int sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx) { errno_t ret; struct ssh_cmd_ctx *cmd_ctx; cmd_ctx = talloc_zero(cctx, struct ssh_cmd_ctx); if (!cmd_ctx) { return ENOMEM; } cmd_ctx->cctx = cctx; cmd_ctx->is_user = true; ret = ssh_cmd_parse_request(cmd_ctx); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Requesting SSH user public keys for [%s] from [%s]\n", cmd_ctx->name, cmd_ctx->domname ? cmd_ctx->domname : "<ALL>")); if (strcmp(cmd_ctx->name, "root") == 0) { ret = ENOENT; goto done; } if (cmd_ctx->domname) { cmd_ctx->domain = responder_get_domain(cctx->rctx, cmd_ctx->domname); if (!cmd_ctx->domain) { ret = ENOENT; goto done; } } else { cmd_ctx->domain = cctx->rctx->domains; cmd_ctx->check_next = true; } ret = ssh_user_pubkeys_search(cmd_ctx); done: return ssh_cmd_done(cmd_ctx, ret); }
static void pam_forwarder_cb(struct tevent_req *req) { struct pam_auth_req *preq = tevent_req_callback_data(req, struct pam_auth_req); struct cli_ctx *cctx = preq->cctx; struct pam_data *pd; errno_t ret = EOK; ret = sss_dp_get_domains_recv(req); talloc_free(req); if (ret != EOK) { goto done; } pd = preq->pd; ret = pam_forwarder_parse_data(cctx, pd); if (ret != EOK) { ret = EINVAL; goto done; } if (preq->pd->domain) { preq->domain = responder_get_domain(cctx->rctx, preq->pd->domain); if (preq->domain == NULL) { ret = ENOENT; goto done; } } ret = pam_check_user_search(preq); if (ret == EOK) { pam_dom_forwarder(preq); } done: pam_check_user_done(preq, ret); }
static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) { struct sss_domain_info *dom; struct pam_auth_req *preq; struct pam_data *pd; int ret; errno_t ncret; struct pam_ctx *pctx = talloc_get_type(cctx->rctx->pvt_ctx, struct pam_ctx); struct tevent_req *req; preq = talloc_zero(cctx, struct pam_auth_req); if (!preq) { return ENOMEM; } talloc_set_destructor(preq, pam_auth_req_destructor); preq->cctx = cctx; preq->pd = create_pam_data(preq); if (!preq->pd) { talloc_free(preq); return ENOMEM; } pd = preq->pd; pd->cmd = pam_cmd; pd->priv = cctx->priv; ret = pam_forwarder_parse_data(cctx, pd); if (ret == EAGAIN) { req = sss_dp_get_domains_send(cctx->rctx, cctx->rctx, true, pd->domain); if (req == NULL) { ret = ENOMEM; } else { tevent_req_set_callback(req, pam_forwarder_cb, preq); ret = EAGAIN; } goto done; } else if (ret != EOK) { ret = EINVAL; goto done; } /* now check user is valid */ if (pd->domain) { preq->domain = responder_get_domain(cctx->rctx, pd->domain); if (!preq->domain) { ret = ENOENT; goto done; } ncret = sss_ncache_check_user(pctx->ncache, pctx->neg_timeout, preq->domain, pd->user); if (ncret == EEXIST) { /* User found in the negative cache */ ret = ENOENT; goto done; } } else { for (dom = preq->cctx->rctx->domains; dom; dom = get_next_domain(dom, false)) { if (dom->fqnames) continue; ncret = sss_ncache_check_user(pctx->ncache, pctx->neg_timeout, dom, pd->user); if (ncret == ENOENT) { /* User not found in the negative cache * Proceed with PAM actions */ break; } /* Try the next domain */ DEBUG(SSSDBG_TRACE_FUNC, "User [%s@%s] filtered out (negative cache). " "Trying next domain.\n", pd->user, dom->name); } if (!dom) { ret = ENOENT; goto done; } preq->domain = dom; } if (preq->domain->provider == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Domain [%s] has no auth provider.\n", preq->domain->name); ret = EINVAL; goto done; } preq->check_provider = NEED_CHECK_PROVIDER(preq->domain->provider); ret = pam_check_user_search(preq); if (ret == EOK) { pam_dom_forwarder(preq); } done: return pam_check_user_done(preq, ret); }