83 lines
3.1 KiB
Diff
83 lines
3.1 KiB
Diff
|
From e4b015773306a7c404dd45de56cc8592a7c8513b Mon Sep 17 00:00:00 2001
|
||
|
From: Sumit Bose <sbose@redhat.com>
|
||
|
Date: Mon, 7 Mar 2016 17:07:16 +0100
|
||
|
Subject: [PATCH 105/108] pam_sss: reorder pam_message array
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
There are different expectations about how the pam_message array is
|
||
|
organized, details can be found in the pam_conv man page. E.g. sudo was
|
||
|
not able to handle the Linux-PAM style but expected the Solaris PAM
|
||
|
style. With this patch both styles should work as expected.
|
||
|
|
||
|
Resolves https://fedorahosted.org/sssd/ticket/2971
|
||
|
|
||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||
|
(cherry picked from commit 957e0a8675359d90fa50067b704578d01f565bba)
|
||
|
(cherry picked from commit 4a01e6a6fd66e622b80739472a0aa06d1c79a6a9)
|
||
|
---
|
||
|
src/sss_client/pam_sss.c | 36 ++++++++++++++----------------------
|
||
|
1 file changed, 14 insertions(+), 22 deletions(-)
|
||
|
|
||
|
diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
|
||
|
index b4f7efe49017870186f1cd9e91603033a5354770..5b2307c1b59e2de5d52fdc871b12afaa90780f76 100644
|
||
|
--- a/src/sss_client/pam_sss.c
|
||
|
+++ b/src/sss_client/pam_sss.c
|
||
|
@@ -1260,8 +1260,7 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi,
|
||
|
int ret;
|
||
|
const struct pam_conv *conv;
|
||
|
const struct pam_message *mesg[2] = { NULL, NULL };
|
||
|
- struct pam_message *m1;
|
||
|
- struct pam_message *m2;
|
||
|
+ struct pam_message m[2] = { {0}, {0} };
|
||
|
struct pam_response *resp = NULL;
|
||
|
size_t needed_size;
|
||
|
|
||
|
@@ -1270,29 +1269,22 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi,
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
- m1 = malloc(sizeof(struct pam_message));
|
||
|
- if (m1 == NULL) {
|
||
|
- D(("Malloc failed."));
|
||
|
- return PAM_SYSTEM_ERR;
|
||
|
- }
|
||
|
+ m[0].msg_style = PAM_PROMPT_ECHO_OFF;
|
||
|
+ m[0].msg = prompt_fa1;
|
||
|
+ m[1].msg_style = PAM_PROMPT_ECHO_OFF;
|
||
|
+ m[1].msg = prompt_fa2;
|
||
|
|
||
|
- m2 = malloc(sizeof(struct pam_message));
|
||
|
- if (m2 == NULL) {
|
||
|
- D(("Malloc failed."));
|
||
|
- free(m1);
|
||
|
- return PAM_SYSTEM_ERR;
|
||
|
- }
|
||
|
- m1->msg_style = PAM_PROMPT_ECHO_OFF;
|
||
|
- m1->msg = prompt_fa1;
|
||
|
- m2->msg_style = PAM_PROMPT_ECHO_OFF;
|
||
|
- m2->msg = prompt_fa2;
|
||
|
-
|
||
|
- mesg[0] = (const struct pam_message *) m1;
|
||
|
- mesg[1] = (const struct pam_message *) m2;
|
||
|
+ mesg[0] = (const struct pam_message *) m;
|
||
|
+ /* The following assignment might look a bit odd but is recommended in the
|
||
|
+ * pam_conv man page to make sure that the second argument of the PAM
|
||
|
+ * conversation function can be interpreted in two different ways.
|
||
|
+ * Basically it is important that both the actual struct pam_message and
|
||
|
+ * the pointers to the struct pam_message are arrays. Since the assignment
|
||
|
+ * makes clear that mesg[] and (*mesg)[] are arrays it should be kept this
|
||
|
+ * way and not be replaced by other equivalent assignments. */
|
||
|
+ mesg[1] = & (( *mesg )[1]);
|
||
|
|
||
|
ret = conv->conv(2, mesg, &resp, conv->appdata_ptr);
|
||
|
- free(m1);
|
||
|
- free(m2);
|
||
|
if (ret != PAM_SUCCESS) {
|
||
|
D(("Conversation failure: %s.", pam_strerror(pamh, ret)));
|
||
|
return ret;
|
||
|
--
|
||
|
2.7.3
|
||
|
|