The current way we handle with auth token is manual and very error prone. The semanthics are also confusing and do not make clear how tokens are stored such that manipulating them is difficult. For example it was unclar in the code whether password tokens where 0 terminated and whether the length would incliude the null termination byte or not.
This code creates a standard structure called sss_auth_token that has a full set of getters and setters. Simo. Note: I wanted to make this structure completely opaque but it would have required a lot more allocations and pointers, and made the patchset larger. Fixes: https://fedorahosted.org/sssd/ticket/1586 Simo Sorce (4): Code can only check for cached passwords Add function to safely wipe memory. Add authtok utility functions. Change pam data auth tokens. Makefile.am | 4 + src/db/sysdb.h | 3 +- src/db/sysdb_ops.c | 13 +- src/providers/data_provider.h | 9 +- src/providers/dp_auth_util.c | 77 ++++++---- src/providers/dp_pam_data_util.c | 113 ++++++++------- src/providers/ipa/ipa_auth.c | 6 +- src/providers/krb5/krb5_auth.c | 45 +++--- src/providers/krb5/krb5_child.c | 148 ++++++++++--------- src/providers/krb5/krb5_child_handler.c | 59 ++++++-- .../krb5/krb5_delayed_online_authentication.c | 50 ++++--- src/providers/krb5/krb5_renew_tgt.c | 18 +-- src/providers/ldap/ldap_auth.c | 90 +++++------- src/providers/ldap/sdap_async.c | 4 +- src/providers/ldap/sdap_async.h | 7 +- src/providers/ldap/sdap_async_connection.c | 85 ++++++----- src/providers/proxy/proxy.h | 7 +- src/providers/proxy/proxy_auth.c | 14 +- src/providers/proxy/proxy_child.c | 51 ++++--- src/responder/pam/pam_LOCAL_domain.c | 52 +++---- src/responder/pam/pamsrv_cmd.c | 159 ++++++++++++--------- src/tests/krb5_child-test.c | 13 +- src/tests/sysdb-tests.c | 6 +- src/util/authtok.c | 146 +++++++++++++++++++ src/util/authtok.h | 137 ++++++++++++++++++ src/util/util.c | 9 ++ src/util/util.h | 10 ++ 27 files changed, 856 insertions(+), 479 deletions(-) create mode 100644 src/util/authtok.c create mode 100644 src/util/authtok.h -- 1.7.11.4 _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel