizeof("pamuser") - 1), 0);
|
|
- assert_string_equal(body + rp, "pamuser");
|
|
- rp += sizeof("pamuser");
|
|
+ assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0);
|
|
+ assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME);
|
|
+ rp += sizeof("pamuser@"TEST_DOM_NAME);
|
|
|
|
assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
|
|
assert_string_equal(body + rp, TEST_TOKEN_NAME);
|
|
--
|
|
2.9.3
|
|
|