IPv6 support for afpd and cnid_metad

[netatalk.git] / etc / uams / uams_dhx_pam.c

diff --git a/etc/uams/uams_dhx_pam.c b/etc/uams/uams_dhx_pam.c
index 2aeeca03c36af6c85c983dcc0f21210e861d19ae..7b9ee0a16ae7c04b1ffcb3080a9a630a385d5179 100644 (file)
--- a/etc/uams/uams_dhx_pam.c
+++ b/etc/uams/uams_dhx_pam.c
@@ -1,5 +1,5 @@
 /*
- * $Id: uams_dhx_pam.c,v 1.28 2008-12-03 19:15:06 didg Exp $
+ * $Id: uams_dhx_pam.c,v 1.32 2009-11-05 14:38:07 franklahm Exp $
  *
  * Copyright (c) 1990,1993 Regents of The University of Michigan.
  * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu) 
@@ -34,10 +34,12 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/cast.h>
+#include <openssl/err.h>
 #else /* OPENSSL_DHX */
 #include <bn.h>
 #include <dh.h>
 #include <cast.h>
+#include <err.h>
 #endif /* OPENSSL_DHX */
 
 #include <atalk/afp.h>
@@ -182,11 +184,11 @@ static struct pam_conv PAM_conversation = {
 };
 
 
-static int dhx_setup(void *obj, char *ibuf, int ibuflen _U_, 
-                    char *rbuf, int *rbuflen)
+static int dhx_setup(void *obj, char *ibuf, size_t ibuflen _U_, 
+                    char *rbuf, size_t *rbuflen)
 {
     u_int16_t sessid;
-    int i;
+    size_t i;
     BIGNUM *bn, *gbn, *pbn;
     DH *dh;
 
@@ -318,8 +320,8 @@ pam_fail:
 
 /* -------------------------------- */
 static int login(void *obj, char *username, int ulen,  struct passwd **uam_pwd _U_,
-                    char *ibuf, int ibuflen,
-                    char *rbuf, int *rbuflen)
+                    char *ibuf, size_t ibuflen,
+                    char *rbuf, size_t *rbuflen)
 {
     if (( dhxpwd = uam_getname(obj, username, ulen)) == NULL ) {
         LOG(log_info, logtype_uams, "uams_dhx_pam.c: unknown username");
@@ -335,11 +337,11 @@ static int login(void *obj, char *username, int ulen,  struct passwd **uam_pwd _
 /* dhx login: things are done in a slightly bizarre order to avoid
  * having to clean things up if there's an error. */
 static int pam_login(void *obj, struct passwd **uam_pwd,
-                    char *ibuf, int ibuflen,
-                    char *rbuf, int *rbuflen)
+                    char *ibuf, size_t ibuflen,
+                    char *rbuf, size_t *rbuflen)
 {
     char *username;
-    int len, ulen;
+    size_t len, ulen;
 
     *rbuflen = 0;
 
@@ -369,8 +371,8 @@ static int pam_login(void *obj, struct passwd **uam_pwd,
 
 /* ----------------------------- */
 static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
-                    char *ibuf, int ibuflen,
-                    char *rbuf, int *rbuflen)
+                    char *ibuf, size_t ibuflen,
+                    char *rbuf, size_t *rbuflen)
 {
     char *username;
     int len, ulen;
@@ -405,10 +407,10 @@ static int pam_login_ext(void *obj, char *uname, struct passwd **uam_pwd,
 /* -------------------------------- */
 
 static int pam_logincont(void *obj, struct passwd **uam_pwd,
-                        char *ibuf, int ibuflen _U_, 
-                        char *rbuf, int *rbuflen)
+                        char *ibuf, size_t ibuflen _U_, 
+                        char *rbuf, size_t *rbuflen)
 {
-    char *hostname;
+    const char *hostname;
     BIGNUM *bn1, *bn2, *bn3;
     u_int16_t sessid;
     int err, PAM_error;
@@ -552,7 +554,7 @@ logincont_err:
 }
 
 /* logout */
-static void pam_logout() {
+static void pam_logout(void) {
     pam_close_session(pamh, 0);
     pam_end(pamh, 0);
     pamh = NULL;
@@ -562,8 +564,8 @@ static void pam_logout() {
 /* change pw for dhx needs a couple passes to get everything all
  * right. basically, it's like the login/logincont sequence */
 static int pam_changepw(void *obj, char *username,
-                       struct passwd *pwd _U_, char *ibuf, int ibuflen,
-                       char *rbuf, int *rbuflen)
+                       struct passwd *pwd _U_, char *ibuf, size_t ibuflen,
+                       char *rbuf, size_t *rbuflen)
 {
     BIGNUM *bn1, *bn2, *bn3;
 
@@ -573,6 +575,10 @@ static int pam_changepw(void *obj, char *username,
     u_int16_t sessid;
     int PAM_error;
 
+    if (ibuflen < sizeof(sessid)) {
+      return AFPERR_PARAM;
+    }
+
     /* grab the id */
     memcpy(&sessid, ibuf, sizeof(sessid));
     ibuf += sizeof(sessid);