diff options
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 10 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child.c | 28 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 8 | ||||
-rw-r--r-- | src/providers/krb5/krb5_delayed_online_authentication.c | 12 | ||||
-rw-r--r-- | src/providers/krb5/krb5_renew_tgt.c | 5 |
5 files changed, 31 insertions, 32 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index a9b75768c..6c0f429fb 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -284,7 +284,7 @@ static void krb5_auth_cache_creds(struct krb5_ctx *krb5_ctx, const char *password = NULL; errno_t ret; - ret = sss_authtok_get_password(&pd->authtok, &password, NULL); + ret = sss_authtok_get_password(pd->authtok, &password, NULL); if (ret != EOK) { DEBUG(0, ("Failed to get password [%d] %s\n", ret, strerror(ret))); *pam_status = PAM_SYSTEM_ERR; @@ -397,10 +397,10 @@ static void krb5_auth_store_creds(struct sysdb_ctx *sysdb, break; case SSS_PAM_AUTHENTICATE: case SSS_PAM_CHAUTHTOK_PRELIM: - ret = sss_authtok_get_password(&pd->authtok, &password, NULL); + ret = sss_authtok_get_password(pd->authtok, &password, NULL); break; case SSS_PAM_CHAUTHTOK: - ret = sss_authtok_get_password(&pd->newauthtok, &password, NULL); + ret = sss_authtok_get_password(pd->newauthtok, &password, NULL); break; default: DEBUG(0, ("unsupported PAM command [%d].\n", pd->cmd)); @@ -490,7 +490,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, case SSS_PAM_AUTHENTICATE: case SSS_CMD_RENEW: case SSS_PAM_CHAUTHTOK: - if (sss_authtok_get_type(&pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { + if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { DEBUG(1, ("Missing authtok for user [%s].\n", pd->user)); state->pam_status = PAM_SYSTEM_ERR; state->dp_err = DP_ERR_FATAL; @@ -500,7 +500,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, break; case SSS_PAM_CHAUTHTOK_PRELIM: if (pd->priv == 1 && - sss_authtok_get_type(&pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { + sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { DEBUG(4, ("Password reset by root is not supported.\n")); state->pam_status = PAM_PERM_DENIED; state->dp_err = DP_ERR_OK; diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 52127b39a..4ccd75d26 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1201,7 +1201,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) DEBUG(SSSDBG_TRACE_LIBS, ("Password change operation\n")); - ret = sss_authtok_get_password(&kr->pd->authtok, &password, NULL); + ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL); if (ret != EOK) { DEBUG(1, ("Failed to fetch current password [%d] %s.\n", ret, strerror(ret))); @@ -1233,7 +1233,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) return kerr; } - sss_authtok_set_empty(&kr->pd->authtok); + sss_authtok_set_empty(kr->pd->authtok); if (prelim) { DEBUG(SSSDBG_TRACE_LIBS, @@ -1243,7 +1243,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) return EOK; } - ret = sss_authtok_get_password(&kr->pd->newauthtok, &newpassword, NULL); + ret = sss_authtok_get_password(kr->pd->newauthtok, &newpassword, NULL); if (ret != EOK) { DEBUG(1, ("Failed to fetch new password [%d] %s.\n", ret, strerror(ret))); @@ -1307,7 +1307,7 @@ static errno_t changepw_child(struct krb5_req *kr, bool prelim) kerr = get_and_save_tgt(kr, newpassword); - sss_authtok_set_empty(&kr->pd->newauthtok); + sss_authtok_set_empty(kr->pd->newauthtok); if (kerr == 0) { kerr = k5c_attach_ccname_msg(kr); @@ -1324,7 +1324,7 @@ static errno_t tgt_req_child(struct krb5_req *kr) DEBUG(SSSDBG_TRACE_LIBS, ("Attempting to get a TGT\n")); - ret = sss_authtok_get_password(&kr->pd->authtok, &password, NULL); + ret = sss_authtok_get_password(kr->pd->authtok, &password, NULL); switch (ret) { if (ret == EACCES) { DEBUG(SSSDBG_OP_FAILURE, ("Invalid authtok type\n")); @@ -1379,7 +1379,7 @@ static errno_t tgt_req_child(struct krb5_req *kr) } done: - sss_authtok_set_empty(&kr->pd->authtok); + sss_authtok_set_empty(kr->pd->authtok); return ret; } @@ -1423,11 +1423,11 @@ static errno_t renew_tgt_child(struct krb5_req *kr) DEBUG(SSSDBG_TRACE_LIBS, ("Renewing a ticket\n")); - ret = sss_authtok_get_ccfile(&kr->pd->authtok, &ccname, NULL); + ret = sss_authtok_get_ccfile(kr->pd->authtok, &ccname, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unsupported authtok type for TGT renewal [%d].\n", - sss_authtok_get_type(&kr->pd->authtok))); + sss_authtok_get_type(kr->pd->authtok))); return ERR_INVALID_CRED_TYPE; } @@ -1527,10 +1527,10 @@ static errno_t unpack_authtok(TALLOC_CTX *mem_ctx, struct sss_auth_token *tok, sss_authtok_set_empty(tok); break; case SSS_AUTHTOK_TYPE_PASSWORD: - ret = sss_authtok_set_password(mem_ctx, tok, (char *)(buf + *p), 0); + ret = sss_authtok_set_password(tok, (char *)(buf + *p), 0); break; case SSS_AUTHTOK_TYPE_CCFILE: - ret = sss_authtok_set_ccfile(mem_ctx, tok, (char *)(buf + *p), 0); + ret = sss_authtok_set_ccfile(tok, (char *)(buf + *p), 0); break; default: return EINVAL; @@ -1598,7 +1598,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, if (kr->keytab == NULL) return ENOMEM; p += len; - ret = unpack_authtok(pd, &pd->authtok, buf, size, &p); + ret = unpack_authtok(pd, pd->authtok, buf, size, &p); if (ret) { return ret; } @@ -1608,16 +1608,16 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, } else { kr->ccname = NULL; kr->keytab = NULL; - sss_authtok_set_empty(&pd->authtok); + sss_authtok_set_empty(pd->authtok); } if (pd->cmd == SSS_PAM_CHAUTHTOK) { - ret = unpack_authtok(pd, &pd->newauthtok, buf, size, &p); + ret = unpack_authtok(pd, pd->newauthtok, buf, size, &p); if (ret) { return ret; } } else { - sss_authtok_set_empty(&pd->newauthtok); + sss_authtok_set_empty(pd->newauthtok); } if (pd->cmd == SSS_PAM_ACCT_MGMT) { diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index cc309af34..8ff65130f 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -155,12 +155,12 @@ static errno_t create_send_buffer(struct krb5child_req *kr, kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || kr->pd->cmd == SSS_PAM_CHAUTHTOK) { buf->size += 4*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) + - sss_authtok_get_size(&kr->pd->authtok); + sss_authtok_get_size(kr->pd->authtok); } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { buf->size += 2*sizeof(uint32_t) + - sss_authtok_get_size(&kr->pd->newauthtok); + sss_authtok_get_size(kr->pd->newauthtok); } if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) { @@ -196,14 +196,14 @@ static errno_t create_send_buffer(struct krb5child_req *kr, SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab), &rp); safealign_memcpy(&buf->data[rp], keytab, strlen(keytab), &rp); - ret = pack_authtok(buf, &rp, &kr->pd->authtok); + ret = pack_authtok(buf, &rp, kr->pd->authtok); if (ret) { return ret; } } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { - ret = pack_authtok(buf, &rp, &kr->pd->newauthtok); + ret = pack_authtok(buf, &rp, kr->pd->newauthtok); if (ret) { return ret; } diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c index f95fa634c..87e0f3c63 100644 --- a/src/providers/krb5/krb5_delayed_online_authentication.c +++ b/src/providers/krb5/krb5_delayed_online_authentication.c @@ -84,7 +84,7 @@ static void authenticate_user(struct tevent_context *ev, return; } - ret = sss_authtok_set_password(pd, &pd->authtok, password, keysize); + ret = sss_authtok_set_password(pd->authtok, password, keysize); safezero(password, keysize); free(password); if (ret) { @@ -246,7 +246,7 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, return EINVAL; } - if (sss_authtok_get_type(&pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { + if (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD) { DEBUG(1, ("Invalid authtok for user [%s].\n", pd->user)); return EINVAL; } @@ -262,10 +262,10 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, const char *password; size_t len; - ret = sss_authtok_get_password(&new_pd->authtok, &password, &len); + ret = sss_authtok_get_password(new_pd->authtok, &password, &len); if (ret) { DEBUG(1, ("Failed to get password [%d][%s].\n", ret, strerror(ret))); - sss_authtok_set_empty(&new_pd->authtok); + sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; } @@ -275,13 +275,13 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, if (new_pd->key_serial == -1) { ret = errno; DEBUG(1, ("add_key failed [%d][%s].\n", ret, strerror(ret))); - sss_authtok_set_empty(&new_pd->authtok); + sss_authtok_set_empty(new_pd->authtok); talloc_free(new_pd); return ret; } DEBUG(9, ("Saved authtok of user [%s] with serial [%ld].\n", new_pd->user, new_pd->key_serial)); - sss_authtok_set_empty(&new_pd->authtok); + sss_authtok_set_empty(new_pd->authtok); #endif key.type = HASH_KEY_ULONG; diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c index f2ee5d91f..0b1f26fd3 100644 --- a/src/providers/krb5/krb5_renew_tgt.c +++ b/src/providers/krb5/krb5_renew_tgt.c @@ -592,10 +592,9 @@ errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, goto done; } - sss_authtok_set_empty(&renew_data->pd->newauthtok); + sss_authtok_set_empty(renew_data->pd->newauthtok); - ret = sss_authtok_set_ccfile(renew_data->pd, &renew_data->pd->authtok, - renew_data->ccfile, 0); + ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0); if (ret) { DEBUG(1, ("Failed to store ccfile in auth token.\n")); goto done; |