updates from 2.2

(This used to be commit 398b4ff0d40d89b3e96d481807f85f15b7a7966a)

1 files changed, 31 insertions, 26 deletions

diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 4b56b2b301..9952eb94db 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -45,7 +45,7 @@ do {								\
 } while (0)
 
 static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
-                         const char *name, struct smb_passwd *smb_pwent);
+                         const char *name, SAM_ACCOUNT *sampass, BOOL exist);
 
 /*
  * pam_sm_authenticate() authenticates users against the samba password file.
@@ -61,24 +61,25 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
 {
     unsigned int ctrl;
     int retval, *ret_data = NULL;
-
+    SAM_ACCOUNT *sampass = NULL;
+    extern BOOL in_client;
     const char *name;
+    BOOL found;
 
     /* Points to memory managed by the PAM library. Do not free. */
     const char *p = NULL;
 
-    struct smb_passwd *smb_pwent = NULL;
-
-    extern BOOL in_client;
 
     /* Samba initialization. */
     setup_logging("pam_smbpass",False);
+    charset_initialise();
+    codepage_initialise(lp_client_code_page());
     in_client = True;
 
     ctrl = set_ctrl(flags, argc, argv);
 
     /* Get a few bytes so we can pass our return value to
-       pam_sm_setcred(). Used in AUTH_RETURN macro */
+       pam_sm_setcred(). */
     ret_data = malloc(sizeof(int));
 
     /* get the username */
@@ -99,42 +100,46 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
         AUTH_RETURN;
     }
 
-    smb_pwent = getsmbpwnam( name );
+    pdb_init_sam(&sampass);
+    
+    found = pdb_getsampwnam( sampass, name );
 
     if (on( SMB_MIGRATE, ctrl )) {
-	retval = _smb_add_user(pamh, ctrl, name, smb_pwent);
+	retval = _smb_add_user(pamh, ctrl, name, sampass, found);
+	pdb_free_sam(&sampass);
 	AUTH_RETURN;
     }
 
-    if (smb_pwent == NULL) {
+    if (!found) {
         _log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
         retval = PAM_USER_UNKNOWN;
+	pdb_free_sam(&sampass);
+	sampass = NULL;
         AUTH_RETURN;
     }
    
     /* if this user does not have a password... */
 
-    if (_smb_blankpasswd( ctrl, smb_pwent )) {
-        smb_pwent = NULL;
+    if (_smb_blankpasswd( ctrl, sampass )) {
+        pdb_free_sam(&sampass);
         retval = PAM_SUCCESS;
         AUTH_RETURN;
     }
 
     /* get this user's authentication token */
 
-    retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL
-				 , _SMB_AUTHTOK, &p);
+    retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
     if (retval != PAM_SUCCESS ) {
 	_log_err(LOG_CRIT, "auth: no password provided for [%s]"
 		 , name);
-        smb_pwent = NULL;
+        pdb_free_sam(&sampass);
         AUTH_RETURN;
     }
 
     /* verify the password of this user */
 
-    retval = _smb_verify_password( pamh, smb_pwent, p, ctrl );
-    smb_pwent = NULL;
+    retval = _smb_verify_password( pamh, sampass, p, ctrl );
+    pdb_free_sam(&sampass);
     p = NULL;
     AUTH_RETURN;
 }
@@ -154,7 +159,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
     pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
     if(pretval) {
 	retval = *pretval;
-	free(pretval);
+	SAFE_FREE(pretval);
     }
     pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
 
@@ -164,7 +169,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
 
 /* Helper function for adding a user to the db. */
 static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
-                         const char *name, struct smb_passwd *smb_pwent)
+                         const char *name, SAM_ACCOUNT *sampass, BOOL exist)
 {
     pstring err_str;
     pstring msg_str;
@@ -186,8 +191,8 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
     }
 
     /* Add the user to the db if they aren't already there. */
-    if (smb_pwent == NULL) {
-	retval = local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
+   if (!exist) {
+	retval = local_password_change( name, LOCAL_ADD_USER,
 	                                 pass, err_str,
 	                                 sizeof(err_str),
 	                                 msg_str, sizeof(msg_str) );
@@ -204,14 +209,12 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
 	pass = NULL;
 
 	return PAM_IGNORE;
-    }
-
+   }
+   else {
     /* Change the user's password IFF it's null. */
-    if (smb_pwent->smb_passwd == NULL && (smb_pwent->acct_ctrl & ACB_PWNOTREQ))
+    if ((pdb_get_lanman_passwd(sampass) == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
     {
-	retval = local_password_change( name, LOCAL_SET_PASSWORD,
-	                                 pass, err_str,
-	                                 sizeof(err_str),
+	retval = local_password_change( name, 0, pass, err_str, sizeof(err_str),
 	                                 msg_str, sizeof(msg_str) );
 	if (!retval && *err_str)
 	{
@@ -224,6 +227,8 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
 	    make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
 	}
     }
+   }
+    
     pass = NULL;
 
     return PAM_IGNORE;