diff options
author | Sumit Bose <sbose@redhat.com> | 2010-11-08 15:00:19 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-03 10:41:28 -0500 |
commit | 7470bb938429c7a723f5aad971cc50a805a9ead8 (patch) | |
tree | 4d11327ebbaaf07796fe4f0bea9bd757f67f255c /src/providers | |
parent | 92ae4a7ef84f05239da1ac2eba0d7a34161da271 (diff) | |
download | sssd-7470bb938429c7a723f5aad971cc50a805a9ead8.tar.gz sssd-7470bb938429c7a723f5aad971cc50a805a9ead8.tar.bz2 sssd-7470bb938429c7a723f5aad971cc50a805a9ead8.zip |
Check authtok type for krb5 auth and chpass
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_child.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index c4af471d..0e555604 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -620,6 +620,12 @@ static errno_t changepw_child(int fd, struct krb5_req *kr) char *changepw_princ = NULL; krb5_prompter_fct prompter = sss_krb5_prompter; + if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { + pam_status = PAM_CRED_INSUFFICIENT; + kerr = KRB5KRB_ERR_GENERIC; + goto sendresponse; + } + pass_str = talloc_strndup(kr, (const char *) kr->pd->authtok, kr->pd->authtok_size); if (pass_str == NULL) { @@ -760,6 +766,12 @@ static errno_t tgt_req_child(int fd, struct krb5_req *kr) char *changepw_princ = NULL; int pam_status = PAM_SYSTEM_ERR; + if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { + pam_status = PAM_CRED_INSUFFICIENT; + kerr = KRB5KRB_ERR_GENERIC; + goto sendresponse; + } + pass_str = talloc_strndup(kr, (const char *) kr->pd->authtok, kr->pd->authtok_size); if (pass_str == NULL) { |