From 64af76e2bef2565caa9738f675c108a4b3789237 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 18 Oct 2012 18:43:56 -0400 Subject: Change pam data auth tokens. Use the new authtok abstraction and interfaces throught the code. --- src/providers/dp_pam_data_util.c | 117 ++++++++++++++++++++------------------- 1 file changed, 60 insertions(+), 57 deletions(-) (limited to 'src/providers/dp_pam_data_util.c') diff --git a/src/providers/dp_pam_data_util.c b/src/providers/dp_pam_data_util.c index 889c47f00..64f0d69bd 100644 --- a/src/providers/dp_pam_data_util.c +++ b/src/providers/dp_pam_data_util.c @@ -25,26 +25,6 @@ #include "providers/data_provider.h" -#define PD_STR_COPY(el) do { \ - if (old_pd->el != NULL) { \ - pd->el = talloc_strdup(pd, old_pd->el); \ - if (pd->el == NULL) { \ - DEBUG(1, ("talloc_strdup failed.\n")); \ - goto failed; \ - } \ - } \ -} while(0) - -#define PD_MEM_COPY(el, size) do { \ - if (old_pd->el != NULL) { \ - pd->el = talloc_memdup(pd, old_pd->el, (size)); \ - if (pd->el == NULL) { \ - DEBUG(1, ("talloc_memdup failed.\n")); \ - goto failed; \ - } \ - } \ -} while(0) - #define PAM_SAFE_ITEM(item) item ? item : "not set" static const char *pamcmd2str(int cmd) { @@ -72,17 +52,11 @@ int pam_data_destructor(void *ptr) { struct pam_data *pd = talloc_get_type(ptr, struct pam_data); - if (pd->authtok_size != 0 && pd->authtok != NULL) { - memset(pd->authtok, 0, pd->authtok_size); - pd->authtok_size = 0; - } + /* make sure to wipe any password from memory before freeing */ + sss_authtok_wipe_password(&pd->authtok); + sss_authtok_wipe_password(&pd->newauthtok); - if (pd->newauthtok_size != 0 && pd->newauthtok != NULL) { - memset(pd->newauthtok, 0, pd->newauthtok_size); - pd->newauthtok_size = 0; - } - - return EOK; + return 0; } struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx) @@ -100,41 +74,72 @@ struct pam_data *create_pam_data(TALLOC_CTX *mem_ctx) return pd; } -errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *old_pd, - struct pam_data **new_pd) +errno_t copy_pam_data(TALLOC_CTX *mem_ctx, struct pam_data *src, + struct pam_data **dst) { struct pam_data *pd = NULL; + errno_t ret; pd = create_pam_data(mem_ctx); if (pd == NULL) { - DEBUG(1, ("create_pam_data failed.\n")); - return ENOMEM; + ret = ENOMEM; + goto failed; + } + + pd->cmd = src->cmd; + pd->priv = src->priv; + + pd->domain = talloc_strdup(pd, src->domain); + if (pd->domain == NULL && src->domain != NULL) { + ret = ENOMEM; + goto failed; + } + pd->user = talloc_strdup(pd, src->user); + if (pd->user == NULL && src->user != NULL) { + ret = ENOMEM; + goto failed; + } + pd->service = talloc_strdup(pd, src->service); + if (pd->service == NULL && src->service != NULL) { + ret = ENOMEM; + goto failed; + } + pd->tty = talloc_strdup(pd, src->tty); + if (pd->tty == NULL && src->tty != NULL) { + ret = ENOMEM; + goto failed; + } + pd->ruser = talloc_strdup(pd, src->ruser); + if (pd->ruser == NULL && src->ruser != NULL) { + ret = ENOMEM; + goto failed; + } + pd->rhost = talloc_strdup(pd, src->rhost); + if (pd->rhost == NULL && src->rhost != NULL) { + ret = ENOMEM; + goto failed; + } + + pd->cli_pid = src->cli_pid; + + ret = sss_authtok_copy(pd, &src->authtok, &pd->authtok); + if (ret) { + goto failed; + } + + ret = sss_authtok_copy(pd, &src->newauthtok, &pd->newauthtok); + if (ret) { + goto failed; } - pd->cmd = old_pd->cmd; - pd->authtok_type = old_pd->authtok_type; - pd->authtok_size = old_pd->authtok_size; - pd->newauthtok_type = old_pd->newauthtok_type; - pd->newauthtok_size = old_pd->newauthtok_size; - pd->priv = old_pd->priv; - - PD_STR_COPY(domain); - PD_STR_COPY(user); - PD_STR_COPY(service); - PD_STR_COPY(tty); - PD_STR_COPY(ruser); - PD_STR_COPY(rhost); - PD_MEM_COPY(authtok, old_pd->authtok_size); - PD_MEM_COPY(newauthtok, old_pd->newauthtok_size); - pd->cli_pid = old_pd->cli_pid; - - *new_pd = pd; + *dst = pd; return EOK; failed: talloc_free(pd); - return ENOMEM; + DEBUG(1, ("copy_pam_data failed: (%d) %s.\n", ret, strerror(ret))); + return ret; } void pam_print_data(int l, struct pam_data *pd) @@ -146,10 +151,8 @@ void pam_print_data(int l, struct pam_data *pd) DEBUG(l, ("tty: %s\n", PAM_SAFE_ITEM(pd->tty))); DEBUG(l, ("ruser: %s\n", PAM_SAFE_ITEM(pd->ruser))); DEBUG(l, ("rhost: %s\n", PAM_SAFE_ITEM(pd->rhost))); - DEBUG(l, ("authtok type: %d\n", pd->authtok_type)); - DEBUG(l, ("authtok size: %d\n", pd->authtok_size)); - DEBUG(l, ("newauthtok type: %d\n", pd->newauthtok_type)); - DEBUG(l, ("newauthtok size: %d\n", pd->newauthtok_size)); + DEBUG(l, ("authtok type: %d\n", sss_authtok_get_type(&pd->authtok))); + DEBUG(l, ("newauthtok type: %d\n", sss_authtok_get_type(&pd->newauthtok))); DEBUG(l, ("priv: %d\n", pd->priv)); DEBUG(l, ("cli_pid: %d\n", pd->cli_pid)); } -- cgit