NOTE: this is just a rebase due to the dependency on the previous patcheset for which some changes were requested,
The current way we handle with auth token is manual and very error prone. The semanthics are also confusing and do not make clear how tokens are stored such that manipulating them is difficult. For example it was unclar in the code whether password tokens where 0 terminated and whether the length would incliude the null termination byte or not. This code creates a standard structure called sss_auth_token that has a full set of getters and setters. This patchset depends on the previous patchset I sent that fixes various tevent_req style issues. It has been tested by performing PAM authentication requests using a kerberos based backend (IPA + AD trust), which should excercise most code paths where it is used. Note: I wanted to make this structure completely opaque but it would have required a lot more allocations and pointers, and made the patchset larger. Fixes: https://fedorahosted.org/sssd/ticket/1586 Simo. Simo Sorce (4): Code can only check for cached passwords Add function to safely wipe memory. Add authtok utility functions. Change pam data auth tokens. Makefile.am | 4 + src/db/sysdb.h | 3 +- src/db/sysdb_ops.c | 13 +-- src/providers/data_provider.h | 9 +- src/providers/dp_auth_util.c | 76 +++++--- src/providers/dp_pam_data_util.c | 113 ++++++------ src/providers/ipa/ipa_auth.c | 6 +- src/providers/krb5/krb5_auth.c | 52 +++--- src/providers/krb5/krb5_child.c | 148 ++++++++------- src/providers/krb5/krb5_child_handler.c | 59 +++++- .../krb5/krb5_delayed_online_authentication.c | 50 ++++-- src/providers/krb5/krb5_renew_tgt.c | 18 +-- src/providers/ldap/ldap_auth.c | 90 ++++------ src/providers/ldap/sdap_async.c | 4 +- src/providers/ldap/sdap_async.h | 7 +- src/providers/ldap/sdap_async_connection.c | 88 +++++---- src/providers/proxy/proxy.h | 7 +- src/providers/proxy/proxy_auth.c | 14 +- src/providers/proxy/proxy_child.c | 51 +++-- src/responder/pam/pam_LOCAL_domain.c | 52 ++---- src/responder/pam/pamsrv_cmd.c | 159 +++++++++------- src/tests/krb5_child-test.c | 13 +- src/tests/sysdb-tests.c | 6 +- src/util/authtok.c | 195 ++++++++++++++++++++ src/util/authtok.h | 180 ++++++++++++++++++ src/util/util.c | 9 + src/util/util.h | 10 + 27 files changed, 951 insertions(+), 485 deletions(-) create mode 100644 src/util/authtok.c create mode 100644 src/util/authtok.h _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel