summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/pam_smbpass/pam_smb_auth.c134
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c25
-rw-r--r--source3/passdb/passdb.c51
-rw-r--r--source3/utils/smbpasswd.c12
-rw-r--r--source3/web/swat.c14
5 files changed, 111 insertions, 125 deletions
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index b29f7c838f..79856a111d 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -170,98 +170,82 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
- int retval, *pretval = NULL;
+ int retval, *pretval = NULL;
- retval = PAM_SUCCESS;
+ retval = PAM_SUCCESS;
- pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
- if(pretval) {
- retval = *pretval;
- SAFE_FREE(pretval);
- }
- pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
+ pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
+ if(pretval) {
+ retval = *pretval;
+ SAFE_FREE(pretval);
+ }
+ pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
- return retval;
+ return retval;
}
-
/* Helper function for adding a user to the db. */
static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
const char *name, struct samu *sampass, bool exist)
{
- pstring err_str;
- pstring msg_str;
- const char *pass = NULL;
- int retval;
-
- err_str[0] = '\0';
- msg_str[0] = '\0';
-
- /* Get the authtok; if we don't have one, silently fail. */
- retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
-
- if (retval != PAM_SUCCESS) {
- _log_err( LOG_ALERT
- , "pam_get_item returned error to pam_sm_authenticate" );
- return PAM_AUTHTOK_RECOVER_ERR;
- } else if (pass == NULL) {
- return PAM_AUTHTOK_RECOVER_ERR;
- }
-
- /* Add the user to the db if they aren't already there. */
- if (!exist) {
- retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
- pass, err_str,
- sizeof(err_str),
- msg_str, sizeof(msg_str) ));
- if (!retval && *err_str)
- {
- err_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
- }
- else if (*msg_str)
- {
- msg_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ char *err_str = NULL;
+ char *msg_str = NULL;
+ const char *pass = NULL;
+ int retval;
+
+ /* Get the authtok; if we don't have one, silently fail. */
+ retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
+
+ if (retval != PAM_SUCCESS) {
+ _log_err( LOG_ALERT
+ , "pam_get_item returned error to pam_sm_authenticate" );
+ return PAM_AUTHTOK_RECOVER_ERR;
+ } else if (pass == NULL) {
+ return PAM_AUTHTOK_RECOVER_ERR;
}
- pass = NULL;
- return PAM_IGNORE;
- }
- else {
- /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */
- if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ )
- {
- retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_SET_PASSWORD, pass, err_str, sizeof(err_str),
- msg_str, sizeof(msg_str) ));
- if (!retval && *err_str)
- {
- err_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
- }
- else if (*msg_str)
- {
- msg_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ /* Add the user to the db if they aren't already there. */
+ if (!exist) {
+ retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
+ pass, &err_str, &msg_str));
+ if (!retval && err_str) {
+ make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
+ } else if (msg_str) {
+ make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ }
+ pass = NULL;
+
+ SAFE_FREE(err_str);
+ SAFE_FREE(msg_str);
+ return PAM_IGNORE;
+ } else {
+ /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */
+ if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) {
+ retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_SET_PASSWORD,
+ pass, &err_str, &msg_str));
+ if (!retval && err_str) {
+ make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
+ } else if (msg_str) {
+ make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ }
+ }
}
- }
- }
- pass = NULL;
-
- return PAM_IGNORE;
+ SAFE_FREE(err_str);
+ SAFE_FREE(msg_str);
+ pass = NULL;
+ return PAM_IGNORE;
}
-
/* static module data */
#ifdef PAM_STATIC
struct pam_module _pam_smbpass_auth_modstruct = {
- "pam_smbpass",
- pam_sm_authenticate,
- pam_sm_setcred,
- NULL,
- NULL,
- NULL,
- NULL
+ "pam_smbpass",
+ pam_sm_authenticate,
+ pam_sm_setcred,
+ NULL,
+ NULL,
+ NULL,
+ NULL
};
#endif
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 25b7e2b623..f0fa018217 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -48,32 +48,29 @@
int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new )
{
int retval;
- pstring err_str;
- pstring msg_str;
+ char *err_str = NULL;
+ char *msg_str = NULL;
- err_str[0] = '\0';
- msg_str[0] = '\0';
-
- retval = NT_STATUS_IS_OK(local_password_change( user, LOCAL_SET_PASSWORD, pass_new,
- err_str, sizeof(err_str),
- msg_str, sizeof(msg_str) ));
+ retval = NT_STATUS_IS_OK(local_password_change(user, LOCAL_SET_PASSWORD, pass_new,
+ &err_str,
+ &msg_str));
if (!retval) {
- if (*err_str) {
- err_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
+ if (err_str) {
+ make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
}
/* FIXME: what value is appropriate here? */
retval = PAM_AUTHTOK_ERR;
} else {
- if (*msg_str) {
- msg_str[PSTRING_LEN-1] = '\0';
- make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
+ if (msg_str) {
+ make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
}
retval = PAM_SUCCESS;
}
+ SAFE_FREE(err_str);
+ SAFE_FREE(msg_str);
return retval;
}
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 754702e333..2a4d4c4a0a 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -635,17 +635,18 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
Change a password entry in the local smbpasswd file.
*************************************************************/
-NTSTATUS local_password_change(const char *user_name, int local_flags,
- const char *new_passwd,
- char *err_str, size_t err_str_len,
- char *msg_str, size_t msg_str_len)
+NTSTATUS local_password_change(const char *user_name,
+ int local_flags,
+ const char *new_passwd,
+ char **pp_err_str,
+ char **pp_msg_str)
{
struct samu *sam_pass=NULL;
uint32 other_acb;
NTSTATUS result;
- *err_str = '\0';
- *msg_str = '\0';
+ *pp_err_str = NULL;
+ *pp_msg_str = NULL;
/* Get the smb passwd entry for this user */
@@ -689,12 +690,12 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
}
if (!NT_STATUS_IS_OK(result)) {
- slprintf(err_str, err_str_len-1, "Failed to " "initialize account for user %s: %s\n",
+ asprintf(pp_err_str, "Failed to " "initialize account for user %s: %s\n",
user_name, nt_errstr(result));
return result;
}
} else {
- slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to find entry for user %s.\n", user_name);
return NT_STATUS_NO_SUCH_USER;
}
} else {
@@ -707,19 +708,19 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
other_acb = (pdb_get_acct_ctrl(sam_pass) & (~(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
if (local_flags & LOCAL_TRUST_ACCOUNT) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) {
- slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) {
- slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else {
if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) {
- slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to set 'normal account' flags for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -732,13 +733,13 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
if (local_flags & LOCAL_DISABLE_USER) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) {
- slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to set 'disabled' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else if (local_flags & LOCAL_ENABLE_USER) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
- slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -746,7 +747,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
if (local_flags & LOCAL_SET_NO_PASSWORD) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) {
- slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to set 'no password required' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -762,19 +763,19 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
*/
if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
- slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
}
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) {
- slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to unset 'no password required' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
- slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to set password for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -782,34 +783,34 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
if (local_flags & LOCAL_ADD_USER) {
if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) {
- slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
+ asprintf(pp_msg_str, "Added user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_OK;
} else {
- slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to add entry for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else if (local_flags & LOCAL_DELETE_USER) {
if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) {
- slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to delete entry for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
- slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
+ asprintf(pp_msg_str, "Deleted user %s.\n", user_name);
} else {
result = pdb_update_sam_account(sam_pass);
if(!NT_STATUS_IS_OK(result)) {
- slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
+ asprintf(pp_err_str, "Failed to modify entry for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return result;
}
if(local_flags & LOCAL_DISABLE_USER)
- slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
+ asprintf(pp_msg_str, "Disabled user %s.\n", user_name);
else if (local_flags & LOCAL_ENABLE_USER)
- slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
+ asprintf(pp_msg_str, "Enabled user %s.\n", user_name);
else if (local_flags & LOCAL_SET_NO_PASSWORD)
- slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
+ asprintf(pp_msg_str, "User %s password set to none.\n", user_name);
}
TALLOC_FREE(sam_pass);
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 296c0630d8..b7fc65525a 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -233,8 +233,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username,
int local_flags)
{
NTSTATUS ret;
- pstring err_str;
- pstring msg_str;
+ char *err_str = NULL;
+ char *msg_str = NULL;
if (remote_mach != NULL) {
if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
@@ -250,13 +250,15 @@ static NTSTATUS password_change(const char *remote_mach, char *username,
}
ret = local_password_change(username, local_flags, new_pw,
- err_str, sizeof(err_str), msg_str, sizeof(msg_str));
+ &err_str, &msg_str);
- if(*msg_str)
+ if(msg_str)
printf("%s", msg_str);
- if(*err_str)
+ if(err_str)
fprintf(stderr, "%s", err_str);
+ SAFE_FREE(msg_str);
+ SAFE_FREE(err_str);
return ret;
}
diff --git a/source3/web/swat.c b/source3/web/swat.c
index e9ed0ded54..95921c0b1d 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -987,8 +987,8 @@ static bool change_password(const char *remote_machine, const char *user_name,
int local_flags)
{
NTSTATUS ret;
- pstring err_str;
- pstring msg_str;
+ char *err_str = NULL;
+ char *msg_str = NULL;
if (demo_mode) {
printf("%s\n<p>", _("password change in demo mode rejected"));
@@ -1008,14 +1008,16 @@ static bool change_password(const char *remote_machine, const char *user_name,
return False;
}
- ret = local_password_change(user_name, local_flags, new_passwd, err_str, sizeof(err_str),
- msg_str, sizeof(msg_str));
+ ret = local_password_change(user_name, local_flags, new_passwd,
+ &err_str, &msg_str);
- if(*msg_str)
+ if(msg_str)
printf("%s\n<p>", msg_str);
- if(*err_str)
+ if(err_str)
printf("%s\n<p>", err_str);
+ SAFE_FREE(msg_str);
+ SAFE_FREE(err_str);
return NT_STATUS_IS_OK(ret);
}
generated by cgit (git 2.34.1) at 2024-06-10 19:17:31 +0000