1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

pam_winbind: convert to use talloc.

Guenther
This commit is contained in:
Günther Deschner 2008-08-14 16:53:51 +02:00
parent 65dc0c3e2f
commit 3bbffb9664
3 changed files with 58 additions and 59 deletions

View File

@ -2182,10 +2182,10 @@ bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OB
@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) \
@SONAMEFLAG@`basename $@`
bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ)
bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@
@echo "Linking shared library $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) -lpam @INIPARSERLIBS@ \
$(PAM_WINBIND_EXTRA_LIBS) @SONAMEFLAG@`basename $@`
$(PAM_WINBIND_EXTRA_LIBS) $(LIBTALLOC_LIBS) @SONAMEFLAG@`basename $@`
bin/builtin.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_BUILTIN_OBJ)
@echo "Building plugin $@"

View File

@ -452,13 +452,17 @@ config_from_pam:
return ctrl;
};
static void _pam_winbind_free_context(struct pwb_context *ctx)
static int _pam_winbind_free_context(struct pwb_context *ctx)
{
if (!ctx) {
return 0;
}
if (ctx->dict) {
iniparser_freedict(ctx->dict);
}
SAFE_FREE(ctx);
return 0;
}
static int _pam_winbind_init_context(pam_handle_t *pamh,
@ -469,12 +473,12 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
{
struct pwb_context *r = NULL;
r = (struct pwb_context *)malloc(sizeof(struct pwb_context));
r = TALLOC_ZERO_P(NULL, struct pwb_context);
if (!r) {
return PAM_BUF_ERR;
}
ZERO_STRUCTP(r);
talloc_set_destructor(r, _pam_winbind_free_context);
r->pamh = pamh;
r->flags = flags;
@ -482,7 +486,7 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
r->argv = argv;
r->ctrl = _pam_parse(pamh, flags, argc, argv, &r->dict);
if (r->ctrl == -1) {
_pam_winbind_free_context(r);
TALLOC_FREE(r);
return PAM_SYSTEM_ERR;
}
@ -502,7 +506,7 @@ static void _pam_winbind_cleanup_func(pam_handle_t *pamh,
"(error_status = %d)", pamh, data,
error_status);
}
SAFE_FREE(data);
TALLOC_FREE(data);
}
@ -1104,14 +1108,13 @@ static void _pam_set_data_string(struct pwb_context *ctx,
return;
}
ret = pam_set_data(ctx->pamh, data_name, (void *)strdup(value),
ret = pam_set_data(ctx->pamh, data_name, talloc_strdup(NULL, value),
_pam_winbind_cleanup_func);
if (ret) {
_pam_log_debug(ctx, LOG_DEBUG,
"Could not set data %s: %s\n",
data_name, pam_strerror(ctx->pamh, ret));
}
}
/**
@ -1224,69 +1227,59 @@ static void _pam_warn_krb5_failure(struct pwb_context *ctx,
* @return string (caller needs to free).
*/
static char *_pam_compose_pwd_restriction_string(struct winbindd_response *response)
static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx,
struct winbindd_response *response)
{
char *str = NULL;
size_t offset = 0, ret = 0, str_size = 1024;
str = (char *)malloc(str_size);
str = talloc_asprintf(ctx, "Your password ");
if (!str) {
return NULL;
}
memset(str, '\0', str_size);
offset = snprintf(str, str_size, "Your password ");
if (offset == -1) {
goto failed;
}
if (response->data.auth.policy.min_length_password > 0) {
ret = snprintf(str+offset, str_size-offset,
str = talloc_asprintf_append(str,
"must be at least %d characters; ",
response->data.auth.policy.min_length_password);
if (ret == -1) {
if (!str) {
goto failed;
}
offset += ret;
}
if (response->data.auth.policy.password_history > 0) {
ret = snprintf(str+offset, str_size-offset,
str = talloc_asprintf_append(str,
"cannot repeat any of your previous %d "
"passwords; ",
response->data.auth.policy.password_history);
if (ret == -1) {
if (!str) {
goto failed;
}
offset += ret;
}
if (response->data.auth.policy.password_properties &
DOMAIN_PASSWORD_COMPLEX) {
ret = snprintf(str+offset, str_size-offset,
str = talloc_asprintf_append(str,
"must contain capitals, numerals "
"or punctuation; "
"and cannot contain your account "
"or full name; ");
if (ret == -1) {
if (!str) {
goto failed;
}
offset += ret;
}
ret = snprintf(str+offset, str_size-offset,
str = talloc_asprintf_append(str,
"Please type a different password. "
"Type a password which meets these requirements in "
"both text boxes.");
if (ret == -1) {
if (!str) {
goto failed;
}
return str;
failed:
SAFE_FREE(str);
TALLOC_FREE(str);
return NULL;
}
@ -1590,11 +1583,11 @@ static int winbind_chauthtok_request(struct pwb_context *ctx,
}
pwd_restriction_string =
_pam_compose_pwd_restriction_string(&response);
_pam_compose_pwd_restriction_string(ctx, &response);
if (pwd_restriction_string) {
_make_remark(ctx, PAM_ERROR_MSG,
pwd_restriction_string);
SAFE_FREE(pwd_restriction_string);
TALLOC_FREE(pwd_restriction_string);
}
}
@ -1846,12 +1839,13 @@ static const char *get_conf_item_string(struct pwb_context *ctx,
if (ctx->dict) {
char *key = NULL;
if (!asprintf(&key, "global:%s", item)) {
key = talloc_asprintf(ctx, "global:%s", item);
if (!key) {
goto out;
}
parm_opt = iniparser_getstr(ctx->dict, key);
SAFE_FREE(key);
TALLOC_FREE(key);
_pam_log_debug(ctx, LOG_INFO, "CONFIG file: %s '%s'\n",
item, parm_opt);
@ -1893,12 +1887,13 @@ static int get_config_item_int(struct pwb_context *ctx,
if (ctx->dict) {
char *key = NULL;
if (!asprintf(&key, "global:%s", item)) {
key = talloc_asprintf(ctx, "global:%s", item);
if (!key) {
goto out;
}
parm_opt = iniparser_getint(ctx->dict, key, -1);
SAFE_FREE(key);
TALLOC_FREE(key);
_pam_log_debug(ctx, LOG_INFO,
"CONFIG file: %s '%d'\n",
@ -1977,8 +1972,6 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
struct winbindd_request req;
struct winbindd_response resp;
int retval;
char *account_name;
int account_name_len;
char sep;
/* This cannot work when the winbind separator = @ */
@ -2014,11 +2007,9 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
return NULL;
}
account_name_len = asprintf(&account_name, "%s\\%s",
resp.data.name.dom_name,
resp.data.name.name);
return account_name;
return talloc_asprintf(ctx, "%s\\%s",
resp.data.name.dom_name,
resp.data.name.name);
}
PAM_EXTERN
@ -2087,7 +2078,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
real_username);
if (samaccountname) {
free(real_username);
real_username = samaccountname;
real_username = strdup(samaccountname);
}
}
@ -2127,7 +2118,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
char *new_authtok_required_during_auth = NULL;
if (!asprintf(&new_authtok_required, "%d", retval)) {
new_authtok_required = talloc_asprintf(NULL, "%d", retval);
if (!new_authtok_required) {
retval = PAM_BUF_ERR;
goto out;
}
@ -2138,7 +2130,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
retval = PAM_SUCCESS;
if (!asprintf(&new_authtok_required_during_auth, "%d", true)) {
new_authtok_required_during_auth = talloc_asprintf(NULL, "%d", true);
if (!new_authtok_required_during_auth) {
retval = PAM_BUF_ERR;
goto out;
}
@ -2172,7 +2165,7 @@ out:
_PAM_LOG_FUNCTION_LEAVE("pam_sm_authenticate", ctx, retval);
_pam_winbind_free_context(ctx);
TALLOC_FREE(ctx);
return retval;
}
@ -2220,7 +2213,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
_PAM_LOG_FUNCTION_LEAVE("pam_sm_setcred", ctx, ret);
_pam_winbind_free_context(ctx);
TALLOC_FREE(ctx);
return ret;
}
@ -2321,7 +2314,7 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
_PAM_LOG_FUNCTION_LEAVE("pam_sm_acct_mgmt", ctx, ret);
_pam_winbind_free_context(ctx);
TALLOC_FREE(ctx);
return ret;
}
@ -2345,7 +2338,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
out:
_PAM_LOG_FUNCTION_LEAVE("pam_sm_open_session", ctx, ret);
_pam_winbind_free_context(ctx);
TALLOC_FREE(ctx);
return ret;
}
@ -2431,7 +2424,7 @@ out:
_PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, retval);
_pam_winbind_free_context(ctx);
TALLOC_FREE(ctx);
return retval;
}
@ -2560,16 +2553,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
time_t pwdlastset_prelim = 0;
/* instruct user what is happening */
#define greeting "Changing password for "
Announce = (char *) malloc(sizeof(greeting) + strlen(user));
if (Announce == NULL) {
#define greeting "Changing password for"
Announce = talloc_asprintf(ctx, "%s %s", greeting, user);
if (!Announce) {
_pam_log(ctx, LOG_CRIT,
"password - out of memory");
ret = PAM_BUF_ERR;
goto out;
}
(void) strcpy(Announce, greeting);
(void) strcpy(Announce + sizeof(greeting) - 1, user);
#undef greeting
lctrl = ctx->ctrl | WINBIND__OLD_PASSWORD;
@ -2578,6 +2570,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
"(current) NT password: ",
NULL,
(const char **) &pass_old);
TALLOC_FREE(Announce);
if (ret != PAM_SUCCESS) {
_pam_log(ctx, LOG_NOTICE,
"password - (old) token not obtained");
@ -2760,7 +2753,7 @@ out:
_PAM_LOG_FUNCTION_LEAVE("pam_sm_chauthtok", ctx, ret);
_pam_winbind_free_context(ctx);
TALLOC_FREE(ctx);
return ret;
}

View File

@ -7,6 +7,7 @@
#include "../lib/replace/replace.h"
#include "system/syslog.h"
#include "system/time.h"
#include <talloc.h>
#define MODULE_NAME "pam_winbind"
#define PAM_SM_AUTH
@ -209,3 +210,8 @@ struct pwb_context {
dictionary *dict;
uint32_t ctrl;
};
#define TALLOC_FREE(ctx) do { if ((ctx) != NULL) {talloc_free(ctx); ctx=NULL;} } while(0)
#define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero(ctx, sizeof(type), #type)
#define TALLOC_P(ctx, type) (type *)talloc_named_const(ctx, sizeof(type), #type)