summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-05-02 23:32:09 +0000
committerJeremy Allison <jra@samba.org>2001-05-02 23:32:09 +0000
commitaac630b382fefff2e3ead291d2d838832a180925 (patch)
tree88bd61c1ee2458432cf9bc820cef40732ab0bcea /source3/auth
parentdea501bc5fbafddef502c788cf7f44d9034e0fcd (diff)
downloadsamba-aac630b382fefff2e3ead291d2d838832a180925.tar.gz
samba-aac630b382fefff2e3ead291d2d838832a180925.tar.bz2
samba-aac630b382fefff2e3ead291d2d838832a180925.zip
Had to add a "pam password change" parameter (defaults to "off") and inlined
the pam password change code to ensure that existing and working password chat scripts don't break with 2.2.1. PAM password changing has to be explicitly requested. Allowed wildcards in pam password change matching (matches password chat script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to stop warnings. Don't worry - the const changes are isolated and don't cause any other warnings :-). Jeremy. (This used to be commit 47b4d82536c09bffe3a0d9917fa31d935f1be7d8)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/pampass.c21
1 files changed, 11 insertions, 10 deletions
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 8f62d35317..2d7bdcdf6a 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -113,6 +113,9 @@ static int smb_pam_conv(int num_msg,
*resp = NULL;
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
/*
* Apparantly HPUX has a buggy PAM that doesn't support the
* appdata_ptr. Fail if this is the case. JRA.
@@ -174,7 +177,6 @@ static int smb_pam_passchange_conv(int num_msg,
{
int replies = 0;
struct pam_response *reply = NULL;
- fstring currentpw_prompt;
fstring newpw_prompt;
fstring repeatpw_prompt;
char *p = lp_passwd_chat();
@@ -182,6 +184,9 @@ static int smb_pam_passchange_conv(int num_msg,
*resp = NULL;
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
/*
* Apparantly HPUX has a buggy PAM that doesn't support the
* appdata_ptr. Fail if this is the case. JRA.
@@ -192,10 +197,8 @@ static int smb_pam_passchange_conv(int num_msg,
return PAM_CONV_ERR;
}
- /* Get the prompts... */
+ /* Get the prompts. We're running as root so we only get 2 prompts. */
- if (!next_token(&p, currentpw_prompt, NULL, sizeof(fstring)))
- return PAM_CONV_ERR;
if (!next_token(&p, newpw_prompt, NULL, sizeof(fstring)))
return PAM_CONV_ERR;
if (!next_token(&p, repeatpw_prompt, NULL, sizeof(fstring)))
@@ -217,16 +220,14 @@ static int smb_pam_passchange_conv(int num_msg,
case PAM_PROMPT_ECHO_OFF:
reply[replies].resp_retcode = PAM_SUCCESS;
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: Replied: %s\n", msg[replies]->msg));
- if (strncmp(currentpw_prompt, msg[replies]->msg, strlen(currentpw_prompt)) == 0) {
- reply[replies].resp = COPY_STRING(udp->PAM_password);
- } else if (strncmp(newpw_prompt, msg[replies]->msg, strlen(newpw_prompt)) == 0) {
+ if (ms_fnmatch( newpw_prompt, msg[replies]->msg) == 0) {
reply[replies].resp = COPY_STRING(udp->PAM_newpassword);
- } else if (strncmp(repeatpw_prompt, msg[replies]->msg, strlen(repeatpw_prompt)) == 0) {
+ } else if (ms_fnmatch(repeatpw_prompt, msg[replies]->msg) == 0) {
reply[replies].resp = COPY_STRING(udp->PAM_newpassword);
} else {
DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
- DEBUG(5,("smb_pam_passchange_conv: Prompts available:\n CurrentPW: \"%s\"\n NewPW: \"%s\"\n \
-RepeatPW: \"%s\"\n",currentpw_prompt,newpw_prompt,repeatpw_prompt));
+ DEBUG(5,("smb_pam_passchange_conv: Prompts available:\n NewPW: \"%s\"\n \
+RepeatPW: \"%s\"\n",newpw_prompt,repeatpw_prompt));
free(reply);
reply = NULL;
return PAM_CONV_ERR;