summaryrefslogtreecommitdiff
path: root/server/responder/pam
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-05-01 20:09:44 -0400
committerSimo Sorce <ssorce@redhat.com>2009-05-18 15:27:48 -0400
commita15b93a1cb46a4d91666f3b6de2337eb693e833b (patch)
treec81a67c933c5d9b92ca1ed69a709b0e0f46eba04 /server/responder/pam
parent2011c5c332083582d6b0dc8424dfc794a8f06cca (diff)
downloadsssd-a15b93a1cb46a4d91666f3b6de2337eb693e833b.tar.gz
sssd-a15b93a1cb46a4d91666f3b6de2337eb693e833b.tar.bz2
sssd-a15b93a1cb46a4d91666f3b6de2337eb693e833b.zip
Fix crypt functions to not use static buffers.
Also fix style, clarify, and simplify some logic.
Diffstat (limited to 'server/responder/pam')
-rw-r--r--server/responder/pam/pam_LOCAL_domain.c18
-rw-r--r--server/responder/pam/pamsrv_cache.c16
2 files changed, 16 insertions, 18 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c
index dc394ab8..1287c7d9 100644
--- a/server/responder/pam/pam_LOCAL_domain.c
+++ b/server/responder/pam/pam_LOCAL_domain.c
@@ -230,14 +230,14 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq)
lreq->error, ret, done);
memset(pd->newauthtok, 0, pd->newauthtok_size);
- salt = gen_salt();
- NULL_CHECK_OR_JUMP(salt, ("Salt generation failed.\n"),
- lreq->error, EFAULT, done);
+ ret = s3crypt_gen_salt(lreq, &salt);
+ NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"),
+ lreq->error, ret, done);
DEBUG(4, ("Using salt [%s]\n", salt));
- new_hash = nss_sha512_crypt(newauthtok, salt);
- NULL_CHECK_OR_JUMP(new_hash, ("Hash generation failed.\n"),
- lreq->error, EFAULT, done);
+ ret = s3crypt_sha512(lreq, newauthtok, salt, &new_hash);
+ NEQ_CHECK_OR_JUMP(ret, EOK, ("Hash generation failed.\n"),
+ lreq->error, ret, done);
DEBUG(4, ("New hash [%s]\n", new_hash));
memset(newauthtok, 0, pd->newauthtok_size);
@@ -323,10 +323,10 @@ static void local_handler_callback(void *pvt, int ldb_status,
lreq->error, ret, done);
DEBUG(4, ("user: [%s], password hash: [%s]\n", username, password));
- new_hash = nss_sha512_crypt(authtok, password);
+ ret = s3crypt_sha512(lreq, authtok, password, &new_hash);
memset(authtok, 0, pd->authtok_size);
- NULL_CHECK_OR_JUMP(new_hash, ("nss_sha512_crypt failed.\n"),
- lreq->error, EFAULT, done);
+ NEQ_CHECK_OR_JUMP(ret, EOK, ("nss_sha512_crypt failed.\n"),
+ lreq->error, ret, done);
DEBUG(4, ("user: [%s], new hash: [%s]\n", username, new_hash));
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
index f98be79b..ed18f6a1 100644
--- a/server/responder/pam/pamsrv_cache.c
+++ b/server/responder/pam/pamsrv_cache.c
@@ -122,17 +122,15 @@ int pam_cache_credentials(struct pam_auth_req *preq)
goto done;
}
- salt = gen_salt();
- if (!salt) {
+ ret = s3crypt_gen_salt(preq, &salt);
+ if (ret) {
DEBUG(4, ("Failed to generate random salt.\n"));
- ret = EFAULT;
goto done;
}
- comphash = nss_sha512_crypt(password, salt);
- if (!comphash) {
+ ret = s3crypt_sha512(preq, password, salt, &comphash);
+ if (ret) {
DEBUG(4, ("Failed to create password hash.\n"));
- ret = EFAULT;
goto done;
}
@@ -181,7 +179,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
struct pam_auth_req *preq;
struct pam_data *pd;
const char *userhash;
- const char *comphash;
+ char *comphash;
char *password = NULL;
int i, ret;
@@ -226,8 +224,8 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
goto done;
}
- comphash = nss_sha512_crypt(password, userhash);
- if (!comphash) {
+ ret = s3crypt_sha512(preq, password, userhash, &comphash);
+ if (ret) {
DEBUG(4, ("Failed to create password hash.\n"));
ret = PAM_SYSTEM_ERR;
goto done;