/*
- * $Id: uams_dhx2_pam.c,v 1.1 2008-11-22 12:07:26 didg Exp $
+ * $Id: uams_dhx2_pam.c,v 1.9 2009-11-05 14:38:07 franklahm Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
/*********************************************************
* Crypto helper func to generate p and g for use in DH.
- * libgcrpyt doesn't provide one directly.
+ * libgcrypt doesn't provide one directly.
* Algorithm taken from GNUTLS:gnutls_dh_primes.c
*********************************************************/
};
-static int dhx2_setup(void *obj, char *ibuf, int ibuflen _U_,
- char *rbuf, int *rbuflen)
+static int dhx2_setup(void *obj, char *ibuf _U_, size_t ibuflen _U_,
+ char *rbuf, size_t *rbuflen)
{
- int i, ret;
-
- unsigned int g_uint;
+ int ret;
+ size_t nwritten;
gcry_mpi_t g, Ma;
char *Ra_binary = NULL;
- gcry_cipher_hd_t ctx;
- gcry_error_t ctxerror;
-
- const int g_len = 4;
- size_t len;
- size_t nwritten;
*rbuflen = 0;
*rbuflen += 2;
/* g is next */
- gcry_mpi_print( GCRYMPI_FMT_USG, rbuf, 4, &nwritten, g);
+ gcry_mpi_print( GCRYMPI_FMT_USG, (unsigned char *)rbuf, 4, &nwritten, g);
if (nwritten < 4) {
memmove( rbuf+4-nwritten, rbuf, nwritten);
memset( rbuf, 0, 4-nwritten);
*rbuflen += 2;
/* p */
- gcry_mpi_print( GCRYMPI_FMT_USG, rbuf, PRIMEBITS/8, NULL, p);
+ gcry_mpi_print( GCRYMPI_FMT_USG, (unsigned char *)rbuf, PRIMEBITS/8, NULL, p);
rbuf += PRIMEBITS/8;
*rbuflen += PRIMEBITS/8;
/* Ma */
- gcry_mpi_print( GCRYMPI_FMT_USG, rbuf, PRIMEBITS/8, &len, Ma);
- if (len < PRIMEBITS/8) {
- memmove(rbuf + (PRIMEBITS/8) - len, rbuf, len);
- memset(rbuf, 0, (PRIMEBITS/8) - len);
+ gcry_mpi_print( GCRYMPI_FMT_USG, (unsigned char *)rbuf, PRIMEBITS/8, &nwritten, Ma);
+ if (nwritten < PRIMEBITS/8) {
+ memmove(rbuf + (PRIMEBITS/8) - nwritten, rbuf, nwritten);
+ memset(rbuf, 0, (PRIMEBITS/8) - nwritten);
}
rbuf += PRIMEBITS/8;
*rbuflen += PRIMEBITS/8;
/* -------------------------------- */
static int login(void *obj, char *username, int ulen, struct passwd **uam_pwd _U_,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
if (( dhxpwd = uam_getname(obj, username, ulen)) == NULL ) {
LOG(log_info, logtype_uams, "DHX2: unknown username");
/* dhx login: things are done in a slightly bizarre order to avoid
* having to clean things up if there's an error. */
static int pam_login(void *obj, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
char *username;
- int len, ulen;
+ size_t len, ulen;
*rbuflen = 0;
/* ----------------------------- */
static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
char *username;
- int len, ulen;
+ size_t len, ulen;
u_int16_t temp16;
*rbuflen = 0;
/* -------------------------------- */
-static int logincont1(void *obj, char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
+static int logincont1(void *obj _U_, char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
{
- u_int16_t retID;
- size_t nwritten;
int ret;
- *rbuflen = 0;
-
+ size_t nwritten;
gcry_mpi_t Mb, K, clientNonce;
- char *K_bin = NULL;
+ unsigned char *K_bin = NULL;
char serverNonce_bin[16];
gcry_cipher_hd_t ctx;
gcry_error_t ctxerror;
+ *rbuflen = 0;
+
Mb = gcry_mpi_new(0);
K = gcry_mpi_new(0);
clientNonce = gcry_mpi_new(0);
*rbuflen += 2;
/* Client nonce + 1 */
- gcry_mpi_print(GCRYMPI_FMT_USG, rbuf, PRIMEBITS/8, NULL, clientNonce);
+ gcry_mpi_print(GCRYMPI_FMT_USG, (unsigned char *)rbuf, PRIMEBITS/8, NULL, clientNonce);
/* Server nonce */
memcpy(rbuf+16, serverNonce_bin, 16);
}
static int logincont2(void *obj, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf _U_, size_t *rbuflen)
{
int ret;
int PAM_error;
- char *hostname = NULL;
+ const char *hostname = NULL;
gcry_mpi_t retServerNonce;
gcry_cipher_hd_t ctx;
gcry_error_t ctxerror;
*rbuflen = 0;
- /* Packet size should be: Session ID + ServerNonce + Passwd buffer */
- if (ibuflen != 2 + 16 + 256) {
- LOG(log_error, logtype_uams, "DHX2: Paket length not correct");
+ /* Packet size should be: Session ID + ServerNonce + Passwd buffer (evantually +10 extra bytes, see Apples Docs) */
+ if ((ibuflen != 2 + 16 + 256) && (ibuflen != 2 + 16 + 256 + 10)) {
+ LOG(log_error, logtype_uams, "DHX2: Paket length not correct: %u. Should be 274 or 284.", ibuflen);
ret = AFPERR_PARAM;
goto error_noctx;
}
}
static int pam_logincont(void *obj, struct passwd **uam_pwd,
- char *ibuf, int ibuflen,
- char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen,
+ char *rbuf, size_t *rbuflen)
{
u_int16_t retID;
int ret;
/* logout */
-static void pam_logout() {
+static void pam_logout(void) {
pam_close_session(pamh, 0);
pam_end(pamh, 0);
pamh = NULL;
* --- Change pwd stuff --- */
static int changepw_1(void *obj, char *uname,
- char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
{
- unsigned int len;
*rbuflen = 0;
/* Remember it now, use it in changepw_3 */
PAM_username = uname;
- LOG(log_error, logtype_uams, "DHX2 ChangePW: packet 1 processin for user: %s",PAM_username);
-
return( dhx2_setup(obj, ibuf, ibuflen, rbuf, rbuflen) );
}
static int changepw_2(void *obj,
- char *ibuf, int ibuflen, char *rbuf, int *rbuflen)
+ char *ibuf, size_t ibuflen, char *rbuf, size_t *rbuflen)
{
- LOG(log_error, logtype_uams, "DHX2 ChangePW: packet 2 processing");
return( logincont1(obj, ibuf, ibuflen, rbuf, rbuflen) );
}
static int changepw_3(void *obj _U_,
- char *ibuf, int ibuflen _U_,
- char *rbuf _U_, int *rbuflen _U_)
+ char *ibuf, size_t ibuflen _U_,
+ char *rbuf _U_, size_t *rbuflen _U_)
{
int ret;
int PAM_error;
uid_t uid;
pam_handle_t *lpamh;
- char *hostname = NULL;
+ const char *hostname = NULL;
gcry_mpi_t retServerNonce;
gcry_cipher_hd_t ctx;
gcry_error_t ctxerror;
ibuf[255] = '\0'; /* For safety */
ibuf[511] = '\0';
- LOG(log_info, logtype_uams, "DHX2 Chgpwd: new pwd \'%s\'",ibuf);
- LOG(log_info, logtype_uams, "DHX2 Chgpwd: old pwd \'%s\'",ibuf+256);
-
/* check if new and old password are equal */
if (memcmp(ibuf, ibuf + 256, 255) == 0) {
LOG(log_info, logtype_uams, "DHX2 Chgpwd: new and old password are equal");
error_ctx:
gcry_cipher_close(ctx);
error_noctx:
-exit:
free(K_MD5hash);
K_MD5hash=NULL;
gcry_mpi_release(serverNonce);
}
static int dhx2_changepw(void *obj _U_, char *uname,
- struct passwd *pwd _U_, char *ibuf, int ibuflen _U_,
- char *rbuf _U_, int *rbuflen _U_)
+ struct passwd *pwd _U_, char *ibuf, size_t ibuflen _U_,
+ char *rbuf _U_, size_t *rbuflen _U_)
{
/* We use this to serialize the three incoming FPChangePassword calls */
static int dhx2_changepw_status = 1;
- int ret;
-
- LOG(log_error, logtype_uams, "DHX2 ChangePW: Start!");
+ int ret = AFPERR_NOTAUTH; /* gcc can't figure out it's always initialized */
switch (dhx2_changepw_status) {
case 1:
ret = changepw_1( obj, uname, ibuf, ibuflen, rbuf, rbuflen);
if ( ret == AFPERR_AUTHCONT)
- dhx2_changepw_status += 1;
+ dhx2_changepw_status = 2;
break;
case 2:
ret = changepw_2( obj, ibuf, ibuflen, rbuf, rbuflen);
if ( ret == AFPERR_AUTHCONT)
- dhx2_changepw_status += 1;
+ dhx2_changepw_status = 3;
else
dhx2_changepw_status = 1;
break;