summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/data_provider.h4
-rw-r--r--src/providers/data_provider_be.c17
-rw-r--r--src/providers/dp_auth_util.c108
3 files changed, 75 insertions, 54 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index 4bea0317..7f424b4e 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -198,8 +198,8 @@ int pam_add_response(struct pam_data *pd,
int len, const uint8_t *data);
bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd);
-bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd,
- DBusError *dbus_error);
+bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx,
+ struct pam_data **new_pd, DBusError *dbus_error);
bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd);
bool dp_unpack_pam_response(DBusMessage *msg, struct pam_data *pd,
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 5664b2c5..cb60ce15 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -672,10 +672,13 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
be_req->fn = be_pam_handler_callback;
be_req->pvt = reply;
- pd = talloc_zero(be_req, struct pam_data);
- if (!pd) {
+ dbus_error_init(&dbus_error);
+
+ ret = dp_unpack_pam_request(message, be_req, &pd, &dbus_error);
+ if (!ret) {
+ DEBUG(1,("Failed, to parse message!\n"));
talloc_free(be_req);
- return ENOMEM;
+ return EIO;
}
pd->pam_status = PAM_SYSTEM_ERR;
@@ -685,14 +688,6 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
return ENOMEM;
}
- dbus_error_init(&dbus_error);
-
- ret = dp_unpack_pam_request(message, pd, &dbus_error);
- if (!ret) {
- DEBUG(1,("Failed, to parse message!\n"));
- talloc_free(be_req);
- return EIO;
- }
DEBUG(4, ("Got request with the following data\n"));
DEBUG_PAM_DATA(4, pd);
diff --git a/src/providers/dp_auth_util.c b/src/providers/dp_auth_util.c
index 97690057..f8730cf9 100644
--- a/src/providers/dp_auth_util.c
+++ b/src/providers/dp_auth_util.c
@@ -23,7 +23,7 @@
bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd)
{
- int ret;
+ dbus_bool_t db_ret;
if (pd->user == NULL) return false;
if (pd->service == NULL) pd->service = talloc_strdup(pd, "");
@@ -32,52 +32,78 @@ bool dp_pack_pam_request(DBusMessage *msg, struct pam_data *pd)
if (pd->rhost == NULL) pd->rhost = talloc_strdup(pd, "");
- ret = dbus_message_append_args(msg,
- DBUS_TYPE_INT32, &(pd->cmd),
- DBUS_TYPE_STRING, &(pd->user),
- DBUS_TYPE_STRING, &(pd->service),
- DBUS_TYPE_STRING, &(pd->tty),
- DBUS_TYPE_STRING, &(pd->ruser),
- DBUS_TYPE_STRING, &(pd->rhost),
- DBUS_TYPE_UINT32, &(pd->authtok_type),
+ db_ret = dbus_message_append_args(msg,
+ DBUS_TYPE_INT32, &(pd->cmd),
+ DBUS_TYPE_STRING, &(pd->user),
+ DBUS_TYPE_STRING, &(pd->service),
+ DBUS_TYPE_STRING, &(pd->tty),
+ DBUS_TYPE_STRING, &(pd->ruser),
+ DBUS_TYPE_STRING, &(pd->rhost),
+ DBUS_TYPE_UINT32, &(pd->authtok_type),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+ &(pd->authtok),
+ (pd->authtok_size),
+ DBUS_TYPE_UINT32, &(pd->newauthtok_type),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
+ &(pd->newauthtok),
+ pd->newauthtok_size,
+ DBUS_TYPE_INT32, &(pd->priv),
+ DBUS_TYPE_UINT32, &(pd->cli_pid),
+ DBUS_TYPE_INVALID);
+
+ return db_ret;
+}
+
+bool dp_unpack_pam_request(DBusMessage *msg, TALLOC_CTX *mem_ctx,
+ struct pam_data **new_pd, DBusError *dbus_error)
+{
+ dbus_bool_t db_ret;
+ int ret;
+ struct pam_data pd;
+
+ memset(&pd, 0, sizeof(pd));
+
+ db_ret = dbus_message_get_args(msg, dbus_error,
+ DBUS_TYPE_INT32, &(pd.cmd),
+ DBUS_TYPE_STRING, &(pd.user),
+ DBUS_TYPE_STRING, &(pd.service),
+ DBUS_TYPE_STRING, &(pd.tty),
+ DBUS_TYPE_STRING, &(pd.ruser),
+ DBUS_TYPE_STRING, &(pd.rhost),
+ DBUS_TYPE_UINT32, &(pd.authtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
- &(pd->authtok),
- (pd->authtok_size),
- DBUS_TYPE_UINT32, &(pd->newauthtok_type),
+ &(pd.authtok),
+ &(pd.authtok_size),
+ DBUS_TYPE_UINT32, &(pd.newauthtok_type),
DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
- &(pd->newauthtok),
- pd->newauthtok_size,
- DBUS_TYPE_INT32, &(pd->priv),
- DBUS_TYPE_UINT32, &(pd->cli_pid),
+ &(pd.newauthtok),
+ &(pd.newauthtok_size),
+ DBUS_TYPE_INT32, &(pd.priv),
+ DBUS_TYPE_UINT32, &(pd.cli_pid),
DBUS_TYPE_INVALID);
- return ret;
-}
+ if (!db_ret) {
+ DEBUG(1, ("dbus_message_get_args failed.\n"));
+ return false;
+ }
-bool dp_unpack_pam_request(DBusMessage *msg, struct pam_data *pd, DBusError *dbus_error)
-{
- int ret;
+ ret = copy_pam_data(mem_ctx, &pd, new_pd);
+ if (ret != EOK) {
+ DEBUG(1, ("copy_pam_data failed.\n"));
+ return false;
+ }
- ret = dbus_message_get_args(msg, dbus_error,
- DBUS_TYPE_INT32, &(pd->cmd),
- DBUS_TYPE_STRING, &(pd->user),
- DBUS_TYPE_STRING, &(pd->service),
- DBUS_TYPE_STRING, &(pd->tty),
- DBUS_TYPE_STRING, &(pd->ruser),
- DBUS_TYPE_STRING, &(pd->rhost),
- DBUS_TYPE_UINT32, &(pd->authtok_type),
- DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
- &(pd->authtok),
- &(pd->authtok_size),
- DBUS_TYPE_UINT32, &(pd->newauthtok_type),
- DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
- &(pd->newauthtok),
- &(pd->newauthtok_size),
- DBUS_TYPE_INT32, &(pd->priv),
- DBUS_TYPE_UINT32, &(pd->cli_pid),
- DBUS_TYPE_INVALID);
-
- return ret;
+ if (pd.authtok_size != 0 && pd.authtok != NULL) {
+ memset(pd.authtok, 0, pd.authtok_size);
+ pd.authtok_size = 0;
+ }
+
+ if (pd.newauthtok_size != 0 && pd.newauthtok != NULL) {
+ memset(pd.newauthtok, 0, pd.newauthtok_size);
+ pd.newauthtok_size = 0;
+ }
+
+ return true;
}
bool dp_pack_pam_response(DBusMessage *msg, struct pam_data *pd)