aboutsummaryrefslogtreecommitdiff
path: root/lib/ldappass.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ldappass.c')
-rw-r--r--lib/ldappass.c107
1 files changed, 78 insertions, 29 deletions
diff --git a/lib/ldappass.c b/lib/ldappass.c
index 968078c..247cf16 100644
--- a/lib/ldappass.c
+++ b/lib/ldappass.c
@@ -45,119 +45,168 @@ chk_crypt (const char *db_pass, const char *pass)
static int
chk_md5 (const char *db_pass, const char *pass)
{
unsigned char md5digest[16];
struct gpam_md5_ctx md5context;
- gray_slist_t slist = gray_slist_create ();
+ gray_slist_t slist;
ssize_t size;
char *p;
int rc;
+
+ slist = gray_slist_create ();
+ if (!slist)
+ return errno_to_pam(errno);
gpam_md5_init_ctx (&md5context);
gpam_md5_process_bytes (pass, strlen (pass), &md5context);
gpam_md5_finish_ctx (&md5context, md5digest);
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size != 16)
{
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return PAM_AUTH_ERR;
+ return rc;
}
p = gray_slist_finish(slist);
- rc = memcmp (md5digest, p, sizeof md5digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ if (p)
+ {
+ rc = memcmp (md5digest, p, sizeof md5digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(errno);
+ }
gray_slist_free(&slist);
return rc;
}
static int
chk_smd5 (const char *db_pass, const char *pass)
{
int rc;
unsigned char md5digest[16];
unsigned char *d1;
struct gpam_md5_ctx md5context;
- gray_slist_t slist = gray_slist_create();
+ gray_slist_t slist;
ssize_t size;
+ slist = gray_slist_create();
+ if (!slist)
+ return errno_to_pam(errno);
+
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size <= 16)
{
- _pam_log(LOG_ERR, "malformed SMD5 password: %s", db_pass);
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return PAM_AUTH_ERR;
+ return rc;
}
d1 = gray_slist_finish(slist);
-
- gpam_md5_init_ctx (&md5context);
- gpam_md5_process_bytes (pass, strlen (pass), &md5context);
- gpam_md5_process_bytes (d1 + 16, size - 16, &md5context);
- gpam_md5_finish_ctx (&md5context, md5digest);
+ if (d1)
+ {
+ gpam_md5_init_ctx (&md5context);
+ gpam_md5_process_bytes (pass, strlen (pass), &md5context);
+ gpam_md5_process_bytes (d1 + 16, size - 16, &md5context);
+ gpam_md5_finish_ctx (&md5context, md5digest);
- rc = memcmp (md5digest, d1, sizeof md5digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ rc = memcmp (md5digest, d1, sizeof md5digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(gray_slist_err(slist));
+ }
+
gray_slist_free(&slist);
return rc;
}
static int
chk_sha (const char *db_pass, const char *pass)
{
int rc;
unsigned char sha1digest[20];
unsigned char *d1;
struct gpam_sha1_ctx sha1context;
- gray_slist_t slist = gray_slist_create();
+ gray_slist_t slist;
ssize_t size;
-
+
+ slist = gray_slist_create();
+ if (!slist)
+ return errno_to_pam(errno);
+
gpam_sha1_init_ctx (&sha1context);
gpam_sha1_process_bytes (pass, strlen (pass), &sha1context);
gpam_sha1_finish_ctx (&sha1context, sha1digest);
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size != 20)
{
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return 1;
+ return rc;
}
d1 = gray_slist_finish(slist);
- rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ if (d1)
+ {
+ rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(errno);
+ }
gray_slist_free(&slist);
return rc;
}
static int
chk_ssha (const char *db_pass, const char *pass)
{
int rc;
unsigned char sha1digest[20];
unsigned char *d1;
struct gpam_sha1_ctx sha1context;
- gray_slist_t slist = gray_slist_create();
+ gray_slist_t slist;
ssize_t size;
+ slist = gray_slist_create();
+ if (!slist)
+ return errno_to_pam(errno);
+
size = gray_base64_decode(slist, db_pass, strlen (db_pass));
if (size <= 16)
{
- _pam_log (LOG_ERR, "malformed SSHA1 password: %s", db_pass);
+ rc = errno_to_pam(errno);
gray_slist_free(&slist);
- return 1;
+ return rc;
}
d1 = gray_slist_finish(slist);
-
- gpam_sha1_init_ctx (&sha1context);
- gpam_sha1_process_bytes (pass, strlen (pass), &sha1context);
- gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context);
- gpam_sha1_finish_ctx (&sha1context, sha1digest);
+ if (d1)
+ {
+ gpam_sha1_init_ctx (&sha1context);
+ gpam_sha1_process_bytes (pass, strlen (pass), &sha1context);
+ gpam_sha1_process_bytes (d1 + 20, size - 20, &sha1context);
+ gpam_sha1_finish_ctx (&sha1context, sha1digest);
- rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0 ?
- PAM_SUCCESS : PAM_AUTH_ERR;
+ rc = memcmp (sha1digest, d1, sizeof sha1digest) == 0
+ ? PAM_SUCCESS
+ : PAM_AUTH_ERR;
+ }
+ else
+ {
+ rc = errno_to_pam(errno);
+ }
gray_slist_free(&slist);
return rc;
}
static struct passwd_algo
{

Return to:

Send suggestions and report system problems to the System administrator.