diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2018-08-15 22:22:31 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2018-08-15 22:22:31 +0300 |
commit | 7a40b7873bd666809183cdd952d6e2a8f1870981 (patch) | |
tree | 0ae71532dc78f597b717152b564d6681d1ad832a /lib/ldappass.c | |
parent | 988b8e27f5df26d7e9f6fd7984677873ca1c40cb (diff) | |
download | pam-modules-7a40b7873bd666809183cdd952d6e2a8f1870981.tar.gz pam-modules-7a40b7873bd666809183cdd952d6e2a8f1870981.tar.bz2 |
Major cleanup
* lib/graypam.h (gray_pam_init)
(gray_raise,gray_malloc,gray_zalloc,gray_calloc)
(gray_realloc,gray_strdup): Remove.
(gray_slist_err,gray_slist_clrerr): New functions.
(gray_slist_append,gray_slist_append_char): Return ssize_t.
(gray_slist_coalesce): Likewise.
(gray_slist_grow_backslash_num)
(gray_slist_grow_backslash): Return int.
(errno_to_pam): New function.
(gray_set_transform_expr): Return int.
* lib/mem.c (gray_raise,gray_malloc,gray_zalloc,gray_calloc)
(gray_realloc,gray_strdup): Remove.
(gray_2nrealloc): Rewrite.
* lib/base64.c: Check return from gray_slist_append_char
* lib/env.c: Check return values from gray_slist functions
* lib/ldappass.c: Likewise.
* lib/slist.c (gray_slist_bucket) <ec>: New member.
(gray_slist_err,gray_slist_clrerr): New functions.
(gray_slist_append,gray_slist_append_char): Return ssize_t.
(gray_slist_coalesce): Likewise.
(gray_slist_grow_backslash_num)
(gray_slist_grow_backslash): Return int.
* lib/transform.c: Use standard memory allocation functions.
* pam_ldaphome/pam_ldaphome.c: Likewise.
* pam_innetgr/pam_innetgr.c: Likewise.
* pam_log/pam_log.c: Likewise.
* pam_regex/pam_regex.c: Likewise.
* pam_sql/pam_mysql.c: Likewise.
* pam_sql/pam_pgsql.c: Likewise.
Diffstat (limited to 'lib/ldappass.c')
-rw-r--r-- | lib/ldappass.c | 107 |
1 files changed, 78 insertions, 29 deletions
diff --git a/lib/ldappass.c b/lib/ldappass.c index 968078c..247cf16 100644 --- a/lib/ldappass.c +++ b/lib/ldappass.c @@ -48,10 +48,14 @@ chk_md5 (const char *db_pass, const char *pass) { unsigned char md5digest[16]; struct gpam_md5_ctx md5context; - gray_slist_t slist = gray_slist_create (); + gray_slist_t slist; ssize_t size; char *p; int rc; + + slist = gray_slist_create (); + if (!slist) + return errno_to_pam(errno); gpam_md5_init_ctx (&md5context); gpam_md5_process_bytes (pass, strlen (pass), &md5context); @@ -60,12 +64,21 @@ chk_md5 (const char *db_pass, const char *pass) size = gray_base64_decode(slist, db_pass, strlen (db_pass)); if (size != 16) { + rc = errno_to_pam(errno); gray_slist_free(&slist); - return PAM_AUTH_ERR; + return rc; } p = gray_slist_finish(slist); - rc = memcmp (md5digest, p, sizeof md5digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + if (p) + { + rc = memcmp (md5digest, p, sizeof md5digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(errno); + } gray_slist_free(&slist); return rc; } @@ -77,26 +90,38 @@ chk_smd5 (const char *db_pass, const char *pass) unsigned char md5digest[16]; unsigned char *d1; struct gpam_md5_ctx md5context; - gray_slist_t slist = gray_slist_create(); + gray_slist_t slist; ssize_t size; + slist = gray_slist_create(); + if (!slist) + return errno_to_pam(errno); + size = gray_base64_decode(slist, db_pass, strlen (db_pass)); if (size <= 16) { - _pam_log(LOG_ERR, "malformed SMD5 password: %s", db_pass); + rc = errno_to_pam(errno); gray_slist_free(&slist); - return PAM_AUTH_ERR; + return rc; } d1 = gray_slist_finish(slist); - - gpam_md5_init_ctx (&md5context); - gpam_md5_process_bytes (pass, strlen (pass), &md5context); - gpam_md5_process_bytes (d1 + 16, size - 16, &md5context); - gpam_md5_finish_ctx (&md5context, md5digest); + if (d1) + { + gpam_md5_init_ctx (&md5context); + gpam_md5_process_bytes (pass, strlen (pass), &md5context); + gpam_md5_process_bytes (d1 + 16, size - 16, &md5context); + gpam_md5_finish_ctx (&md5context, md5digest); - rc = memcmp (md5digest, d1, sizeof md5digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + rc = memcmp (md5digest, d1, sizeof md5digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(gray_slist_err(slist)); + } + gray_slist_free(&slist); return rc; } @@ -108,9 +133,13 @@ chk_sha (const char *db_pass, const char *pass) unsigned char sha1digest[20]; unsigned char *d1; struct gpam_sha1_ctx sha1context; - gray_slist_t slist = gray_slist_create(); + gray_slist_t slist; ssize_t size; - + + slist = gray_slist_create(); + if (!slist) + return errno_to_pam(errno); + gpam_sha1_init_ctx (&sha1context); gpam_sha1_process_bytes (pass, strlen (pass), &sha1context); gpam_sha1_finish_ctx (&sha1context, sha1digest); @@ -118,13 +147,22 @@ chk_sha (const char *db_pass, const char *pass) size = gray_base64_decode(slist, db_pass, strlen (db_pass)); if (size != 20) { + rc = errno_to_pam(errno); gray_slist_free(&slist); - return 1; + return rc; } d1 = gray_slist_finish(slist); - rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + if (d1) + { + rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(errno); + } gray_slist_free(&slist); return rc; } @@ -136,25 +174,36 @@ chk_ssha (const char *db_pass, const char *pass) unsigned char sha1digest[20]; unsigned char *d1; struct gpam_sha1_ctx sha1context; - gray_slist_t slist = gray_slist_create(); + gray_slist_t slist; ssize_t size; + slist = gray_slist_create(); + if (!slist) + return errno_to_pam(errno); + size = gray_base64_decode(slist, db_pass, strlen (db_pass)); if (size <= 16) { - _pam_log (LOG_ERR, "malformed SSHA1 password: %s", db_pass); + rc = errno_to_pam(errno); gray_slist_free(&slist); - return 1; + return rc; } d1 = gray_slist_finish(slist); - - gpam_sha1_init_ctx (&sha1context); - gpam_sha1_process_bytes (pass, strlen (pass), &sha1context); - gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context); - gpam_sha1_finish_ctx (&sha1context, sha1digest); + if (d1) + { + gpam_sha1_init_ctx (&sha1context); + gpam_sha1_process_bytes (pass, strlen (pass), &sha1context); + gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context); + gpam_sha1_finish_ctx (&sha1context, sha1digest); - rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(errno); + } gray_slist_free(&slist); return rc; } |