summaryrefslogtreecommitdiff
path: root/source3/pam_smbpass
diff options
context:
space:
mode:
authorJames Peach <jpeach@samba.org>2007-11-21 18:31:35 -0800
committerJames Peach <jpeach@samba.org>2007-11-21 18:31:35 -0800
commit64b54e534008a1ac36b9ba21726ca0954fe00d63 (patch)
tree5a5e0f42c70d4afa14ba689bf4f97af321432510 /source3/pam_smbpass
parentfebaaae2021c2993d265cc48cf9fbef05cb4ed1b (diff)
parent7ef6c19074495110d5c0b698b05c4ee52a0744d6 (diff)
downloadsamba-64b54e534008a1ac36b9ba21726ca0954fe00d63.tar.gz
samba-64b54e534008a1ac36b9ba21726ca0954fe00d63.tar.bz2
samba-64b54e534008a1ac36b9ba21726ca0954fe00d63.zip
Merge ssh://git.samba.org/data/git/samba into v3-2-test
(This used to be commit 660ea443364e949ed06c28b00f0e1c3757f0da27)
Diffstat (limited to 'source3/pam_smbpass')
-rw-r--r--source3/pam_smbpass/pam_smb_auth.c134
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c25
2 files changed, 70 insertions, 89 deletions
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index b29f7c838f..79856a111d 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -170,98 +170,82 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
- int retval, *pretval = NULL;
+ int retval, *pretval = NULL;
- retval = PAM_SUCCESS;
+ retval = PAM_SUCCESS;
- pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
- if(pretval) {
- retval = *pretval;
- SAFE_FREE(pretval);
- }
- pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
+ pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
+ if(pretval) {
+ retval = *pretval;
+ SAFE_FREE(pretval);
+ }
+ pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
- return retval;
+ return retval;
}
-
/* Helper function for adding a user to the db. */
static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
const char *name, struct samu *sampass, bool exist)
{
- pstring err_str;
- pstring msg_str;
- const char *pass = NULL;
- int retval;
-
- err_str[0] = '\0';
- msg_str[0] = '\0';
-
- /* Get the authtok; if we don't have one, silently fail. */
- retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
-
- if (retval != PAM_SUCCESS) {
- _log_err( LOG_ALERT
- , "pam_get_item returned error to pam_sm_authenticate" );
- return PAM_AUTHTOK_RECOVER_ERR;
- } else if (pass == NULL) {
- return PAM_AUTHTOK_RECOVER_ERR;
- }
-
- /* Add the user to the db if they aren't already there. */
- if (!exist) {
- retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
- pass, err_str,
- sizeof(err_str),
- msg_str, sizeof(msg_str) ));
- if (!retval && *err_str)
- {
- err_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
- }
- else if (*msg_str)
- {
- msg_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ char *err_str = NULL;
+ char *msg_str = NULL;
+ const char *pass = NULL;
+ int retval;
+
+ /* Get the authtok; if we don't have one, silently fail. */
+ retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
+
+ if (retval != PAM_SUCCESS) {
+ _log_err( LOG_ALERT
+ , "pam_get_item returned error to pam_sm_authenticate" );
+ return PAM_AUTHTOK_RECOVER_ERR;
+ } else if (pass == NULL) {
+ return PAM_AUTHTOK_RECOVER_ERR;
}
- pass = NULL;
- return PAM_IGNORE;
- }
- else {
- /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */
- if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ )
- {
- retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_SET_PASSWORD, pass, err_str, sizeof(err_str),
- msg_str, sizeof(msg_str) ));
- if (!retval && *err_str)
- {
- err_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
- }
- else if (*msg_str)
- {
- msg_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ /* Add the user to the db if they aren't already there. */
+ if (!exist) {
+ retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
+ pass, &err_str, &msg_str));
+ if (!retval && err_str) {
+ make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
+ } else if (msg_str) {
+ make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ }
+ pass = NULL;
+
+ SAFE_FREE(err_str);
+ SAFE_FREE(msg_str);
+ return PAM_IGNORE;
+ } else {
+ /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */
+ if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) {
+ retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_SET_PASSWORD,
+ pass, &err_str, &msg_str));
+ if (!retval && err_str) {
+ make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
+ } else if (msg_str) {
+ make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ }
+ }
}
- }
- }
- pass = NULL;
-
- return PAM_IGNORE;
+ SAFE_FREE(err_str);
+ SAFE_FREE(msg_str);
+ pass = NULL;
+ return PAM_IGNORE;
}
-
/* static module data */
#ifdef PAM_STATIC
struct pam_module _pam_smbpass_auth_modstruct = {
- "pam_smbpass",
- pam_sm_authenticate,
- pam_sm_setcred,
- NULL,
- NULL,
- NULL,
- NULL
+ "pam_smbpass",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ NULL,
+ NULL,
+ NULL,
+ NULL
};
#endif
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 25b7e2b623..f0fa018217 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -48,32 +48,29 @@
int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new )
{
int retval;
- pstring err_str;
- pstring msg_str;
+ char *err_str = NULL;
+ char *msg_str = NULL;
- err_str[0] = '\0';
- msg_str[0] = '\0';
-
- retval = NT_STATUS_IS_OK(local_password_change( user, LOCAL_SET_PASSWORD, pass_new,
- err_str, sizeof(err_str),
- msg_str, sizeof(msg_str) ));
+ retval = NT_STATUS_IS_OK(local_password_change(user, LOCAL_SET_PASSWORD, pass_new,
+ &err_str,
+ &msg_str));
if (!retval) {
- if (*err_str) {
- err_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
+ if (err_str) {
+ make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
}
/* FIXME: what value is appropriate here? */
retval = PAM_AUTHTOK_ERR;
} else {
- if (*msg_str) {
- msg_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ if (msg_str) {
+ make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
}
retval = PAM_SUCCESS;
}
+ SAFE_FREE(err_str);
+ SAFE_FREE(msg_str);
return retval;
}