src/util/authtok.c

	authtok.c revision 4b8021779e4db2a212a8214c17e778e843ae2b3a
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce/*
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   SSSD - auth utils
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   Copyright (C) Simo Sorce <simo@redhat.com> 2012
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   This program is free software; you can redistribute it and/or modify
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   it under the terms of the GNU General Public License as published by
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   the Free Software Foundation; either version 3 of the License, or
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   (at your option) any later version.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   This program is distributed in the hope that it will be useful,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   but WITHOUT ANY WARRANTY; without even the implied warranty of
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   GNU General Public License for more details.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   You should have received a copy of the GNU General Public License
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   along with this program.  If not, see <http://www.gnu.org/licenses/>.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce*/
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce#include "authtok.h"
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstruct sss_auth_token {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    enum sss_authtok_type type;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    uint8_t *data;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    size_t length;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik};
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceenum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return tok->type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcesize_t sss_authtok_get_size(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return 0;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return tok->length;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return 0;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceuint8_t *sss_authtok_get_data(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return NULL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceerrno_t sss_authtok_get_password(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                 const char **pwd, size_t *len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return EFAULT;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOENT;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        *pwd = (const char *)tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        if (len) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce            *len = tok->length - 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EACCES;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceerrno_t sss_authtok_get_ccfile(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                               const char **ccfile, size_t *len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return EINVAL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOENT;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        *ccfile = (const char *)tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        if (len) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce            *len = tok->length - 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EACCES;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstatic errno_t sss_authtok_set_string(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                      enum sss_authtok_type type,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                      const char *context_name,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                      const char *str, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    size_t size;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (len == 0) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        len = strlen(str);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    } else {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        while (len > 0 && str[len - 1] == '\0') len--;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (len == 0) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        /* we do not allow zero length typed tokens */
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    size = len + 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    tok->data = talloc_named(tok, size, "%s", context_name);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (!tok->data) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOMEM;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    memcpy(tok->data, str, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->data[len] = '\0';
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->type = type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->length = size;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcevoid sss_authtok_set_empty(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        safezero(tok->data, tok->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        break;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        break;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->type = SSS_AUTHTOK_TYPE_EMPTY;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    talloc_zfree(tok->data);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->length = 0;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set_password(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                 const char *password, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_PASSWORD,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                  "password", password, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set_ccfile(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                               const char *ccfile, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_CCFILE,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                  "ccfile", ccfile, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                        enum sss_authtok_type type,
4b8021779e4db2a212a8214c17e778e843ae2b3aStef Walter                        const uint8_t *data, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        return sss_authtok_set_password(tok, (const char *)data, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        return sss_authtok_set_ccfile(tok, (const char *)data, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_copy(struct sss_auth_token *src,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                         struct sss_auth_token *dst)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!src || !dst) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return EINVAL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    sss_authtok_set_empty(dst);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (src->type == SSS_AUTHTOK_TYPE_EMPTY) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    dst->data = talloc_memdup(dst, src->data, src->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (!dst->data) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOMEM;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    dst->length = src->length;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    dst->type = src->type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstruct sss_auth_token *sss_authtok_new(TALLOC_CTX *mem_ctx)
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik{
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    struct sss_auth_token *token;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    token = talloc_zero(mem_ctx, struct sss_auth_token);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    if (token == NULL) {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n"));
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    return token;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik}
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcevoid sss_authtok_wipe_password(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok || tok->type != SSS_AUTHTOK_TYPE_PASSWORD) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    safezero(tok->data, tok->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce