Change pam data auth tokens.

Use the new authtok abstraction and interfaces throught the code.

1 files changed, 6 insertions, 8 deletions

diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c
index 8088283fa..3430f38b2 100644
--- a/src/providers/proxy/proxy_auth.c
+++ b/src/providers/proxy/proxy_auth.c
@@ -712,7 +712,7 @@ static void proxy_child_done(struct tevent_req *req)
     struct proxy_client_ctx *client_ctx =
             tevent_req_callback_data(req, struct proxy_client_ctx);
     struct pam_data *pd = NULL;
-    char *password;
+    const char *password;
     int ret;
     struct tevent_immediate *imm;
 
@@ -747,17 +747,15 @@ static void proxy_child_done(struct tevent_req *req)
 
     /* Check if we need to save the cached credentials */
     if ((pd->cmd == SSS_PAM_AUTHENTICATE || pd->cmd == SSS_PAM_CHAUTHTOK) &&
-            pd->pam_status == PAM_SUCCESS &&
-            client_ctx->be_req->be_ctx->domain->cache_credentials) {
-        password = talloc_strndup(client_ctx->be_req,
-                                  (char *) pd->authtok,
-                                  pd->authtok_size);
-        if (!password) {
+        (pd->pam_status == PAM_SUCCESS) &&
+        client_ctx->be_req->be_ctx->domain->cache_credentials) {
+
+        ret = sss_authtok_get_password(&pd->authtok, &password, NULL);
+        if (ret) {
             /* password caching failures are not fatal errors */
             DEBUG(2, ("Failed to cache password\n"));
             goto done;
         }
-        talloc_set_destructor((TALLOC_CTX *)password, password_destructor);
 
         ret = sysdb_cache_password(client_ctx->be_req->be_ctx->sysdb,
                                    pd->user, password);