diff options
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_auth.c | 12 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 12 |
2 files changed, 15 insertions, 9 deletions
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index e10c5b0e..f4e6d28f 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -722,7 +722,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) } if ((pd->priv == 1) && (pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM) && - (sss_authtok_get_type(&pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) { + (sss_authtok_get_type(pd->authtok) != SSS_AUTHTOK_TYPE_PASSWORD)) { DEBUG(4, ("Password reset by root is not supported.\n")); pd->pam_status = PAM_PERM_DENIED; dp_err = DP_ERR_OK; @@ -747,7 +747,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) state->ctx = ctx; subreq = auth_send(breq, be_ctx->ev, ctx, - state->username, &pd->authtok, true); + state->username, pd->authtok, true); if (!subreq) goto done; tevent_req_set_callback(subreq, sdap_auth4chpass_done, state); @@ -820,13 +820,13 @@ static void sdap_auth4chpass_done(struct tevent_req *req) const char *password; const char *new_password; - ret = sss_authtok_get_password(&state->pd->authtok, + ret = sss_authtok_get_password(state->pd->authtok, &password, NULL); if (ret) { state->pd->pam_status = PAM_SYSTEM_ERR; goto done; } - ret = sss_authtok_get_password(&state->pd->newauthtok, + ret = sss_authtok_get_password(state->pd->newauthtok, &new_password, NULL); if (ret) { state->pd->pam_status = PAM_SYSTEM_ERR; @@ -990,7 +990,7 @@ void sdap_pam_auth_handler(struct be_req *breq) state->pd = pd; subreq = auth_send(breq, be_ctx->ev, ctx, - pd->user, &pd->authtok, + pd->user, pd->authtok, pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ? true : false); if (!subreq) goto done; @@ -1102,7 +1102,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) if (ret == EOK && be_ctx->domain->cache_credentials) { - ret = sss_authtok_get_password(&state->pd->authtok, &password, NULL); + ret = sss_authtok_get_password(state->pd->authtok, &password, NULL); if (ret == EOK) { ret = sysdb_cache_password(be_ctx->domain->sysdb, be_ctx->domain, state->pd->user, password); diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 280268a1..b05edf6f 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1573,7 +1573,7 @@ static void sdap_cli_auth_step(struct tevent_req *req) SDAP_DEFAULT_BIND_DN); const char *authtok_type; struct dp_opt_blob authtok_blob; - struct sss_auth_token authtok = { 0 }; + struct sss_auth_token *authtok; errno_t ret; /* Set the LDAP expiration time @@ -1599,6 +1599,12 @@ static void sdap_cli_auth_step(struct tevent_req *req) authtok_type = dp_opt_get_string(state->opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); + authtok = sss_authtok_new(state); + if(authtok == NULL) { + tevent_req_error(req, ENOMEM); + return; + } + if (authtok_type != NULL) { if (strcasecmp(authtok_type, "password") != 0) { DEBUG(SSSDBG_TRACE_LIBS, ("Invalid authtoken type\n")); @@ -1609,7 +1615,7 @@ static void sdap_cli_auth_step(struct tevent_req *req) authtok_blob = dp_opt_get_blob(state->opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data) { - ret = sss_authtok_set_password(state, &authtok, + ret = sss_authtok_set_password(authtok, (const char *)authtok_blob.data, authtok_blob.length); if (ret) { @@ -1623,7 +1629,7 @@ static void sdap_cli_auth_step(struct tevent_req *req) state->sh, sasl_mech, dp_opt_get_string(state->opts->basic, SDAP_SASL_AUTHID), - user_dn, &authtok); + user_dn, authtok); if (!subreq) { tevent_req_error(req, ENOMEM); return; |