mirror of
https://github.com/samba-team/samba.git
synced 2025-03-10 12:58:35 +03:00
Cleanups!
Make some code static, add some const to the PAM code, and make the plaintext password code actually function - particulary without the requirement to modify the 'struct passwd' (which it assumed was made up of fstrings) This kills some particularly ugly code in lib/util_pw.c Andrew Bartlett
This commit is contained in:
Andrew Bartlett
-
parent
d0ea70fce5
commit
302dad4990
@ -28,7 +28,7 @@
|
||||
*
|
||||
* this ugly hack needs to die, but not quite yet, I think people still use it...
|
||||
**/
|
||||
static BOOL update_smbpassword_file(char *user, char *password)
|
||||
static BOOL update_smbpassword_file(const char *user, const char *password)
|
||||
{
|
||||
SAM_ACCOUNT *sampass = NULL;
|
||||
BOOL ret;
|
||||
@ -70,8 +70,6 @@ static BOOL update_smbpassword_file(char *user, char *password)
|
||||
DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
|
||||
}
|
||||
|
||||
memset(password, '\0', strlen(password));
|
||||
|
||||
pdb_free_sam(&sampass);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -497,7 +497,7 @@ static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
|
||||
/*
|
||||
* PAM Authentication Handler
|
||||
*/
|
||||
static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user)
|
||||
static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
|
||||
{
|
||||
int pam_error;
|
||||
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
|
||||
@ -582,7 +582,7 @@ static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user)
|
||||
* PAM Credential Setting
|
||||
*/
|
||||
|
||||
static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user)
|
||||
static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, const char * user)
|
||||
{
|
||||
int pam_error;
|
||||
NTSTATUS nt_status = NT_STATUS_NO_TOKEN;
|
||||
@ -622,7 +622,7 @@ static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user)
|
||||
/*
|
||||
* PAM Internal Session Handler
|
||||
*/
|
||||
static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
|
||||
static BOOL smb_internal_pam_session(pam_handle_t *pamh, const char *user, const char *tty, BOOL flag)
|
||||
{
|
||||
int pam_error;
|
||||
|
||||
@ -788,7 +788,7 @@ NTSTATUS smb_pam_accountcheck(const char * user)
|
||||
* PAM Password Validation Suite
|
||||
*/
|
||||
|
||||
NTSTATUS smb_pam_passcheck(char * user, char * password)
|
||||
NTSTATUS smb_pam_passcheck(const char * user, const char * password)
|
||||
{
|
||||
pam_handle_t *pamh = NULL;
|
||||
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
|
||||
|
||||
@ -436,7 +436,7 @@ try all combinations with N uppercase letters.
|
||||
offset is the first char to try and change (start with 0)
|
||||
it assumes the string starts lowercased
|
||||
****************************************************************************/
|
||||
static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (char *),
|
||||
static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (const char *),
|
||||
int N)
|
||||
{
|
||||
int len = strlen(s);
|
||||
@ -470,7 +470,7 @@ try all combinations with up to N uppercase letters.
|
||||
offset is the first char to try and change (start with 0)
|
||||
it assumes the string starts lowercased
|
||||
****************************************************************************/
|
||||
static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N)
|
||||
static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (const char *), int N)
|
||||
{
|
||||
int n;
|
||||
NTSTATUS nt_status;
|
||||
@ -484,7 +484,7 @@ static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N)
|
||||
/****************************************************************************
|
||||
core of password checking routine
|
||||
****************************************************************************/
|
||||
static NTSTATUS password_check(char *password)
|
||||
static NTSTATUS password_check(const char *password)
|
||||
{
|
||||
#ifdef WITH_PAM
|
||||
return smb_pam_passcheck(this_user, password);
|
||||
@ -591,16 +591,13 @@ match is found and is used to update the encrypted password file
|
||||
return NT_STATUS_OK on correct match, appropriate error otherwise
|
||||
****************************************************************************/
|
||||
|
||||
NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker)
|
||||
NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password,
|
||||
int pwlen, BOOL (*fn) (const char *, const char *), BOOL run_cracker)
|
||||
{
|
||||
struct passwd *pass;
|
||||
pstring pass2;
|
||||
int level = lp_passwordlevel();
|
||||
|
||||
NTSTATUS nt_status;
|
||||
if (password)
|
||||
password[pwlen] = 0;
|
||||
|
||||
#if DEBUG_PASSWORD
|
||||
DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password));
|
||||
@ -627,12 +624,16 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
|
||||
DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
|
||||
|
||||
if (!input_pass) {
|
||||
if (!pass) {
|
||||
DEBUG(3, ("Couldn't find user %s\n", user));
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
||||
pass = make_modifyable_passwd(input_pass);
|
||||
|
||||
/* Copy into global for the convenience of looping code */
|
||||
/* Also the place to keep the 'password' no matter what
|
||||
crazy struct it started in... */
|
||||
fstrcpy(this_crypted, pass->pw_passwd);
|
||||
|
||||
#ifdef HAVE_GETSPNAM
|
||||
{
|
||||
@ -645,7 +646,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
|
||||
spass = getspnam(pass->pw_name);
|
||||
if (spass && spass->sp_pwdp)
|
||||
pstrcpy(pass->pw_passwd, spass->sp_pwdp);
|
||||
fstrcpy(this_crypted, spass->sp_pwdp);
|
||||
}
|
||||
#elif defined(IA_UINFO)
|
||||
{
|
||||
@ -663,7 +664,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
{
|
||||
struct pr_passwd *pr_pw = getprpwnam(pass->pw_name);
|
||||
if (pr_pw && pr_pw->ufld.fd_encrypt)
|
||||
pstrcpy(pass->pw_passwd, pr_pw->ufld.fd_encrypt);
|
||||
fstrcpy(this_crypted, pr_pw->ufld.fd_encrypt);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -672,7 +673,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
struct passwd_adjunct *pwret;
|
||||
pwret = getpwanam(s);
|
||||
if (pwret && pwret->pwa_passwd)
|
||||
pstrcpy(pass->pw_passwd,pwret->pwa_passwd);
|
||||
fstrcpy(this_crypted, pwret->pwa_passwd);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -683,8 +684,8 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
user));
|
||||
mypasswd = getprpwnam(user);
|
||||
if (mypasswd) {
|
||||
fstrcpy(pass->pw_name, mypasswd->ufld.fd_name);
|
||||
fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt);
|
||||
fstrcpy(this_user, mypasswd->ufld.fd_name);
|
||||
fstrcpy(this_crypted, mypasswd->ufld.fd_encrypt);
|
||||
} else {
|
||||
DEBUG(5,
|
||||
("OSF1_ENH_SEC: No entry for user %s in protected database !\n",
|
||||
@ -697,7 +698,7 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
{
|
||||
AUTHORIZATION *ap = getauthuid(pass->pw_uid);
|
||||
if (ap) {
|
||||
fstrcpy(pass->pw_passwd, ap->a_password);
|
||||
fstrcpy(this_crypted, ap->a_password);
|
||||
endauthent();
|
||||
}
|
||||
}
|
||||
@ -712,27 +713,20 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
this_salt[2] = 0;
|
||||
#endif
|
||||
|
||||
/* Copy into global for the convenience of looping code */
|
||||
fstrcpy(this_crypted, pass->pw_passwd);
|
||||
|
||||
if (!*this_crypted) {
|
||||
if (!lp_null_passwords()) {
|
||||
DEBUG(2, ("Disallowing %s with null password\n",
|
||||
this_user));
|
||||
passwd_free(&pass);
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
if (!*password) {
|
||||
DEBUG(3,
|
||||
("Allowing access to %s with null password\n",
|
||||
this_user));
|
||||
passwd_free(&pass);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
}
|
||||
|
||||
passwd_free(&pass);
|
||||
|
||||
#endif /* defined(WITH_PAM) */
|
||||
|
||||
/* try it as it came to us */
|
||||
@ -755,42 +749,36 @@ NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
|
||||
* need to proceed as we know it hasn't been case modified by the
|
||||
* client */
|
||||
if (strhasupper(password) && strhaslower(password)) {
|
||||
passwd_free(&pass);
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/* make a copy of it */
|
||||
StrnCpy(pass2, password, sizeof(pstring) - 1);
|
||||
pstrcpy(pass2, password);
|
||||
|
||||
/* try all lowercase if it's currently all uppercase */
|
||||
if (strhasupper(password)) {
|
||||
strlower(password);
|
||||
if NT_STATUS_IS_OK(nt_status = password_check(password)) {
|
||||
if (strhasupper(pass2)) {
|
||||
strlower(pass2);
|
||||
if NT_STATUS_IS_OK(nt_status = password_check(pass2)) {
|
||||
if (fn)
|
||||
fn(user, password);
|
||||
fn(user, pass2);
|
||||
return (nt_status);
|
||||
}
|
||||
}
|
||||
|
||||
/* give up? */
|
||||
if (level < 1) {
|
||||
/* restore it */
|
||||
fstrcpy(password, pass2);
|
||||
return NT_STATUS_WRONG_PASSWORD;
|
||||
}
|
||||
|
||||
/* last chance - all combinations of up to level chars upper! */
|
||||
strlower(password);
|
||||
strlower(pass2);
|
||||
|
||||
|
||||
if NT_STATUS_IS_OK(nt_status = string_combinations(password, password_check, level)) {
|
||||
if (NT_STATUS_IS_OK(nt_status = string_combinations(pass2, password_check, level))) {
|
||||
if (fn)
|
||||
fn(user, password);
|
||||
fn(user, pass2);
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
/* restore it */
|
||||
fstrcpy(password, pass2);
|
||||
|
||||
return NT_STATUS_WRONG_PASSWORD;
|
||||
}
|
||||
|
||||
@ -118,7 +118,7 @@ BOOL in_group(gid_t group, gid_t current_gid, int ngroups, gid_t *groups)
|
||||
Like atoi but gets the value up to the separator character.
|
||||
****************************************************************************/
|
||||
|
||||
char *Atoic(char *p, int *n, char *c)
|
||||
static char *Atoic(char *p, int *n, char *c)
|
||||
{
|
||||
if (!isdigit((int)*p)) {
|
||||
DEBUG(5, ("Atoic: malformed number\n"));
|
||||
|
||||
@ -22,50 +22,6 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
struct passwd *make_modifyable_passwd(const struct passwd *from)
|
||||
{
|
||||
struct passwd *ret = smb_xmalloc(sizeof(*ret));
|
||||
/* This is the assumed shape of the members by certain parts of the code...
|
||||
fstring pw_name;
|
||||
fstring pw_passwd;
|
||||
fstring pw_gecos;
|
||||
pstring pw_dir;
|
||||
pstring pw_shell;
|
||||
*/
|
||||
char *pw_name = smb_xmalloc(sizeof(fstring));
|
||||
char *pw_passwd = smb_xmalloc(sizeof(fstring));
|
||||
char *pw_gecos = smb_xmalloc(sizeof(fstring));
|
||||
char *pw_dir = smb_xmalloc(sizeof(pstring));
|
||||
char *pw_shell = smb_xmalloc(sizeof(pstring));
|
||||
|
||||
ZERO_STRUCTP(ret);
|
||||
|
||||
/*
|
||||
* Now point the struct's members as the
|
||||
* newly allocated buffers:
|
||||
*/
|
||||
|
||||
ret->pw_name = pw_name;
|
||||
fstrcpy(ret->pw_name, from->pw_name);
|
||||
|
||||
ret->pw_passwd = pw_passwd;
|
||||
fstrcpy(ret->pw_passwd, from->pw_passwd);
|
||||
|
||||
ret->pw_uid = from->pw_uid;
|
||||
ret->pw_gid = from->pw_gid;
|
||||
|
||||
ret->pw_gecos = pw_gecos;
|
||||
fstrcpy(ret->pw_gecos, from->pw_gecos);
|
||||
|
||||
ret->pw_dir = pw_dir;
|
||||
pstrcpy(ret->pw_dir, from->pw_dir);
|
||||
|
||||
ret->pw_shell = pw_shell;
|
||||
pstrcpy(ret->pw_shell, from->pw_shell);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static struct passwd *alloc_copy_passwd(const struct passwd *from)
|
||||
{
|
||||
struct passwd *ret = smb_xmalloc(sizeof(struct passwd));
|
||||
|
||||
@ -53,7 +53,7 @@ int smbd_server_fd(void)
|
||||
return server_fd;
|
||||
}
|
||||
|
||||
void smbd_set_server_fd(int fd)
|
||||
static void smbd_set_server_fd(int fd)
|
||||
{
|
||||
server_fd = fd;
|
||||
client_setfd(fd);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user