diff options
author | James Peach <jpeach@samba.org> | 2007-11-21 18:31:35 -0800 |
---|---|---|
committer | James Peach <jpeach@samba.org> | 2007-11-21 18:31:35 -0800 |
commit | 64b54e534008a1ac36b9ba21726ca0954fe00d63 (patch) | |
tree | 5a5e0f42c70d4afa14ba689bf4f97af321432510 /source3/pam_smbpass | |
parent | febaaae2021c2993d265cc48cf9fbef05cb4ed1b (diff) | |
parent | 7ef6c19074495110d5c0b698b05c4ee52a0744d6 (diff) | |
download | samba-64b54e534008a1ac36b9ba21726ca0954fe00d63.tar.gz samba-64b54e534008a1ac36b9ba21726ca0954fe00d63.tar.bz2 samba-64b54e534008a1ac36b9ba21726ca0954fe00d63.zip |
Merge ssh://git.samba.org/data/git/samba into v3-2-test
(This used to be commit 660ea443364e949ed06c28b00f0e1c3757f0da27)
Diffstat (limited to 'source3/pam_smbpass')
-rw-r--r-- | source3/pam_smbpass/pam_smb_auth.c | 134 | ||||
-rw-r--r-- | source3/pam_smbpass/pam_smb_passwd.c | 25 |
2 files changed, 70 insertions, 89 deletions
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index b29f7c838f..79856a111d 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -170,98 +170,82 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { - int retval, *pretval = NULL; + int retval, *pretval = NULL; - retval = PAM_SUCCESS; + retval = PAM_SUCCESS; - pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval); - if(pretval) { - retval = *pretval; - SAFE_FREE(pretval); - } - pam_set_data(pamh, "smb_setcred_return", NULL, NULL); + pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval); + if(pretval) { + retval = *pretval; + SAFE_FREE(pretval); + } + pam_set_data(pamh, "smb_setcred_return", NULL, NULL); - return retval; + return retval; } - /* Helper function for adding a user to the db. */ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, const char *name, struct samu *sampass, bool exist) { - pstring err_str; - pstring msg_str; - const char *pass = NULL; - int retval; - - err_str[0] = '\0'; - msg_str[0] = '\0'; - - /* Get the authtok; if we don't have one, silently fail. */ - retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); - - if (retval != PAM_SUCCESS) { - _log_err( LOG_ALERT - , "pam_get_item returned error to pam_sm_authenticate" ); - return PAM_AUTHTOK_RECOVER_ERR; - } else if (pass == NULL) { - return PAM_AUTHTOK_RECOVER_ERR; - } - - /* Add the user to the db if they aren't already there. */ - if (!exist) { - retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD, - pass, err_str, - sizeof(err_str), - msg_str, sizeof(msg_str) )); - if (!retval && *err_str) - { - err_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); - } - else if (*msg_str) - { - msg_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); + char *err_str = NULL; + char *msg_str = NULL; + const char *pass = NULL; + int retval; + + /* Get the authtok; if we don't have one, silently fail. */ + retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); + + if (retval != PAM_SUCCESS) { + _log_err( LOG_ALERT + , "pam_get_item returned error to pam_sm_authenticate" ); + return PAM_AUTHTOK_RECOVER_ERR; + } else if (pass == NULL) { + return PAM_AUTHTOK_RECOVER_ERR; } - pass = NULL; - return PAM_IGNORE; - } - else { - /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */ - if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) - { - retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_SET_PASSWORD, pass, err_str, sizeof(err_str), - msg_str, sizeof(msg_str) )); - if (!retval && *err_str) - { - err_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); - } - else if (*msg_str) - { - msg_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); + /* Add the user to the db if they aren't already there. */ + if (!exist) { + retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD, + pass, &err_str, &msg_str)); + if (!retval && err_str) { + make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); + } else if (msg_str) { + make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); + } + pass = NULL; + + SAFE_FREE(err_str); + SAFE_FREE(msg_str); + return PAM_IGNORE; + } else { + /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */ + if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) { + retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_SET_PASSWORD, + pass, &err_str, &msg_str)); + if (!retval && err_str) { + make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); + } else if (msg_str) { + make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); + } + } } - } - } - pass = NULL; - - return PAM_IGNORE; + SAFE_FREE(err_str); + SAFE_FREE(msg_str); + pass = NULL; + return PAM_IGNORE; } - /* static module data */ #ifdef PAM_STATIC struct pam_module _pam_smbpass_auth_modstruct = { - "pam_smbpass", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL + "pam_smbpass", + pam_sm_authenticate, + pam_sm_setcred, + NULL, + NULL, + NULL, + NULL }; #endif diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index 25b7e2b623..f0fa018217 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -48,32 +48,29 @@ int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new ) { int retval; - pstring err_str; - pstring msg_str; + char *err_str = NULL; + char *msg_str = NULL; - err_str[0] = '\0'; - msg_str[0] = '\0'; - - retval = NT_STATUS_IS_OK(local_password_change( user, LOCAL_SET_PASSWORD, pass_new, - err_str, sizeof(err_str), - msg_str, sizeof(msg_str) )); + retval = NT_STATUS_IS_OK(local_password_change(user, LOCAL_SET_PASSWORD, pass_new, + &err_str, + &msg_str)); if (!retval) { - if (*err_str) { - err_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); + if (err_str) { + make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); } /* FIXME: what value is appropriate here? */ retval = PAM_AUTHTOK_ERR; } else { - if (*msg_str) { - msg_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); + if (msg_str) { + make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); } retval = PAM_SUCCESS; } + SAFE_FREE(err_str); + SAFE_FREE(msg_str); return retval; } |