diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-03-07 17:07:16 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-03-14 14:06:17 +0100 |
| commit | 957e0a8675359d90fa50067b704578d01f565bba (patch) | |
| tree | d3ffa2c14648493dc4e7f156734db5c93600a935 /src/sss_client/pam_sss.c | |
| parent | 265c7b5e5333befdadd4ac8d09f4147f211959fd (diff) | |
| download | sssd-957e0a8675359d90fa50067b704578d01f565bba.tar.gz sssd-957e0a8675359d90fa50067b704578d01f565bba.tar.xz sssd-957e0a8675359d90fa50067b704578d01f565bba.zip | |
pam_sss: reorder pam_message array
There are different expectations about how the pam_message array is
organized, details can be found in the pam_conv man page. E.g. sudo was
not able to handle the Linux-PAM style but expected the Solaris PAM
style. With this patch both styles should work as expected.
Resolves https://fedorahosted.org/sssd/ticket/2971
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/sss_client/pam_sss.c')
| -rw-r--r-- | src/sss_client/pam_sss.c | 36 |
1 files changed, 14 insertions, 22 deletions
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index b4f7efe49..5b2307c1b 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1260,8 +1260,7 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi, int ret; const struct pam_conv *conv; const struct pam_message *mesg[2] = { NULL, NULL }; - struct pam_message *m1; - struct pam_message *m2; + struct pam_message m[2] = { {0}, {0} }; struct pam_response *resp = NULL; size_t needed_size; @@ -1270,29 +1269,22 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi, return ret; } - m1 = malloc(sizeof(struct pam_message)); - if (m1 == NULL) { - D(("Malloc failed.")); - return PAM_SYSTEM_ERR; - } - - m2 = malloc(sizeof(struct pam_message)); - if (m2 == NULL) { - D(("Malloc failed.")); - free(m1); - return PAM_SYSTEM_ERR; - } - m1->msg_style = PAM_PROMPT_ECHO_OFF; - m1->msg = prompt_fa1; - m2->msg_style = PAM_PROMPT_ECHO_OFF; - m2->msg = prompt_fa2; + m[0].msg_style = PAM_PROMPT_ECHO_OFF; + m[0].msg = prompt_fa1; + m[1].msg_style = PAM_PROMPT_ECHO_OFF; + m[1].msg = prompt_fa2; - mesg[0] = (const struct pam_message *) m1; - mesg[1] = (const struct pam_message *) m2; + mesg[0] = (const struct pam_message *) m; + /* The following assignment might look a bit odd but is recommended in the + * pam_conv man page to make sure that the second argument of the PAM + * conversation function can be interpreted in two different ways. + * Basically it is important that both the actual struct pam_message and + * the pointers to the struct pam_message are arrays. Since the assignment + * makes clear that mesg[] and (*mesg)[] are arrays it should be kept this + * way and not be replaced by other equivalent assignments. */ + mesg[1] = & (( *mesg )[1]); ret = conv->conv(2, mesg, &resp, conv->appdata_ptr); - free(m1); - free(m2); if (ret != PAM_SUCCESS) { D(("Conversation failure: %s.", pam_strerror(pamh, ret))); return ret; |