diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-05-01 20:09:44 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2009-05-18 15:27:48 -0400 |
commit | a15b93a1cb46a4d91666f3b6de2337eb693e833b (patch) | |
tree | c81a67c933c5d9b92ca1ed69a709b0e0f46eba04 /server/responder/pam | |
parent | 2011c5c332083582d6b0dc8424dfc794a8f06cca (diff) | |
download | sssd-a15b93a1cb46a4d91666f3b6de2337eb693e833b.tar.gz sssd-a15b93a1cb46a4d91666f3b6de2337eb693e833b.tar.bz2 sssd-a15b93a1cb46a4d91666f3b6de2337eb693e833b.zip |
Fix crypt functions to not use static buffers.
Also fix style, clarify, and simplify some logic.
Diffstat (limited to 'server/responder/pam')
-rw-r--r-- | server/responder/pam/pam_LOCAL_domain.c | 18 | ||||
-rw-r--r-- | server/responder/pam/pamsrv_cache.c | 16 |
2 files changed, 16 insertions, 18 deletions
diff --git a/server/responder/pam/pam_LOCAL_domain.c b/server/responder/pam/pam_LOCAL_domain.c index dc394ab8..1287c7d9 100644 --- a/server/responder/pam/pam_LOCAL_domain.c +++ b/server/responder/pam/pam_LOCAL_domain.c @@ -230,14 +230,14 @@ static void do_pam_chauthtok(struct LOCAL_request *lreq) lreq->error, ret, done); memset(pd->newauthtok, 0, pd->newauthtok_size); - salt = gen_salt(); - NULL_CHECK_OR_JUMP(salt, ("Salt generation failed.\n"), - lreq->error, EFAULT, done); + ret = s3crypt_gen_salt(lreq, &salt); + NEQ_CHECK_OR_JUMP(ret, EOK, ("Salt generation failed.\n"), + lreq->error, ret, done); DEBUG(4, ("Using salt [%s]\n", salt)); - new_hash = nss_sha512_crypt(newauthtok, salt); - NULL_CHECK_OR_JUMP(new_hash, ("Hash generation failed.\n"), - lreq->error, EFAULT, done); + ret = s3crypt_sha512(lreq, newauthtok, salt, &new_hash); + NEQ_CHECK_OR_JUMP(ret, EOK, ("Hash generation failed.\n"), + lreq->error, ret, done); DEBUG(4, ("New hash [%s]\n", new_hash)); memset(newauthtok, 0, pd->newauthtok_size); @@ -323,10 +323,10 @@ static void local_handler_callback(void *pvt, int ldb_status, lreq->error, ret, done); DEBUG(4, ("user: [%s], password hash: [%s]\n", username, password)); - new_hash = nss_sha512_crypt(authtok, password); + ret = s3crypt_sha512(lreq, authtok, password, &new_hash); memset(authtok, 0, pd->authtok_size); - NULL_CHECK_OR_JUMP(new_hash, ("nss_sha512_crypt failed.\n"), - lreq->error, EFAULT, done); + NEQ_CHECK_OR_JUMP(ret, EOK, ("nss_sha512_crypt failed.\n"), + lreq->error, ret, done); DEBUG(4, ("user: [%s], new hash: [%s]\n", username, new_hash)); diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c index f98be79b..ed18f6a1 100644 --- a/server/responder/pam/pamsrv_cache.c +++ b/server/responder/pam/pamsrv_cache.c @@ -122,17 +122,15 @@ int pam_cache_credentials(struct pam_auth_req *preq) goto done; } - salt = gen_salt(); - if (!salt) { + ret = s3crypt_gen_salt(preq, &salt); + if (ret) { DEBUG(4, ("Failed to generate random salt.\n")); - ret = EFAULT; goto done; } - comphash = nss_sha512_crypt(password, salt); - if (!comphash) { + ret = s3crypt_sha512(preq, password, salt, &comphash); + if (ret) { DEBUG(4, ("Failed to create password hash.\n")); - ret = EFAULT; goto done; } @@ -181,7 +179,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status, struct pam_auth_req *preq; struct pam_data *pd; const char *userhash; - const char *comphash; + char *comphash; char *password = NULL; int i, ret; @@ -226,8 +224,8 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status, goto done; } - comphash = nss_sha512_crypt(password, userhash); - if (!comphash) { + ret = s3crypt_sha512(preq, password, userhash, &comphash); + if (ret) { DEBUG(4, ("Failed to create password hash.\n")); ret = PAM_SYSTEM_ERR; goto done; |