summaryrefslogtreecommitdiff
path: root/source/pam_smbpass/pam_smb_passwd.c
diff options
context:
space:
mode:
Diffstat (limited to 'source/pam_smbpass/pam_smb_passwd.c')
-rw-r--r--source/pam_smbpass/pam_smb_passwd.c49
1 files changed, 31 insertions, 18 deletions
diff --git a/source/pam_smbpass/pam_smb_passwd.c b/source/pam_smbpass/pam_smb_passwd.c
index e1bb8f37042..2281c1dfd1d 100644
--- a/source/pam_smbpass/pam_smb_passwd.c
+++ b/source/pam_smbpass/pam_smb_passwd.c
@@ -33,8 +33,7 @@
#include "support.h"
-int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user
- , const char *pass_new )
+int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, char *pass_new )
{
char c;
int retval, i;
@@ -93,13 +92,14 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
extern BOOL in_client;
- struct smb_passwd *smb_pwent=NULL;
+ SAM_ACCOUNT *sampass = NULL;
const char *user;
- const char *pass_old, *pass_new;
+ char *pass_old, *pass_new;
/* Samba initialization. */
setup_logging( "pam_smbpass", False );
charset_initialise();
+ codepage_initialise(lp_client_code_page());
in_client = True;
ctrl = set_ctrl(flags, argc, argv);
@@ -120,15 +120,16 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
_log_err( LOG_DEBUG, "username [%s] obtained", user );
}
- if (!initialize_password_db()) {
+ if (!initialize_password_db(True)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
return PAM_AUTHINFO_UNAVAIL;
}
/* obtain user record */
- smb_pwent = getsmbpwnam(user);
+ pdb_init_sam(&sampass);
+ pdb_getsampwnam(sampass,user);
- if (smb_pwent == NULL) {
+ if (sampass == NULL) {
_log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
return PAM_USER_UNKNOWN;
}
@@ -141,10 +142,10 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
char *Announce;
- if (_smb_blankpasswd( ctrl, smb_pwent )) {
+ if (_smb_blankpasswd( ctrl, sampass )) {
+ pdb_free_sam(sampass);
return PAM_SUCCESS;
-
}
/* Password change by root, or for an expired token, doesn't
@@ -156,6 +157,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
Announce = (char *) malloc(sizeof(greeting)+strlen(user));
if (Announce == NULL) {
_log_err(LOG_CRIT, "password: out of memory");
+ pdb_free_sam(sampass);
return PAM_BUF_ERR;
}
strncpy( Announce, greeting, sizeof(greeting) );
@@ -163,23 +165,20 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
#undef greeting
set( SMB__OLD_PASSWD, ctrl );
- retval = _smb_read_password( pamh, ctrl
- , Announce
- , "Current SMB password: "
- , NULL
- , _SMB_OLD_AUTHTOK
- , &pass_old );
+ retval = _smb_read_password( pamh, ctrl, Announce, "Current SMB password: ",
+ NULL, _SMB_OLD_AUTHTOK, &pass_old );
free( Announce );
if (retval != PAM_SUCCESS) {
_log_err( LOG_NOTICE
, "password - (old) token not obtained" );
+ pdb_free_sam(sampass);
return retval;
}
/* verify that this is the password for this user */
- retval = _smb_verify_password( pamh, smb_pwent, pass_old, ctrl );
+ retval = _smb_verify_password( pamh, sampass, pass_old, ctrl );
} else {
pass_old = NULL;
@@ -187,6 +186,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
pass_old = NULL;
+ pdb_free_sam(sampass);
return retval;
} else if (flags & PAM_UPDATE_AUTHTOK) {
@@ -195,6 +195,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
/* NOTE: there is currently no support for password expiring
under Samba. Support will be added here when it becomes
available. */
+ pdb_free_sam(sampass);
return PAM_SUCCESS;
}
/*
@@ -221,6 +222,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (retval != PAM_SUCCESS) {
_log_err( LOG_NOTICE, "password: user not authenticated" );
+ pdb_free_sam(sampass);
return retval;
}
@@ -247,6 +249,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
, "password: new password not obtained" );
}
pass_old = NULL; /* tidy up */
+ pdb_free_sam(sampass);
return retval;
}
@@ -265,6 +268,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (retval != PAM_SUCCESS) {
_log_err(LOG_NOTICE, "new password not acceptable");
pass_new = pass_old = NULL; /* tidy up */
+ pdb_free_sam(sampass);
return retval;
}
@@ -279,7 +283,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (retval == PAM_SUCCESS) {
/* password updated */
_log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)"
- , user, smb_pwent->smb_userid, uidtoname( getuid() )
+ , user, pdb_get_uid(sampass), uidtoname( getuid() )
, getuid() );
} else {
_log_err( LOG_ERR, "password change failed for user %s"
@@ -287,7 +291,10 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
pass_old = pass_new = NULL;
- smb_pwent = NULL;
+ if (sampass) {
+ pdb_free_sam(sampass);
+ sampass = NULL;
+ }
} else { /* something has broken with the library */
@@ -295,7 +302,13 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
retval = PAM_ABORT;
}
+
+ if (sampass) {
+ pdb_free_sam(sampass);
+ sampass = NULL;
+ }
+ pdb_free_sam(sampass);
return retval;
}
View Lorry Controller Status