pam: some functions had to be rewritten due to bugs or readability

bareos · Nov 5, 2018 · 97389ce · 97389ce
1 parent 6c827b5
commit 97389ce
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 27 deletions.
diff --git a/core/src/console/console.cc b/core/src/console/console.cc
@@ -886,9 +886,7 @@ static bool ExaminePamAuthentication(bool use_pam_credentials_file, const std::s
      if(args.empty()) {
        return false;
      }
-     UA_sock->StartTimer(30);
      UA_sock->FormatAndSendResponseMessage(kMessageIdPamUserCredentials, args);
-     UA_sock->StopTimer();
    } else {
      UA_sock->FormatAndSendResponseMessage(kMessageIdPamInteractive, std::string());
      if (!ConsolePamAuthenticate(stdin, UA_sock)) {
@@ -1151,6 +1149,7 @@ int main(int argc, char *argv[])
 
    uint32_t response_id;
    BStringList response_args;
+
    UA_sock = ConnectToDirector(jcr, heart_beat, response_args, response_id);
    if (!UA_sock) { return 1; }
 
@@ -1160,14 +1159,13 @@ int main(int argc, char *argv[])
      if (!ExaminePamAuthentication(use_pam_credentials_file, pam_credentials_filename)) {
        TerminateConsole(0);
        return 1;
-     } else {
-       response_args.clear();
-       if (!UA_sock->ReceiveAndEvaluateResponseMessage(response_id, response_args)) {
-         TerminateConsole(0);
-         return 1;
-       }
      }
-   }
+     response_args.clear();
+     if (!UA_sock->ReceiveAndEvaluateResponseMessage(response_id, response_args)) {
+       TerminateConsole(0);
+       return 1;
+     }
+   } /* kMessageIdPamRequired */
 
    if (response_id == kMessageIdOk) {
      ConsoleOutput(response_args.JoinReadable().c_str());

diff --git a/core/src/dird/auth_pam.cc b/core/src/dird/auth_pam.cc
@@ -161,8 +161,11 @@ bool PamAuthenticateUser(BareosSocket *UA_sock,
    std::unique_ptr<struct pam_conv> pam_conversation_container(new struct pam_conv);
    struct pam_handle *pamh = nullptr; /* pam session handle */
 
-   bool not_interactive = !username_in.empty() && !password_in.empty();
-   pam_conversation_container->conv = not_interactive ? PamLocalCallback : PamConversationCallback;
+   bool interactive = true;
+   if(!username_in.empty() && !password_in.empty()) {
+     interactive = false;
+   }
+   pam_conversation_container->conv = interactive ? PamConversationCallback : PamLocalCallback;
    pam_conversation_container->appdata_ptr = pam_callback_data.get();
 
    const char *username = username_in.empty() ? nullptr : username_in.c_str();
@@ -203,9 +206,11 @@ bool PamAuthenticateUser(BareosSocket *UA_sock,
    }
 
    if (err == PAM_SUCCESS) {
-      if (PamConvSendMessage(UA_sock, "", PAM_SUCCESS)) {
-         return true;
+      bool ok = true;
+      if (interactive) {
+         ok = PamConvSendMessage(UA_sock, "", PAM_SUCCESS);
       }
+      return ok;
    }
    return false;
 }
diff --git a/core/src/dird/authenticate_console.cc b/core/src/dird/authenticate_console.cc
@@ -69,18 +69,15 @@ static void LogErrorMessage(std::string console_name, UaContext *ua)
                       ua->UA_sock->who(), ua->UA_sock->host(), ua->UA_sock->port());
 }
 
-static bool SendOkMessage(UaContext *ua, bool final_state)
+static bool SendResponseMessage(UaContext *ua, uint32_t response_id, bool send_version_info)
 {
-  if (final_state) {
+  std::string message;
+  if (send_version_info) {
     char version_info[128];
     ::snprintf(version_info, 100, "OK: %s Version: %s (%s)", my_name, VERSION, BDATE);
-    return ua->UA_sock->FormatAndSendResponseMessage(kMessageIdOk, std::string(version_info));
-  } else if (ua->cons && ua->cons->use_pam_authentication_) {
-    return ua->UA_sock->FormatAndSendResponseMessage(kMessageIdPamRequired, std::string());
-  } else {
-    Dmsg0(200, "Unexpected program flow\n");
-    return false;
+    message = version_info;
   }
+  return ua->UA_sock->FormatAndSendResponseMessage(response_id, message);
 }
 
 static bool OptionalAuthenticateRootConsole(std::string console_name, UaContext *ua, bool &auth_success)
@@ -90,6 +87,10 @@ static bool OptionalAuthenticateRootConsole(std::string console_name, UaContext
      return false; /* no need to evaluate auth_success */
    }
    auth_success = ua->UA_sock->AuthenticateInboundConnection(NULL, "Console", root_console_name.c_str(), me->password, me);
+
+   if (!SendResponseMessage(ua, kMessageIdOk, true)) {
+     auth_success = false;
+   }
    return true;
 }
 
@@ -108,6 +109,17 @@ static void AuthenticateNamedConsole(std::string console_name, UaContext *ua, bo
     ua->cons = cons;
     auth_success = true;
   }
+  if (auth_success) {
+    uint32_t response_id = kMessageIdOk;
+    bool send_version = true;
+    if (cons->use_pam_authentication_) {
+      response_id = kMessageIdPamRequired;
+      send_version = false;
+    }
+    if (!SendResponseMessage(ua, response_id, send_version)) {
+      auth_success = false;
+    }
+  }
 }
 
 static bool OptionalAuthenticatePamUser(std::string console_name, UaContext *ua, bool &auth_success)
@@ -177,6 +189,11 @@ static bool OptionalAuthenticatePamUser(std::string console_name, UaContext *ua,
       auth_success = true;
     }
   }
+  if (auth_success) {
+    if (!SendResponseMessage(ua, kMessageIdOk, true)) {
+      auth_success = false;
+    }
+  }
   return true;
 } /* HAVE PAM */
 #endif /* !HAVE_PAM */
@@ -200,23 +217,17 @@ bool AuthenticateUserAgent(UaContext *ua)
     if (!auth_success) {
       LogErrorMessage(console_name, ua);
       return false;
-    } else {
-      if (!SendOkMessage(ua, true)) { return false; }
     }
   } else {
     AuthenticateNamedConsole(console_name, ua, auth_success);
     if (!auth_success) {
       LogErrorMessage(console_name, ua);
       return false;
-    } else {
-      if (!SendOkMessage(ua, false)) { return false; }
     }
     if (OptionalAuthenticatePamUser(console_name, ua, auth_success)) {
       if (!auth_success) {
         LogErrorMessage(console_name, ua);
         return false;
-      } else {
-        if (!SendOkMessage(ua, true)) { return false; }
       }
     }
   }