diff options
-rw-r--r-- | src/providers/data_provider.h | 4 | ||||
-rw-r--r-- | src/providers/data_provider_be.c | 17 | ||||
-rw-r--r-- | src/providers/dp_auth_util.c | 108 |
3 files changed, 75 insertions, 54 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 747e6e89..c4427d61 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -187,8 +187,8 @@ int pam_add_response(struct pam_data *pd, int len, const uint8_t *data); bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd); -bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, - DBusError *dbus_error); +bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx, + struct pam_data **new_pd, DBusError *dbus_error); bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd); bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd, diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 27a4571a..f952faba 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -672,10 +672,13 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) be_req->fn = be_pam_handler_callback; be_req->pvt = reply; - pd = talloc_zero(be_req, struct pam_data); - if (!pd) { + dbus_error_init(&dbus_error); + + ret = dp_unpack_pam_request(message, be_req, &pd, &dbus_error); + if (!ret) { + DEBUG(1,("Failed, to parse message!\n")); talloc_free(be_req); - return ENOMEM; + return EIO; } pd->pam_status = PAM_SYSTEM_ERR; @@ -685,14 +688,6 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) return ENOMEM; } - dbus_error_init(&dbus_error); - - ret = dp_unpack_pam_request(message, pd, &dbus_error); - if (!ret) { - DEBUG(1,("Failed, to parse message!\n")); - talloc_free(be_req); - return EIO; - } DEBUG(4, ("Got request with the following data\n")); DEBUG_PAM_DATA(4, pd); diff --git a/src/providers/dp_auth_util.c b/src/providers/dp_auth_util.c index e09a6924..f042f8ce 100644 --- a/src/providers/dp_auth_util.c +++ b/src/providers/dp_auth_util.c @@ -23,7 +23,7 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd) { - int ret; + dbus_bool_t db_ret; if (pd->user == NULL) return false; if (pd->service == NULL) pd->service = talloc_strdup(pd, ""); @@ -32,52 +32,78 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd) if (pd->rhost == NULL) pd->rhost = talloc_strdup(pd, ""); - ret = dbus_message_append_args(msg, - DBUS_TYPE_INT32, &(pd->cmd), - DBUS_TYPE_STRING, &(pd->user), - DBUS_TYPE_STRING, &(pd->service), - DBUS_TYPE_STRING, &(pd->tty), - DBUS_TYPE_STRING, &(pd->ruser), - DBUS_TYPE_STRING, &(pd->rhost), - DBUS_TYPE_UINT32, &(pd->authtok_type), + db_ret = dbus_message_append_args(msg, + DBUS_TYPE_INT32, &(pd->cmd), + DBUS_TYPE_STRING, &(pd->user), + DBUS_TYPE_STRING, &(pd->service), + DBUS_TYPE_STRING, &(pd->tty), + DBUS_TYPE_STRING, &(pd->ruser), + DBUS_TYPE_STRING, &(pd->rhost), + DBUS_TYPE_UINT32, &(pd->authtok_type), + DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, + &(pd->authtok), + (pd->authtok_size), + DBUS_TYPE_UINT32, &(pd->newauthtok_type), + DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, + &(pd->newauthtok), + pd->newauthtok_size, + DBUS_TYPE_INT32, &(pd->priv), + DBUS_TYPE_UINT32, &(pd->cli_pid), + DBUS_TYPE_INVALID); + + return db_ret; +} + +bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx, + struct pam_data **new_pd, DBusError *dbus_error) +{ + dbus_bool_t db_ret; + int ret; + struct pam_data pd; + + memset(&pd, 0, sizeof(pd)); + + db_ret = dbus_message_get_args(msg, dbus_error, + DBUS_TYPE_INT32, &(pd.cmd), + DBUS_TYPE_STRING, &(pd.user), + DBUS_TYPE_STRING, &(pd.service), + DBUS_TYPE_STRING, &(pd.tty), + DBUS_TYPE_STRING, &(pd.ruser), + DBUS_TYPE_STRING, &(pd.rhost), + DBUS_TYPE_UINT32, &(pd.authtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->authtok), - (pd->authtok_size), - DBUS_TYPE_UINT32, &(pd->newauthtok_type), + &(pd.authtok), + &(pd.authtok_size), + DBUS_TYPE_UINT32, &(pd.newauthtok_type), DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->newauthtok), - pd->newauthtok_size, - DBUS_TYPE_INT32, &(pd->priv), - DBUS_TYPE_UINT32, &(pd->cli_pid), + &(pd.newauthtok), + &(pd.newauthtok_size), + DBUS_TYPE_INT32, &(pd.priv), + DBUS_TYPE_UINT32, &(pd.cli_pid), DBUS_TYPE_INVALID); - return ret; -} + if (!db_ret) { + DEBUG(1, ("dbus_message_get_args failed.\n")); + return false; + } -bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error) -{ - int ret; + ret = copy_pam_data(mem_ctx, &pd, new_pd); + if (ret != EOK) { + DEBUG(1, ("copy_pam_data failed.\n")); + return false; + } - ret = dbus_message_get_args(msg, dbus_error, - DBUS_TYPE_INT32, &(pd->cmd), - DBUS_TYPE_STRING, &(pd->user), - DBUS_TYPE_STRING, &(pd->service), - DBUS_TYPE_STRING, &(pd->tty), - DBUS_TYPE_STRING, &(pd->ruser), - DBUS_TYPE_STRING, &(pd->rhost), - DBUS_TYPE_UINT32, &(pd->authtok_type), - DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->authtok), - &(pd->authtok_size), - DBUS_TYPE_UINT32, &(pd->newauthtok_type), - DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE, - &(pd->newauthtok), - &(pd->newauthtok_size), - DBUS_TYPE_INT32, &(pd->priv), - DBUS_TYPE_UINT32, &(pd->cli_pid), - DBUS_TYPE_INVALID); - - return ret; + if (pd.authtok_size != 0 && pd.authtok != NULL) { + memset(pd.authtok, 0, pd.authtok_size); + pd.authtok_size = 0; + } + + if (pd.newauthtok_size != 0 && pd.newauthtok != NULL) { + memset(pd.newauthtok, 0, pd.newauthtok_size); + pd.newauthtok_size = 0; + } + + return true; } bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd) |