diff options
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth.c | 8 | ||||
-rw-r--r-- | source3/auth/auth_domain.c | 3 | ||||
-rw-r--r-- | source3/auth/auth_rhosts.c | 2 | ||||
-rw-r--r-- | source3/auth/auth_sam.c | 87 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 126 | ||||
-rw-r--r-- | source3/auth/auth_winbind.c | 2 | ||||
-rw-r--r-- | source3/auth/pampass.c | 8 |
7 files changed, 128 insertions, 108 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 8316c4b617..553d9a686e 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -131,7 +131,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by)); DEBUG(5, ("challenge is: \n")); - dump_data(5, auth_context->challenge.data, auth_context->challenge.length); + dump_data(5, (const char *)auth_context->challenge.data, auth_context->challenge.length); SMB_ASSERT(auth_context->challenge.length == 8); @@ -228,7 +228,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, auth_context->challenge_set_by)); DEBUG(10, ("challenge is: \n")); - dump_data(5, auth_context->challenge.data, auth_context->challenge.length); + dump_data(5, (const char *)auth_context->challenge.data, auth_context->challenge.length); #ifdef DEBUG_PASSWORD DEBUG(100, ("user_info has passwords of length %d and %d\n", @@ -373,10 +373,10 @@ BOOL load_auth_module(struct auth_context *auth_context, if (p) { *p = 0; module_params = p+1; - trim_string(module_params, " ", " "); + trim_char(module_params, ' ', ' '); } - trim_string(module_name, " ", " "); + trim_char(module_name, ' ', ' '); entry = auth_find_backend_entry(module_name); diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index aacea261fe..43e7597cd9 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -26,9 +26,6 @@ extern BOOL global_machine_password_needs_changing; -extern userdom_struct current_user_info; - - /** * Connect to a remote server for domain security authenticaion. * diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index fab2d551f2..b295df9328 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -40,7 +40,7 @@ static BOOL check_user_equiv(const char *user, const char *remote, const char *e if (! lines) return False; for (i=0; lines[i]; i++) { char *buf = lines[i]; - trim_string(buf," "," "); + trim_char(buf,' ',' '); if (buf[0] != '#' && buf[0] != '\n') { diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index fb66d53cd4..ce97bd7df2 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -27,8 +27,9 @@ #define DBGC_CLASS DBGC_AUTH /**************************************************************************** -core of smb password checking routine. + Core of smb password checking routine. ****************************************************************************/ + static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response, const uchar *part_passwd, const DATA_BLOB *sec_blob, @@ -54,8 +55,7 @@ static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response, } SMBOWFencrypt(part_passwd, sec_blob->data, p24); - if (user_sess_key != NULL) - { + if (user_sess_key != NULL) { SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key); } @@ -74,12 +74,11 @@ static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response, return (memcmp(p24, nt_response->data, 24) == 0); } - /**************************************************************************** -core of smb password checking routine. (NTLMv2, LMv2) - -Note: The same code works with both NTLMv2 and LMv2. + Core of smb password checking routine. (NTLMv2, LMv2) + Note: The same code works with both NTLMv2 and LMv2. ****************************************************************************/ + static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, const uchar *part_passwd, const DATA_BLOB *sec_blob, @@ -92,8 +91,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, uchar client_response[16]; DATA_BLOB client_key_data; - if (part_passwd == NULL) - { + if (part_passwd == NULL) { DEBUG(10,("No password set - DISALLOWING access\n")); /* No password set - always False */ return False; @@ -121,8 +119,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, } SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption); - if (user_sess_key != NULL) - { + if (user_sess_key != NULL) { SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key); } @@ -142,11 +139,11 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, return (memcmp(value_from_encryption, client_response, 16) == 0); } - /**************************************************************************** Do a specific test for an smb password being correct, given a smb_password and the lanman and NT responses. ****************************************************************************/ + static NTSTATUS sam_password_ok(const struct auth_context *auth_context, TALLOC_CTX *mem_ctx, SAM_ACCOUNT *sampass, @@ -158,15 +155,11 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, uint32 auth_flags; acct_ctrl = pdb_get_acct_ctrl(sampass); - if (acct_ctrl & ACB_PWNOTREQ) - { - if (lp_null_passwords()) - { + if (acct_ctrl & ACB_PWNOTREQ) { + if (lp_null_passwords()) { DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", pdb_get_username(sampass))); return(NT_STATUS_OK); - } - else - { + } else { DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", pdb_get_username(sampass))); return(NT_STATUS_LOGON_FAILURE); } @@ -191,8 +184,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, nt_pw, &auth_context->challenge, user_info->smb_name.str, user_info->client_domain.str, - user_sess_key)) - { + user_sess_key)) { return NT_STATUS_OK; } @@ -201,9 +193,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, nt_pw, &auth_context->challenge, user_info->smb_name.str, "", - user_sess_key)) - - { + user_sess_key)) { return NT_STATUS_OK; } else { DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n")); @@ -218,8 +208,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, DEBUG(4,("sam_password_ok: Checking NT MD4 password\n")); if (smb_pwd_check_ntlmv1(&user_info->nt_resp, nt_pw, &auth_context->challenge, - user_sess_key)) - { + user_sess_key)) { return NT_STATUS_OK; } else { DEBUG(3,("sam_password_ok: NT MD4 password check failed for user %s\n",pdb_get_username(sampass))); @@ -247,8 +236,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, DEBUG(4,("sam_password_ok: Checking LM password\n")); if (smb_pwd_check_ntlmv1(&user_info->lm_resp, lm_pw, &auth_context->challenge, - user_sess_key)) - { + user_sess_key)) { return NT_STATUS_OK; } } @@ -268,8 +256,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, nt_pw, &auth_context->challenge, user_info->smb_name.str, user_info->client_domain.str, - user_sess_key)) - { + user_sess_key)) { return NT_STATUS_OK; } @@ -278,8 +265,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, nt_pw, &auth_context->challenge, user_info->smb_name.str, "", - user_sess_key)) - { + user_sess_key)) { return NT_STATUS_OK; } @@ -287,12 +273,10 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, - I think this is related to Win9X pass-though authentication */ DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n")); - if (lp_ntlm_auth()) - { + if (lp_ntlm_auth()) { if (smb_pwd_check_ntlmv1(&user_info->lm_resp, nt_pw, &auth_context->challenge, - user_sess_key)) - { + user_sess_key)) { return NT_STATUS_OK; } DEBUG(3,("sam_password_ok: LM password, NT MD4 password in LM field and LMv2 failed for user %s\n",pdb_get_username(sampass))); @@ -313,6 +297,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, Do a specific test for a SAM_ACCOUNT being vaild for this connection (ie not disabled, expired and the like). ****************************************************************************/ + static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, SAM_ACCOUNT *sampass, const auth_usersupplied_info *user_info) @@ -325,16 +310,22 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, /* Quit if the account was disabled. */ if (acct_ctrl & ACB_DISABLED) { - DEBUG(1,("Account for user '%s' was disabled.\n", pdb_get_username(sampass))); + DEBUG(1,("sam_account_ok: Account for user '%s' was disabled.\n", pdb_get_username(sampass))); return NT_STATUS_ACCOUNT_DISABLED; } + /* Quit if the account was locked out. */ + if (acct_ctrl & ACB_AUTOLOCK) { + DEBUG(1,("sam_account_ok: Account for user %s was locked out.\n", pdb_get_username(sampass))); + return NT_STATUS_ACCOUNT_LOCKED_OUT; + } + /* Test account expire time */ kickoff_time = pdb_get_kickoff_time(sampass); if (kickoff_time != 0 && time(NULL) > kickoff_time) { - DEBUG(1,("Account for user '%s' has expired.\n", pdb_get_username(sampass))); - DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time)); + DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", pdb_get_username(sampass))); + DEBUG(3,("sam_account_ok: Account expired at '%ld' unix time.\n", (long)kickoff_time)); return NT_STATUS_ACCOUNT_EXPIRED; } @@ -344,14 +335,14 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, /* check for immediate expiry "must change at next logon" */ if (must_change_time == 0 && last_set_time != 0) { - DEBUG(1,("Account for user '%s' password must change!.\n", pdb_get_username(sampass))); + DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass))); return NT_STATUS_PASSWORD_MUST_CHANGE; } /* check for expired password */ if (must_change_time < time(NULL) && must_change_time != 0) { - DEBUG(1,("Account for user '%s' password expired!.\n", pdb_get_username(sampass))); - DEBUG(1,("Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time)); + DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", pdb_get_username(sampass))); + DEBUG(1,("sam_account_ok: Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time)); return NT_STATUS_PASSWORD_EXPIRED; } } @@ -359,8 +350,8 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, /* Test workstation. Workstation list is comma separated. */ workstation_list = talloc_strdup(mem_ctx, pdb_get_workstations(sampass)); - - if (!workstation_list) return NT_STATUS_NO_MEMORY; + if (!workstation_list) + return NT_STATUS_NO_MEMORY; if (*workstation_list) { BOOL invalid_ws = True; @@ -369,7 +360,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, fstring tok; while (next_token(&s, tok, ",", sizeof(tok))) { - DEBUG(10,("checking for workstation match %s and %s (len=%d)\n", + DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n", tok, user_info->wksta_name.str, user_info->wksta_name.len)); if(strequal(tok, user_info->wksta_name.str)) { invalid_ws = False; @@ -399,7 +390,6 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } - /**************************************************************************** check if a username/password is OK assuming the password is a 24 byte SMB hash supplied in the user_info structure @@ -434,9 +424,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, ret = pdb_getsampwnam(sampass, user_info->internal_username.str); unbecome_root(); - if (ret == False) - { - DEBUG(3,("Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str)); + if (ret == False) { + DEBUG(3,("check_sam_security: Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str)); pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5403ee8c39..952aa8ba59 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -216,8 +216,8 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, client_domain, smb_name, wksta_name)); /* don't allow "" as a domain, fixes a Win9X bug - where it doens't supply a domain for logon script - 'net use' commands.*/ + where it doens't supply a domain for logon script + 'net use' commands. */ if ( *client_domain ) domain = client_domain; @@ -227,7 +227,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, /* do what win2k does. Always map unknown domains to our own and let the "passdb backend" handle unknown users. */ - if ( !is_trusted_domain(domain) ) + if ( !is_trusted_domain(domain) && !strequal(domain, get_global_sam_name()) ) domain = get_default_sam_name(); /* we know that it is a trusted domain (and we are allowing them) or it is our domain */ @@ -393,7 +393,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, dump_data(100, plaintext_password.data, plaintext_password.length); #endif - SMBencrypt( (const uchar *)plaintext_password.data, (const uchar*)chal, local_lm_response); + SMBencrypt( (const char *)plaintext_password.data, (const uchar*)chal, local_lm_response); local_lm_blob = data_blob(local_lm_response, 24); /* We can't do an NT hash here, as the password needs to be @@ -646,43 +646,66 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, * of groups. ******************************************************************************/ -static NTSTATUS get_user_groups_from_local_sam(const char *username, uid_t uid, gid_t gid, - int *n_groups, DOM_SID **groups, gid_t **unix_groups) +static NTSTATUS get_user_groups(const char *username, uid_t uid, gid_t gid, + int *n_groups, DOM_SID **groups, gid_t **unix_groups) { - int n_unix_groups; - int i; + int n_unix_groups; + int i; *n_groups = 0; *groups = NULL; + + /* Try winbind first */ - n_unix_groups = groups_max(); - if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) { - DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n")); - return NT_STATUS_NO_MEMORY; + if ( strchr(username, *lp_winbind_separator()) ) { + n_unix_groups = winbind_getgroups( username, unix_groups ); + + DEBUG(10,("get_user_groups: winbind_getgroups(%s): result = %s\n", username, + n_unix_groups == -1 ? "FAIL" : "SUCCESS")); + + if ( n_unix_groups == -1 ) + return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */ } - - if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) { - gid_t *groups_tmp; - groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups); - if (!groups_tmp) { - SAFE_FREE(*unix_groups); + else { + /* fallback to getgrouplist() */ + + n_unix_groups = groups_max(); + + if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) { + DEBUG(0, ("get_user_groups: Out of memory allocating unix group list\n")); return NT_STATUS_NO_MEMORY; } - *unix_groups = groups_tmp; - + if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) { - DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n")); - SAFE_FREE(*unix_groups); - return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */ + + gid_t *groups_tmp; + + groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups); + + if (!groups_tmp) { + SAFE_FREE(*unix_groups); + return NT_STATUS_NO_MEMORY; + } + *unix_groups = groups_tmp; + + if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) { + DEBUG(0, ("get_user_groups: failed to get the unix group list\n")); + SAFE_FREE(*unix_groups); + return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */ + } } } debug_unix_user_token(DBGC_CLASS, 5, uid, gid, n_unix_groups, *unix_groups); + /* now setup the space for storing the SIDS */ + if (n_unix_groups > 0) { + *groups = malloc(sizeof(DOM_SID) * n_unix_groups); + if (!*groups) { - DEBUG(0, ("get_user_group_from_local_sam: malloc() failed for DOM_SID list!\n")); + DEBUG(0, ("get_user_group: malloc() failed for DOM_SID list!\n")); SAFE_FREE(*unix_groups); return NT_STATUS_NO_MEMORY; } @@ -692,7 +715,8 @@ static NTSTATUS get_user_groups_from_local_sam(const char *username, uid_t uid, for (i = 0; i < *n_groups; i++) { if (!NT_STATUS_IS_OK(gid_to_sid(&(*groups)[i], (*unix_groups)[i]))) { - DEBUG(1, ("get_user_groups_from_local_sam: failed to convert gid %ld to a sid!\n", (long int)(*unix_groups)[i+1])); + DEBUG(1, ("get_user_groups: failed to convert gid %ld to a sid!\n", + (long int)(*unix_groups)[i+1])); SAFE_FREE(*groups); SAFE_FREE(*unix_groups); return NT_STATUS_NO_SUCH_USER; @@ -743,10 +767,9 @@ static NTSTATUS add_user_groups(auth_serversupplied_info **server_info, BOOL is_guest; uint32 rid; - nt_status = get_user_groups_from_local_sam(pdb_get_username(sampass), - uid, gid, - &n_groupSIDs, &groupSIDs, - &unix_groups); + nt_status = get_user_groups(pdb_get_username(sampass), uid, gid, + &n_groupSIDs, &groupSIDs, &unix_groups); + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(4,("get_user_groups_from_local_sam failed\n")); free_server_info(server_info); @@ -1068,11 +1091,11 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* Store the user group information in the server_info returned to the caller. */ - nt_status = get_user_groups_from_local_sam((*server_info)->unix_name, + nt_status = get_user_groups((*server_info)->unix_name, uid, gid, &n_lgroupSIDs, &lgroupSIDs, &unix_groups); - if ( !NT_STATUS_IS_OK(nt_status) ) - { - DEBUG(4,("get_user_groups_from_local_sam failed\n")); + + if ( !NT_STATUS_IS_OK(nt_status) ) { + DEBUG(4,("get_user_groups failed\n")); return nt_status; } @@ -1080,9 +1103,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, (*server_info)->n_groups = n_lgroupSIDs; /* Create a 'combined' list of all SIDs we might want in the SD */ - all_group_SIDs = malloc(sizeof(DOM_SID) * - (n_lgroupSIDs + info3->num_groups2 + - info3->num_other_sids)); + + all_group_SIDs = malloc(sizeof(DOM_SID) * (info3->num_groups2 +info3->num_other_sids)); + if (!all_group_SIDs) { DEBUG(0, ("malloc() failed for DOM_SID list!\n")); SAFE_FREE(lgroupSIDs); @@ -1090,20 +1113,30 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } +#if 0 /* JERRY -- no such thing as local groups in current code */ /* Copy the 'local' sids */ memcpy(all_group_SIDs, lgroupSIDs, sizeof(DOM_SID) * n_lgroupSIDs); SAFE_FREE(lgroupSIDs); +#endif /* and create (by appending rids) the 'domain' sids */ + for (i = 0; i < info3->num_groups2; i++) { - sid_copy(&all_group_SIDs[i+n_lgroupSIDs], &(info3->dom_sid.sid)); - if (!sid_append_rid(&all_group_SIDs[i+n_lgroupSIDs], info3->gids[i].g_rid)) { + + sid_copy(&all_group_SIDs[i], &(info3->dom_sid.sid)); + + if (!sid_append_rid(&all_group_SIDs[i], info3->gids[i].g_rid)) { + nt_status = NT_STATUS_INVALID_PARAMETER; + DEBUG(3,("could not append additional group rid 0x%x\n", info3->gids[i].g_rid)); + SAFE_FREE(lgroupSIDs); free_server_info(server_info); + return nt_status; + } } @@ -1113,19 +1146,20 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp */ - for (i = 0; i < info3->num_other_sids; i++) - sid_copy(&all_group_SIDs[ - n_lgroupSIDs + info3->num_groups2 + i], + for (i = 0; i < info3->num_other_sids; i++) { + sid_copy(&all_group_SIDs[info3->num_groups2 + i], &info3->other_sids[i].sid); + } /* Where are the 'global' sids... */ /* can the user be guest? if yes, where is it stored? */ - if (!NT_STATUS_IS_OK( - nt_status = create_nt_user_token( - &user_sid, &group_sid, - n_lgroupSIDs + info3->num_groups2 + info3->num_other_sids, - all_group_SIDs, False, &token))) { + + nt_status = create_nt_user_token(&user_sid, &group_sid, + info3->num_groups2 + info3->num_other_sids, + all_group_SIDs, False, &token); + + if ( !NT_STATUS_IS_OK(nt_status) ) { DEBUG(4,("create_nt_user_token failed\n")); SAFE_FREE(all_group_SIDs); free_server_info(server_info); diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index aa8f345a5b..cae7aadd0c 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -36,7 +36,7 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) { return NT_STATUS_NO_MEMORY; } - prs_copy_data_in(&ps, info3_ndr, len); + prs_copy_data_in(&ps, (char *)info3_ndr, len); prs_set_offset(&ps,0); if (!net_io_user_info3("", info3, &ps, 1, 3)) { DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n")); diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index d666e439b0..3239686a20 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -230,7 +230,7 @@ static struct chat_struct *make_pw_chat(char *p) special_char_sub(prompt); fstrcpy(t->prompt, prompt); strlower_m(t->prompt); - trim_string(t->prompt, " ", " "); + trim_char(t->prompt, ' ', ' '); if (!next_token(&p, reply, NULL, sizeof(fstring))) break; @@ -241,7 +241,7 @@ static struct chat_struct *make_pw_chat(char *p) special_char_sub(reply); fstrcpy(t->reply, reply); strlower_m(t->reply); - trim_string(t->reply, " ", " "); + trim_char(t->reply, ' ', ' '); } return list; @@ -304,7 +304,7 @@ static int smb_pam_passchange_conv(int num_msg, case PAM_PROMPT_ECHO_ON: DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: PAM said: %s\n", msg[replies]->msg)); fstrcpy(current_prompt, msg[replies]->msg); - trim_string(current_prompt, " ", " "); + trim_char(current_prompt, ' ', ' '); for (t=pw_chat; t; t=t->next) { DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: trying to match |%s| to |%s|\n", @@ -335,7 +335,7 @@ static int smb_pam_passchange_conv(int num_msg, case PAM_PROMPT_ECHO_OFF: DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: %s\n", msg[replies]->msg)); fstrcpy(current_prompt, msg[replies]->msg); - trim_string(current_prompt, " ", " "); + trim_char(current_prompt, ' ', ' '); for (t=pw_chat; t; t=t->next) { DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |%s| to |%s|\n", |