diff options
Diffstat (limited to 'source/pam_smbpass/pam_smb_passwd.c')
-rw-r--r-- | source/pam_smbpass/pam_smb_passwd.c | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/source/pam_smbpass/pam_smb_passwd.c b/source/pam_smbpass/pam_smb_passwd.c index e1bb8f37042..2281c1dfd1d 100644 --- a/source/pam_smbpass/pam_smb_passwd.c +++ b/source/pam_smbpass/pam_smb_passwd.c @@ -33,8 +33,7 @@ #include "support.h" -int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user - , const char *pass_new ) +int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, char *pass_new ) { char c; int retval, i; @@ -93,13 +92,14 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, extern BOOL in_client; - struct smb_passwd *smb_pwent=NULL; + SAM_ACCOUNT *sampass = NULL; const char *user; - const char *pass_old, *pass_new; + char *pass_old, *pass_new; /* Samba initialization. */ setup_logging( "pam_smbpass", False ); charset_initialise(); + codepage_initialise(lp_client_code_page()); in_client = True; ctrl = set_ctrl(flags, argc, argv); @@ -120,15 +120,16 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, _log_err( LOG_DEBUG, "username [%s] obtained", user ); } - if (!initialize_password_db()) { + if (!initialize_password_db(True)) { _log_err( LOG_ALERT, "Cannot access samba password database" ); return PAM_AUTHINFO_UNAVAIL; } /* obtain user record */ - smb_pwent = getsmbpwnam(user); + pdb_init_sam(&sampass); + pdb_getsampwnam(sampass,user); - if (smb_pwent == NULL) { + if (sampass == NULL) { _log_err( LOG_ALERT, "Failed to find entry for user %s.", user ); return PAM_USER_UNKNOWN; } @@ -141,10 +142,10 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, char *Announce; - if (_smb_blankpasswd( ctrl, smb_pwent )) { + if (_smb_blankpasswd( ctrl, sampass )) { + pdb_free_sam(sampass); return PAM_SUCCESS; - } /* Password change by root, or for an expired token, doesn't @@ -156,6 +157,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, Announce = (char *) malloc(sizeof(greeting)+strlen(user)); if (Announce == NULL) { _log_err(LOG_CRIT, "password: out of memory"); + pdb_free_sam(sampass); return PAM_BUF_ERR; } strncpy( Announce, greeting, sizeof(greeting) ); @@ -163,23 +165,20 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, #undef greeting set( SMB__OLD_PASSWD, ctrl ); - retval = _smb_read_password( pamh, ctrl - , Announce - , "Current SMB password: " - , NULL - , _SMB_OLD_AUTHTOK - , &pass_old ); + retval = _smb_read_password( pamh, ctrl, Announce, "Current SMB password: ", + NULL, _SMB_OLD_AUTHTOK, &pass_old ); free( Announce ); if (retval != PAM_SUCCESS) { _log_err( LOG_NOTICE , "password - (old) token not obtained" ); + pdb_free_sam(sampass); return retval; } /* verify that this is the password for this user */ - retval = _smb_verify_password( pamh, smb_pwent, pass_old, ctrl ); + retval = _smb_verify_password( pamh, sampass, pass_old, ctrl ); } else { pass_old = NULL; @@ -187,6 +186,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } pass_old = NULL; + pdb_free_sam(sampass); return retval; } else if (flags & PAM_UPDATE_AUTHTOK) { @@ -195,6 +195,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* NOTE: there is currently no support for password expiring under Samba. Support will be added here when it becomes available. */ + pdb_free_sam(sampass); return PAM_SUCCESS; } /* @@ -221,6 +222,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (retval != PAM_SUCCESS) { _log_err( LOG_NOTICE, "password: user not authenticated" ); + pdb_free_sam(sampass); return retval; } @@ -247,6 +249,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, , "password: new password not obtained" ); } pass_old = NULL; /* tidy up */ + pdb_free_sam(sampass); return retval; } @@ -265,6 +268,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (retval != PAM_SUCCESS) { _log_err(LOG_NOTICE, "new password not acceptable"); pass_new = pass_old = NULL; /* tidy up */ + pdb_free_sam(sampass); return retval; } @@ -279,7 +283,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (retval == PAM_SUCCESS) { /* password updated */ _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)" - , user, smb_pwent->smb_userid, uidtoname( getuid() ) + , user, pdb_get_uid(sampass), uidtoname( getuid() ) , getuid() ); } else { _log_err( LOG_ERR, "password change failed for user %s" @@ -287,7 +291,10 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } pass_old = pass_new = NULL; - smb_pwent = NULL; + if (sampass) { + pdb_free_sam(sampass); + sampass = NULL; + } } else { /* something has broken with the library */ @@ -295,7 +302,13 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = PAM_ABORT; } + + if (sampass) { + pdb_free_sam(sampass); + sampass = NULL; + } + pdb_free_sam(sampass); return retval; } |