/*
* VerifyNullHandling
*
*/
static
DWORD
VerifyNullHandling(
HANDLE hLsaConnection
)
{
PCSTR pszTestDescription =
"LsaOpenSession does not accept NULL login id.";
PCSTR pszTestAPIs =
"LsaOpenSession";
char szTestMsg[128] = { 0 };
DWORD dwLocalError = LW_ERROR_SUCCESS;
DWORD dwError = LW_ERROR_SUCCESS;
int bSessionIsOpen = 0;
dwLocalError = LsaOpenSession(hLsaConnection, NULL);
if ( dwLocalError == LW_ERROR_SUCCESS )
{
bSessionIsOpen = 1;
snprintf(
szTestMsg,
sizeof(szTestMsg),
"LsaOpenSession did not return error for a NULL login id.");
dwError = LW_ERROR_TEST_FAILED;
goto error;
}
cleanup:
if ( bSessionIsOpen )
{
dwError = LsaCloseSession(hLsaConnection, NULL);
bSessionIsOpen = 0;
}
LWT_LOG_TEST(szTestMsg);
return dwError;
error:
goto cleanup;
}
int
pam_sm_close_session(
pam_handle_t* pamh,
int flags,
int argc,
const char** argv
)
{
DWORD dwError = 0;
PPAMCONTEXT pPamContext = NULL;
PSTR pszLoginId = NULL;
HANDLE hLsaConnection = (HANDLE)NULL;
PLSA_PAM_CONFIG pConfig = NULL;
dwError = LsaPamGetConfig(&pConfig);
BAIL_ON_LSA_ERROR(dwError);
LsaPamSetLogLevel(pConfig->dwLogLevel);
LSA_LOG_PAM_DEBUG("pam_sm_close_session::begin");
dwError = LsaPamGetContext(
pamh,
flags,
argc,
argv,
&pPamContext);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaPamGetLoginId(
pamh,
pPamContext,
&pszLoginId,
FALSE);
BAIL_ON_LSA_ERROR(dwError);
if (pszLoginId == NULL)
{
dwError = LW_ERROR_NO_SUCH_USER;
BAIL_ON_LSA_ERROR(dwError);
}
if (LsaShouldIgnoreUser(pszLoginId))
{
LSA_LOG_PAM_DEBUG("By passing lsassd for local account");
dwError = LW_ERROR_NOT_HANDLED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaCloseSession(
hLsaConnection,
pszLoginId);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaPamNotifyUserLogoff(
pszLoginId);
if (dwError == LW_ERROR_LOAD_LIBRARY_FAILED ||
dwError == LW_ERROR_LOOKUP_SYMBOL_FAILED )
{
dwError = 0;
}
BAIL_ON_LSA_ERROR(dwError);
cleanup:
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
if (pConfig)
{
LsaPamFreeConfig(pConfig);
}
LW_SAFE_FREE_STRING(pszLoginId);
LSA_LOG_PAM_DEBUG("pam_sm_close_session::end");
return LsaPamOpenPamFilterCloseSession(
LsaPamMapErrorCode(dwError, pPamContext));
error:
if ((dwError == LW_ERROR_NO_SUCH_USER) || (dwError == LW_ERROR_NOT_HANDLED))
{
LSA_LOG_PAM_WARNING("pam_sm_close_session error [error code:%u]", dwError);
}
else
{
LSA_LOG_PAM_ERROR("pam_sm_close_session error [error code:%u]", dwError);
}
goto cleanup;
}
/*
* CheckLsaOpenSession
*
*/
static
DWORD
CheckLsaOpenSession(
HANDLE hLsaConnection,
PCSTR pszLoginId,
PLWTUSER pUser
)
{
PCSTR pszTestDescription =
"Home directory exists after call to LsaOpenSession for valid user.";
PCSTR pszTestAPIs =
"LsaOpenSession,"
"LsaCloseSession,"
"LsaCheckUserInList,"
"LsaAuthenticateUser";
char szTestMsg[128] = { 0 };
DWORD dwError = LW_ERROR_SUCCESS;
int bSessionIsOpen = 0;
snprintf(szTestMsg, sizeof(szTestMsg), "Session for %s", pszLoginId);
dwError = LsaOpenSession(hLsaConnection, pszLoginId);
if ( dwError )
goto error;
bSessionIsOpen = 1;
if ( !IsNullOrEmpty(pUser->pszUnixHomeDirectory) )
{
struct stat statbuf;
if ( stat(pUser->pszUnixHomeDirectory, &statbuf) < 0 )
{
char buf[64];
snprintf(
buf,
sizeof(buf),
",could not stat %s",
pUser->pszUnixHomeDirectory);
Lwt_strcat(szTestMsg, sizeof(szTestMsg), buf);
dwError = LW_ERROR_TEST_FAILED;
goto error;
}
if ( !S_ISDIR(statbuf.st_mode) )
{
Lwt_strcat(
szTestMsg,
sizeof(szTestMsg),
",home is not a directory.");
dwError = LW_ERROR_TEST_FAILED;
}
if ( !IsNullOrEmpty(pUser->pszUnixUid) )
{
if ( statbuf.st_uid != pUser->nUnixUid )
{
Lwt_strcat(
szTestMsg,
sizeof(szTestMsg),
",uid doesn't match expected");
dwError = LW_ERROR_TEST_FAILED;
}
}
}
cleanup:
if ( bSessionIsOpen )
{
dwError = LsaCloseSession(hLsaConnection, pszLoginId);
bSessionIsOpen = 0;
}
LWT_LOG_TEST(szTestMsg);
return dwError;
error:
goto cleanup;
}
