diff options
| author | Jeremy Allison <jra@samba.org> | 2001-05-02 23:32:09 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2001-05-02 23:32:09 +0000 |
| commit | aac630b382fefff2e3ead291d2d838832a180925 (patch) | |
| tree | 88bd61c1ee2458432cf9bc820cef40732ab0bcea /source3/auth | |
| parent | dea501bc5fbafddef502c788cf7f44d9034e0fcd (diff) | |
| download | samba-aac630b382fefff2e3ead291d2d838832a180925.tar.gz samba-aac630b382fefff2e3ead291d2d838832a180925.tar.bz2 samba-aac630b382fefff2e3ead291d2d838832a180925.zip | |
Had to add a "pam password change" parameter (defaults to "off") and inlined
the pam password change code to ensure that existing and working password
chat scripts don't break with 2.2.1. PAM password changing has to be explicitly
requested.
Allowed wildcards in pam password change matching (matches password chat
script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to
stop warnings. Don't worry - the const changes are isolated and don't
cause any other warnings :-).
Jeremy.
(This used to be commit 47b4d82536c09bffe3a0d9917fa31d935f1be7d8)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/pampass.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 8f62d35317..2d7bdcdf6a 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -113,6 +113,9 @@ static int smb_pam_conv(int num_msg, *resp = NULL; + if (num_msg <= 0) + return PAM_CONV_ERR; + /* * Apparantly HPUX has a buggy PAM that doesn't support the * appdata_ptr. Fail if this is the case. JRA. @@ -174,7 +177,6 @@ static int smb_pam_passchange_conv(int num_msg, { int replies = 0; struct pam_response *reply = NULL; - fstring currentpw_prompt; fstring newpw_prompt; fstring repeatpw_prompt; char *p = lp_passwd_chat(); @@ -182,6 +184,9 @@ static int smb_pam_passchange_conv(int num_msg, *resp = NULL; + if (num_msg <= 0) + return PAM_CONV_ERR; + /* * Apparantly HPUX has a buggy PAM that doesn't support the * appdata_ptr. Fail if this is the case. JRA. @@ -192,10 +197,8 @@ static int smb_pam_passchange_conv(int num_msg, return PAM_CONV_ERR; } - /* Get the prompts... */ + /* Get the prompts. We're running as root so we only get 2 prompts. */ - if (!next_token(&p, currentpw_prompt, NULL, sizeof(fstring))) - return PAM_CONV_ERR; if (!next_token(&p, newpw_prompt, NULL, sizeof(fstring))) return PAM_CONV_ERR; if (!next_token(&p, repeatpw_prompt, NULL, sizeof(fstring))) @@ -217,16 +220,14 @@ static int smb_pam_passchange_conv(int num_msg, case PAM_PROMPT_ECHO_OFF: reply[replies].resp_retcode = PAM_SUCCESS; DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: Replied: %s\n", msg[replies]->msg)); - if (strncmp(currentpw_prompt, msg[replies]->msg, strlen(currentpw_prompt)) == 0) { - reply[replies].resp = COPY_STRING(udp->PAM_password); - } else if (strncmp(newpw_prompt, msg[replies]->msg, strlen(newpw_prompt)) == 0) { + if (ms_fnmatch( newpw_prompt, msg[replies]->msg) == 0) { reply[replies].resp = COPY_STRING(udp->PAM_newpassword); - } else if (strncmp(repeatpw_prompt, msg[replies]->msg, strlen(repeatpw_prompt)) == 0) { + } else if (ms_fnmatch(repeatpw_prompt, msg[replies]->msg) == 0) { reply[replies].resp = COPY_STRING(udp->PAM_newpassword); } else { DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg)); - DEBUG(5,("smb_pam_passchange_conv: Prompts available:\n CurrentPW: \"%s\"\n NewPW: \"%s\"\n \ -RepeatPW: \"%s\"\n",currentpw_prompt,newpw_prompt,repeatpw_prompt)); + DEBUG(5,("smb_pam_passchange_conv: Prompts available:\n NewPW: \"%s\"\n \ +RepeatPW: \"%s\"\n",newpw_prompt,repeatpw_prompt)); free(reply); reply = NULL; return PAM_CONV_ERR; |