These functions allow handling of auth tokens in a completely opaque way,
with clear semantics and accessor fucntions that guarantee consistency,
proper access to data and error conditions.
Signed-off-by: Simo Sorce <s...@redhat.com>
---
Makefile.am | 2 +
src/util/authtok.c | 146 +++++++++++++++++++++++++++++++++++++++++++++++++++++
src/util/authtok.h | 137 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 285 insertions(+)
create mode 100644 src/util/authtok.c
create mode 100644 src/util/authtok.h
diff --git a/Makefile.am b/Makefile.am
index
ee7e198f1d609ce2d9a81f7e9562ee2e5c93966b..0404a854ddd104bf173ad2f4909c6728f3a3af95
100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -368,6 +368,7 @@ dist_noinst_HEADERS = \
src/util/murmurhash3.h \
src/util/mmap_cache.h \
src/util/atomic_io.h \
+ src/util/authtok.h \
src/monitor/monitor.h \
src/monitor/monitor_interfaces.h \
src/responder/common/responder.h \
@@ -506,6 +507,7 @@ libsss_util_la_SOURCES = \
src/util/sss_tc_utf8.c \
src/util/murmurhash3.c \
src/util/atomic_io.c \
+ src/util/authtok.c \
src/util/sss_selinux.c \
src/util/domain_info_utils.c
libsss_util_la_LIBADD = \
diff --git a/src/util/authtok.c b/src/util/authtok.c
new file mode 100644
index
0000000000000000000000000000000000000000..91cc43fe51ee94827e56b25d0d26a214edc266db
--- /dev/null
+++ b/src/util/authtok.c
@@ -0,0 +1,146 @@
+/*
+ SSSD - auth utils
+
+ Copyright (C) Simo Sorce <s...@redhat.com> 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "authtok.h"
+
+enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok)
+{
+ return tok->type;
+}
+
+size_t sss_authtok_get_size(struct sss_auth_token *tok)
+{
+ switch (tok->type) {
+ case SSS_AUTHTOK_TYPE_PASSWORD:
+ case SSS_AUTHTOK_TYPE_CCFILE:
+ return tok->length + 1;
+ default:
+ return 0;
+ }
+}
+
+errno_t sss_authtok_get_password(struct sss_auth_token *tok,
+ const char **pwd, size_t *len)
+{
+ switch (tok->type) {
+ case SSS_AUTHTOK_TYPE_EMPTY:
+ return ENOENT;
+ case SSS_AUTHTOK_TYPE_PASSWORD:
+ *pwd = (const char *)tok->data;
+ if (len) {
+ *len = tok->length;
+ }
+ return EOK;
+ default:
+ return EACCES;
+ }
+}
+
+errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx,
+ struct sss_auth_token *tok,
+ const char *password, size_t len)
+{
+ sss_authtok_set_empty(tok);
+
+ if (len == 0) {
+ len = strlen(password);
+ }
+
+ if (len != 0) {
+ tok->data = talloc_named(mem_ctx, len + 1, "password");
+ if (!tok->data) {
+ return ENOMEM;
+ }
+ memcpy(tok->data, password, len);
+ tok->data[len] = '\0';
+ tok->type = SSS_AUTHTOK_TYPE_PASSWORD;
+ tok->length = len;
+ }
+
+ return EOK;
+}
+
+errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok,
+ const char **ccfile, size_t *len)
+{
+ switch (tok->type) {
+ case SSS_AUTHTOK_TYPE_EMPTY:
+ return ENOENT;
+ case SSS_AUTHTOK_TYPE_CCFILE:
+ *ccfile = (const char *)tok->data;
+ if (len) {
+ *len = tok->length;
+ }
+ return EOK;
+ default:
+ return EACCES;
+ }
+}
+
+errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx,
+ struct sss_auth_token *tok,
+ const char *ccfile)
+{
+ sss_authtok_set_empty(tok);
+
+ tok->data = (uint8_t *)talloc_strdup(mem_ctx, ccfile);
+ if (!tok->data) {
+ return ENOMEM;
+ }
+ tok->type = SSS_AUTHTOK_TYPE_CCFILE;
+ tok->length = strlen(ccfile);
+
+ return EOK;
+}
+
+void sss_authtok_set_empty(struct sss_auth_token *tok)
+{
+ switch (tok->type) {
+ case SSS_AUTHTOK_TYPE_EMPTY:
+ return;
+ case SSS_AUTHTOK_TYPE_PASSWORD:
+ safezero(tok->data, tok->length);
+ default:
+ break;
+ }
+
+ tok->type = SSS_AUTHTOK_TYPE_EMPTY;
+ talloc_zfree(tok->data);
+ tok->length = 0;
+}
+
+errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx,
+ struct sss_auth_token *src,
+ struct sss_auth_token *dst)
+{
+ sss_authtok_set_empty(dst);
+
+ if (src->type == SSS_AUTHTOK_TYPE_EMPTY) {
+ return EOK;
+ }
+
+ dst->data = talloc_memdup(mem_ctx, src->data, src->length);
+ if (!dst->data) {
+ return ENOMEM;
+ }
+ dst->length = src->length;
+ dst->type = src->type;
+
+ return EOK;
+}
diff --git a/src/util/authtok.h b/src/util/authtok.h
new file mode 100644
index
0000000000000000000000000000000000000000..2adb0b9e02597bb8c760c26fd715b6414fa81bf5
--- /dev/null
+++ b/src/util/authtok.h
@@ -0,0 +1,137 @@
+/*
+ SSSD - auth utils
+
+ Copyright (C) Simo Sorce <s...@redhat.com> 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __AUTHTOK_H__
+#define __AUTHTOK_H__
+
+#include "util/util.h"
+#include "sss_client/sss_cli.h"
+
+/* Auth token structure,
+ * please never use directly.
+ * Use ss_authtok_* accesor functions instead
+ */
+struct sss_auth_token {
+ enum sss_authtok_type type;
+ uint8_t *data;
+ size_t length;
+};
+
+/**
+ * @brief Returns the token type
+ *
+ * @param tok A pointer to an sss_auth_token
+ *
+ * @return A sss_authtok_type (empty, password, ...)
+ */
+enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok);
+
+/**
+ * @brief Returns the token size
+ *
+ * @param tok A pointer to an sss_auth_token
+ *
+ * @return The current size of the token payload
+ */
+size_t sss_authtok_get_size(struct sss_auth_token *tok);
+
+/**
+ * @brief Returns a const string if the auth token is of type
+ SSS_AUTHTOK_TYPE_PASSWORD, otherwise it returns an error
+ *
+ * @param tok A pointer to an sss_auth_token
+ * @param pwd A pointer to a const char *, that will point to a null
+ * terminated string
+ * @param len The length of the password string
+ *
+ * @return EOK on success
+ * ENOENT if the token is empty
+ * EACCESS if the token is not a password token
+ */
+errno_t sss_authtok_get_password(struct sss_auth_token *tok,
+ const char **pwd, size_t *len);
+
+/**
+ * @brief Set a password into a an auth token, replacing any previous data
+ *
+ * @param mem_ctx A memory context use to allocate the internal data
+ * @param tok A pointer to a sss_auth_token structure to change
+ * @param password A string
+ * @param len The length of the string or, if 0 is passed,
+ * then strlen(password) will be used internally.
+ *
+ * @return EOK on success
+ * ENOMEM on error
+ */
+errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx,
+ struct sss_auth_token *tok,
+ const char *password, size_t len);
+
+/**
+ * @brief Returns a const string if the auth token is of type
+ SSS_AUTHTOK_TYPE_CCFILE, otherwise it returns an error
+ *
+ * @param tok A pointer to an sss_auth_token
+ * @param ccfile A pointer to a const char *, that will point to a null
+ * terminated string
+ * @param len The length of the string
+ *
+ * @return EOK on success
+ * ENOENT if the token is empty
+ * EACCESS if the token is not a password token
+ */
+errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok,
+ const char **ccfile, size_t *len);
+
+/**
+ * @brief Set a cc file name into a an auth token, replacing any previous data
+ *
+ * @param mem_ctx A memory context use to allocate the internal data
+ * @param tok A pointer to a sss_auth_token structure to change
+ * @param ccfile A null terminated string
+ *
+ * @return EOK on success
+ * ENOMEM on error
+ */
+errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx,
+ struct sss_auth_token *tok,
+ const char *ccfile);
+
+/**
+ * @brief Resets an auth token to the empty status
+ *
+ * @param tok A pointer to a sss_auth_token structure to reset
+ */
+void sss_authtok_set_empty(struct sss_auth_token *tok);
+
+/**
+ * @brief Copy an auth token from source to destination
+ *
+ * @param mem_ctx The memory context to use for allocations on dst
+ * @param src The source auth token
+ * @param dst The destination auth token
+ *
+ * @return EOK on success
+ * ENOMEM on error
+ */
+errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx,
+ struct sss_auth_token *src,
+ struct sss_auth_token *dst);
+
+#endif /* __AUTHTOK_H__ */
--
1.7.11.4
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
