summaryrefslogtreecommitdiff
path: root/source/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source/auth')
-rw-r--r--source/auth/pampass.c93
-rw-r--r--source/auth/pass_check.c8
2 files changed, 49 insertions, 52 deletions
diff --git a/source/auth/pampass.c b/source/auth/pampass.c
index dd9d38f66c3..018eae3a07e 100644
--- a/source/auth/pampass.c
+++ b/source/auth/pampass.c
@@ -30,8 +30,6 @@
#include "includes.h"
-extern int DEBUGLEVEL;
-
#ifdef WITH_PAM
/*******************************************************************
@@ -49,9 +47,9 @@ extern int DEBUGLEVEL;
*/
struct smb_pam_userdata {
- char *PAM_username;
- char *PAM_password;
- char *PAM_newpassword;
+ const char *PAM_username;
+ const char *PAM_password;
+ const char *PAM_newpassword;
};
typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr);
@@ -83,12 +81,13 @@ static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg,
*********************************************************************/
static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
- char *msg, int dbglvl, uint32 *nt_status)
+ char *msg, int dbglvl,
+ NTSTATUS *nt_status)
{
if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl))
return True;
- if (*nt_status == NT_STATUS_OK) {
+ if (NT_STATUS_IS_OK(*nt_status)) {
/* Complain LOUDLY */
DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \
error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE"));
@@ -158,7 +157,7 @@ static int smb_pam_conv(int num_msg,
default:
/* Must be an error of some sort... */
- free(reply);
+ SAFE_FREE(reply);
return PAM_CONV_ERR;
}
}
@@ -181,7 +180,7 @@ static void special_char_sub(char *buf)
all_string_sub(buf, "\\t", "\t", 0);
}
-static void pwd_sub(char *buf, char *username, char *oldpass, char *newpass)
+static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass)
{
pstring_sub(buf, "%u", username);
all_string_sub(buf, "%o", oldpass, sizeof(fstring));
@@ -249,7 +248,7 @@ static void free_pw_chat(struct chat_struct *list)
while (list) {
struct chat_struct *old_head = list;
DLIST_REMOVE(list, list);
- free(old_head);
+ SAFE_FREE(old_head);
}
}
@@ -324,8 +323,7 @@ static int smb_pam_passchange_conv(int num_msg,
if (!found) {
DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
free_pw_chat(pw_chat);
- free(reply);
- reply = NULL;
+ SAFE_FREE(reply);
return PAM_CONV_ERR;
}
break;
@@ -357,8 +355,7 @@ static int smb_pam_passchange_conv(int num_msg,
if (!found) {
DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
free_pw_chat(pw_chat);
- free(reply);
- reply = NULL;
+ SAFE_FREE(reply);
return PAM_CONV_ERR;
}
break;
@@ -375,8 +372,7 @@ static int smb_pam_passchange_conv(int num_msg,
default:
/* Must be an error of some sort... */
free_pw_chat(pw_chat);
- free(reply);
- reply = NULL;
+ SAFE_FREE(reply);
return PAM_CONV_ERR;
}
}
@@ -394,24 +390,24 @@ static int smb_pam_passchange_conv(int num_msg,
static void smb_free_pam_conv(struct pam_conv *pconv)
{
if (pconv)
- safe_free(pconv->appdata_ptr);
+ SAFE_FREE(pconv->appdata_ptr);
- safe_free(pconv);
+ SAFE_FREE(pconv);
}
/***************************************************************************
Allocate a pam_conv struct.
****************************************************************************/
-static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, char *user,
- char *passwd, char *newpass)
+static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char *user,
+ const char *passwd, const char *newpass)
{
struct pam_conv *pconv = (struct pam_conv *)malloc(sizeof(struct pam_conv));
struct smb_pam_userdata *udp = (struct smb_pam_userdata *)malloc(sizeof(struct smb_pam_userdata));
if (pconv == NULL || udp == NULL) {
- safe_free(pconv);
- safe_free(udp);
+ SAFE_FREE(pconv);
+ SAFE_FREE(udp);
return NULL;
}
@@ -449,9 +445,10 @@ static BOOL smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
* Start PAM authentication for specified account
*/
-static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct pam_conv *pconv)
+static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
{
int pam_error;
+ const char *our_rhost;
*pamh = (pam_handle_t *)NULL;
@@ -464,14 +461,16 @@ static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct p
}
if (rhost == NULL) {
- rhost = client_name();
+ our_rhost = client_name();
if (strequal(rhost,"UNKNOWN"))
- rhost = client_addr();
+ our_rhost = client_addr();
+ } else {
+ our_rhost = rhost;
}
#ifdef PAM_RHOST
- DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", rhost));
- pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
+ DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost));
+ pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost);
if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
smb_pam_end(*pamh, pconv);
*pamh = (pam_handle_t *)NULL;
@@ -494,10 +493,10 @@ static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct p
/*
* PAM Authentication Handler
*/
-static uint32 smb_pam_auth(pam_handle_t *pamh, char *user)
+static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user)
{
int pam_error;
- uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+ NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
/*
* To enable debugging set in /etc/pam.d/samba:
@@ -548,10 +547,10 @@ static uint32 smb_pam_auth(pam_handle_t *pamh, char *user)
/*
* PAM Account Handler
*/
-static uint32 smb_pam_account(pam_handle_t *pamh, char * user)
+static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user)
{
int pam_error;
- uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
+ NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED;
DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user));
pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */
@@ -594,10 +593,10 @@ static uint32 smb_pam_account(pam_handle_t *pamh, char * user)
* PAM Credential Setting
*/
-static uint32 smb_pam_setcred(pam_handle_t *pamh, char * user)
+static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user)
{
int pam_error;
- uint32 nt_status = NT_STATUS_NO_TOKEN;
+ NTSTATUS nt_status = NT_STATUS_NO_TOKEN;
/*
* This will allow samba to aquire a kerberos token. And, when
@@ -668,7 +667,7 @@ static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty,
* Internal PAM Password Changer.
*/
-static BOOL smb_pam_chauthtok(pam_handle_t *pamh, char * user)
+static BOOL smb_pam_chauthtok(pam_handle_t *pamh, const char * user)
{
int pam_error;
@@ -778,9 +777,9 @@ BOOL smb_pam_close_session(char *user, char *tty, char *rhost)
* PAM Externally accessible Account handler
*/
-uint32 smb_pam_accountcheck(char * user)
+NTSTATUS smb_pam_accountcheck(const char * user)
{
- uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
+ NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED;
pam_handle_t *pamh = NULL;
struct pam_conv *pconv = NULL;
@@ -790,12 +789,12 @@ uint32 smb_pam_accountcheck(char * user)
return NT_STATUS_OK;
if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
- return False;
+ return NT_STATUS_NO_MEMORY;
if (!smb_pam_start(&pamh, user, NULL, pconv))
return NT_STATUS_ACCOUNT_DISABLED;
- if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK)
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user)))
DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user));
smb_pam_end(pamh, pconv);
@@ -806,10 +805,10 @@ uint32 smb_pam_accountcheck(char * user)
* PAM Password Validation Suite
*/
-uint32 smb_pam_passcheck(char * user, char * password)
+NTSTATUS smb_pam_passcheck(char * user, char * password)
{
pam_handle_t *pamh = NULL;
- uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+ NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
struct pam_conv *pconv = NULL;
/*
@@ -824,19 +823,19 @@ uint32 smb_pam_passcheck(char * user, char * password)
if (!smb_pam_start(&pamh, user, NULL, pconv))
return NT_STATUS_LOGON_FAILURE;
- if ((nt_status = smb_pam_auth(pamh, user)) != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_auth(pamh, user))) {
DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user));
smb_pam_end(pamh, pconv);
return nt_status;
}
- if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) {
DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user));
smb_pam_end(pamh, pconv);
return nt_status;
}
- if ((nt_status = smb_pam_setcred(pamh, user)) != NT_STATUS_OK) {
+ if (!NT_STATUS_IS_OK(nt_status = smb_pam_setcred(pamh, user))) {
DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user));
smb_pam_end(pamh, pconv);
return nt_status;
@@ -850,7 +849,7 @@ uint32 smb_pam_passcheck(char * user, char * password)
* PAM Password Change Suite
*/
-BOOL smb_pam_passchange(char * user, char * oldpassword, char * newpassword)
+BOOL smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
{
/* Appropriate quantities of root should be obtained BEFORE calling this function */
struct pam_conv *pconv = NULL;
@@ -874,19 +873,19 @@ BOOL smb_pam_passchange(char * user, char * oldpassword, char * newpassword)
#else
/* If PAM not used, no PAM restrictions on accounts. */
- uint32 smb_pam_accountcheck(char * user)
+NTSTATUS smb_pam_accountcheck(const char * user)
{
return NT_STATUS_OK;
}
/* If PAM not used, also no PAM restrictions on sessions. */
- BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
+BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
{
return True;
}
/* If PAM not used, also no PAM restrictions on sessions. */
- BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost)
+BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost)
{
return True;
}
diff --git a/source/auth/pass_check.c b/source/auth/pass_check.c
index b3e762741fc..68f0566aee7 100644
--- a/source/auth/pass_check.c
+++ b/source/auth/pass_check.c
@@ -24,8 +24,6 @@
#include "includes.h"
-extern int DEBUGLEVEL;
-
/* these are kept here to keep the string_combinations function simple */
static fstring this_user;
static fstring this_salt;
@@ -233,7 +231,7 @@ static BOOL dfs_auth(char *user, char *password)
}
/*
- * NB. I'd like to change these to call something like become_user()
+ * NB. I'd like to change these to call something like change_to_user()
* instead but currently we don't have a connection
* context to become the correct user. This is already
* fairly platform specific code however, so I think
@@ -599,7 +597,7 @@ static BOOL password_check(char *password)
{
#ifdef WITH_PAM
- return (smb_pam_passcheck(this_user, password) == NT_STATUS_OK);
+ return (NT_STATUS_IS_OK(smb_pam_passcheck(this_user, password)));
#endif /* WITH_PAM */
#ifdef WITH_AFS
@@ -832,7 +830,7 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
}
/* make a copy of it */
- StrnCpy(pass2, password, sizeof(pstring) - 1);
+ StrnCpy(pass2, password, sizeof(pass2) - 1);
/* try all lowercase if it's currently all uppercase */
if (strhasupper(password)) {
View Lorry Controller Status