diff options
author | Simo Sorce <simo@redhat.com> | 2012-10-18 12:49:38 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-01-10 12:24:59 -0500 |
commit | c83e409297711e6012a164cc929c758a3f38e9b9 (patch) | |
tree | 42930e80d13d5bbe26e12891499677db0e26c8e6 /src/providers/krb5 | |
parent | 4c2cf6607ddc82c5061d805c11e163de4bc1bd82 (diff) | |
download | sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.gz sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.xz sssd-c83e409297711e6012a164cc929c758a3f38e9b9.zip |
Code can only check for cached passwords
Make it clear to the API users that we can not take arbitrary auth tokens.
We can only take a password for now so simplify and clarify the interface.
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 94bbe4854..bd014a49d 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -278,16 +278,23 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, struct pam_data *pd, uid_t uid, int *pam_status, int *dp_err) { + char *password = NULL; errno_t ret; - ret = sysdb_cache_auth(sysdb, pd->user, pd->authtok, - pd->authtok_size, cdb, true, NULL, - NULL); + password = talloc_strndup(state, pd->authtok, pd->authtok_size); + if (!password) { + DEBUG(0, ("Out of memory copying password\n")); + *pam_status = PAM_SYSTEM_ERR; + *dp_err = DP_ERR_OK; + return; + } + + ret = sysdb_cache_auth(sysdb, pd->user, password, cdb, true, NULL, NULL); if (ret != EOK) { DEBUG(1, ("Offline authentication failed\n")); *pam_status = cached_login_pam_status(ret); *dp_err = DP_ERR_OK; - return; + goto done; } ret = add_user_to_delayed_online_authentication(krb5_ctx, pd, uid); @@ -297,6 +304,12 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, } *pam_status = PAM_AUTHINFO_UNAVAIL; *dp_err = DP_ERR_OFFLINE; + +done: + if (password) { + for (i = 0; password[i]; i++) password[i] = 0; + talloc_zfree(password); + } } static errno_t krb5_auth_prepare_ccache_file(struct krb5child_req *kr, |