diff options
Diffstat (limited to 'lib/ldappass.c')
-rw-r--r-- | lib/ldappass.c | 107 |
1 files changed, 78 insertions, 29 deletions
diff --git a/lib/ldappass.c b/lib/ldappass.c index 968078c..247cf16 100644 --- a/lib/ldappass.c +++ b/lib/ldappass.c @@ -50,3 +50,3 @@ chk_md5 (const char *db_pass, const char *pass) struct gpam_md5_ctx md5context; - gray_slist_t slist = gray_slist_create (); + gray_slist_t slist; ssize_t size; @@ -54,2 +54,6 @@ chk_md5 (const char *db_pass, const char *pass) int rc; + + slist = gray_slist_create (); + if (!slist) + return errno_to_pam(errno); @@ -62,8 +66,17 @@ chk_md5 (const char *db_pass, const char *pass) { + rc = errno_to_pam(errno); gray_slist_free(&slist); - return PAM_AUTH_ERR; + return rc; } p = gray_slist_finish(slist); - rc = memcmp (md5digest, p, sizeof md5digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + if (p) + { + rc = memcmp (md5digest, p, sizeof md5digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(errno); + } gray_slist_free(&slist); @@ -79,5 +92,9 @@ chk_smd5 (const char *db_pass, const char *pass) struct gpam_md5_ctx md5context; - gray_slist_t slist = gray_slist_create(); + gray_slist_t slist; ssize_t size; + slist = gray_slist_create(); + if (!slist) + return errno_to_pam(errno); + size = gray_base64_decode(slist, db_pass, strlen (db_pass)); @@ -85,5 +102,5 @@ chk_smd5 (const char *db_pass, const char *pass) { - _pam_log(LOG_ERR, "malformed SMD5 password: %s", db_pass); + rc = errno_to_pam(errno); gray_slist_free(&slist); - return PAM_AUTH_ERR; + return rc; } @@ -91,10 +108,18 @@ chk_smd5 (const char *db_pass, const char *pass) d1 = gray_slist_finish(slist); - - gpam_md5_init_ctx (&md5context); - gpam_md5_process_bytes (pass, strlen (pass), &md5context); - gpam_md5_process_bytes (d1 + 16, size - 16, &md5context); - gpam_md5_finish_ctx (&md5context, md5digest); + if (d1) + { + gpam_md5_init_ctx (&md5context); + gpam_md5_process_bytes (pass, strlen (pass), &md5context); + gpam_md5_process_bytes (d1 + 16, size - 16, &md5context); + gpam_md5_finish_ctx (&md5context, md5digest); - rc = memcmp (md5digest, d1, sizeof md5digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + rc = memcmp (md5digest, d1, sizeof md5digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(gray_slist_err(slist)); + } + gray_slist_free(&slist); @@ -110,5 +135,9 @@ chk_sha (const char *db_pass, const char *pass) struct gpam_sha1_ctx sha1context; - gray_slist_t slist = gray_slist_create(); + gray_slist_t slist; ssize_t size; - + + slist = gray_slist_create(); + if (!slist) + return errno_to_pam(errno); + gpam_sha1_init_ctx (&sha1context); @@ -120,4 +149,5 @@ chk_sha (const char *db_pass, const char *pass) { + rc = errno_to_pam(errno); gray_slist_free(&slist); - return 1; + return rc; } @@ -125,4 +155,12 @@ chk_sha (const char *db_pass, const char *pass) d1 = gray_slist_finish(slist); - rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + if (d1) + { + rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(errno); + } gray_slist_free(&slist); @@ -138,5 +176,9 @@ chk_ssha (const char *db_pass, const char *pass) struct gpam_sha1_ctx sha1context; - gray_slist_t slist = gray_slist_create(); + gray_slist_t slist; ssize_t size; + slist = gray_slist_create(); + if (!slist) + return errno_to_pam(errno); + size = gray_base64_decode(slist, db_pass, strlen (db_pass)); @@ -144,15 +186,22 @@ chk_ssha (const char *db_pass, const char *pass) { - _pam_log (LOG_ERR, "malformed SSHA1 password: %s", db_pass); + rc = errno_to_pam(errno); gray_slist_free(&slist); - return 1; + return rc; } d1 = gray_slist_finish(slist); - - gpam_sha1_init_ctx (&sha1context); - gpam_sha1_process_bytes (pass, strlen (pass), &sha1context); - gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context); - gpam_sha1_finish_ctx (&sha1context, sha1digest); + if (d1) + { + gpam_sha1_init_ctx (&sha1context); + gpam_sha1_process_bytes (pass, strlen (pass), &sha1context); + gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context); + gpam_sha1_finish_ctx (&sha1context, sha1digest); - rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ? - PAM_SUCCESS : PAM_AUTH_ERR; + rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 + ? PAM_SUCCESS + : PAM_AUTH_ERR; + } + else + { + rc = errno_to_pam(errno); + } gray_slist_free(&slist); |