summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-05-02 23:32:09 +0000
committerJeremy Allison <jra@samba.org>2001-05-02 23:32:09 +0000
commitaac630b382fefff2e3ead291d2d838832a180925 (patch)
tree88bd61c1ee2458432cf9bc820cef40732ab0bcea /source3/smbd
parentdea501bc5fbafddef502c788cf7f44d9034e0fcd (diff)
downloadsamba-aac630b382fefff2e3ead291d2d838832a180925.tar.gz
samba-aac630b382fefff2e3ead291d2d838832a180925.tar.bz2
samba-aac630b382fefff2e3ead291d2d838832a180925.zip
Had to add a "pam password change" parameter (defaults to "off") and inlined
the pam password change code to ensure that existing and working password chat scripts don't break with 2.2.1. PAM password changing has to be explicitly requested. Allowed wildcards in pam password change matching (matches password chat script matching). Had to add const (sorry Tim :-) to ms_fnmatch() to stop warnings. Don't worry - the const changes are isolated and don't cause any other warnings :-). Jeremy. (This used to be commit 47b4d82536c09bffe3a0d9917fa31d935f1be7d8)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/chgpasswd.c96
1 files changed, 42 insertions, 54 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 72e97abc3b..d503e65897 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -20,9 +20,9 @@
*/
/* fork a child process to exec passwd and write to its
-* tty to change a users password. This is running as the
-* user who is attempting to change the password.
-*/
+ * tty to change a users password. This is running as the
+ * user who is attempting to change the password.
+ */
/*
* This code was copied/borrowed and stolen from various sources.
@@ -54,24 +54,6 @@ extern struct passdb_ops pdb_ops;
#if ALLOW_CHANGE_PASSWORD
-#ifdef WITH_PAM
-BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
-{
- BOOL ret;
-
- if (as_root)
- become_root();
-
- ret = smb_pam_passchange(name, oldpass, newpass);
-
- if (as_root)
- unbecome_root();
-
- return ret;
-}
-
-#else /* WITH_PAM */
-
static int findpty(char **slave)
{
int master;
@@ -475,47 +457,28 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
/* Take the passed information and test it for minimum criteria */
/* Minimum password length */
- if (strlen(newpass) < lp_min_passwd_length()) /* too short, must be at least MINPASSWDLENGTH */
- {
- DEBUG(0,
- ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
+ if (strlen(newpass) < lp_min_passwd_length()) {
+ /* too short, must be at least MINPASSWDLENGTH */
+ DEBUG(0, ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
name, lp_min_passwd_length()));
return (False); /* inform the user */
}
/* Password is same as old password */
- if (strcmp(oldpass, newpass) == 0) /* don't allow same password */
- {
- DEBUG(2,
- ("Password Change: %s, New password is same as old\n", name)); /* log the attempt */
+ if (strcmp(oldpass, newpass) == 0) {
+ /* don't allow same password */
+ DEBUG(2, ("Password Change: %s, New password is same as old\n", name)); /* log the attempt */
return (False); /* inform the user */
}
- pstrcpy(passwordprogram, lp_passwd_program());
- pstrcpy(chatsequence, lp_passwd_chat());
-
- if (!*chatsequence)
- {
- DEBUG(2, ("Null chat sequence - no password changing\n"));
- return (False);
- }
-
- if (!*passwordprogram)
- {
- DEBUG(2, ("Null password program - no password changing\n"));
- return (False);
- }
-
/*
* Check the old and new passwords don't contain any control
* characters.
*/
len = strlen(oldpass);
- for (i = 0; i < len; i++)
- {
- if (iscntrl((int)oldpass[i]))
- {
+ for (i = 0; i < len; i++) {
+ if (iscntrl((int)oldpass[i])) {
DEBUG(0,
("chat_with_program: oldpass contains control characters (disallowed).\n"));
return False;
@@ -523,16 +486,43 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
}
len = strlen(newpass);
- for (i = 0; i < len; i++)
- {
- if (iscntrl((int)newpass[i]))
- {
+ for (i = 0; i < len; i++) {
+ if (iscntrl((int)newpass[i])) {
DEBUG(0,
("chat_with_program: newpass contains control characters (disallowed).\n"));
return False;
}
}
+#ifdef WITH_PAM
+ if (lp_pam_password_change()) {
+ BOOL ret;
+
+ if (as_root)
+ become_root();
+
+ ret = smb_pam_passchange(name, oldpass, newpass);
+
+ if (as_root)
+ unbecome_root();
+
+ return ret;
+ }
+#endif
+
+ pstrcpy(passwordprogram, lp_passwd_program());
+ pstrcpy(chatsequence, lp_passwd_chat());
+
+ if (!*chatsequence) {
+ DEBUG(2, ("Null chat sequence - no password changing\n"));
+ return (False);
+ }
+
+ if (!*passwordprogram) {
+ DEBUG(2, ("Null password program - no password changing\n"));
+ return (False);
+ }
+
pstring_sub(passwordprogram, "%u", name);
/* note that we do NOT substitute the %o and %n in the password program
as this would open up a security hole where the user could use
@@ -545,8 +535,6 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
(passwordprogram, name, chatsequence, as_root));
}
-#endif /* WITH_PAM */
-
#else /* ALLOW_CHANGE_PASSWORD */
BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)