if (_full_alias == NULL)
return CKMC_ERROR_OUT_OF_MEMORY;
- strcpy(_full_alias, owner_id);
- strcat(_full_alias, ckmc_owner_id_separator);
- strcat(_full_alias, alias);
+ strncpy(_full_alias, owner_id, len + 1);
+ strncat(_full_alias, ckmc_owner_id_separator, len - strlen(_full_alias) + 1);
+ strncat(_full_alias, alias, len - strlen(_full_alias) + 1);
*full_alias = _full_alias;
void AccessControl::updateCCMode()
{
/* newMode should be extracted from global property like buxton in product */
- bool newMode = false;
+ int newMode = 0;
- if (newMode == m_ccMode)
+ if ((newMode == 1) == m_ccMode)
return;
- int iNewMode = newMode ? 1 : 0;
-
- if (FIPS_mode_set(iNewMode) == 0) {
- LogError("Error to FIPS_mode_set with param " << iNewMode);
+ if (FIPS_mode_set(newMode) == 0) {
+ LogError("Error to FIPS_mode_set with param " << newMode);
return;
}
- m_ccMode = newMode;
+ m_ccMode = (newMode == 1);
}
bool AccessControl::isCCMode() const
if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return true;
- struct passwd *pwd;
+ struct passwd pwd;
+ struct passwd *result = nullptr;
+ int bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
- if ((pwd = getpwnam(user)) == NULL)
+ if (bufsize <= 0)
+ bufsize = 16384; /* should be more than enough */
+
+ memset(&pwd, 0x00, sizeof(pwd));
+ std::vector<char> buf(bufsize, 0);
+
+ int ret = getpwnam_r(user, &pwd, buf.data(), bufsize, &result);
+ if (ret != 0 || result == nullptr)
return true;
- if (strcmp(pwd->pw_passwd, PASSWORD_SHADOWED) == 0) {
- struct spwd *pwd_sh;
+ if (strcmp(pwd.pw_passwd, PASSWORD_SHADOWED) == 0) {
+ struct spwd pwd_sh;
+ struct spwd *result_sh = nullptr;
+
+ memset(&pwd_sh, 0x00, sizeof(pwd_sh));
+ std::vector<char> buf_sh(bufsize, 0);
- if ((pwd_sh = getspnam(user)) == NULL)
+ ret = getspnam_r(user, &pwd_sh, buf_sh.data(), bufsize, &result_sh);
+ if (ret != 0 || result_sh == nullptr)
return true;
- passwd = std::string(pwd_sh->sp_pwdp);
+ passwd = std::string(pwd_sh.sp_pwdp);
} else {
- passwd = std::string(pwd->pw_passwd);
+ passwd = std::string(pwd.pw_passwd);
}
- uid = pwd->pw_uid;
+ uid = pwd.pw_uid;
return false;
}
}