These functions allow handling of auth tokens in a completely opaque way,
with clear semantics and accessor fucntions that guarantee consistency,
proper access to data and error conditions.
---
 Makefile.am        |    2 +
 src/util/authtok.c |  195 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/util/authtok.h |  180 ++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 377 insertions(+), 0 deletions(-)
 create mode 100644 src/util/authtok.c
 create mode 100644 src/util/authtok.h

diff --git a/Makefile.am b/Makefile.am
index 
ce3f94f635f918438bf856c523e47c0f09fc328a..1e4442c4a4bdfafccf1db923d650da4d161ae480
 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -369,6 +369,7 @@ dist_noinst_HEADERS = \
     src/util/mmap_cache.h \
     src/util/atomic_io.h \
     src/util/auth_utils.h \
+    src/util/authtok.h \
     src/monitor/monitor.h \
     src/monitor/monitor_interfaces.h \
     src/responder/common/responder.h \
@@ -507,6 +508,7 @@ libsss_util_la_SOURCES = \
     src/util/sss_tc_utf8.c \
     src/util/murmurhash3.c \
     src/util/atomic_io.c \
+    src/util/authtok.c \
     src/util/sss_selinux.c \
     src/util/domain_info_utils.c \
     src/util/util_lock.c
diff --git a/src/util/authtok.c b/src/util/authtok.c
new file mode 100644
index 
0000000000000000000000000000000000000000..1f45953378021e9d30559030326134794965b240
--- /dev/null
+++ b/src/util/authtok.c
@@ -0,0 +1,195 @@
+/*
+   SSSD - auth utils
+
+   Copyright (C) Simo Sorce <s...@redhat.com> 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "authtok.h"
+
+enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok)
+{
+    return tok->type;
+}
+
+size_t sss_authtok_get_size(struct sss_auth_token *tok)
+{
+    switch (tok->type) {
+    case SSS_AUTHTOK_TYPE_PASSWORD:
+    case SSS_AUTHTOK_TYPE_CCFILE:
+        return tok->length;
+    default:
+        return 0;
+    }
+}
+
+uint8_t *sss_authtok_get_data(struct sss_auth_token *tok)
+{
+    return (void *)tok->data;
+}
+
+errno_t sss_authtok_get_password(struct sss_auth_token *tok,
+                                 const char **pwd, size_t *len)
+{
+    switch (tok->type) {
+    case SSS_AUTHTOK_TYPE_EMPTY:
+        return ENOENT;
+    case SSS_AUTHTOK_TYPE_PASSWORD:
+        *pwd = (const char *)tok->data;
+        if (len) {
+            *len = tok->length - 1;
+        }
+        return EOK;
+    default:
+        return EACCES;
+    }
+}
+
+errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok,
+                               const char **ccfile, size_t *len)
+{
+    switch (tok->type) {
+    case SSS_AUTHTOK_TYPE_EMPTY:
+        return ENOENT;
+    case SSS_AUTHTOK_TYPE_CCFILE:
+        *ccfile = (const char *)tok->data;
+        if (len) {
+            *len = tok->length - 1;
+        }
+        return EOK;
+    default:
+        return EACCES;
+    }
+}
+
+static errno_t sss_authtok_set_string(TALLOC_CTX *mem_ctx,
+                                      struct sss_auth_token *tok,
+                                      enum sss_authtok_type type,
+                                      const char *context_name,
+                                      const char *str, size_t len)
+{
+    size_t size;
+
+    if (len == 0) {
+        len = strlen(str);
+    } else {
+        while (len > 0 && str[len - 1] == '\0') len--;
+    }
+
+    if (len == 0) {
+        /* we do not allow zero length ttyped tokens */
+        return EINVAL;
+    }
+
+    size = len + 1;
+
+    tok->data = talloc_named(mem_ctx, size, context_name);
+    if (!tok->data) {
+        return ENOMEM;
+    }
+    memcpy(tok->data, str, len);
+    tok->data[len] = '\0';
+    tok->type = type;
+    tok->length = size;
+
+    return EOK;
+
+}
+
+void sss_authtok_set_empty(struct sss_auth_token *tok)
+{
+    switch (tok->type) {
+    case SSS_AUTHTOK_TYPE_EMPTY:
+        return;
+    case SSS_AUTHTOK_TYPE_PASSWORD:
+        safezero(tok->data, tok->length);
+    default:
+        break;
+    }
+
+    tok->type = SSS_AUTHTOK_TYPE_EMPTY;
+    talloc_zfree(tok->data);
+    tok->length = 0;
+}
+
+errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx,
+                                 struct sss_auth_token *tok,
+                                 const char *password, size_t len)
+{
+    sss_authtok_set_empty(tok);
+
+    return sss_authtok_set_string(mem_ctx, tok,
+                                  SSS_AUTHTOK_TYPE_PASSWORD,
+                                  "password", password, len);
+}
+
+errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx,
+                               struct sss_auth_token *tok,
+                               const char *ccfile, size_t len)
+{
+    sss_authtok_set_empty(tok);
+
+    return sss_authtok_set_string(mem_ctx, tok,
+                                  SSS_AUTHTOK_TYPE_CCFILE,
+                                  "ccfile", ccfile, len);
+}
+
+errno_t sss_authtok_set(TALLOC_CTX *mem_ctx,
+                        struct sss_auth_token *tok,
+                        enum sss_authtok_type type,
+                        uint8_t *data, size_t len)
+{
+    switch (type) {
+    case SSS_AUTHTOK_TYPE_PASSWORD:
+        return sss_authtok_set_password(mem_ctx, tok, (const char *)data, len);
+    case SSS_AUTHTOK_TYPE_CCFILE:
+        return sss_authtok_set_ccfile(mem_ctx, tok, (const char *)data, len);
+    case SSS_AUTHTOK_TYPE_EMPTY:
+        sss_authtok_set_empty(tok);
+        return EOK;
+    default:
+        return EINVAL;
+    }
+}
+
+errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx,
+                         struct sss_auth_token *src,
+                         struct sss_auth_token *dst)
+{
+    sss_authtok_set_empty(dst);
+
+    if (src->type == SSS_AUTHTOK_TYPE_EMPTY) {
+        return EOK;
+    }
+
+    dst->data = talloc_memdup(mem_ctx, src->data, src->length);
+    if (!dst->data) {
+        return ENOMEM;
+    }
+    dst->length = src->length;
+    dst->type = src->type;
+
+    return EOK;
+}
+
+void sss_authtok_wipe_password(struct sss_auth_token *tok)
+{
+    if (tok->type != SSS_AUTHTOK_TYPE_PASSWORD) {
+        return;
+    }
+
+    safezero(tok->data, tok->length);
+}
+
diff --git a/src/util/authtok.h b/src/util/authtok.h
new file mode 100644
index 
0000000000000000000000000000000000000000..c750711ea373506118aab75807dc706c217f6842
--- /dev/null
+++ b/src/util/authtok.h
@@ -0,0 +1,180 @@
+/*
+   SSSD - auth utils
+
+   Copyright (C) Simo Sorce <s...@redhat.com> 2012
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __AUTHTOK_H__
+#define __AUTHTOK_H__
+
+#include "util/util.h"
+#include "sss_client/sss_cli.h"
+
+/* Auth token structure,
+ * please never use directly.
+ * Use ss_authtok_* accesor functions instead
+ */
+struct sss_auth_token {
+    enum sss_authtok_type type;
+    uint8_t *data;
+    size_t length;
+};
+
+/**
+ * @brief Returns the token type
+ *
+ * @param tok    A pointer to an sss_auth_token
+ *
+ * @return       A sss_authtok_type (empty, password, ...)
+ */
+enum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok);
+
+/**
+ * @brief Returns the token size
+ *
+ * @param tok    A pointer to an sss_auth_token
+ *
+ * @return       The current size of the token payload
+ */
+size_t sss_authtok_get_size(struct sss_auth_token *tok);
+
+/**
+ * @brief Get the data buffer
+ *
+ * @param tok    A pointer to an sss_auth_token
+ *
+ * @return       A pointer to the token payload
+ */
+uint8_t *sss_authtok_get_data(struct sss_auth_token *tok);
+
+/**
+ * @brief Returns a const string if the auth token is of type
+          SSS_AUTHTOK_TYPE_PASSWORD, otherwise it returns an error
+ *
+ * @param tok    A pointer to an sss_auth_token
+ * @param pwd    A pointer to a const char *, that will point to a null
+ *               terminated string
+ * @param len    The length of the password string
+ *
+ * @return       EOK on success
+ *               ENOENT if the token is empty
+ *               EACCESS if the token is not a password token
+ */
+errno_t sss_authtok_get_password(struct sss_auth_token *tok,
+                                 const char **pwd, size_t *len);
+
+/**
+ * @brief Set a password into a an auth token, replacing any previous data
+ *
+ * @param mem_ctx    A memory context use to allocate the internal data
+ * @param tok        A pointer to a sss_auth_token structure to change
+ * @param password   A string
+ * @param len        The length of the string or, if 0 is passed,
+ *                   then strlen(password) will be used internally.
+ *
+ * @return       EOK on success
+ *               ENOMEM on error
+ */
+errno_t sss_authtok_set_password(TALLOC_CTX *mem_ctx,
+                                 struct sss_auth_token *tok,
+                                 const char *password, size_t len);
+
+/**
+ * @brief Returns a const string if the auth token is of type
+         SSS_AUTHTOK_TYPE_CCFILE, otherwise it returns an error
+ *
+ * @param tok    A pointer to an sss_auth_token
+ * @param ccfile A pointer to a const char *, that will point to a null
+ *               terminated string
+ * @param len    The length of the string
+ *
+ * @return       EOK on success
+ *               ENOENT if the token is empty
+ *               EACCESS if the token is not a password token
+ */
+errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok,
+                               const char **ccfile, size_t *len);
+
+/**
+ * @brief Set a cc file name into a an auth token, replacing any previous data
+ *
+ * @param mem_ctx    A memory context use to allocate the internal data
+ * @param tok        A pointer to a sss_auth_token structure to change
+ * @param ccfile     A null terminated string
+ * @param len    The length of the string
+ *
+ * @return       EOK on success
+ *               ENOMEM on error
+ */
+errno_t sss_authtok_set_ccfile(TALLOC_CTX *mem_ctx,
+                               struct sss_auth_token *tok,
+                               const char *ccfile, size_t len);
+
+/**
+ * @brief Resets an auth token to the empty status
+ *
+ * @param tok    A pointer to a sss_auth_token structure to reset
+ *
+ * NOTE: This function uses safezero() on the payload if the type
+ * is SSS_AUTHTOK_TYPE_PASSWORD
+ */
+void sss_authtok_set_empty(struct sss_auth_token *tok);
+
+/**
+ * @brief Set an auth token by type, replacing any previous data
+ *
+ * @param mem_ctx    A memory context use to allocate the internal data
+ * @param tok        A pointer to a sss_auth_token structure to change
+ * @param type       A valid authtok type
+ * @param ccfile     A data pointer
+ * @param len        The length of the data
+ *
+ * @return       EOK on success
+ *               ENOMEM or EINVAL on error
+ */
+errno_t sss_authtok_set(TALLOC_CTX *mem_ctx,
+                        struct sss_auth_token *tok,
+                        enum sss_authtok_type type,
+                        uint8_t *data, size_t len);
+
+/**
+ * @brief Copy an auth token from source to destination
+ *
+ * @param mem_ctx    The memory context to use for allocations on dst
+ * @param src        The source auth token
+ * @param dst        The destination auth token
+ *
+ * @return       EOK on success
+ *               ENOMEM on error
+ */
+errno_t sss_authtok_copy(TALLOC_CTX *mem_ctx,
+                         struct sss_auth_token *src,
+                         struct sss_auth_token *dst);
+
+/**
+ * @brief Uses safezero to wipe the password from memory if the
+ *        authtoken contains a password, otherwise does nothing.
+ *
+ * @param tok       A pointer to a sss_auth_token structure to change
+ *
+ * NOTE: This function should only be used in destructors or similar
+ * functions where freing the actual string is unsafe and where it can
+ * be guaranteed that the auth token will not be used anymore.
+ * Use sss_authtok_set_empty() in normal circumstances.
+ */
+void sss_authtok_wipe_password(struct sss_auth_token *tok);
+
+#endif /*  __AUTHTOK_H__ */
-- 
1.7.1

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to