summaryrefslogtreecommitdiff
path: root/src/providers/krb5
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-03-23 16:35:49 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-03-25 16:02:27 -0400
commit80c8a4f94d54b23bce206fdd75ff2648977ce271 (patch)
tree7a03b98f665e4ebf7005c580fd9873200f023fad /src/providers/krb5
parentf94abf5319d8f74cacae0a98d3925d18eb6839eb (diff)
downloadsssd-80c8a4f94d54b23bce206fdd75ff2648977ce271.tar.gz
sssd-80c8a4f94d54b23bce206fdd75ff2648977ce271.tar.bz2
sssd-80c8a4f94d54b23bce206fdd75ff2648977ce271.zip
Allow arbitrary-length PAM messages
The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
Diffstat (limited to 'src/providers/krb5')
-rw-r--r--src/providers/krb5/krb5_auth.c2
-rw-r--r--src/providers/krb5/krb5_child.c25
2 files changed, 7 insertions, 20 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index ce3aacd8..880930a1 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -1091,7 +1091,7 @@ static void krb5_child_done(struct tevent_req *req)
*msg_len));
if ((p + *msg_len) != len) {
- DEBUG(1, ("message format error.\n"));
+ DEBUG(1, ("message format error [%d] != [%d].\n", p+*msg_len, len));
goto done;
}
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 86242ef3..620e4d14 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -247,27 +247,15 @@ done:
return kerr;
}
-static struct response *init_response(TALLOC_CTX *mem_ctx) {
- struct response *r;
- r = talloc(mem_ctx, struct response);
- r->buf = talloc_size(mem_ctx, MAX_CHILD_MSG_SIZE);
- if (r->buf == NULL) {
- DEBUG(1, ("talloc_size failed.\n"));
- return NULL;
- }
- r->max_size = MAX_CHILD_MSG_SIZE;
- r->size = 0;
-
- return r;
-}
-
static errno_t pack_response_packet(struct response *resp, int status, int type,
size_t len, const uint8_t *data)
{
size_t p = 0;
- if ((3*sizeof(int32_t) + len +1) > resp->max_size) {
- DEBUG(1, ("response message too big.\n"));
+ resp->buf = talloc_array(resp, uint8_t,
+ 3*sizeof(int32_t) + len);
+ if (!resp->buf) {
+ DEBUG(1, ("Insufficient memory to create message.\n"));
return ENOMEM;
}
@@ -293,9 +281,9 @@ static struct response *prepare_response_message(struct krb5_req *kr,
size_t user_resp_len;
uint8_t *user_resp;
- resp = init_response(kr);
+ resp = talloc_zero(kr, struct response);
if (resp == NULL) {
- DEBUG(1, ("init_response failed.\n"));
+ DEBUG(1, ("Initializing response failed.\n"));
return NULL;
}
@@ -321,7 +309,6 @@ static struct response *prepare_response_message(struct krb5_req *kr,
talloc_zfree(msg);
}
} else {
-
if (user_error_message != NULL) {
ret = pack_user_info_chpass_error(kr, user_error_message,
&user_resp_len, &user_resp);