diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/pam_smbpass/pam_smb_auth.c | 134 | ||||
-rw-r--r-- | source3/pam_smbpass/pam_smb_passwd.c | 25 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 51 | ||||
-rw-r--r-- | source3/utils/smbpasswd.c | 12 | ||||
-rw-r--r-- | source3/web/swat.c | 14 |
5 files changed, 111 insertions, 125 deletions
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index b29f7c838f..79856a111d 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -170,98 +170,82 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { - int retval, *pretval = NULL; + int retval, *pretval = NULL; - retval = PAM_SUCCESS; + retval = PAM_SUCCESS; - pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval); - if(pretval) { - retval = *pretval; - SAFE_FREE(pretval); - } - pam_set_data(pamh, "smb_setcred_return", NULL, NULL); + pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval); + if(pretval) { + retval = *pretval; + SAFE_FREE(pretval); + } + pam_set_data(pamh, "smb_setcred_return", NULL, NULL); - return retval; + return retval; } - /* Helper function for adding a user to the db. */ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, const char *name, struct samu *sampass, bool exist) { - pstring err_str; - pstring msg_str; - const char *pass = NULL; - int retval; - - err_str[0] = '\0'; - msg_str[0] = '\0'; - - /* Get the authtok; if we don't have one, silently fail. */ - retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); - - if (retval != PAM_SUCCESS) { - _log_err( LOG_ALERT - , "pam_get_item returned error to pam_sm_authenticate" ); - return PAM_AUTHTOK_RECOVER_ERR; - } else if (pass == NULL) { - return PAM_AUTHTOK_RECOVER_ERR; - } - - /* Add the user to the db if they aren't already there. */ - if (!exist) { - retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD, - pass, err_str, - sizeof(err_str), - msg_str, sizeof(msg_str) )); - if (!retval && *err_str) - { - err_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); - } - else if (*msg_str) - { - msg_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); + char *err_str = NULL; + char *msg_str = NULL; + const char *pass = NULL; + int retval; + + /* Get the authtok; if we don't have one, silently fail. */ + retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); + + if (retval != PAM_SUCCESS) { + _log_err( LOG_ALERT + , "pam_get_item returned error to pam_sm_authenticate" ); + return PAM_AUTHTOK_RECOVER_ERR; + } else if (pass == NULL) { + return PAM_AUTHTOK_RECOVER_ERR; } - pass = NULL; - return PAM_IGNORE; - } - else { - /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */ - if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) - { - retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_SET_PASSWORD, pass, err_str, sizeof(err_str), - msg_str, sizeof(msg_str) )); - if (!retval && *err_str) - { - err_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); - } - else if (*msg_str) - { - msg_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); + /* Add the user to the db if they aren't already there. */ + if (!exist) { + retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD, + pass, &err_str, &msg_str)); + if (!retval && err_str) { + make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); + } else if (msg_str) { + make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); + } + pass = NULL; + + SAFE_FREE(err_str); + SAFE_FREE(msg_str); + return PAM_IGNORE; + } else { + /* mimick 'update encrypted' as long as the 'no pw req' flag is not set */ + if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) { + retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_SET_PASSWORD, + pass, &err_str, &msg_str)); + if (!retval && err_str) { + make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); + } else if (msg_str) { + make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); + } + } } - } - } - pass = NULL; - - return PAM_IGNORE; + SAFE_FREE(err_str); + SAFE_FREE(msg_str); + pass = NULL; + return PAM_IGNORE; } - /* static module data */ #ifdef PAM_STATIC struct pam_module _pam_smbpass_auth_modstruct = { - "pam_smbpass", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL + "pam_smbpass", + pam_sm_authenticate, + pam_sm_setcred, + NULL, + NULL, + NULL, + NULL }; #endif diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index 25b7e2b623..f0fa018217 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -48,32 +48,29 @@ int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new ) { int retval; - pstring err_str; - pstring msg_str; + char *err_str = NULL; + char *msg_str = NULL; - err_str[0] = '\0'; - msg_str[0] = '\0'; - - retval = NT_STATUS_IS_OK(local_password_change( user, LOCAL_SET_PASSWORD, pass_new, - err_str, sizeof(err_str), - msg_str, sizeof(msg_str) )); + retval = NT_STATUS_IS_OK(local_password_change(user, LOCAL_SET_PASSWORD, pass_new, + &err_str, + &msg_str)); if (!retval) { - if (*err_str) { - err_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str ); + if (err_str) { + make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str ); } /* FIXME: what value is appropriate here? */ retval = PAM_AUTHTOK_ERR; } else { - if (*msg_str) { - msg_str[PSTRING_LEN-1] = '\0'; - make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str ); + if (msg_str) { + make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str ); } retval = PAM_SUCCESS; } + SAFE_FREE(err_str); + SAFE_FREE(msg_str); return retval; } diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 754702e333..2a4d4c4a0a 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -635,17 +635,18 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid, Change a password entry in the local smbpasswd file. *************************************************************/ -NTSTATUS local_password_change(const char *user_name, int local_flags, - const char *new_passwd, - char *err_str, size_t err_str_len, - char *msg_str, size_t msg_str_len) +NTSTATUS local_password_change(const char *user_name, + int local_flags, + const char *new_passwd, + char **pp_err_str, + char **pp_msg_str) { struct samu *sam_pass=NULL; uint32 other_acb; NTSTATUS result; - *err_str = '\0'; - *msg_str = '\0'; + *pp_err_str = NULL; + *pp_msg_str = NULL; /* Get the smb passwd entry for this user */ @@ -689,12 +690,12 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, } if (!NT_STATUS_IS_OK(result)) { - slprintf(err_str, err_str_len-1, "Failed to " "initialize account for user %s: %s\n", + asprintf(pp_err_str, "Failed to " "initialize account for user %s: %s\n", user_name, nt_errstr(result)); return result; } } else { - slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to find entry for user %s.\n", user_name); return NT_STATUS_NO_SUCH_USER; } } else { @@ -707,19 +708,19 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, other_acb = (pdb_get_acct_ctrl(sam_pass) & (~(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL))); if (local_flags & LOCAL_TRUST_ACCOUNT) { if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) { - slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) { - slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to set 'domain trust account' flags for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } } else { if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) { - slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to set 'normal account' flags for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } @@ -732,13 +733,13 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, if (local_flags & LOCAL_DISABLE_USER) { if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) { - slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to set 'disabled' flag for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } } else if (local_flags & LOCAL_ENABLE_USER) { if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) { - slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } @@ -746,7 +747,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, if (local_flags & LOCAL_SET_NO_PASSWORD) { if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) { - slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to set 'no password required' flag for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } @@ -762,19 +763,19 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, */ if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) { if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) { - slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } } if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) { - slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to unset 'no password required' flag for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) { - slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to set password for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } @@ -782,34 +783,34 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, if (local_flags & LOCAL_ADD_USER) { if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) { - slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); + asprintf(pp_msg_str, "Added user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_OK; } else { - slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to add entry for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } } else if (local_flags & LOCAL_DELETE_USER) { if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) { - slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to delete entry for user %s.\n", user_name); TALLOC_FREE(sam_pass); return NT_STATUS_UNSUCCESSFUL; } - slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name); + asprintf(pp_msg_str, "Deleted user %s.\n", user_name); } else { result = pdb_update_sam_account(sam_pass); if(!NT_STATUS_IS_OK(result)) { - slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); + asprintf(pp_err_str, "Failed to modify entry for user %s.\n", user_name); TALLOC_FREE(sam_pass); return result; } if(local_flags & LOCAL_DISABLE_USER) - slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name); + asprintf(pp_msg_str, "Disabled user %s.\n", user_name); else if (local_flags & LOCAL_ENABLE_USER) - slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name); + asprintf(pp_msg_str, "Enabled user %s.\n", user_name); else if (local_flags & LOCAL_SET_NO_PASSWORD) - slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name); + asprintf(pp_msg_str, "User %s password set to none.\n", user_name); } TALLOC_FREE(sam_pass); diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 296c0630d8..b7fc65525a 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -233,8 +233,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username, int local_flags) { NTSTATUS ret; - pstring err_str; - pstring msg_str; + char *err_str = NULL; + char *msg_str = NULL; if (remote_mach != NULL) { if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER| @@ -250,13 +250,15 @@ static NTSTATUS password_change(const char *remote_mach, char *username, } ret = local_password_change(username, local_flags, new_pw, - err_str, sizeof(err_str), msg_str, sizeof(msg_str)); + &err_str, &msg_str); - if(*msg_str) + if(msg_str) printf("%s", msg_str); - if(*err_str) + if(err_str) fprintf(stderr, "%s", err_str); + SAFE_FREE(msg_str); + SAFE_FREE(err_str); return ret; } diff --git a/source3/web/swat.c b/source3/web/swat.c index e9ed0ded54..95921c0b1d 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -987,8 +987,8 @@ static bool change_password(const char *remote_machine, const char *user_name, int local_flags) { NTSTATUS ret; - pstring err_str; - pstring msg_str; + char *err_str = NULL; + char *msg_str = NULL; if (demo_mode) { printf("%s\n<p>", _("password change in demo mode rejected")); @@ -1008,14 +1008,16 @@ static bool change_password(const char *remote_machine, const char *user_name, return False; } - ret = local_password_change(user_name, local_flags, new_passwd, err_str, sizeof(err_str), - msg_str, sizeof(msg_str)); + ret = local_password_change(user_name, local_flags, new_passwd, + &err_str, &msg_str); - if(*msg_str) + if(msg_str) printf("%s\n<p>", msg_str); - if(*err_str) + if(err_str) printf("%s\n<p>", err_str); + SAFE_FREE(msg_str); + SAFE_FREE(err_str); return NT_STATUS_IS_OK(ret); } |