diff options
author | Sumit Bose <sbose@redhat.com> | 2010-05-20 10:12:47 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-20 14:09:56 -0400 |
commit | 2faf73eef14d66aeb345ffa38d0f53670fa8a9a1 (patch) | |
tree | 4357f06db2208b076c587ebabeb4edc5e61945f2 /src/providers/dp_auth_util.c | |
parent | e091bbd28c35fe8f916a15b4b0548f1b5419aab7 (diff) | |
download | sssd-2faf73eef14d66aeb345ffa38d0f53670fa8a9a1.tar.gz sssd-2faf73eef14d66aeb345ffa38d0f53670fa8a9a1.tar.xz sssd-2faf73eef14d66aeb345ffa38d0f53670fa8a9a1.zip |
Copy pam data from DBus message
Instead of just using references to the pam data inside of the DBus
message the data is copied. New the DBus message can be freed at any
time and the pam data is part of the memory hierarchy. Additionally it
is possible to overwrite the authentication tokens in the DBus message,
because it is not used elsewhere.
Diffstat (limited to 'src/providers/dp_auth_util.c')
-rw-r--r-- | src/providers/dp_auth_util.c | 108 |
1 files changed, 67 insertions, 41 deletions
diff --git a/src/providers/dp_auth_util.c b/src/providers/dp_auth_util.c index e09a69243..f042f8ce5 100644 --- a/src/providers/dp_auth_util.c +++ b/src/providers/dp_auth_util.c @@ -23,7 +23,7 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd) { - int ret; + dbus_bool_t db_ret; if (pd->user == NULL) return false; if (pd->service == NULL) pd->service = talloc_strdup(pd, ""); @@ -32,52 +32,78 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd) if (pd->rhost == NULL) pd->rhost = talloc_strdup(pd, ""); - ret = dbus_message_append_args(msg, - DBUS_TYPE_INT32, &(pd->cmd), - DBUS_TYPE_STRING, &(pd->user), - DBUS_TYPE_STRING, &(pd->service), - DBUS_TYPE_STRING, &(pd->tty), - DBUS_TYPE_STRING, &(pd->ruser), - DBUS_TYPE_STRING, &(pd->rhost), - DBUS_TYPE_UINT32, &(pd->authtok_type), + db_ret = dbus_message_append_args(msg, + DBUS_TYPE_INT32, &(pd->cmd), + DBUS_TYPE_STRING, &(pd->user), + DBUS_TYPE_STRING, &(pd->service), + DBUS_TYPE_STRING, &(pd->tty), + DBUS_TYPE_STRING, &(pd->ruser), + DBUS_TYPE_STRING, &(pd->rhost), + DBUS_TYPE_UINT32, &(pd->authtok_type), + DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, + &(pd->authtok), + (pd->authtok_size), + DBUS_TYPE_UINT32, &(pd->newauthtok_type), + DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, + &(pd->newauthtok), + pd->newauthtok_size, + DBUS_TYPE_INT32, &(pd->priv), + DBUS_TYPE_UINT32, &(pd->cli_pid), + DBUS_TYPE_INVALID); + + return db_ret; +} + +bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx, + struct pam_data **new_pd, DBusError *dbus_error) +{ + dbus_bool_t db_ret; + int ret; + struct pam_data pd; + + memset(&pd, 0, sizeof(pd)); + + db_ret = dbus_message_get_args(msg, dbus_error, + DBUS_TYPE_INT32, &(pd.cmd), + DBUS_TYPE_STRING, &(pd.user), + DBUS_TYPE_STRING, &(pd.service), + DBUS_TYPE_STRING, &(pd.tty), + DBUS_TYPE_STRING, &(pd.ruser), + DBUS_TYPE_STRING, &(pd.rhost), + DBUS_TYPE_UINT32, &(pd.authtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->authtok), - (pd->authtok_size), - DBUS_TYPE_UINT32, &(pd->newauthtok_type), + &(pd.authtok), + &(pd.authtok_size), + DBUS_TYPE_UINT32, &(pd.newauthtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->newauthtok), - pd->newauthtok_size, - DBUS_TYPE_INT32, &(pd->priv), - DBUS_TYPE_UINT32, &(pd->cli_pid), + &(pd.newauthtok), + &(pd.newauthtok_size), + DBUS_TYPE_INT32, &(pd.priv), + DBUS_TYPE_UINT32, &(pd.cli_pid), DBUS_TYPE_INVALID); - return ret; -} + if (!db_ret) { + DEBUG(1, ("dbus_message_get_args failed.\n")); + return false; + } -bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error) -{ - int ret; + ret = copy_pam_data(mem_ctx, &pd, new_pd); + if (ret != EOK) { + DEBUG(1, ("copy_pam_data failed.\n")); + return false; + } - ret = dbus_message_get_args(msg, dbus_error, - DBUS_TYPE_INT32, &(pd->cmd), - DBUS_TYPE_STRING, &(pd->user), - DBUS_TYPE_STRING, &(pd->service), - DBUS_TYPE_STRING, &(pd->tty), - DBUS_TYPE_STRING, &(pd->ruser), - DBUS_TYPE_STRING, &(pd->rhost), - DBUS_TYPE_UINT32, &(pd->authtok_type), - DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->authtok), - &(pd->authtok_size), - DBUS_TYPE_UINT32, &(pd->newauthtok_type), - DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->newauthtok), - &(pd->newauthtok_size), - DBUS_TYPE_INT32, &(pd->priv), - DBUS_TYPE_UINT32, &(pd->cli_pid), - DBUS_TYPE_INVALID); - - return ret; + if (pd.authtok_size != 0 && pd.authtok != NULL) { + memset(pd.authtok, 0, pd.authtok_size); + pd.authtok_size = 0; + } + + if (pd.newauthtok_size != 0 && pd.newauthtok != NULL) { + memset(pd.newauthtok, 0, pd.newauthtok_size); + pd.newauthtok_size = 0; + } + + return true; } bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd) |