From 97389ced65a323bda472ba3fa4dbfb680ef98374 Mon Sep 17 00:00:00 2001 From: Frank Ueberschar Date: Wed, 31 Oct 2018 17:14:15 +0100 Subject: [PATCH] pam: some functions had to be rewritten due to bugs or readability --- core/src/console/console.cc | 16 +++++------ core/src/dird/auth_pam.cc | 13 ++++++--- core/src/dird/authenticate_console.cc | 39 +++++++++++++++++---------- 3 files changed, 41 insertions(+), 27 deletions(-) diff --git a/core/src/console/console.cc b/core/src/console/console.cc index d8eaa745b25..398f26860fb 100644 --- a/core/src/console/console.cc +++ b/core/src/console/console.cc @@ -886,9 +886,7 @@ static bool ExaminePamAuthentication(bool use_pam_credentials_file, const std::s if(args.empty()) { return false; } - UA_sock->StartTimer(30); UA_sock->FormatAndSendResponseMessage(kMessageIdPamUserCredentials, args); - UA_sock->StopTimer(); } else { UA_sock->FormatAndSendResponseMessage(kMessageIdPamInteractive, std::string()); if (!ConsolePamAuthenticate(stdin, UA_sock)) { @@ -1151,6 +1149,7 @@ int main(int argc, char *argv[]) uint32_t response_id; BStringList response_args; + UA_sock = ConnectToDirector(jcr, heart_beat, response_args, response_id); if (!UA_sock) { return 1; } @@ -1160,14 +1159,13 @@ int main(int argc, char *argv[]) if (!ExaminePamAuthentication(use_pam_credentials_file, pam_credentials_filename)) { TerminateConsole(0); return 1; - } else { - response_args.clear(); - if (!UA_sock->ReceiveAndEvaluateResponseMessage(response_id, response_args)) { - TerminateConsole(0); - return 1; - } } - } + response_args.clear(); + if (!UA_sock->ReceiveAndEvaluateResponseMessage(response_id, response_args)) { + TerminateConsole(0); + return 1; + } + } /* kMessageIdPamRequired */ if (response_id == kMessageIdOk) { ConsoleOutput(response_args.JoinReadable().c_str()); diff --git a/core/src/dird/auth_pam.cc b/core/src/dird/auth_pam.cc index 9efeec20fb3..6b931f39944 100644 --- a/core/src/dird/auth_pam.cc +++ b/core/src/dird/auth_pam.cc @@ -161,8 +161,11 @@ bool PamAuthenticateUser(BareosSocket *UA_sock, std::unique_ptr pam_conversation_container(new struct pam_conv); struct pam_handle *pamh = nullptr; /* pam session handle */ - bool not_interactive = !username_in.empty() && !password_in.empty(); - pam_conversation_container->conv = not_interactive ? PamLocalCallback : PamConversationCallback; + bool interactive = true; + if(!username_in.empty() && !password_in.empty()) { + interactive = false; + } + pam_conversation_container->conv = interactive ? PamConversationCallback : PamLocalCallback; pam_conversation_container->appdata_ptr = pam_callback_data.get(); const char *username = username_in.empty() ? nullptr : username_in.c_str(); @@ -203,9 +206,11 @@ bool PamAuthenticateUser(BareosSocket *UA_sock, } if (err == PAM_SUCCESS) { - if (PamConvSendMessage(UA_sock, "", PAM_SUCCESS)) { - return true; + bool ok = true; + if (interactive) { + ok = PamConvSendMessage(UA_sock, "", PAM_SUCCESS); } + return ok; } return false; } diff --git a/core/src/dird/authenticate_console.cc b/core/src/dird/authenticate_console.cc index 781d88d4dfc..d8ea9d7c620 100644 --- a/core/src/dird/authenticate_console.cc +++ b/core/src/dird/authenticate_console.cc @@ -69,18 +69,15 @@ static void LogErrorMessage(std::string console_name, UaContext *ua) ua->UA_sock->who(), ua->UA_sock->host(), ua->UA_sock->port()); } -static bool SendOkMessage(UaContext *ua, bool final_state) +static bool SendResponseMessage(UaContext *ua, uint32_t response_id, bool send_version_info) { - if (final_state) { + std::string message; + if (send_version_info) { char version_info[128]; ::snprintf(version_info, 100, "OK: %s Version: %s (%s)", my_name, VERSION, BDATE); - return ua->UA_sock->FormatAndSendResponseMessage(kMessageIdOk, std::string(version_info)); - } else if (ua->cons && ua->cons->use_pam_authentication_) { - return ua->UA_sock->FormatAndSendResponseMessage(kMessageIdPamRequired, std::string()); - } else { - Dmsg0(200, "Unexpected program flow\n"); - return false; + message = version_info; } + return ua->UA_sock->FormatAndSendResponseMessage(response_id, message); } static bool OptionalAuthenticateRootConsole(std::string console_name, UaContext *ua, bool &auth_success) @@ -90,6 +87,10 @@ static bool OptionalAuthenticateRootConsole(std::string console_name, UaContext return false; /* no need to evaluate auth_success */ } auth_success = ua->UA_sock->AuthenticateInboundConnection(NULL, "Console", root_console_name.c_str(), me->password, me); + + if (!SendResponseMessage(ua, kMessageIdOk, true)) { + auth_success = false; + } return true; } @@ -108,6 +109,17 @@ static void AuthenticateNamedConsole(std::string console_name, UaContext *ua, bo ua->cons = cons; auth_success = true; } + if (auth_success) { + uint32_t response_id = kMessageIdOk; + bool send_version = true; + if (cons->use_pam_authentication_) { + response_id = kMessageIdPamRequired; + send_version = false; + } + if (!SendResponseMessage(ua, response_id, send_version)) { + auth_success = false; + } + } } static bool OptionalAuthenticatePamUser(std::string console_name, UaContext *ua, bool &auth_success) @@ -177,6 +189,11 @@ static bool OptionalAuthenticatePamUser(std::string console_name, UaContext *ua, auth_success = true; } } + if (auth_success) { + if (!SendResponseMessage(ua, kMessageIdOk, true)) { + auth_success = false; + } + } return true; } /* HAVE PAM */ #endif /* !HAVE_PAM */ @@ -200,23 +217,17 @@ bool AuthenticateUserAgent(UaContext *ua) if (!auth_success) { LogErrorMessage(console_name, ua); return false; - } else { - if (!SendOkMessage(ua, true)) { return false; } } } else { AuthenticateNamedConsole(console_name, ua, auth_success); if (!auth_success) { LogErrorMessage(console_name, ua); return false; - } else { - if (!SendOkMessage(ua, false)) { return false; } } if (OptionalAuthenticatePamUser(console_name, ua, auth_success)) { if (!auth_success) { LogErrorMessage(console_name, ua); return false; - } else { - if (!SendOkMessage(ua, true)) { return false; } } } }