/*
- * $Id: uams_dhx_pam.c,v 1.28 2008-12-03 19:15:06 didg Exp $
+ * $Id: uams_dhx_pam.c,v 1.33 2010-03-30 10:25:49 franklahm Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
#ifdef HAVE_PAM_PAM_APPL_H
#include <pam/pam_appl.h>
#endif
-
+#include <arpa/inet.h>
#if defined(GNUTLS_DHX)
#include <gnutls/openssl.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/cast.h>
+#include <openssl/err.h>
#else /* OPENSSL_DHX */
#include <bn.h>
#include <dh.h>
#include <cast.h>
+#include <err.h>
#endif /* OPENSSL_DHX */
#include <atalk/afp.h>
/* the secret key */
static CAST_KEY castkey;
static struct passwd *dhxpwd;
-static u_int8_t randbuf[KEYSIZE];
+static uint8_t randbuf[KEYSIZE];
/* diffie-hellman bits */
static unsigned char msg2_iv[] = "CJalbert";
static unsigned char msg3_iv[] = "LWallace";
-static const u_int8_t p[] = {0xBA, 0x28, 0x73, 0xDF, 0xB0, 0x60, 0x57, 0xD4,
+static const uint8_t p[] = {0xBA, 0x28, 0x73, 0xDF, 0xB0, 0x60, 0x57, 0xD4,
0x3F, 0x20, 0x24, 0x74, 0x4C, 0xEE, 0xE7, 0x5B};
-static const u_int8_t g = 0x07;
+static const uint8_t g = 0x07;
/* Static variables used to communicate between the conversation function
};
-static int dhx_setup(void *obj, char *ibuf, int ibuflen _U_,
- char *rbuf, int *rbuflen)
+static int dhx_setup(void *obj, char *ibuf, size_t ibuflen _U_,
+ char *rbuf, size_t *rbuflen)
{
- u_int16_t sessid;
- int i;
+ uint16_t sessid;
+ size_t i;
BIGNUM *bn, *gbn, *pbn;
DH *dh;
/* -------------------------------- */
static int login(void *obj, char *username, int ulen, struct passwd **uam_pwd _U_,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
if (( dhxpwd = uam_getname(obj, username, ulen)) == NULL ) {
LOG(log_info, logtype_uams, "uams_dhx_pam.c: unknown username");
- return AFPERR_PARAM;
+ return AFPERR_NOTAUTH;
}
PAM_username = username;
/* dhx login: things are done in a slightly bizarre order to avoid
* having to clean things up if there's an error. */
static int pam_login(void *obj, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
char *username;
- int len, ulen;
+ size_t len, ulen;
*rbuflen = 0;
/* ----------------------------- */
static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
char *username;
- int len, ulen;
- u_int16_t temp16;
+ int len;
+ size_t ulen;
+ uint16_t temp16;
*rbuflen = 0;
/* -------------------------------- */
static int pam_logincont(void *obj, struct passwd **uam_pwd,
- char *ibuf, int ibuflen _U_,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen _U_,
+ char *rbuf, size_t *rbuflen)
{
- char *hostname;
+ const char *hostname;
BIGNUM *bn1, *bn2, *bn3;
- u_int16_t sessid;
+ uint16_t sessid;
int err, PAM_error;
*rbuflen = 0;
}
/* logout */
-static void pam_logout() {
+static void pam_logout(void) {
pam_close_session(pamh, 0);
pam_end(pamh, 0);
pamh = NULL;
/* change pw for dhx needs a couple passes to get everything all
* right. basically, it's like the login/logincont sequence */
static int pam_changepw(void *obj, char *username,
- struct passwd *pwd _U_, char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ struct passwd *pwd _U_, char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
BIGNUM *bn1, *bn2, *bn3;
char *hostname;
pam_handle_t *lpamh;
uid_t uid;
- u_int16_t sessid;
+ uint16_t sessid;
int PAM_error;
+ if (ibuflen < sizeof(sessid)) {
+ return AFPERR_PARAM;
+ }
+
/* grab the id */
memcpy(&sessid, ibuf, sizeof(sessid));
ibuf += sizeof(sessid);