diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-03-14 09:10:39 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-04-02 17:01:08 +0200 |
| commit | 9acfb09f7969a69f58bd45c856b01700541853ca (patch) | |
| tree | 51b08598dde631e49910dc3c5865460208a6a9f5 /src/util | |
| parent | 53b58615fbc13eddcd6e2f28066b67cb5f16b6d3 (diff) | |
| download | sssd-9acfb09f7969a69f58bd45c856b01700541853ca.tar.gz sssd-9acfb09f7969a69f58bd45c856b01700541853ca.tar.xz sssd-9acfb09f7969a69f58bd45c856b01700541853ca.zip | |
Making the authtok structure really opaque.
Definition of structure sss_auth_token was removed from header file
authtok.h and there left only declaration of this structure.
Therefore only way how to use this structure is to use accessory function from
same header file.
To creating new empty authotok can only be used newly created function
sss_authtok_new(). TALLOC context was removed from copy and setter functions,
because pointer to stuct sss_auth_token is used as a memory context.
All declaration of struct sss_auth_token variables was replaced with
pointer to this structure and related changes was made in source code.
Function copy_pam_data can copy from argument src which was dynamically
allocated with function create_pam_data() or zero initialized struct pam_data
allocated on stack.
https://fedorahosted.org/sssd/ticket/1830
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/authtok.c | 48 | ||||
| -rw-r--r-- | src/util/authtok.h | 52 |
2 files changed, 57 insertions, 43 deletions
diff --git a/src/util/authtok.c b/src/util/authtok.c index 1c54d04cc..83e6a1c94 100644 --- a/src/util/authtok.c +++ b/src/util/authtok.c @@ -19,6 +19,12 @@ #include "authtok.h" +struct sss_auth_token { + enum sss_authtok_type type; + uint8_t *data; + size_t length; +}; + enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok) { return tok->type; @@ -80,8 +86,7 @@ errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok, return EINVAL; } -static errno_t sss_authtok_set_string(TALLOC_CTX *mem_ctx, - struct sss_auth_token *tok, +static errno_t sss_authtok_set_string(struct sss_auth_token *tok, enum sss_authtok_type type, const char *context_name, const char *str, size_t len) @@ -101,7 +106,7 @@ static errno_t sss_authtok_set_string(TALLOC_CTX *mem_ctx, size = len + 1; - tok->data = talloc_named(mem_ctx, size, "%s", context_name); + tok->data = talloc_named(tok, size, "%s", context_name); if (!tok->data) { return ENOMEM; } @@ -131,38 +136,33 @@ void sss_authtok_set_empty(struct sss_auth_token *tok) tok->length = 0; } -errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx, - struct sss_auth_token *tok, +errno_t sss_authtok_set_password(struct sss_auth_token *tok, const char *password, size_t len) { sss_authtok_set_empty(tok); - return sss_authtok_set_string(mem_ctx, tok, - SSS_AUTHTOK_TYPE_PASSWORD, + return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_PASSWORD, "password", password, len); } -errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx, - struct sss_auth_token *tok, +errno_t sss_authtok_set_ccfile(struct sss_auth_token *tok, const char *ccfile, size_t len) { sss_authtok_set_empty(tok); - return sss_authtok_set_string(mem_ctx, tok, - SSS_AUTHTOK_TYPE_CCFILE, + return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_CCFILE, "ccfile", ccfile, len); } -errno_t sss_authtok_set(TALLOC_CTX *mem_ctx, - struct sss_auth_token *tok, +errno_t sss_authtok_set(struct sss_auth_token *tok, enum sss_authtok_type type, uint8_t *data, size_t len) { switch (type) { case SSS_AUTHTOK_TYPE_PASSWORD: - return sss_authtok_set_password(mem_ctx, tok, (const char *)data, len); + return sss_authtok_set_password(tok, (const char *)data, len); case SSS_AUTHTOK_TYPE_CCFILE: - return sss_authtok_set_ccfile(mem_ctx, tok, (const char *)data, len); + return sss_authtok_set_ccfile(tok, (const char *)data, len); case SSS_AUTHTOK_TYPE_EMPTY: sss_authtok_set_empty(tok); return EOK; @@ -171,8 +171,7 @@ errno_t sss_authtok_set(TALLOC_CTX *mem_ctx, return EINVAL; } -errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx, - struct sss_auth_token *src, +errno_t sss_authtok_copy(struct sss_auth_token *src, struct sss_auth_token *dst) { sss_authtok_set_empty(dst); @@ -181,7 +180,7 @@ errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx, return EOK; } - dst->data = talloc_memdup(mem_ctx, src->data, src->length); + dst->data = talloc_memdup(dst, src->data, src->length); if (!dst->data) { return ENOMEM; } @@ -191,6 +190,19 @@ errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx, return EOK; } +struct sss_auth_token *sss_authtok_new(TALLOC_CTX *mem_ctx) +{ + struct sss_auth_token *token; + + token = talloc_zero(mem_ctx, struct sss_auth_token); + if (token == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); + } + + return token; +} + + void sss_authtok_wipe_password(struct sss_auth_token *tok) { if (tok->type != SSS_AUTHTOK_TYPE_PASSWORD) { diff --git a/src/util/authtok.h b/src/util/authtok.h index 21cfe4a1c..8f327d4c0 100644 --- a/src/util/authtok.h +++ b/src/util/authtok.h @@ -23,15 +23,9 @@ #include "util/util.h" #include "sss_client/sss_cli.h" -/* Auth token structure, - * please never use directly. - * Use sss_authtok_* accesor functions instead +/* Use sss_authtok_* accesor functions instead of struct sss_auth_token */ -struct sss_auth_token { - enum sss_authtok_type type; - uint8_t *data; - size_t length; -}; +struct sss_auth_token; /** * @brief Returns the token type @@ -79,8 +73,8 @@ errno_t sss_authtok_get_password(struct sss_auth_token *tok, /** * @brief Set a password into a an auth token, replacing any previous data * - * @param mem_ctx A memory context use to allocate the internal data - * @param tok A pointer to a sss_auth_token structure to change + * @param tok A pointer to a sss_auth_token structure to change, also + * used as a memory context to allocate the internal data. * @param password A string * @param len The length of the string or, if 0 is passed, * then strlen(password) will be used internally. @@ -88,8 +82,7 @@ errno_t sss_authtok_get_password(struct sss_auth_token *tok, * @return EOK on success * ENOMEM on error */ -errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx, - struct sss_auth_token *tok, +errno_t sss_authtok_set_password(struct sss_auth_token *tok, const char *password, size_t len); /** @@ -98,7 +91,7 @@ errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx, * * @param tok A pointer to an sss_auth_token * @param ccfile A pointer to a const char *, that will point to a null - * terminated string + * terminated string, also used as a memory context use to allocate the internal data * @param len The length of the string * * @return EOK on success @@ -111,16 +104,15 @@ errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok, /** * @brief Set a cc file name into a an auth token, replacing any previous data * - * @param mem_ctx A memory context use to allocate the internal data - * @param tok A pointer to a sss_auth_token structure to change + * @param tok A pointer to a sss_auth_token structure to change, also + * used as a memory context to allocate the internal data. * @param ccfile A null terminated string * @param len The length of the string * * @return EOK on success * ENOMEM on error */ -errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx, - struct sss_auth_token *tok, +errno_t sss_authtok_set_ccfile(struct sss_auth_token *tok, const char *ccfile, size_t len); /** @@ -136,8 +128,8 @@ void sss_authtok_set_empty(struct sss_auth_token *tok); /** * @brief Set an auth token by type, replacing any previous data * - * @param mem_ctx A memory context use to allocate the internal data - * @param tok A pointer to a sss_auth_token structure to change + * @param tok A pointer to a sss_auth_token structure to change, also + * used as a memory context to allocate the internal data. * @param type A valid authtok type * @param ccfile A data pointer * @param len The length of the data @@ -145,23 +137,21 @@ void sss_authtok_set_empty(struct sss_auth_token *tok); * @return EOK on success * ENOMEM or EINVAL on error */ -errno_t sss_authtok_set(TALLOC_CTX *mem_ctx, - struct sss_auth_token *tok, +errno_t sss_authtok_set(struct sss_auth_token *tok, enum sss_authtok_type type, uint8_t *data, size_t len); /** * @brief Copy an auth token from source to destination * - * @param mem_ctx The memory context to use for allocations on dst * @param src The source auth token - * @param dst The destination auth token + * @param dst The destination auth token, also used as a memory context + * to allocate dst internal data. * * @return EOK on success * ENOMEM on error */ -errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx, - struct sss_auth_token *src, +errno_t sss_authtok_copy(struct sss_auth_token *src, struct sss_auth_token *dst); /** @@ -177,4 +167,16 @@ errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx, */ void sss_authtok_wipe_password(struct sss_auth_token *tok); +/** + * @brief Create new empty struct sss_auth_token. + * + * @param mem_ctx A memory context use to allocate the internal data + * @return A pointer to new empty struct sss_auth_token + * NULL in case of failure + * + * NOTE: This function is the only way, how to create new empty + * struct sss_auth_token. + */ +struct sss_auth_token *sss_authtok_new(TALLOC_CTX *mem_ctx); + #endif /* __AUTHTOK_H__ */ |