|
 |
bac598 |
From 1b9b7f5a635ede8eee90d13bfe0e1f87e51191a9 Mon Sep 17 00:00:00 2001
|
|
|
bac598 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
bac598 |
Date: Fri, 13 Nov 2020 12:59:39 +0100
|
|
|
bac598 |
Subject: [PATCH 13/16] pam_sss: use unique id for gdm choice list
|
|
|
bac598 |
|
|
|
bac598 |
Currently the key-id read from the Smartcard is used as key value for
|
|
|
bac598 |
the gdm choice list dialog. Since it might be possible that multiple
|
|
|
bac598 |
certificates use the same key and hence the same key-id this is not a
|
|
|
bac598 |
suitable value.
|
|
|
bac598 |
|
|
|
bac598 |
With this patch the string representation of a numerical counter is used.
|
|
|
bac598 |
|
|
|
bac598 |
Resolves: https://github.com/SSSD/sssd/issues/5400
|
|
|
bac598 |
|
|
|
bac598 |
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
bac598 |
---
|
|
|
bac598 |
src/sss_client/pam_sss.c | 14 ++++++++++++--
|
|
|
bac598 |
1 file changed, 12 insertions(+), 2 deletions(-)
|
|
|
bac598 |
|
|
|
bac598 |
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
|
|
|
bac598 |
index b844d257e..04dfdb55d 100644
|
|
|
bac598 |
--- a/src/sss_client/pam_sss.c
|
|
|
bac598 |
+++ b/src/sss_client/pam_sss.c
|
|
|
bac598 |
@@ -128,6 +128,7 @@ struct cert_auth_info {
|
|
|
bac598 |
char *key_id;
|
|
|
bac598 |
char *prompt_str;
|
|
|
bac598 |
char *pam_cert_user;
|
|
|
bac598 |
+ char *choice_list_id;
|
|
|
bac598 |
struct cert_auth_info *prev;
|
|
|
bac598 |
struct cert_auth_info *next;
|
|
|
bac598 |
};
|
|
|
bac598 |
@@ -141,6 +142,7 @@ static void free_cai(struct cert_auth_info *cai)
|
|
|
bac598 |
free(cai->module_name);
|
|
|
bac598 |
free(cai->key_id);
|
|
|
bac598 |
free(cai->prompt_str);
|
|
|
bac598 |
+ free(cai->choice_list_id);
|
|
|
bac598 |
free(cai);
|
|
|
bac598 |
}
|
|
|
bac598 |
}
|
|
|
bac598 |
@@ -1698,7 +1700,15 @@ static int prompt_multi_cert_gdm(pam_handle_t *pamh, struct pam_items *pi)
|
|
|
bac598 |
ret = ENOMEM;
|
|
|
bac598 |
goto done;
|
|
|
bac598 |
}
|
|
|
bac598 |
- request->list.items[c].key = cai->key_id;
|
|
|
bac598 |
+ free(cai->choice_list_id);
|
|
|
bac598 |
+ ret = asprintf(&cai->choice_list_id, "%zu", c);
|
|
|
bac598 |
+ if (ret == -1) {
|
|
|
bac598 |
+ cai->choice_list_id = NULL;
|
|
|
bac598 |
+ ret = ENOMEM;
|
|
|
bac598 |
+ goto done;
|
|
|
bac598 |
+ }
|
|
|
bac598 |
+
|
|
|
bac598 |
+ request->list.items[c].key = cai->choice_list_id;
|
|
|
bac598 |
request->list.items[c++].text = prompt;
|
|
|
bac598 |
}
|
|
|
bac598 |
|
|
|
bac598 |
@@ -1719,7 +1729,7 @@ static int prompt_multi_cert_gdm(pam_handle_t *pamh, struct pam_items *pi)
|
|
|
bac598 |
}
|
|
|
bac598 |
|
|
|
bac598 |
DLIST_FOR_EACH(cai, pi->cert_list) {
|
|
|
bac598 |
- if (strcmp(response->key, cai->key_id) == 0) {
|
|
|
bac598 |
+ if (strcmp(response->key, cai->choice_list_id) == 0) {
|
|
|
bac598 |
pam_info(pamh, "Certificate ā%sā selected", cai->key_id);
|
|
|
bac598 |
pi->selected_cert = cai;
|
|
|
bac598 |
ret = 0;
|
|
|
bac598 |
--
|
|
|
bac598 |
2.21.3
|
|
|
bac598 |
|