Skip to content
Snippets Groups Projects
Commit d94bb38f authored by ale's avatar ale
Browse files

fix password quoting issues in the PAM client

parent a87786f7
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
pam/Makefile.am
+ 2
1
View file @ d94bb38f
...@@ -10,7 +10,8 @@ noinst_LIBRARIES = libgtest.a ...@@ -10,7 +10,8 @@ noinst_LIBRARIES = libgtest.a
libauthclient_la_SOURCES = \ libauthclient_la_SOURCES = \
auth_client.c auth_client.h \ auth_client.c auth_client.h \
cbuf.c cbuf.h cbuf.c cbuf.h \
quote.c quote.h
libauthclient_la_includedir = $(includedir)/authclient libauthclient_la_includedir = $(includedir)/authclient
libauthclient_la_include_HEADERS = auth_client.h libauthclient_la_include_HEADERS = auth_client.h
......
pam/auth_client.c
+ 3
1
View file @ d94bb38f
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include <curl/curl.h> #include <curl/curl.h>
#include "auth_client.h" #include "auth_client.h"
#include "cbuf.h" #include "cbuf.h"
#include "quote.h"
#define CURL_CHECK(x) { \ #define CURL_CHECK(x) { \
int _err = (x); if (_err != CURLE_OK) { return auth_client_err_from_curl(_err); } \ int _err = (x); if (_err != CURLE_OK) { return auth_client_err_from_curl(_err); } \
...@@ -147,6 +148,7 @@ static char *quote(const char *s) { ...@@ -147,6 +148,7 @@ static char *quote(const char *s) {
case '+': case '+':
case '$': case '$':
case ',': case ',':
case '%':
sprintf(optr, "%%%02X", (int)(*s)); sprintf(optr, "%%%02X", (int)(*s));
optr += 3; optr += 3;
break; break;
...@@ -167,7 +169,7 @@ static size_t responsebuf_callback(void *contents, size_t size, size_t nmemb, vo ...@@ -167,7 +169,7 @@ static size_t responsebuf_callback(void *contents, size_t size, size_t nmemb, vo
} }
static void post_field_add(struct cbuf *form_data, const char *key, const char *value) { static void post_field_add(struct cbuf *form_data, const char *key, const char *value) {
char *quoted_value = quote(value); char *quoted_value = auth_client_quote(value);
if (form_data->size != 0) { if (form_data->size != 0) {
cbuf_append(form_data, "&", 1); cbuf_append(form_data, "&", 1);
} }
......
pam/quote.c 0 → 100644
+ 30
0
View file @ d94bb38f
#include <stdlib.h>
#include "quote.h"
/* Converts a hex character to its integer value */
static char from_hex(char ch) {
return isdigit(ch) ? ch - '0' : tolower(ch) - 'a' + 10;
}
/* Converts an integer value to its hex character*/
static char to_hex(char code) {
static const char hex[] = "0123456789abcdef";
return hex[code & 15];
}
/* Returns a url-encoded version of str */
/* IMPORTANT: be sure to free() the returned string after use */
char *auth_client_quote(const char *str) {
char *pstr = str, *buf = malloc(strlen(str) * 3 + 1), *pbuf = buf;
while (*pstr) {
if (isalnum(*pstr) || *pstr == '-' || *pstr == '_' || *pstr == '.' || *pstr == '~')
*pbuf++ = *pstr;
else if (*pstr == ' ')
*pbuf++ = '+';
else
*pbuf++ = '%', *pbuf++ = to_hex(*pstr >> 4), *pbuf++ = to_hex(*pstr & 15);
pstr++;
}
*pbuf = '\0';
return buf;
}
pam/quote.h 0 → 100644
+ 6
0
View file @ d94bb38f
#ifndef __libauthclient_quote_h
#define __libauthclient_quote_h 1
char *auth_client_quote(const char *);
#endif
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment