diff options
author | Simo Sorce <simo@redhat.com> | 2012-10-18 18:43:56 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-01-10 12:24:59 -0500 |
commit | 64af76e2bef2565caa9738f675c108a4b3789237 (patch) | |
tree | fa24e7f17f07136494a4c515c63b8795be7130e4 /src/providers/krb5/krb5_child_handler.c | |
parent | 918b2a5a91f1c551d48f4bffed2a28c36fdb4be1 (diff) | |
download | sssd-64af76e2bef2565caa9738f675c108a4b3789237.tar.gz sssd-64af76e2bef2565caa9738f675c108a4b3789237.tar.xz sssd-64af76e2bef2565caa9738f675c108a4b3789237.zip |
Change pam data auth tokens.
Use the new authtok abstraction and interfaces throught the code.
Diffstat (limited to 'src/providers/krb5/krb5_child_handler.c')
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 59 |
1 files changed, 49 insertions, 10 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index e792db3f7..5adbcf700 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -85,6 +85,43 @@ static int child_io_destructor(void *ptr) return EOK; } +static errno_t pack_authtok(struct io_buffer *buf, size_t *rp, + struct sss_auth_token *tok) +{ + uint32_t auth_token_type; + uint32_t auth_token_length; + const char *data; + size_t len; + errno_t ret = EOK; + + auth_token_type = sss_authtok_get_type(tok); + + switch (auth_token_type) { + case SSS_AUTHTOK_TYPE_EMPTY: + auth_token_length = 0; + data = ""; + break; + case SSS_AUTHTOK_TYPE_PASSWORD: + ret = sss_authtok_get_password(tok, &data, &len); + auth_token_length = len + 1; + break; + case SSS_AUTHTOK_TYPE_CCFILE: + ret = sss_authtok_get_password(tok, &data, &len); + auth_token_length = len + 1; + break; + default: + ret = EINVAL; + } + + if (ret == EOK) { + SAFEALIGN_COPY_UINT32(&buf->data[*rp], &auth_token_type, rp); + SAFEALIGN_COPY_UINT32(&buf->data[*rp], &auth_token_length, rp); + safealign_memcpy(&buf->data[*rp], data, auth_token_length, rp); + } + + return ret; +} + static errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf) { @@ -94,6 +131,7 @@ static errno_t create_send_buffer(struct krb5child_req *kr, uint32_t validate; uint32_t different_realm; size_t username_len = 0; + errno_t ret; keytab = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_KEYTAB); if (keytab == NULL) { @@ -117,11 +155,12 @@ static errno_t create_send_buffer(struct krb5child_req *kr, kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || kr->pd->cmd == SSS_PAM_CHAUTHTOK) { buf->size += 4*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) + - kr->pd->authtok_size; + sss_authtok_get_size(&kr->pd->authtok); } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { - buf->size += 2*sizeof(uint32_t) + kr->pd->newauthtok_size; + buf->size += 2*sizeof(uint32_t) + + sss_authtok_get_size(&kr->pd->newauthtok); } if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) { @@ -157,17 +196,17 @@ static errno_t create_send_buffer(struct krb5child_req *kr, SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab), &rp); safealign_memcpy(&buf->data[rp], keytab, strlen(keytab), &rp); - SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_type, &rp); - SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, &rp); - safealign_memcpy(&buf->data[rp], kr->pd->authtok, - kr->pd->authtok_size, &rp); + ret = pack_authtok(buf, &rp, &kr->pd->authtok); + if (ret) { + return ret; + } } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { - SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_type, &rp); - SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, &rp); - safealign_memcpy(&buf->data[rp], kr->pd->newauthtok, - kr->pd->newauthtok_size, &rp); + ret = pack_authtok(buf, &rp, &kr->pd->newauthtok); + if (ret) { + return ret; + } } if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) { |