dhx2 logincont packet size, from Frank Lahm

[netatalk.git] / etc / uams / uams_dhx2_pam.c

diff --git a/etc/uams/uams_dhx2_pam.c b/etc/uams/uams_dhx2_pam.c
index 10d468b38641c1f3275617bd0fa0971e50642452..57cc523b4108091a529c5e9da0822b5b30ee6322 100644 (file)
--- a/etc/uams/uams_dhx2_pam.c
+++ b/etc/uams/uams_dhx2_pam.c
@@ -1,5 +1,5 @@
 /*
- * $Id: uams_dhx2_pam.c,v 1.2 2008-11-24 20:15:55 didg Exp $
+ * $Id: uams_dhx2_pam.c,v 1.6 2009-01-15 04:16:32 didg Exp $
  *
  * Copyright (c) 1990,1993 Regents of The University of Michigan.
  * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
@@ -63,7 +63,7 @@ static struct passwd *dhxpwd;
 
 /*********************************************************
  * Crypto helper func to generate p and g for use in DH.
- * libgcrpyt doesn't provide one directly.
+ * libgcrypt doesn't provide one directly.
  * Algorithm taken from GNUTLS:gnutls_dh_primes.c 
  *********************************************************/
 
@@ -253,7 +253,7 @@ static struct pam_conv PAM_conversation = {
 };
 
 
-static int dhx2_setup(void *obj, char *ibuf, int ibuflen _U_,
+static int dhx2_setup(void *obj, char *ibuf _U_, int ibuflen _U_,
                      char *rbuf, int *rbuflen)
 {
     int ret;
@@ -424,7 +424,7 @@ static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
 
 /* -------------------------------- */
 
-static int logincont1(void *obj, char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
+static int logincont1(void *obj _U_, char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
 {
     int ret;
     size_t nwritten;
@@ -434,6 +434,8 @@ static int logincont1(void *obj, char *ibuf, int ibuflen, char *rbuf, int *rbufl
     gcry_cipher_hd_t ctx;
     gcry_error_t ctxerror;
 
+    *rbuflen = 0;
+
     Mb = gcry_mpi_new(0);
     K = gcry_mpi_new(0);
     clientNonce = gcry_mpi_new(0);
@@ -560,7 +562,7 @@ exit:
 
 static int logincont2(void *obj, struct passwd **uam_pwd,
                      char *ibuf, int ibuflen,
-                     char *rbuf, int *rbuflen)
+                     char *rbuf _U_, int *rbuflen)
 {
     int ret;
     int PAM_error;
@@ -571,9 +573,9 @@ static int logincont2(void *obj, struct passwd **uam_pwd,
 
     *rbuflen = 0;
 
-    /* Packet size should be: Session ID + ServerNonce + Passwd buffer */
-    if (ibuflen != 2 + 16 + 256) {
-        LOG(log_error, logtype_uams, "DHX2: Paket length not correct");
+    /* Packet size should be: Session ID + ServerNonce + Passwd buffer (evantually +10 extra bytes, see Apples Docs) */
+    if ((ibuflen != 2 + 16 + 256) && (ibuflen != 2 + 16 + 256 + 10)) {
+        LOG(log_error, logtype_uams, "DHX2: Paket length not correct: %d. Should be 274 or 284.", ibuflen);
         ret = AFPERR_PARAM;
         goto error_noctx;
     }
@@ -873,18 +875,18 @@ static int dhx2_changepw(void *obj _U_, char *uname,
     /* We use this to serialize the three incoming FPChangePassword calls */
     static int dhx2_changepw_status = 1;
 
-    int ret;
+    int ret = AFPERR_NOTAUTH;  /* gcc can't figure out it's always initialized */
 
     switch (dhx2_changepw_status) {
     case 1:
        ret = changepw_1( obj, uname, ibuf, ibuflen, rbuf, rbuflen);
        if ( ret == AFPERR_AUTHCONT)
-           dhx2_changepw_status += 1;
+           dhx2_changepw_status = 2;
        break;
     case 2:
        ret = changepw_2( obj, ibuf, ibuflen, rbuf, rbuflen);
         if ( ret == AFPERR_AUTHCONT)
-            dhx2_changepw_status += 1;
+            dhx2_changepw_status = 3;
        else
            dhx2_changepw_status = 1;
        break;