aboutsummaryrefslogtreecommitdiff
path: root/lib/ldappass.c
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org>2018-08-15 22:22:31 +0300
committerSergey Poznyakoff <gray@gnu.org>2018-08-15 22:22:31 +0300
commit7a40b7873bd666809183cdd952d6e2a8f1870981 (patch)
tree0ae71532dc78f597b717152b564d6681d1ad832a /lib/ldappass.c
parent988b8e27f5df26d7e9f6fd7984677873ca1c40cb (diff)
downloadpam-modules-7a40b7873bd666809183cdd952d6e2a8f1870981.tar.gz
pam-modules-7a40b7873bd666809183cdd952d6e2a8f1870981.tar.bz2
Major cleanup
* lib/graypam.h (gray_pam_init) (gray_raise,gray_malloc,gray_zalloc,gray_calloc) (gray_realloc,gray_strdup): Remove. (gray_slist_err,gray_slist_clrerr): New functions. (gray_slist_append,gray_slist_append_char): Return ssize_t. (gray_slist_coalesce): Likewise. (gray_slist_grow_backslash_num) (gray_slist_grow_backslash): Return int. (errno_to_pam): New function. (gray_set_transform_expr): Return int. * lib/mem.c (gray_raise,gray_malloc,gray_zalloc,gray_calloc) (gray_realloc,gray_strdup): Remove. (gray_2nrealloc): Rewrite. * lib/base64.c: Check return from gray_slist_append_char * lib/env.c: Check return values from gray_slist functions * lib/ldappass.c: Likewise. * lib/slist.c (gray_slist_bucket) <ec>: New member. (gray_slist_err,gray_slist_clrerr): New functions. (gray_slist_append,gray_slist_append_char): Return ssize_t. (gray_slist_coalesce): Likewise. (gray_slist_grow_backslash_num) (gray_slist_grow_backslash): Return int. * lib/transform.c: Use standard memory allocation functions. * pam_ldaphome/pam_ldaphome.c: Likewise. * pam_innetgr/pam_innetgr.c: Likewise. * pam_log/pam_log.c: Likewise. * pam_regex/pam_regex.c: Likewise. * pam_sql/pam_mysql.c: Likewise. * pam_sql/pam_pgsql.c: Likewise.
Diffstat (limited to 'lib/ldappass.c')
-rw-r--r--lib/ldappass.c107
1 files changed, 78 insertions, 29 deletions
diff --git a/lib/ldappass.c b/lib/ldappass.c
index 968078c..247cf16 100644
--- a/lib/ldappass.c
+++ b/lib/ldappass.c
@@ -48,10 +48,14 @@ chk_md5 (const char *db_pass, const char *pass)
{
unsigned char md5digest[16];
struct gpam_md5_ctx md5context;
- gray_slist_t slist = gray_slist_create ();
+ gray_slist_t slist;
ssize_t size;
char *p;
int rc;
+
+ slist = gray_slist_create ();
+ if (!slist)
+ return errno_to_pam(errno);
gpam_md5_init_ctx (&md5context);
gpam_md5_process_bytes (pass, strlen (pass), &md5context);
@@ -60,12 +64,21 @@ chk_md5 (const char *db_pass, const char *pass)
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size != 16)
{
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return PAM_AUTH_ERR;
+ return rc;
}
p = gray_slist_finish(slist);
- rc = memcmp (md5digest, p, sizeof md5digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ if (p)
+ {
+ rc = memcmp (md5digest, p, sizeof md5digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(errno);
+ }
gray_slist_free(&slist);
return rc;
}
@@ -77,26 +90,38 @@ chk_smd5 (const char *db_pass, const char *pass)
unsigned char md5digest[16];
unsigned char *d1;
struct gpam_md5_ctx md5context;
- gray_slist_t slist = gray_slist_create();
+ gray_slist_t slist;
ssize_t size;
+ slist = gray_slist_create();
+ if (!slist)
+ return errno_to_pam(errno);
+
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size <= 16)
{
- _pam_log(LOG_ERR, "malformed SMD5 password: %s", db_pass);
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return PAM_AUTH_ERR;
+ return rc;
}
d1 = gray_slist_finish(slist);
-
- gpam_md5_init_ctx (&md5context);
- gpam_md5_process_bytes (pass, strlen (pass), &md5context);
- gpam_md5_process_bytes (d1 + 16, size - 16, &md5context);
- gpam_md5_finish_ctx (&md5context, md5digest);
+ if (d1)
+ {
+ gpam_md5_init_ctx (&md5context);
+ gpam_md5_process_bytes (pass, strlen (pass), &md5context);
+ gpam_md5_process_bytes (d1 + 16, size - 16, &md5context);
+ gpam_md5_finish_ctx (&md5context, md5digest);
- rc = memcmp (md5digest, d1, sizeof md5digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ rc = memcmp (md5digest, d1, sizeof md5digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(gray_slist_err(slist));
+ }
+
gray_slist_free(&slist);
return rc;
}
@@ -108,9 +133,13 @@ chk_sha (const char *db_pass, const char *pass)
unsigned char sha1digest[20];
unsigned char *d1;
struct gpam_sha1_ctx sha1context;
- gray_slist_t slist = gray_slist_create();
+ gray_slist_t slist;
ssize_t size;
-
+
+ slist = gray_slist_create();
+ if (!slist)
+ return errno_to_pam(errno);
+
gpam_sha1_init_ctx (&sha1context);
gpam_sha1_process_bytes (pass, strlen (pass), &sha1context);
gpam_sha1_finish_ctx (&sha1context, sha1digest);
@@ -118,13 +147,22 @@ chk_sha (const char *db_pass, const char *pass)
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size != 20)
{
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return 1;
+ return rc;
}
d1 = gray_slist_finish(slist);
- rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ if (d1)
+ {
+ rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(errno);
+ }
gray_slist_free(&slist);
return rc;
}
@@ -136,25 +174,36 @@ chk_ssha (const char *db_pass, const char *pass)
unsigned char sha1digest[20];
unsigned char *d1;
struct gpam_sha1_ctx sha1context;
- gray_slist_t slist = gray_slist_create();
+ gray_slist_t slist;
ssize_t size;
+ slist = gray_slist_create();
+ if (!slist)
+ return errno_to_pam(errno);
+
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size <= 16)
{
- _pam_log (LOG_ERR, "malformed SSHA1 password: %s", db_pass);
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return 1;
+ return rc;
}
d1 = gray_slist_finish(slist);
-
- gpam_sha1_init_ctx (&sha1context);
- gpam_sha1_process_bytes (pass, strlen (pass), &sha1context);
- gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context);
- gpam_sha1_finish_ctx (&sha1context, sha1digest);
+ if (d1)
+ {
+ gpam_sha1_init_ctx (&sha1context);
+ gpam_sha1_process_bytes (pass, strlen (pass), &sha1context);
+ gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context);
+ gpam_sha1_finish_ctx (&sha1context, sha1digest);
- rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(errno);
+ }
gray_slist_free(&slist);
return rc;
}

Return to:

Send suggestions and report system problems to the System administrator.