From a15b93a1cb46a4d91666f3b6de2337eb693e833b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 1 May 2009 20:09:44 -0400 Subject: Fix crypt functions to not use static buffers. Also fix style, clarify, and simplify some logic. --- server/responder/pam/pam_LOCAL_domain.c | 18 +++++++++--------- server/responder/pam/pamsrv_cache.c | 16 +++++++--------- 2 files changed, 16 insertions(+), 18 deletions(-) (limited to 'server/responder/pam') diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c index dc394ab8e..1287c7d9b 100644 --- a/server/responder/pam/pam_LOCAL_domain.c +++ b/server/responder/pam/pam_LOCAL_domain.c @@ -230,14 +230,14 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) lreq->error, ret, done); memset(pd->newauthtok, 0, pd->newauthtok_size); - salt = gen_salt(); - NULL_CHECK_OR_JUMP(salt, ("Salt generation failed.\n"), - lreq->error, EFAULT, done); + ret = s3crypt_gen_salt(lreq, &salt); + NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"), + lreq->error, ret, done); DEBUG(4, ("Using salt [%s]\n", salt)); - new_hash = nss_sha512_crypt(newauthtok, salt); - NULL_CHECK_OR_JUMP(new_hash, ("Hash generation failed.\n"), - lreq->error, EFAULT, done); + ret = s3crypt_sha512(lreq, newauthtok, salt, &new_hash); + NEQ_CHECK_OR_JUMP(ret, EOK, ("Hash generation failed.\n"), + lreq->error, ret, done); DEBUG(4, ("New hash [%s]\n", new_hash)); memset(newauthtok, 0, pd->newauthtok_size); @@ -323,10 +323,10 @@ static void local_handler_callback(void *pvt, int ldb_status, lreq->error, ret, done); DEBUG(4, ("user: [%s], password hash: [%s]\n", username, password)); - new_hash = nss_sha512_crypt(authtok, password); + ret = s3crypt_sha512(lreq, authtok, password, &new_hash); memset(authtok, 0, pd->authtok_size); - NULL_CHECK_OR_JUMP(new_hash, ("nss_sha512_crypt failed.\n"), - lreq->error, EFAULT, done); + NEQ_CHECK_OR_JUMP(ret, EOK, ("nss_sha512_crypt failed.\n"), + lreq->error, ret, done); DEBUG(4, ("user: [%s], new hash: [%s]\n", username, new_hash)); diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c index f98be79bd..ed18f6a1b 100644 --- a/server/responder/pam/pamsrv_cache.c +++ b/server/responder/pam/pamsrv_cache.c @@ -122,17 +122,15 @@ int pam_cache_credentials(struct pam_auth_req *preq) goto done; } - salt = gen_salt(); - if (!salt) { + ret = s3crypt_gen_salt(preq, &salt); + if (ret) { DEBUG(4, ("Failed to generate random salt.\n")); - ret = EFAULT; goto done; } - comphash = nss_sha512_crypt(password, salt); - if (!comphash) { + ret = s3crypt_sha512(preq, password, salt, &comphash); + if (ret) { DEBUG(4, ("Failed to create password hash.\n")); - ret = EFAULT; goto done; } @@ -181,7 +179,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status, struct pam_auth_req *preq; struct pam_data *pd; const char *userhash; - const char *comphash; + char *comphash; char *password = NULL; int i, ret; @@ -226,8 +224,8 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status, goto done; } - comphash = nss_sha512_crypt(password, userhash); - if (!comphash) { + ret = s3crypt_sha512(preq, password, userhash, &comphash); + if (ret) { DEBUG(4, ("Failed to create password hash.\n")); ret = PAM_SYSTEM_ERR; goto done; -- cgit