Code can only check for cached passwords

Make it clear to the API users that we can not take arbitrary auth tokens. We can only take a password for now so simplify and clarify the interface.
author: Simo Sorce <simo@redhat.com> 2012-10-18 12:49:38 -0400
committer: Simo Sorce <simo@redhat.com> 2013-01-10 12:24:59 -0500
commit: c83e409297711e6012a164cc929c758a3f38e9b9 (patch)
tree: 42930e80d13d5bbe26e12891499677db0e26c8e6 /src/responder/pam
parent: 4c2cf6607ddc82c5061d805c11e163de4bc1bd82 (diff)
download: sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.gz
sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.bz2
sssd-c83e409297711e6012a164cc929c758a3f38e9b9.zip
1 files changed, 24 insertions, 15 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 42696422..ed7438f8 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -733,7 +733,6 @@ static void pam_reply(struct pam_auth_req *preq)
     struct timeval tv;
     struct tevent_timer *te;
     struct pam_data *pd;
-    struct sysdb_ctx *sysdb;
     struct pam_ctx *pctx;
     uint32_t user_info_type;
     time_t exp_date = -1;
@@ -753,24 +752,34 @@ static void pam_reply(struct pam_auth_req *preq)
             if ((preq->domain != NULL) &&
                 (preq->domain->cache_credentials == true) &&
                 (pd->offline_auth == false)) {
+                const char *password = NULL;
 
-                    /* do auth with offline credentials */
-                    pd->offline_auth = true;
+                /* do auth with offline credentials */
+                pd->offline_auth = true;
 
-                    sysdb = preq->domain->sysdb;
-                    if (sysdb == NULL) {
-                        DEBUG(0, ("Fatal: Sysdb CTX not found for "
-                                  "domain [%s]!\n", preq->domain->name));
-                        goto done;
-                    }
+                if (preq->domain->sysdb == NULL) {
+                    DEBUG(0, ("Fatal: Sysdb CTX not found for domain"
+                              " [%s]!\n", preq->domain->name));
+                    goto done;
+                }
 
-                    ret = sysdb_cache_auth(sysdb, pd->user,
-                                           pd->authtok, pd->authtok_size,
-                                           pctx->rctx->cdb, false,
-                                           &exp_date, &delay_until);
+                password = talloc_strndup(preq, pd->authtok, pd->authtok_size);
+                if (!password) {
+                    DEBUG(0, ("Fatal: Out of memory copying password\n"));
+                    goto done;
+                }
 
-                    pam_handle_cached_login(preq, ret, exp_date, delay_until);
-                    return;
+                ret = sysdb_cache_auth(preq->domain->sysdb,
+                                       pd->user, password,
+                                       pctx->rctx->cdb, false,
+                                       &exp_date, &delay_until);
+
+                pam_handle_cached_login(preq, ret, exp_date, delay_until);
+                if (password) {
+                    for (i = 0; password[i]; i++) password[i] = 0;
+                    talloc_zfree(password);
+                }
+                return;
             }
             break;
         case SSS_PAM_CHAUTHTOK_PRELIM:
author	Simo Sorce <simo@redhat.com>	2012-10-18 12:49:38 -0400
committer	Simo Sorce <simo@redhat.com>	2013-01-10 12:24:59 -0500
commit	c83e409297711e6012a164cc929c758a3f38e9b9 (patch)
tree	42930e80d13d5bbe26e12891499677db0e26c8e6 /src/responder/pam
parent	4c2cf6607ddc82c5061d805c11e163de4bc1bd82 (diff)
download	sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.gz sssd-c83e409297711e6012a164cc929c758a3f38e9b9.tar.bz2 sssd-c83e409297711e6012a164cc929c758a3f38e9b9.zip