1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

Remove pstrings from pam_smbpass - make local_password_change

return malloced strings.
Jeremy.
This commit is contained in:
Jeremy Allison 2007-11-21 17:42:52 -08:00
parent d2ee75326a
commit f652fe2bdb
5 changed files with 109 additions and 123 deletions

View File

@ -170,98 +170,82 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
int pam_sm_setcred(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
int retval, *pretval = NULL;
int retval, *pretval = NULL;
retval = PAM_SUCCESS;
retval = PAM_SUCCESS;
pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
if(pretval) {
retval = *pretval;
SAFE_FREE(pretval);
}
pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
if(pretval) {
retval = *pretval;
SAFE_FREE(pretval);
}
pam_set_data(pamh, "smb_setcred_return", NULL, NULL);
return retval;
return retval;
}
/* Helper function for adding a user to the db. */
static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
const char *name, struct samu *sampass, bool exist)
{
pstring err_str;
pstring msg_str;
const char *pass = NULL;
int retval;
char *err_str = NULL;
char *msg_str = NULL;
const char *pass = NULL;
int retval;
err_str[0] = '\0';
msg_str[0] = '\0';
/* Get the authtok; if we don't have one, silently fail. */
retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
/* Get the authtok; if we don't have one, silently fail. */
retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
if (retval != PAM_SUCCESS) {
_log_err( LOG_ALERT
, "pam_get_item returned error to pam_sm_authenticate" );
return PAM_AUTHTOK_RECOVER_ERR;
} else if (pass == NULL) {
return PAM_AUTHTOK_RECOVER_ERR;
}
/* Add the user to the db if they aren't already there. */
if (!exist) {
retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
pass, err_str,
sizeof(err_str),
msg_str, sizeof(msg_str) ));
if (!retval && *err_str)
{
err_str[PSTRING_LEN-1] = '\0';
make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
if (retval != PAM_SUCCESS) {
_log_err( LOG_ALERT
, "pam_get_item returned error to pam_sm_authenticate" );
return PAM_AUTHTOK_RECOVER_ERR;
} else if (pass == NULL) {
return PAM_AUTHTOK_RECOVER_ERR;
}
else if (*msg_str)
{
msg_str[PSTRING_LEN-1] = '\0';
make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
}
pass = NULL;
return PAM_IGNORE;
}
else {
/* mimick 'update encrypted' as long as the 'no pw req' flag is not set */
if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ )
{
retval = NT_STATUS_IS_OK(local_password_change( name, LOCAL_SET_PASSWORD, pass, err_str, sizeof(err_str),
msg_str, sizeof(msg_str) ));
if (!retval && *err_str)
{
err_str[PSTRING_LEN-1] = '\0';
make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
/* Add the user to the db if they aren't already there. */
if (!exist) {
retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_ADD_USER|LOCAL_SET_PASSWORD,
pass, &err_str, &msg_str));
if (!retval && err_str) {
make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
} else if (msg_str) {
make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
}
pass = NULL;
SAFE_FREE(err_str);
SAFE_FREE(msg_str);
return PAM_IGNORE;
} else {
/* mimick 'update encrypted' as long as the 'no pw req' flag is not set */
if ( pdb_get_acct_ctrl(sampass) & ~ACB_PWNOTREQ ) {
retval = NT_STATUS_IS_OK(local_password_change(name, LOCAL_SET_PASSWORD,
pass, &err_str, &msg_str));
if (!retval && err_str) {
make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
} else if (msg_str) {
make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
}
}
}
else if (*msg_str)
{
msg_str[PSTRING_LEN-1] = '\0';
make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
}
}
}
pass = NULL;
return PAM_IGNORE;
SAFE_FREE(err_str);
SAFE_FREE(msg_str);
pass = NULL;
return PAM_IGNORE;
}
/* static module data */
#ifdef PAM_STATIC
struct pam_module _pam_smbpass_auth_modstruct = {
"pam_smbpass",
pam_sm_authenticate,
pam_sm_setcred,
NULL,
NULL,
NULL,
NULL
"pam_smbpass",
pam_sm_authenticate,
pam_sm_setcred,
NULL,
NULL,
NULL,
NULL
};
#endif

View File

@ -48,32 +48,29 @@
int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new )
{
int retval;
pstring err_str;
pstring msg_str;
char *err_str = NULL;
char *msg_str = NULL;
err_str[0] = '\0';
msg_str[0] = '\0';
retval = NT_STATUS_IS_OK(local_password_change( user, LOCAL_SET_PASSWORD, pass_new,
err_str, sizeof(err_str),
msg_str, sizeof(msg_str) ));
retval = NT_STATUS_IS_OK(local_password_change(user, LOCAL_SET_PASSWORD, pass_new,
&err_str,
&msg_str));
if (!retval) {
if (*err_str) {
err_str[PSTRING_LEN-1] = '\0';
make_remark( pamh, ctrl, PAM_ERROR_MSG, err_str );
if (err_str) {
make_remark(pamh, ctrl, PAM_ERROR_MSG, err_str );
}
/* FIXME: what value is appropriate here? */
retval = PAM_AUTHTOK_ERR;
} else {
if (*msg_str) {
msg_str[PSTRING_LEN-1] = '\0';
make_remark( pamh, ctrl, PAM_TEXT_INFO, msg_str );
if (msg_str) {
make_remark(pamh, ctrl, PAM_TEXT_INFO, msg_str );
}
retval = PAM_SUCCESS;
}
SAFE_FREE(err_str);
SAFE_FREE(msg_str);
return retval;
}

View File

@ -635,17 +635,18 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
Change a password entry in the local smbpasswd file.
*************************************************************/
NTSTATUS local_password_change(const char *user_name, int local_flags,
const char *new_passwd,
char *err_str, size_t err_str_len,
char *msg_str, size_t msg_str_len)
NTSTATUS local_password_change(const char *user_name,
int local_flags,
const char *new_passwd,
char **pp_err_str,
char **pp_msg_str)
{
struct samu *sam_pass=NULL;
uint32 other_acb;
NTSTATUS result;
*err_str = '\0';
*msg_str = '\0';
*pp_err_str = NULL;
*pp_msg_str = NULL;
/* Get the smb passwd entry for this user */
@ -689,12 +690,12 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
}
if (!NT_STATUS_IS_OK(result)) {
slprintf(err_str, err_str_len-1, "Failed to " "initialize account for user %s: %s\n",
asprintf(pp_err_str, "Failed to " "initialize account for user %s: %s\n",
user_name, nt_errstr(result));
return result;
}
} else {
slprintf(err_str, err_str_len-1,"Failed to find entry for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to find entry for user %s.\n", user_name);
return NT_STATUS_NO_SUCH_USER;
}
} else {
@ -707,19 +708,19 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
other_acb = (pdb_get_acct_ctrl(sam_pass) & (~(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
if (local_flags & LOCAL_TRUST_ACCOUNT) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) {
slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else {
if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to set 'normal account' flags for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@ -732,13 +733,13 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
if (local_flags & LOCAL_DISABLE_USER) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to set 'disabled' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else if (local_flags & LOCAL_ENABLE_USER) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@ -746,7 +747,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
if (local_flags & LOCAL_SET_NO_PASSWORD) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to set 'no password required' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@ -762,19 +763,19 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
*/
if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to unset 'disabled' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
}
if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) {
slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to unset 'no password required' flag for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
if (!pdb_set_plaintext_passwd (sam_pass, new_passwd)) {
slprintf(err_str, err_str_len-1, "Failed to set password for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to set password for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
@ -782,34 +783,34 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
if (local_flags & LOCAL_ADD_USER) {
if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) {
slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
asprintf(pp_msg_str, "Added user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_OK;
} else {
slprintf(err_str, err_str_len-1, "Failed to add entry for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to add entry for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
} else if (local_flags & LOCAL_DELETE_USER) {
if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) {
slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to delete entry for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return NT_STATUS_UNSUCCESSFUL;
}
slprintf(msg_str, msg_str_len-1, "Deleted user %s.\n", user_name);
asprintf(pp_msg_str, "Deleted user %s.\n", user_name);
} else {
result = pdb_update_sam_account(sam_pass);
if(!NT_STATUS_IS_OK(result)) {
slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name);
asprintf(pp_err_str, "Failed to modify entry for user %s.\n", user_name);
TALLOC_FREE(sam_pass);
return result;
}
if(local_flags & LOCAL_DISABLE_USER)
slprintf(msg_str, msg_str_len-1, "Disabled user %s.\n", user_name);
asprintf(pp_msg_str, "Disabled user %s.\n", user_name);
else if (local_flags & LOCAL_ENABLE_USER)
slprintf(msg_str, msg_str_len-1, "Enabled user %s.\n", user_name);
asprintf(pp_msg_str, "Enabled user %s.\n", user_name);
else if (local_flags & LOCAL_SET_NO_PASSWORD)
slprintf(msg_str, msg_str_len-1, "User %s password set to none.\n", user_name);
asprintf(pp_msg_str, "User %s password set to none.\n", user_name);
}
TALLOC_FREE(sam_pass);

View File

@ -233,8 +233,8 @@ static NTSTATUS password_change(const char *remote_mach, char *username,
int local_flags)
{
NTSTATUS ret;
pstring err_str;
pstring msg_str;
char *err_str = NULL;
char *msg_str = NULL;
if (remote_mach != NULL) {
if (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER|LOCAL_DISABLE_USER|LOCAL_ENABLE_USER|
@ -250,13 +250,15 @@ static NTSTATUS password_change(const char *remote_mach, char *username,
}
ret = local_password_change(username, local_flags, new_pw,
err_str, sizeof(err_str), msg_str, sizeof(msg_str));
&err_str, &msg_str);
if(*msg_str)
if(msg_str)
printf("%s", msg_str);
if(*err_str)
if(err_str)
fprintf(stderr, "%s", err_str);
SAFE_FREE(msg_str);
SAFE_FREE(err_str);
return ret;
}

View File

@ -987,8 +987,8 @@ static bool change_password(const char *remote_machine, const char *user_name,
int local_flags)
{
NTSTATUS ret;
pstring err_str;
pstring msg_str;
char *err_str = NULL;
char *msg_str = NULL;
if (demo_mode) {
printf("%s\n<p>", _("password change in demo mode rejected"));
@ -1008,14 +1008,16 @@ static bool change_password(const char *remote_machine, const char *user_name,
return False;
}
ret = local_password_change(user_name, local_flags, new_passwd, err_str, sizeof(err_str),
msg_str, sizeof(msg_str));
ret = local_password_change(user_name, local_flags, new_passwd,
&err_str, &msg_str);
if(*msg_str)
if(msg_str)
printf("%s\n<p>", msg_str);
if(*err_str)
if(err_str)
printf("%s\n<p>", err_str);
SAFE_FREE(msg_str);
SAFE_FREE(err_str);
return NT_STATUS_IS_OK(ret);
}