Changeset 745 for trunk/server/source3/auth/pampass.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/auth/pampass.c (modified) (25 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/auth/pampass.c
r414 r745 6 6 Copyright (C) Andrew Bartlett 2001 7 7 Copyright (C) Jeremy Allison 2001 8 8 9 9 This program is free software; you can redistribute it and/or modify 10 10 it under the terms of the GNU General Public License as published by 11 11 the Free Software Foundation; either version 3 of the License, or 12 12 (at your option) any later version. 13 13 14 14 This program is distributed in the hope that it will be useful, 15 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 17 GNU General Public License for more details. 18 18 19 19 You should have received a copy of the GNU General Public License 20 20 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 28 28 29 29 #include "includes.h" 30 #include "auth.h" 31 #include "../libcli/auth/pam_errors.h" 30 32 31 33 #undef DBGC_CLASS … … 60 62 typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr); 61 63 62 /* 63 * Macros to help make life easy 64 */ 65 #define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL 66 #define COPY_FSTRING(s) (s[0]) ? SMB_STRDUP(s) : NULL 64 static char *smb_pam_copy_string(const char *s) 65 { 66 if (s == NULL) { 67 return NULL; 68 } 69 return SMB_STRDUP(s); 70 } 71 72 static char *smb_pam_copy_fstring(const char *s) 73 { 74 if (s[0] == '\0') { 75 return NULL; 76 } 77 return SMB_STRDUP(s); 78 } 67 79 68 80 /******************************************************************* … … 76 88 DEBUG(dbglvl, ("smb_pam_error_handler: PAM: %s : %s\n", 77 89 msg, pam_strerror(pamh, pam_error))); 78 79 90 return False; 80 91 } … … 145 156 case PAM_PROMPT_ECHO_ON: 146 157 reply[replies].resp_retcode = PAM_SUCCESS; 147 reply[replies].resp = COPY_STRING(udp->PAM_username); 158 reply[replies].resp = smb_pam_copy_string( 159 udp->PAM_username); 148 160 /* PAM frees resp */ 149 161 break; … … 151 163 case PAM_PROMPT_ECHO_OFF: 152 164 reply[replies].resp_retcode = PAM_SUCCESS; 153 reply[replies].resp = COPY_STRING(udp->PAM_password); 165 reply[replies].resp = smb_pam_copy_string( 166 udp->PAM_password); 154 167 /* PAM frees resp */ 155 168 break; … … 281 294 bool found; 282 295 *resp = NULL; 283 296 284 297 DEBUG(10,("smb_pam_passchange_conv: starting converstation for %d messages\n", num_msg)); 285 298 … … 326 339 pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword); 327 340 #ifdef DEBUG_PASSWORD 328 DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actual y sent: %s\n", current_reply));341 DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actually sent: %s\n", current_reply)); 329 342 #endif 330 343 reply[replies].resp_retcode = PAM_SUCCESS; 331 reply[replies].resp = COPY_FSTRING(current_reply); 344 reply[replies].resp = smb_pam_copy_fstring( 345 current_reply); 332 346 found = True; 333 347 break; … … 357 371 pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword); 358 372 reply[replies].resp_retcode = PAM_SUCCESS; 359 reply[replies].resp = COPY_FSTRING(current_reply); 373 reply[replies].resp = smb_pam_copy_fstring( 374 current_reply); 360 375 #ifdef DEBUG_PASSWORD 361 DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actual y sent: %s\n", current_reply));376 DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actually sent: %s\n", current_reply)); 362 377 #endif 363 378 found = True; … … 366 381 } 367 382 /* PAM frees resp */ 368 383 369 384 if (!found) { 370 385 DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg)); … … 383 398 reply[replies].resp = NULL; 384 399 break; 385 400 386 401 default: 387 402 /* Must be an error of some sort... */ … … 391 406 } 392 407 } 393 408 394 409 free_pw_chat(pw_chat); 395 410 if (reply) … … 444 459 445 460 smb_free_pam_conv(smb_pam_conv_ptr); 446 461 447 462 if( pamh != NULL ) { 448 463 pam_error = pam_end(pamh, 0); … … 463 478 { 464 479 int pam_error; 465 #ifdef PAM_RHOST466 const char *our_rhost;467 char addr[INET6_ADDRSTRLEN];468 #endif469 480 470 481 *pamh = (pam_handle_t *)NULL; … … 478 489 } 479 490 480 #ifdef PAM_RHOST 481 if (rhost == NULL) { 482 our_rhost = client_name(get_client_fd()); 483 if (strequal(our_rhost,"UNKNOWN")) 484 our_rhost = client_addr(get_client_fd(),addr,sizeof(addr)); 485 } else { 486 our_rhost = rhost; 487 } 488 489 DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost)); 490 pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost); 491 #if HAVE_PAM_RHOST 492 DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", rhost)); 493 pam_error = pam_set_item(*pamh, PAM_RHOST, rhost); 491 494 if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { 492 495 smb_pam_end(*pamh, pconv); … … 495 498 } 496 499 #endif 497 #if defPAM_TTY500 #if HAVE_PAM_TTY 498 501 DEBUG(4,("smb_pam_start: PAM: setting tty\n")); 499 502 pam_error = pam_set_item(*pamh, PAM_TTY, "samba"); … … 520 523 * auth required /lib/security/pam_pwdb.so nullok shadow audit 521 524 */ 522 525 523 526 DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user)); 524 527 pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK); … … 640 643 int pam_error; 641 644 642 #if defPAM_TTY645 #if HAVE_PAM_TTY 643 646 DEBUG(4,("smb_internal_pam_session: PAM: tty set to: %s\n", tty)); 644 647 pam_error = pam_set_item(pamh, PAM_TTY, tty); … … 774 777 */ 775 778 776 NTSTATUS smb_pam_accountcheck(const char * user)779 NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost) 777 780 { 778 781 NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; … … 788 791 return NT_STATUS_NO_MEMORY; 789 792 790 if (!smb_pam_start(&pamh, user, NULL, pconv))793 if (!smb_pam_start(&pamh, user, rhost, pconv)) 791 794 return NT_STATUS_ACCOUNT_DISABLED; 792 795 … … 802 805 */ 803 806 804 NTSTATUS smb_pam_passcheck(const char * user, const char * password) 807 NTSTATUS smb_pam_passcheck(const char * user, const char * rhost, 808 const char * password) 805 809 { 806 810 pam_handle_t *pamh = NULL; … … 817 821 return NT_STATUS_LOGON_FAILURE; 818 822 819 if (!smb_pam_start(&pamh, user, NULL, pconv))823 if (!smb_pam_start(&pamh, user, rhost, pconv)) 820 824 return NT_STATUS_LOGON_FAILURE; 821 825 … … 846 850 */ 847 851 848 bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword) 852 bool smb_pam_passchange(const char *user, const char *rhost, 853 const char *oldpassword, const char *newpassword) 849 854 { 850 855 /* Appropriate quantities of root should be obtained BEFORE calling this function */ … … 855 860 return False; 856 861 857 if(!smb_pam_start(&pamh, user, NULL, pconv))862 if(!smb_pam_start(&pamh, user, rhost, pconv)) 858 863 return False; 859 864 … … 870 875 871 876 /* If PAM not used, no PAM restrictions on accounts. */ 872 NTSTATUS smb_pam_accountcheck(const char * user)877 NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost) 873 878 { 874 879 return NT_STATUS_OK;
Note:
See TracChangeset
for help on using the changeset viewer.
