diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-05-22 12:14:28 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-05-22 12:14:28 +0000 |
commit | daec6cbbeee8401ef1aa0a3424ee05a3148d7ec8 (patch) | |
tree | 818ccf249203cf2ddc3d0ecd538f406b814b60b2 | |
parent | c2b867038a9e4ddad987bbc6472bd9b8d42fed9d (diff) | |
download | samba-daec6cbbeee8401ef1aa0a3424ee05a3148d7ec8.tar.gz samba-daec6cbbeee8401ef1aa0a3424ee05a3148d7ec8.tar.bz2 samba-daec6cbbeee8401ef1aa0a3424ee05a3148d7ec8.zip |
Cleanups!
Make some code static, add some const to the PAM code, and make the plaintext
password code actually function - particulary without the requirement to
modify the 'struct passwd' (which it assumed was made up of fstrings)
This kills some particularly ugly code in lib/util_pw.c
Andrew Bartlett
(This used to be commit 302dad4990ba5194f072e435465d9adaa089ae06)
-rw-r--r-- | source3/auth/auth_unix.c | 4 | ||||
-rw-r--r-- | source3/auth/pampass.c | 8 | ||||
-rw-r--r-- | source3/auth/pass_check.c | 62 | ||||
-rw-r--r-- | source3/lib/util.c | 2 | ||||
-rw-r--r-- | source3/lib/util_pw.c | 44 | ||||
-rw-r--r-- | source3/smbd/server.c | 2 |
6 files changed, 32 insertions, 90 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 69504ebb41..d624cb1261 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -28,7 +28,7 @@ * * this ugly hack needs to die, but not quite yet, I think people still use it... **/ -static BOOL update_smbpassword_file(char *user, char *password) +static BOOL update_smbpassword_file(const char *user, const char *password) { SAM_ACCOUNT *sampass = NULL; BOOL ret; @@ -70,8 +70,6 @@ static BOOL update_smbpassword_file(char *user, char *password) DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } - memset(password, '\0', strlen(password)); - pdb_free_sam(&sampass); return ret; } diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 3831d1b1e7..211e8bce15 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -497,7 +497,7 @@ static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho /* * PAM Authentication Handler */ -static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user) +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) { int pam_error; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; @@ -582,7 +582,7 @@ static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user) * PAM Credential Setting */ -static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) +static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, const char * user) { int pam_error; NTSTATUS nt_status = NT_STATUS_NO_TOKEN; @@ -622,7 +622,7 @@ static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) /* * PAM Internal Session Handler */ -static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) +static BOOL smb_internal_pam_session(pam_handle_t *pamh, const char *user, const char *tty, BOOL flag) { int pam_error; @@ -788,7 +788,7 @@ NTSTATUS smb_pam_accountcheck(const char * user) * PAM Password Validation Suite */ -NTSTATUS smb_pam_passcheck(char * user, char * password) +NTSTATUS smb_pam_passcheck(const char * user, const char * password) { pam_handle_t *pamh = NULL; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 50ad20f113..63918796ef 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -436,7 +436,7 @@ try all combinations with N uppercase letters. offset is the first char to try and change (start with 0) it assumes the string starts lowercased ****************************************************************************/ -static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (char *), +static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (const char *), int N) { int len = strlen(s); @@ -470,7 +470,7 @@ try all combinations with up to N uppercase letters. offset is the first char to try and change (start with 0) it assumes the string starts lowercased ****************************************************************************/ -static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N) +static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (const char *), int N) { int n; NTSTATUS nt_status; @@ -484,7 +484,7 @@ static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N) /**************************************************************************** core of password checking routine ****************************************************************************/ -static NTSTATUS password_check(char *password) +static NTSTATUS password_check(const char *password) { #ifdef WITH_PAM return smb_pam_passcheck(this_user, password); @@ -591,16 +591,13 @@ match is found and is used to update the encrypted password file return NT_STATUS_OK on correct match, appropriate error otherwise ****************************************************************************/ -NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, - int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker) +NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, + int pwlen, BOOL (*fn) (const char *, const char *), BOOL run_cracker) { - struct passwd *pass; pstring pass2; int level = lp_passwordlevel(); NTSTATUS nt_status; - if (password) - password[pwlen] = 0; #if DEBUG_PASSWORD DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password)); @@ -627,12 +624,16 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen)); - if (!input_pass) { + if (!pass) { DEBUG(3, ("Couldn't find user %s\n", user)); return NT_STATUS_NO_SUCH_USER; } - pass = make_modifyable_passwd(input_pass); + + /* Copy into global for the convenience of looping code */ + /* Also the place to keep the 'password' no matter what + crazy struct it started in... */ + fstrcpy(this_crypted, pass->pw_passwd); #ifdef HAVE_GETSPNAM { @@ -645,7 +646,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, spass = getspnam(pass->pw_name); if (spass && spass->sp_pwdp) - pstrcpy(pass->pw_passwd, spass->sp_pwdp); + fstrcpy(this_crypted, spass->sp_pwdp); } #elif defined(IA_UINFO) { @@ -663,7 +664,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, { struct pr_passwd *pr_pw = getprpwnam(pass->pw_name); if (pr_pw && pr_pw->ufld.fd_encrypt) - pstrcpy(pass->pw_passwd, pr_pw->ufld.fd_encrypt); + fstrcpy(this_crypted, pr_pw->ufld.fd_encrypt); } #endif @@ -672,7 +673,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, struct passwd_adjunct *pwret; pwret = getpwanam(s); if (pwret && pwret->pwa_passwd) - pstrcpy(pass->pw_passwd,pwret->pwa_passwd); + fstrcpy(this_crypted, pwret->pwa_passwd); } #endif @@ -683,8 +684,8 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, user)); mypasswd = getprpwnam(user); if (mypasswd) { - fstrcpy(pass->pw_name, mypasswd->ufld.fd_name); - fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt); + fstrcpy(this_user, mypasswd->ufld.fd_name); + fstrcpy(this_crypted, mypasswd->ufld.fd_encrypt); } else { DEBUG(5, ("OSF1_ENH_SEC: No entry for user %s in protected database !\n", @@ -697,7 +698,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, { AUTHORIZATION *ap = getauthuid(pass->pw_uid); if (ap) { - fstrcpy(pass->pw_passwd, ap->a_password); + fstrcpy(this_crypted, ap->a_password); endauthent(); } } @@ -712,27 +713,20 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, this_salt[2] = 0; #endif - /* Copy into global for the convenience of looping code */ - fstrcpy(this_crypted, pass->pw_passwd); - if (!*this_crypted) { if (!lp_null_passwords()) { DEBUG(2, ("Disallowing %s with null password\n", this_user)); - passwd_free(&pass); return NT_STATUS_LOGON_FAILURE; } if (!*password) { DEBUG(3, ("Allowing access to %s with null password\n", this_user)); - passwd_free(&pass); return NT_STATUS_OK; } } - passwd_free(&pass); - #endif /* defined(WITH_PAM) */ /* try it as it came to us */ @@ -755,42 +749,36 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, * need to proceed as we know it hasn't been case modified by the * client */ if (strhasupper(password) && strhaslower(password)) { - passwd_free(&pass); return nt_status; } /* make a copy of it */ - StrnCpy(pass2, password, sizeof(pstring) - 1); + pstrcpy(pass2, password); /* try all lowercase if it's currently all uppercase */ - if (strhasupper(password)) { - strlower(password); - if NT_STATUS_IS_OK(nt_status = password_check(password)) { + if (strhasupper(pass2)) { + strlower(pass2); + if NT_STATUS_IS_OK(nt_status = password_check(pass2)) { if (fn) - fn(user, password); + fn(user, pass2); return (nt_status); } } /* give up? */ if (level < 1) { - /* restore it */ - fstrcpy(password, pass2); return NT_STATUS_WRONG_PASSWORD; } /* last chance - all combinations of up to level chars upper! */ - strlower(password); + strlower(pass2); - if NT_STATUS_IS_OK(nt_status = string_combinations(password, password_check, level)) { + if (NT_STATUS_IS_OK(nt_status = string_combinations(pass2, password_check, level))) { if (fn) - fn(user, password); + fn(user, pass2); return nt_status; } - /* restore it */ - fstrcpy(password, pass2); - return NT_STATUS_WRONG_PASSWORD; } diff --git a/source3/lib/util.c b/source3/lib/util.c index e143364db5..a23ef91a31 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -118,7 +118,7 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups) Like atoi but gets the value up to the separator character. ****************************************************************************/ -char *Atoic(char *p, int *n, char *c) +static char *Atoic(char *p, int *n, char *c) { if (!isdigit((int)*p)) { DEBUG(5, ("Atoic: malformed number\n")); diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index 259649a064..47711788c7 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -22,50 +22,6 @@ #include "includes.h" -struct passwd *make_modifyable_passwd(const struct passwd *from) -{ - struct passwd *ret = smb_xmalloc(sizeof(*ret)); -/* This is the assumed shape of the members by certain parts of the code... - fstring pw_name; - fstring pw_passwd; - fstring pw_gecos; - pstring pw_dir; - pstring pw_shell; -*/ - char *pw_name = smb_xmalloc(sizeof(fstring)); - char *pw_passwd = smb_xmalloc(sizeof(fstring)); - char *pw_gecos = smb_xmalloc(sizeof(fstring)); - char *pw_dir = smb_xmalloc(sizeof(pstring)); - char *pw_shell = smb_xmalloc(sizeof(pstring)); - - ZERO_STRUCTP(ret); - - /* - * Now point the struct's members as the - * newly allocated buffers: - */ - - ret->pw_name = pw_name; - fstrcpy(ret->pw_name, from->pw_name); - - ret->pw_passwd = pw_passwd; - fstrcpy(ret->pw_passwd, from->pw_passwd); - - ret->pw_uid = from->pw_uid; - ret->pw_gid = from->pw_gid; - - ret->pw_gecos = pw_gecos; - fstrcpy(ret->pw_gecos, from->pw_gecos); - - ret->pw_dir = pw_dir; - pstrcpy(ret->pw_dir, from->pw_dir); - - ret->pw_shell = pw_shell; - pstrcpy(ret->pw_shell, from->pw_shell); - - return ret; -} - static struct passwd *alloc_copy_passwd(const struct passwd *from) { struct passwd *ret = smb_xmalloc(sizeof(struct passwd)); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index db6caa0352..5f8f7044a6 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -53,7 +53,7 @@ int smbd_server_fd(void) return server_fd; } -void smbd_set_server_fd(int fd) +static void smbd_set_server_fd(int fd) { server_fd = fd; client_setfd(fd); |