From 957e0a8675359d90fa50067b704578d01f565bba Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mar 14 2016 13:06:17 +0000
Subject: pam_sss: reorder pam_message array


There are different expectations about how the pam_message array is
organized, details can be found in the pam_conv man page. E.g. sudo was
not able to handle the Linux-PAM style but expected the Solaris PAM
style. With this patch both styles should work as expected.

Resolves https://fedorahosted.org/sssd/ticket/2971

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

---

diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
index b4f7efe..5b2307c 100644
--- a/src/sss_client/pam_sss.c
+++ b/src/sss_client/pam_sss.c
@@ -1260,8 +1260,7 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi,
     int ret;
     const struct pam_conv *conv;
     const struct pam_message *mesg[2] = { NULL, NULL };
-    struct pam_message *m1;
-    struct pam_message *m2;
+    struct pam_message m[2] = { {0}, {0} };
     struct pam_response *resp = NULL;
     size_t needed_size;
 
@@ -1270,29 +1269,22 @@ static int prompt_2fa(pam_handle_t *pamh, struct pam_items *pi,
         return ret;
     }
 
-    m1 = malloc(sizeof(struct pam_message));
-    if (m1 == NULL) {
-        D(("Malloc failed."));
-        return PAM_SYSTEM_ERR;
-    }
-
-    m2 = malloc(sizeof(struct pam_message));
-    if (m2 == NULL) {
-        D(("Malloc failed."));
-        free(m1);
-        return PAM_SYSTEM_ERR;
-    }
-    m1->msg_style = PAM_PROMPT_ECHO_OFF;
-    m1->msg = prompt_fa1;
-    m2->msg_style = PAM_PROMPT_ECHO_OFF;
-    m2->msg = prompt_fa2;
+    m[0].msg_style = PAM_PROMPT_ECHO_OFF;
+    m[0].msg = prompt_fa1;
+    m[1].msg_style = PAM_PROMPT_ECHO_OFF;
+    m[1].msg = prompt_fa2;
 
-    mesg[0] = (const struct pam_message *) m1;
-    mesg[1] = (const struct pam_message *) m2;
+    mesg[0] = (const struct pam_message *) m;
+    /* The following assignment might look a bit odd but is recommended in the
+     * pam_conv man page to make sure that the second argument of the PAM
+     * conversation function can be interpreted in two different ways.
+     * Basically it is important that both the actual struct pam_message and
+     * the pointers to the struct pam_message are arrays. Since the assignment
+     * makes clear that mesg[] and (*mesg)[] are arrays it should be kept this
+     * way and not be replaced by other equivalent assignments. */
+    mesg[1] = & (( *mesg )[1]);
 
     ret = conv->conv(2, mesg, &resp, conv->appdata_ptr);
-    free(m1);
-    free(m2);
     if (ret != PAM_SUCCESS) {
         D(("Conversation failure: %s.", pam_strerror(pamh, ret)));
         return ret;