Beispiel #1
0
/*
 * VerifyNullHandling
 *
 */
static
DWORD
VerifyNullHandling(
    HANDLE hLsaConnection
)
{
    PCSTR pszTestDescription =
        "LsaOpenSession does not accept NULL login id.";
    PCSTR pszTestAPIs =
        "LsaOpenSession";
    char szTestMsg[128] = { 0 };

    DWORD dwLocalError = LW_ERROR_SUCCESS;
    DWORD dwError = LW_ERROR_SUCCESS;

    int bSessionIsOpen = 0;

    dwLocalError = LsaOpenSession(hLsaConnection, NULL);
    if ( dwLocalError == LW_ERROR_SUCCESS )
    {
        bSessionIsOpen = 1;

        snprintf(
            szTestMsg,
            sizeof(szTestMsg),
            "LsaOpenSession did not return error for a NULL login id.");

        dwError = LW_ERROR_TEST_FAILED;
        goto error;
    }

cleanup:

    if ( bSessionIsOpen )
    {
        dwError = LsaCloseSession(hLsaConnection, NULL);
        bSessionIsOpen = 0;
    }

    LWT_LOG_TEST(szTestMsg);
    return dwError;

error:

    goto cleanup;

}
Beispiel #2
0
int
pam_sm_close_session(
    pam_handle_t* pamh,
    int           flags,
    int           argc,
    const char**  argv
    )
{
    DWORD dwError = 0;
    PPAMCONTEXT pPamContext = NULL;
    PSTR pszLoginId = NULL;
    HANDLE hLsaConnection = (HANDLE)NULL;
    PLSA_PAM_CONFIG pConfig = NULL;

    dwError = LsaPamGetConfig(&pConfig);
    BAIL_ON_LSA_ERROR(dwError);

    LsaPamSetLogLevel(pConfig->dwLogLevel);

    LSA_LOG_PAM_DEBUG("pam_sm_close_session::begin");

    dwError = LsaPamGetContext(
                    pamh,
                    flags,
                    argc,
                    argv,
                    &pPamContext);
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LsaPamGetLoginId(
                    pamh,
                    pPamContext,
                    &pszLoginId,
                    FALSE);
    BAIL_ON_LSA_ERROR(dwError);

    if (pszLoginId == NULL)
    {
        dwError = LW_ERROR_NO_SUCH_USER;
        BAIL_ON_LSA_ERROR(dwError);
    }

    if (LsaShouldIgnoreUser(pszLoginId))
    {
        LSA_LOG_PAM_DEBUG("By passing lsassd for local account");
        dwError = LW_ERROR_NOT_HANDLED;
        BAIL_ON_LSA_ERROR(dwError);
    }

    dwError = LsaOpenServer(&hLsaConnection);
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LsaCloseSession(
                            hLsaConnection,
                            pszLoginId);
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LsaPamNotifyUserLogoff(
                    pszLoginId);
    if (dwError == LW_ERROR_LOAD_LIBRARY_FAILED ||
        dwError == LW_ERROR_LOOKUP_SYMBOL_FAILED )
    {
        dwError = 0;
    }
    BAIL_ON_LSA_ERROR(dwError);

cleanup:

    if (hLsaConnection != (HANDLE)NULL) {
        LsaCloseServer(hLsaConnection);
    }

    if (pConfig)
    {
        LsaPamFreeConfig(pConfig);
    }

    LW_SAFE_FREE_STRING(pszLoginId);

    LSA_LOG_PAM_DEBUG("pam_sm_close_session::end");

    return LsaPamOpenPamFilterCloseSession(
                            LsaPamMapErrorCode(dwError, pPamContext));

error:

    if ((dwError == LW_ERROR_NO_SUCH_USER) || (dwError == LW_ERROR_NOT_HANDLED))
    {
        LSA_LOG_PAM_WARNING("pam_sm_close_session error [error code:%u]", dwError);
    }
    else
    {
        LSA_LOG_PAM_ERROR("pam_sm_close_session error [error code:%u]", dwError);
    }

    goto cleanup;
}
Beispiel #3
0
/*
 * CheckLsaOpenSession
 *
 */
static
DWORD
CheckLsaOpenSession(
    HANDLE hLsaConnection,
    PCSTR pszLoginId,
    PLWTUSER pUser
)
{
    PCSTR pszTestDescription =
        "Home directory exists after call to LsaOpenSession for valid user.";
    PCSTR pszTestAPIs =
        "LsaOpenSession,"
        "LsaCloseSession,"
        "LsaCheckUserInList,"
        "LsaAuthenticateUser";
    char szTestMsg[128] = { 0 };

    DWORD dwError = LW_ERROR_SUCCESS;

    int bSessionIsOpen = 0;

    snprintf(szTestMsg, sizeof(szTestMsg), "Session for %s", pszLoginId);

    dwError = LsaOpenSession(hLsaConnection, pszLoginId);
    if ( dwError )
        goto error;
    bSessionIsOpen = 1;

    if ( !IsNullOrEmpty(pUser->pszUnixHomeDirectory) )
    {
        struct stat statbuf;
        if ( stat(pUser->pszUnixHomeDirectory, &statbuf) < 0 )
        {
            char buf[64];
            snprintf(
                buf,
                sizeof(buf),
                ",could not stat %s",
                pUser->pszUnixHomeDirectory);
            Lwt_strcat(szTestMsg, sizeof(szTestMsg), buf);
            dwError = LW_ERROR_TEST_FAILED;
            goto error;
        }

        if ( !S_ISDIR(statbuf.st_mode) )
        {
            Lwt_strcat(
                szTestMsg,
                sizeof(szTestMsg),
                ",home is not a directory.");
            dwError = LW_ERROR_TEST_FAILED;
        }

        if ( !IsNullOrEmpty(pUser->pszUnixUid) )
        {
            if ( statbuf.st_uid != pUser->nUnixUid )
            {
                Lwt_strcat(
                    szTestMsg,
                    sizeof(szTestMsg),
                    ",uid doesn't match expected");
                dwError = LW_ERROR_TEST_FAILED;
            }
        }
    }


cleanup:

    if ( bSessionIsOpen )
    {
        dwError = LsaCloseSession(hLsaConnection, pszLoginId);
        bSessionIsOpen = 0;
    }

    LWT_LOG_TEST(szTestMsg);
    return dwError;

error:

    goto cleanup;

}