Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Type errors #222

Merged
merged 2 commits into from
Jan 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 81 additions & 81 deletions myproxy/source/auth_pam.c
Original file line number Diff line number Diff line change
Expand Up @@ -73,97 +73,97 @@
/* Structure for application specific data passed through PAM
* to our conv call-back routine saslauthd_pam_conv. */
typedef struct {
const char *login; /* plaintext authenticator */
const char *password; /* plaintext password */
pam_handle_t *pamh; /* pointer to PAM handle */
const char *login; /* plaintext authenticator */
const char *password; /* plaintext password */
pam_handle_t *pamh; /* pointer to PAM handle */
} pam_appdata;

# define RETURN(x) return strdup(x)


/* FUNCTION: saslauthd_pam_conv */

/* SYNOPSIS
* Call-back function used by the PAM library to communicate with us. Each
* received message expects a response, pointed to by resp.
* END SYNOPSIS */

static int /* R: PAM return code */
static int /* R: PAM return code */
saslauthd_pam_conv (
/* PARAMETERS */
int num_msg, /* I: number of messages */
struct pam_message **msg, /* I: pointer to array of messages */
struct pam_response **resp, /* O: pointer to pointer of response */
void *appdata_ptr /* I: pointer to app specific data */
int num_msg, /* I: number of messages */
const struct pam_message **msg, /* I: pointer to array of messages */
struct pam_response **resp, /* O: pointer to pointer of response */
void *appdata_ptr /* I: pointer to app specific data */
/* END PARAMETERS */
)
{
/* VARIABLES */
pam_appdata *my_appdata; /* application specific data */
struct pam_response *my_resp; /* response created by this func */
int i; /* loop counter */
const char *login_prompt; /* string prompting for user-name */
int rc; /* return code holder */
pam_appdata *my_appdata; /* application specific data */
struct pam_response *my_resp; /* response created by this func */
int i; /* loop counter */
const char *login_prompt; /* string prompting for user-name */
int rc; /* return code holder */
/* END VARIABLES */

my_appdata = appdata_ptr;

my_resp = malloc(sizeof(struct pam_response) * num_msg);
if (my_resp == NULL)
return PAM_CONV_ERR;
return PAM_CONV_ERR;

for (i = 0; i < num_msg; i++)
switch (msg[i]->msg_style) {
/*
* We assume PAM_PROMPT_ECHO_OFF to be a request for password.
* This assumption might be unsafe.
*
* For PAM_PROMPT_ECHO_ON we first check whether the provided
* request string matches PAM_USER_PROMPT and, only if they do
* match, assume it to be a request for the login.
*/
case PAM_PROMPT_ECHO_OFF: /* password */
my_resp[i].resp = strdup(my_appdata->password);
if (my_resp[i].resp == NULL) {
myproxy_log("saslauthd_pam_conv: strdup failed");
goto ret_error;
}
my_resp[i].resp_retcode = PAM_SUCCESS;
break;

case PAM_PROMPT_ECHO_ON: /* username? */
/* Recheck setting each time, as it might have been changed
in the mean-while. */
rc = pam_get_item(my_appdata->pamh, PAM_USER_PROMPT,
(void *) &login_prompt);
if (rc != PAM_SUCCESS) {
myproxy_log("saslauthd_pam_conv: unable to read "
"login prompt string: %s",
pam_strerror(my_appdata->pamh, rc));
goto ret_error;
}

if (strcmp(msg[i]->msg, login_prompt) == 0) {
my_resp[i].resp = strdup(my_appdata->login);
my_resp[i].resp_retcode = PAM_SUCCESS;
} else { /* ignore */
myproxy_log("saslauthd_pam_conv: unknown prompt "
"string: %s", msg[i]->msg);
my_resp[i].resp = NULL;
my_resp[i].resp_retcode = PAM_SUCCESS;
}
break;

case PAM_ERROR_MSG: /* ignore */
case PAM_TEXT_INFO: /* ignore */
myproxy_log("PAM: %s", msg[i]->msg);
my_resp[i].resp = NULL;
my_resp[i].resp_retcode = PAM_SUCCESS;
break;

default: /* error */
goto ret_error;
}
switch (msg[i]->msg_style) {
/*
* We assume PAM_PROMPT_ECHO_OFF to be a request for password.
* This assumption might be unsafe.
*
* For PAM_PROMPT_ECHO_ON we first check whether the provided
* request string matches PAM_USER_PROMPT and, only if they do
* match, assume it to be a request for the login.
*/
case PAM_PROMPT_ECHO_OFF: /* password */
my_resp[i].resp = strdup(my_appdata->password);
if (my_resp[i].resp == NULL) {
myproxy_log("saslauthd_pam_conv: strdup failed");
goto ret_error;
}
my_resp[i].resp_retcode = PAM_SUCCESS;
break;

case PAM_PROMPT_ECHO_ON: /* username? */
/* Recheck setting each time, as it might have been changed
in the mean-while. */
rc = pam_get_item(my_appdata->pamh, PAM_USER_PROMPT,
(void *) &login_prompt);
if (rc != PAM_SUCCESS) {
myproxy_log("saslauthd_pam_conv: unable to read "
"login prompt string: %s",
pam_strerror(my_appdata->pamh, rc));
goto ret_error;
}

if (strcmp(msg[i]->msg, login_prompt) == 0) {
my_resp[i].resp = strdup(my_appdata->login);
my_resp[i].resp_retcode = PAM_SUCCESS;
} else { /* ignore */
myproxy_log("saslauthd_pam_conv: unknown prompt "
"string: %s", msg[i]->msg);
my_resp[i].resp = NULL;
my_resp[i].resp_retcode = PAM_SUCCESS;
}
break;

case PAM_ERROR_MSG: /* ignore */
case PAM_TEXT_INFO: /* ignore */
myproxy_log("PAM: %s", msg[i]->msg);
my_resp[i].resp = NULL;
my_resp[i].resp_retcode = PAM_SUCCESS;
break;

default: /* error */
goto ret_error;
}
*resp = my_resp;
return PAM_SUCCESS;

Expand All @@ -173,35 +173,35 @@ saslauthd_pam_conv (
* isn't initialised yet.
*/
{
int y;
int y;

for (y = 0; y < i; y++)
if (my_resp[y].resp != NULL)
free(my_resp[y].resp);
free(my_resp);
for (y = 0; y < i; y++)
if (my_resp[y].resp != NULL)
free(my_resp[y].resp);
free(my_resp);
}
return PAM_CONV_ERR;
}

/* END FUNCTION: saslauthd_pam_conv */

/* FUNCTION: auth_pam */

char * /* R: allocated response string */
char * /* R: allocated response string */
auth_pam (
/* PARAMETERS */
const char *login, /* I: plaintext authenticator */
const char *password, /* I: plaintext password */
const char *service, /* I: service name */
const char *login, /* I: plaintext authenticator */
const char *password, /* I: plaintext password */
const char *service, /* I: service name */
const char *realm
/* END PARAMETERS */
)
{
/* VARIABLES */
pam_appdata my_appdata; /* application specific data */
struct pam_conv my_conv; /* pam conversion data */
pam_handle_t *pamh; /* pointer to PAM handle */
int rc; /* return code holder */
pam_appdata my_appdata; /* application specific data */
struct pam_conv my_conv; /* pam conversion data */
pam_handle_t *pamh; /* pointer to PAM handle */
int rc; /* return code holder */
char result[200];
/* END VARIABLES */

Expand Down Expand Up @@ -250,7 +250,7 @@ auth_pam (
if (rc == PAM_AUTH_ERR) {
RETURN("NO invalid password");
}
snprintf(result, sizeof(result), "NO PAM authentication failed: %s",
snprintf(result, sizeof(result), "NO PAM authentication failed: %s",
pam_strerror(pamh, rc));
RETURN(result);
}
Expand Down
2 changes: 1 addition & 1 deletion myproxy/source/configure.ac
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT([myproxy],[6.2.15])
AC_INIT([myproxy],[6.2.16])
AC_CONFIG_AUX_DIR([build-aux])
AM_INIT_AUTOMAKE([foreign])
LT_INIT([dlopen win32-dll])
Expand Down
44 changes: 23 additions & 21 deletions myproxy/source/myproxy_sasl_client.c
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#if defined(HAVE_LIBSASL2)

#include "myproxy_common.h" /* all needed headers included here */
#include "myproxy_common.h" /* all needed headers included here */

static sasl_conn_t *conn = NULL;
static char *prompt = NULL;
Expand All @@ -15,7 +15,7 @@ send_response_sasl_data(myproxy_socket_attrs_t *attrs,
unsigned len;

authorization_data_t* auth_data;

result = sasl_encode64(data, data_len, buf, SASL_BUFFER_SIZE, &len);
assert(len < SASL_BUFFER_SIZE);
buf[len] = '\0';
Expand All @@ -41,14 +41,14 @@ send_response_sasl_data(myproxy_socket_attrs_t *attrs,
verror_put_string("Internal buffer too small send_response_sasl_data");
return -1;
}

(*client_buffer) = AUTHORIZETYPE_SASL;
bufferlen = auth_data->client_data_len + sizeof(int);

memcpy(client_buffer + sizeof(int), auth_data->client_data,
auth_data->client_data_len);
if (myproxy_send(attrs, client_buffer, bufferlen) < 0)

if (myproxy_send(attrs, client_buffer, bufferlen) < 0)
return -1;
return 0;
}
Expand All @@ -63,18 +63,18 @@ recv_response_sasl_data(myproxy_socket_attrs_t *attrs,
int result;
unsigned len;
authorization_data_t* auth_data;
if (myproxy_recv_response(attrs, server_response) < 0)

if (myproxy_recv_response(attrs, server_response) < 0)
return -1;

auth_data = authorization_create_response(
server_response->authorization_data,
AUTHORIZETYPE_SASL,
NULL,
0);

response_data = auth_data->server_data;
result = sasl_decode64(response_data, strlen(response_data),
result = sasl_decode64(response_data, strlen(response_data),
data, SASL_BUFFER_SIZE, &len);
if (result != SASL_OK) {
verror_put_string("Decoding data from base64 failed.\n");
Expand Down Expand Up @@ -115,12 +115,12 @@ sasl_secret_callback(sasl_conn_t *conn,

if (! conn || ! psecret || id != SASL_CB_PASS)
return SASL_BADPARAM;

if (!prompt) prompt = strdup("Password: ");
if (myproxy_read_passphrase(password, MAX_PASS_LEN, prompt) < 0){
return SASL_FAIL;
}

len = strlen(password);

*psecret = (sasl_secret_t *) malloc(sizeof(sasl_secret_t) + len);
Expand Down Expand Up @@ -197,11 +197,13 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs,
myproxy_response_t server_response = {0};

sasl_callback_t callbacks[] = {
{ SASL_CB_USER, &sasl_string_callback, client_request->username },
{ SASL_CB_AUTHNAME, &sasl_string_callback, client_request->username },
{ SASL_CB_PASS, &sasl_secret_callback, NULL },
{ SASL_CB_ECHOPROMPT, &sasl_prompt_callback, NULL },
{ SASL_CB_NOECHOPROMPT, &sasl_prompt_callback, NULL },
{ SASL_CB_USER, (int(*)(void)) (&sasl_string_callback),
client_request->username },
{ SASL_CB_AUTHNAME, (int(*)(void)) (&sasl_string_callback),
client_request->username },
{ SASL_CB_PASS, (int(*)(void)) (&sasl_secret_callback), NULL },
{ SASL_CB_ECHOPROMPT, (int(*)(void)) (&sasl_prompt_callback), NULL },
{ SASL_CB_NOECHOPROMPT, (int(*)(void)) (&sasl_prompt_callback), NULL },
{ SASL_CB_LIST_END, NULL, NULL }
};

Expand All @@ -219,10 +221,10 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs,
myproxy_debug("$SASL_PATH is %s", getenv("SASL_PATH"));
} else {
myproxy_debug("$SASL_PATH isn't set. Using /usr/lib/sasl2.");
}
}

fqdn = GSI_SOCKET_get_peer_hostname(attrs->gsi_socket);

memset(server_buffer, 0, sizeof(*server_buffer));

if (prompt) free(prompt);
Expand Down Expand Up @@ -337,7 +339,7 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs,

authorization_data_free(server_response.authorization_data);
server_response.authorization_data = NULL;
}
}

myproxy_debug("SASL negotiation finished.");

Expand All @@ -354,7 +356,7 @@ auth_sasl_negotiate_client(myproxy_socket_attrs_t *attrs,
conn = NULL;
}
sasl_done();

return result;
}

Expand Down
Loading