/* * VerifyNullHandling * */ static DWORD VerifyNullHandling( HANDLE hLsaConnection ) { PCSTR pszTestDescription = "LsaOpenSession does not accept NULL login id."; PCSTR pszTestAPIs = "LsaOpenSession"; char szTestMsg[128] = { 0 }; DWORD dwLocalError = LW_ERROR_SUCCESS; DWORD dwError = LW_ERROR_SUCCESS; int bSessionIsOpen = 0; dwLocalError = LsaOpenSession(hLsaConnection, NULL); if ( dwLocalError == LW_ERROR_SUCCESS ) { bSessionIsOpen = 1; snprintf( szTestMsg, sizeof(szTestMsg), "LsaOpenSession did not return error for a NULL login id."); dwError = LW_ERROR_TEST_FAILED; goto error; } cleanup: if ( bSessionIsOpen ) { dwError = LsaCloseSession(hLsaConnection, NULL); bSessionIsOpen = 0; } LWT_LOG_TEST(szTestMsg); return dwError; error: goto cleanup; }
int pam_sm_close_session( pam_handle_t* pamh, int flags, int argc, const char** argv ) { DWORD dwError = 0; PPAMCONTEXT pPamContext = NULL; PSTR pszLoginId = NULL; HANDLE hLsaConnection = (HANDLE)NULL; PLSA_PAM_CONFIG pConfig = NULL; dwError = LsaPamGetConfig(&pConfig); BAIL_ON_LSA_ERROR(dwError); LsaPamSetLogLevel(pConfig->dwLogLevel); LSA_LOG_PAM_DEBUG("pam_sm_close_session::begin"); dwError = LsaPamGetContext( pamh, flags, argc, argv, &pPamContext); BAIL_ON_LSA_ERROR(dwError); dwError = LsaPamGetLoginId( pamh, pPamContext, &pszLoginId, FALSE); BAIL_ON_LSA_ERROR(dwError); if (pszLoginId == NULL) { dwError = LW_ERROR_NO_SUCH_USER; BAIL_ON_LSA_ERROR(dwError); } if (LsaShouldIgnoreUser(pszLoginId)) { LSA_LOG_PAM_DEBUG("By passing lsassd for local account"); dwError = LW_ERROR_NOT_HANDLED; BAIL_ON_LSA_ERROR(dwError); } dwError = LsaOpenServer(&hLsaConnection); BAIL_ON_LSA_ERROR(dwError); dwError = LsaCloseSession( hLsaConnection, pszLoginId); BAIL_ON_LSA_ERROR(dwError); dwError = LsaPamNotifyUserLogoff( pszLoginId); if (dwError == LW_ERROR_LOAD_LIBRARY_FAILED || dwError == LW_ERROR_LOOKUP_SYMBOL_FAILED ) { dwError = 0; } BAIL_ON_LSA_ERROR(dwError); cleanup: if (hLsaConnection != (HANDLE)NULL) { LsaCloseServer(hLsaConnection); } if (pConfig) { LsaPamFreeConfig(pConfig); } LW_SAFE_FREE_STRING(pszLoginId); LSA_LOG_PAM_DEBUG("pam_sm_close_session::end"); return LsaPamOpenPamFilterCloseSession( LsaPamMapErrorCode(dwError, pPamContext)); error: if ((dwError == LW_ERROR_NO_SUCH_USER) || (dwError == LW_ERROR_NOT_HANDLED)) { LSA_LOG_PAM_WARNING("pam_sm_close_session error [error code:%u]", dwError); } else { LSA_LOG_PAM_ERROR("pam_sm_close_session error [error code:%u]", dwError); } goto cleanup; }
/* * CheckLsaOpenSession * */ static DWORD CheckLsaOpenSession( HANDLE hLsaConnection, PCSTR pszLoginId, PLWTUSER pUser ) { PCSTR pszTestDescription = "Home directory exists after call to LsaOpenSession for valid user."; PCSTR pszTestAPIs = "LsaOpenSession," "LsaCloseSession," "LsaCheckUserInList," "LsaAuthenticateUser"; char szTestMsg[128] = { 0 }; DWORD dwError = LW_ERROR_SUCCESS; int bSessionIsOpen = 0; snprintf(szTestMsg, sizeof(szTestMsg), "Session for %s", pszLoginId); dwError = LsaOpenSession(hLsaConnection, pszLoginId); if ( dwError ) goto error; bSessionIsOpen = 1; if ( !IsNullOrEmpty(pUser->pszUnixHomeDirectory) ) { struct stat statbuf; if ( stat(pUser->pszUnixHomeDirectory, &statbuf) < 0 ) { char buf[64]; snprintf( buf, sizeof(buf), ",could not stat %s", pUser->pszUnixHomeDirectory); Lwt_strcat(szTestMsg, sizeof(szTestMsg), buf); dwError = LW_ERROR_TEST_FAILED; goto error; } if ( !S_ISDIR(statbuf.st_mode) ) { Lwt_strcat( szTestMsg, sizeof(szTestMsg), ",home is not a directory."); dwError = LW_ERROR_TEST_FAILED; } if ( !IsNullOrEmpty(pUser->pszUnixUid) ) { if ( statbuf.st_uid != pUser->nUnixUid ) { Lwt_strcat( szTestMsg, sizeof(szTestMsg), ",uid doesn't match expected"); dwError = LW_ERROR_TEST_FAILED; } } } cleanup: if ( bSessionIsOpen ) { dwError = LsaCloseSession(hLsaConnection, pszLoginId); bSessionIsOpen = 0; } LWT_LOG_TEST(szTestMsg); return dwError; error: goto cleanup; }