<sopwith@redhat.com> (see copyright below for full details)
*/
-#include "pam_winbind.h"
-#define CONST_DISCARD(type,ptr) ((type)(void *)ptr)
+#define UID_WRAPPER_NOT_REPLACE
+#include "pam_winbind.h"
static int wbc_error_to_pam_error(wbcErr status)
{
static inline void textdomain_init(void)
{
if (!initialized) {
- bindtextdomain(MODULE_NAME, dyn_LOCALEDIR);
+ bindtextdomain(MODULE_NAME, LOCALEDIR);
initialized = 1;
}
return;
config_file = PAM_WINBIND_CONFIG_FILE;
}
- d = iniparser_load(CONST_DISCARD(char *, config_file));
+ d = iniparser_load(discard_const_p(char, config_file));
if (d == NULL) {
goto config_from_pam;
}
- if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:debug"), false)) {
+ if (iniparser_getboolean(d, discard_const_p(char, "global:debug"), false)) {
ctrl |= WINBIND_DEBUG_ARG;
}
- if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:debug_state"), false)) {
+ if (iniparser_getboolean(d, discard_const_p(char, "global:debug_state"), false)) {
ctrl |= WINBIND_DEBUG_STATE;
}
- if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:cached_login"), false)) {
+ if (iniparser_getboolean(d, discard_const_p(char, "global:cached_login"), false)) {
ctrl |= WINBIND_CACHED_LOGIN;
}
- if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:krb5_auth"), false)) {
+ if (iniparser_getboolean(d, discard_const_p(char, "global:krb5_auth"), false)) {
ctrl |= WINBIND_KRB5_AUTH;
}
- if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:silent"), false)) {
+ if (iniparser_getboolean(d, discard_const_p(char, "global:silent"), false)) {
ctrl |= WINBIND_SILENT;
}
- if (iniparser_getstr(d, CONST_DISCARD(char *, "global:krb5_ccache_type")) != NULL) {
+ if (iniparser_getstr(d, discard_const_p(char, "global:krb5_ccache_type")) != NULL) {
ctrl |= WINBIND_KRB5_CCACHE_TYPE;
}
- if ((iniparser_getstr(d, CONST_DISCARD(char *, "global:require-membership-of"))
+ if ((iniparser_getstr(d, discard_const_p(char, "global:require-membership-of"))
!= NULL) ||
- (iniparser_getstr(d, CONST_DISCARD(char *, "global:require_membership_of"))
+ (iniparser_getstr(d, discard_const_p(char, "global:require_membership_of"))
!= NULL)) {
ctrl |= WINBIND_REQUIRED_MEMBERSHIP;
}
- if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:try_first_pass"), false)) {
+ if (iniparser_getboolean(d, discard_const_p(char, "global:try_first_pass"), false)) {
ctrl |= WINBIND_TRY_FIRST_PASS_ARG;
}
- if (iniparser_getint(d, CONST_DISCARD(char *, "global:warn_pwd_expire"), 0)) {
+ if (iniparser_getint(d, discard_const_p(char, "global:warn_pwd_expire"), 0)) {
ctrl |= WINBIND_WARN_PWD_EXPIRE;
}
- if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:mkhomedir"), false)) {
+ if (iniparser_getboolean(d, discard_const_p(char, "global:mkhomedir"), false)) {
ctrl |= WINBIND_MKHOMEDIR;
}
textdomain_init();
#endif
- r = TALLOC_ZERO_P(NULL, struct pwb_context);
+ r = talloc_zero(NULL, struct pwb_context);
if (!r) {
return PAM_BUF_ERR;
}
char *sid_list_buffer,
int sid_list_buffer_size)
{
- const char* sid_string = NULL;
- char *sid_str = NULL;
+ char sid_string[WBC_SID_STRING_BUFLEN];
/* lookup name? */
if (IS_SID_STRING(name)) {
- sid_string = name;
+ strlcpy(sid_string, name, sizeof(sid_string));
} else {
wbcErr wbc_status;
struct wbcDomainSid sid;
return false;
}
- wbc_status = wbcSidToString(&sid, &sid_str);
- if (!WBC_ERROR_IS_OK(wbc_status)) {
- return false;
- }
-
- sid_string = sid_str;
+ wbcSidToStringBuf(&sid, sid_string, sizeof(sid_string));
}
if (!safe_append_string(sid_list_buffer, sid_string,
sid_list_buffer_size)) {
- wbcFreeMemory(sid_str);
return false;
}
-
- wbcFreeMemory(sid_str);
return true;
}
static void _pam_setup_krb5_env(struct pwb_context *ctx,
struct wbcLogonUserInfo *info)
{
- char var[PATH_MAX];
+ char *var = NULL;
int ret;
uint32_t i;
const char *krb5ccname = NULL;
_pam_log_debug(ctx, LOG_DEBUG,
"request returned KRB5CCNAME: %s", krb5ccname);
- if (snprintf(var, sizeof(var), "KRB5CCNAME=%s", krb5ccname) == -1) {
+ if (asprintf(&var, "KRB5CCNAME=%s", krb5ccname) == -1) {
return;
}
"failed to set KRB5CCNAME to %s: %s",
var, pam_strerror(ctx->pamh, ret));
}
+ free(var);
}
/**
static bool _pam_check_remark_auth_err(struct pwb_context *ctx,
const struct wbcAuthErrorInfo *e,
const char *nt_status_string,
- int *pam_error)
+ int *pam_err)
{
const char *ntstatus = NULL;
const char *error_string = NULL;
- if (!e || !pam_error) {
+ if (!e || !pam_err) {
return false;
}
error_string = _get_ntstatus_error_string(nt_status_string);
if (error_string) {
_make_remark(ctx, PAM_ERROR_MSG, error_string);
- *pam_error = e->pam_error;
+ *pam_err = e->pam_error;
return true;
}
if (e->display_string) {
- _make_remark(ctx, PAM_ERROR_MSG, e->display_string);
- *pam_error = e->pam_error;
+ _make_remark(ctx, PAM_ERROR_MSG, _(e->display_string));
+ *pam_err = e->pam_error;
return true;
}
_make_remark(ctx, PAM_ERROR_MSG, nt_status_string);
- *pam_error = e->pam_error;
+ *pam_err = e->pam_error;
return true;
}
&logon.blobs,
"krb5_cc_type",
0,
- (uint8_t *)cctype,
+ discard_const_p(uint8_t, cctype),
strlen(cctype)+1);
if (!WBC_ERROR_IS_OK(wbc_status)) {
goto done;
}
done:
- if (logon.blobs) {
- wbcFreeMemory(logon.blobs);
- }
+ wbcFreeMemory(logon.blobs);
if (info && info->blobs && !p_info) {
wbcFreeMemory(info->blobs);
}
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct wbcDomainSid sid;
enum wbcSidType type;
- char *domain;
+ char *domain = NULL;
char *name;
char *p;
&logoff.blobs,
"ccfilename",
0,
- (uint8_t *)ccname,
+ discard_const_p(uint8_t, ccname),
strlen(ccname)+1);
if (!WBC_ERROR_IS_OK(wbc_status)) {
goto out;