From bfeab4b015d997537bdac68f0a59232867623085 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 13 Feb 2015 09:32:19 +0100 Subject: [PATCH] Additional data are passed only to auth module's global_init --- src/auth/gssapi.c | 3 +-- src/auth/pam.c | 2 +- src/auth/plain.c | 23 +++++++++++++++++------ src/auth/radius.c | 4 +--- src/auth/radius.h | 1 - src/sec-mod-auth.c | 4 +--- src/sec-mod-auth.h | 2 +- src/sec-mod.h | 1 - 8 files changed, 22 insertions(+), 18 deletions(-) diff --git a/src/auth/gssapi.c b/src/auth/gssapi.c index 334412c0..3e0ff4bb 100644 --- a/src/auth/gssapi.c +++ b/src/auth/gssapi.c @@ -121,8 +121,7 @@ static void get_name(struct gssapi_ctx_st *pctx, gss_name_t client, gss_OID mech return; } -static int gssapi_auth_init(void **ctx, void *pool, const char *spnego, const char *ip, - void *additional) +static int gssapi_auth_init(void **ctx, void *pool, const char *spnego, const char *ip) { struct gssapi_ctx_st *pctx; OM_uint32 minor, flags, time; diff --git a/src/auth/pam.c b/src/auth/pam.c index f563b37f..22a5dabf 100644 --- a/src/auth/pam.c +++ b/src/auth/pam.c @@ -155,7 +155,7 @@ wait: } } -static int pam_auth_init(void** ctx, void *pool, const char* user, const char* ip, void* additional) +static int pam_auth_init(void** ctx, void *pool, const char* user, const char* ip) { int pret; struct pam_ctx_st * pctx; diff --git a/src/auth/plain.c b/src/auth/plain.c index 2d3f5204..1d91b986 100644 --- a/src/auth/plain.c +++ b/src/auth/plain.c @@ -42,11 +42,23 @@ struct plain_ctx_st { char *groupnames[MAX_GROUPS]; unsigned groupnames_size; - const char *passwd; /* password file */ const char *pass_msg; unsigned retries; }; +static char *password_file = NULL; + +static void plain_global_init(void *pool, void *additional) +{ + password_file = talloc_strdup(pool, (char*)additional); + if (password_file == NULL) { + fprintf(stderr, "memory error\n"); + exit(1); + } + + return; +} + /* Breaks a list of "xxx", "yyy", to a character array, of * MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified. */ @@ -112,11 +124,11 @@ static int read_auth_pass(struct plain_ctx_st *pctx) char *p, *sp; int ret; - fp = fopen(pctx->passwd, "r"); + fp = fopen(password_file, "r"); if (fp == NULL) { syslog(LOG_AUTH, "error in plain authentication; cannot open: %s", - pctx->passwd); + password_file); return -1; } @@ -161,8 +173,7 @@ static int read_auth_pass(struct plain_ctx_st *pctx) return ret; } -static int plain_auth_init(void **ctx, void *pool, const char *username, const char *ip, - void *additional) +static int plain_auth_init(void **ctx, void *pool, const char *username, const char *ip) { struct plain_ctx_st *pctx; int ret; @@ -178,7 +189,6 @@ static int plain_auth_init(void **ctx, void *pool, const char *username, const c return ERR_AUTH_FAIL; strlcpy(pctx->username, username, sizeof(pctx->username)); - pctx->passwd = additional; pctx->pass_msg = pass_msg_first; ret = read_auth_pass(pctx); @@ -360,6 +370,7 @@ static void plain_group_list(void *pool, void *additional, char ***groupname, un const struct auth_mod_st plain_auth_funcs = { .type = AUTH_TYPE_PLAIN | AUTH_TYPE_USERNAME_PASS, + .global_init = plain_global_init, .auth_init = plain_auth_init, .auth_deinit = plain_auth_deinit, .auth_msg = plain_auth_msg, diff --git a/src/auth/radius.c b/src/auth/radius.c index 9f848b66..a0e3c434 100644 --- a/src/auth/radius.c +++ b/src/auth/radius.c @@ -61,8 +61,7 @@ static void radius_global_deinit() rc_destroy(rh); } -static int radius_auth_init(void **ctx, void *pool, const char *username, const char *ip, - void *additional) +static int radius_auth_init(void **ctx, void *pool, const char *username, const char *ip) { struct radius_ctx_st *pctx; char *default_realm; @@ -79,7 +78,6 @@ static int radius_auth_init(void **ctx, void *pool, const char *username, const strlcpy(pctx->username, username, sizeof(pctx->username)); strlcpy(pctx->remote_ip, ip, sizeof(pctx->remote_ip)); - pctx->config = additional; pctx->pass_msg = pass_msg_first; default_realm = rc_conf_str(rh, "default_realm"); diff --git a/src/auth/radius.h b/src/auth/radius.h index dcc07faf..ac1bcba8 100644 --- a/src/auth/radius.h +++ b/src/auth/radius.h @@ -46,7 +46,6 @@ struct radius_ctx_st { char **routes; unsigned routes_size; - const char *config; /* radius config file */ const char *pass_msg; unsigned retries; }; diff --git a/src/sec-mod-auth.c b/src/sec-mod-auth.c index 325ee31e..c30241e6 100644 --- a/src/sec-mod-auth.c +++ b/src/sec-mod-auth.c @@ -491,7 +491,6 @@ int set_module(sec_mod_st * sec, client_entry_st *e, unsigned auth_type) if (sec->config->auth[i].enabled && (sec->config->auth[i].type & auth_type) == auth_type) { e->module = sec->config->auth[i].amod; e->auth_type = sec->config->auth[i].type; - e->auth_additional = sec->config->auth[i].additional; seclog(sec, LOG_INFO, "using '%s' authentication to authenticate user (%x)", sec->config->auth[i].name, auth_type); return 0; @@ -531,8 +530,7 @@ int handle_sec_auth_init(int cfd, sec_mod_st * sec, const SecAuthInitMsg * req) if (e->module) { ret = - e->module->auth_init(&e->auth_ctx, e, req->user_name, req->ip, - e->auth_additional); + e->module->auth_init(&e->auth_ctx, e, req->user_name, req->ip); if (ret == ERR_AUTH_CONTINUE) { need_continue = 1; } else if (ret < 0) { diff --git a/src/sec-mod-auth.h b/src/sec-mod-auth.h index 9b6c8dc1..72fc15f9 100644 --- a/src/sec-mod-auth.h +++ b/src/sec-mod-auth.h @@ -31,7 +31,7 @@ struct auth_mod_st { unsigned int type; void (*global_init)(void *pool, void* additional); void (*global_deinit)(void); - int (*auth_init)(void** ctx, void *pool, const char* username, const char* ip, void* additional); + int (*auth_init)(void** ctx, void *pool, const char* username, const char* ip); int (*auth_msg)(void* ctx, void *pool, char** msg); int (*auth_pass)(void* ctx, const char* pass, unsigned pass_len); int (*auth_group)(void* ctx, const char *suggested, char *groupname, int groupname_size); diff --git a/src/sec-mod.h b/src/sec-mod.h index 2f9dc0a7..c11b7912 100644 --- a/src/sec-mod.h +++ b/src/sec-mod.h @@ -78,7 +78,6 @@ typedef struct client_entry_st { unsigned auth_type; /* the module this entry is using */ const struct auth_mod_st *module; - void *auth_additional; /* input to auth_init */ } client_entry_st; void *sec_mod_client_db_init(sec_mod_st *sec);