|
 |
8650af5 |
From 382ec63757c1d8d4d399d17ccc927c4897d4cfc9 Mon Sep 17 00:00:00 2001
|
|
|
8650af5 |
From: Jeff Layton <jlayton@samba.org>
|
|
|
8650af5 |
Date: Sun, 20 Apr 2014 20:41:05 -0400
|
|
|
8650af5 |
Subject: [PATCH] cifscreds: better error handling for key_add
|
|
|
8650af5 |
|
|
|
8650af5 |
If the string buffers would have been overrun, set errno to EINVAL
|
|
|
8650af5 |
before returning. Then, have the callers report the errors to
|
|
|
8650af5 |
stderr or syslog as appropriate.
|
|
|
8650af5 |
|
|
|
8650af5 |
Cc: Sebastian Krahmer <krahmer@suse.de>
|
|
|
8650af5 |
Signed-off-by: Jeff Layton <jlayton@samba.org>
|
|
|
8650af5 |
---
|
|
|
8650af5 |
cifscreds.c | 6 +++---
|
|
|
8650af5 |
cifskey.c | 8 ++++++--
|
|
|
8650af5 |
pam_cifscreds.c | 9 +++++----
|
|
|
8650af5 |
3 files changed, 14 insertions(+), 9 deletions(-)
|
|
|
8650af5 |
|
|
|
8650af5 |
diff --git a/cifscreds.c b/cifscreds.c
|
|
|
8650af5 |
index 64d55b0..5d84c3c 100644
|
|
|
8650af5 |
--- a/cifscreds.c
|
|
|
8650af5 |
+++ b/cifscreds.c
|
|
|
8650af5 |
@@ -220,8 +220,8 @@ static int cifscreds_add(struct cmdarg *arg)
|
|
|
8650af5 |
while (currentaddress) {
|
|
|
8650af5 |
key_serial_t key = key_add(currentaddress, arg->user, pass, arg->keytype);
|
|
|
8650af5 |
if (key <= 0) {
|
|
|
8650af5 |
- fprintf(stderr, "error: Add credential key for %s\n",
|
|
|
8650af5 |
- currentaddress);
|
|
|
8650af5 |
+ fprintf(stderr, "error: Add credential key for %s: %s\n",
|
|
|
8650af5 |
+ currentaddress, strerror(errno));
|
|
|
8650af5 |
} else {
|
|
|
8650af5 |
if (keyctl(KEYCTL_SETPERM, key, CIFS_KEY_PERMS) < 0) {
|
|
|
8650af5 |
fprintf(stderr, "error: Setting permissons "
|
|
|
8650af5 |
@@ -422,7 +422,7 @@ static int cifscreds_update(struct cmdarg *arg)
|
|
|
8650af5 |
key_serial_t key = key_add(addrs[id], arg->user, pass, arg->keytype);
|
|
|
8650af5 |
if (key <= 0)
|
|
|
8650af5 |
fprintf(stderr, "error: Update credential key "
|
|
|
8650af5 |
- "for %s\n", addrs[id]);
|
|
|
8650af5 |
+ "for %s: %s\n", addrs[id], strerror(errno));
|
|
|
8650af5 |
}
|
|
|
8650af5 |
|
|
|
8650af5 |
return EXIT_SUCCESS;
|
|
|
8650af5 |
diff --git a/cifskey.c b/cifskey.c
|
|
|
8650af5 |
index 4f01ed0..919540f 100644
|
|
|
8650af5 |
--- a/cifskey.c
|
|
|
8650af5 |
+++ b/cifskey.c
|
|
|
8650af5 |
@@ -47,13 +47,17 @@ key_add(const char *addr, const char *user, const char *pass, char keytype)
|
|
|
8650af5 |
char val[MOUNT_PASSWD_SIZE + MAX_USERNAME_SIZE + 2];
|
|
|
8650af5 |
|
|
|
8650af5 |
/* set key description */
|
|
|
8650af5 |
- if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc))
|
|
|
8650af5 |
+ if (snprintf(desc, sizeof(desc), "%s:%c:%s", KEY_PREFIX, keytype, addr) >= (int)sizeof(desc)) {
|
|
|
8650af5 |
+ errno = EINVAL;
|
|
|
8650af5 |
return -1;
|
|
|
8650af5 |
+ }
|
|
|
8650af5 |
|
|
|
8650af5 |
/* set payload contents */
|
|
|
8650af5 |
len = snprintf(val, sizeof(val), "%s:%s", user, pass);
|
|
|
8650af5 |
- if (len >= (int)sizeof(val))
|
|
|
8650af5 |
+ if (len >= (int)sizeof(val)) {
|
|
|
8650af5 |
+ errno = EINVAL;
|
|
|
8650af5 |
return -1;
|
|
|
8650af5 |
+ }
|
|
|
8650af5 |
|
|
|
8650af5 |
return add_key(CIFS_KEY_TYPE, desc, val, len + 1, DEST_KEYRING);
|
|
|
8650af5 |
}
|
|
|
8650af5 |
diff --git a/pam_cifscreds.c b/pam_cifscreds.c
|
|
|
8650af5 |
index fb23117..5d99c2d 100644
|
|
|
8650af5 |
--- a/pam_cifscreds.c
|
|
|
8650af5 |
+++ b/pam_cifscreds.c
|
|
|
8650af5 |
@@ -208,6 +208,7 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas
|
|
|
8650af5 |
|
|
|
8650af5 |
switch(errno) {
|
|
|
8650af5 |
case ENOKEY:
|
|
|
8650af5 |
+ /* success */
|
|
|
8650af5 |
break;
|
|
|
8650af5 |
default:
|
|
|
8650af5 |
pam_syslog(ph, LOG_ERR, "Unable to search keyring for %s (%s)",
|
|
|
8650af5 |
@@ -233,8 +234,8 @@ static int cifscreds_pam_add(pam_handle_t *ph, const char *user, const char *pas
|
|
|
8650af5 |
while (currentaddress) {
|
|
|
8650af5 |
key_serial_t key = key_add(currentaddress, user, password, keytype);
|
|
|
8650af5 |
if (key <= 0) {
|
|
|
8650af5 |
- pam_syslog(ph, LOG_ERR, "error: Add credential key for %s",
|
|
|
8650af5 |
- currentaddress);
|
|
|
8650af5 |
+ pam_syslog(ph, LOG_ERR, "error: Add credential key for %s: %s",
|
|
|
8650af5 |
+ currentaddress, strerror(errno));
|
|
|
8650af5 |
} else {
|
|
|
8650af5 |
if ((args & ARG_DEBUG) == ARG_DEBUG) {
|
|
|
8650af5 |
pam_syslog(ph, LOG_DEBUG, "credential key for \\\\%s\\%s added",
|
|
|
8650af5 |
@@ -336,8 +337,8 @@ static int cifscreds_pam_update(pam_handle_t *ph, const char *user, const char *
|
|
|
8650af5 |
for (id = 0; id < count; id++) {
|
|
|
8650af5 |
key_serial_t key = key_add(currentaddress, user, password, keytype);
|
|
|
8650af5 |
if (key <= 0) {
|
|
|
8650af5 |
- pam_syslog(ph, LOG_ERR, "error: Update credential key for %s",
|
|
|
8650af5 |
- currentaddress);
|
|
|
8650af5 |
+ pam_syslog(ph, LOG_ERR, "error: Update credential key for %s: %s",
|
|
|
8650af5 |
+ currentaddress, strerror(errno));
|
|
|
8650af5 |
}
|
|
|
8650af5 |
}
|
|
|
8650af5 |
|
|
|
8650af5 |
--
|
|
|
8650af5 |
1.8.4.2
|
|
|
8650af5 |
|