sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-31 17:18:04 +03:00
Code
2203bed32c
samba-mirror/source3/pam_smbpass/pam_smb_acct.c
Gerald Carter 2203bed32c r13576: This is the beginnings of moving the SAM_ACCOUNT data structure 
to make full use of the new talloc() interface.  Discussed with Volker
and Jeremy.

* remove the internal mem_ctx and simply use the talloc()
  structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
  upcoming changes.  Groups will most likely be replaced with a
  'struct samg' in the future.

Note that there are now passbd API changes.  And for the most
part, the wrapper functions remain the same.

While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs.  The code also needs more testing under valgrind to
ensure it's not leaking memory.

But it's a start......
(This used to be commit 19b7593972)
2007-10-10 11:10:15 -05:00

122 lines
3.2 KiB
C
Raw Blame History

/* Unix NT password database implementation, version 0.7.5.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 675
* Mass Ave, Cambridge, MA 02139, USA.
*/
/* indicate the following groups are defined */
#define PAM_SM_ACCT
#include "includes.h"
#ifndef LINUX
/* This is only used in the Sun implementation. */
#include <security/pam_appl.h>
#endif /* LINUX */
#include <security/pam_modules.h>
#include "general.h"
#include "support.h"
/*
* pam_sm_acct_mgmt() verifies whether or not the account is disabled.
*
*/
int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
int argc, const char **argv )
{
unsigned int ctrl;
int retval;
const char *name;
struct samu *sampass = NULL;
void (*oldsig_handler)(int);
extern BOOL in_client;
/* Samba initialization. */
setup_logging( "pam_smbpass", False );
in_client = True;
ctrl = set_ctrl( flags, argc, argv );
/* get the username */
retval = pam_get_user( pamh, &name, "Username: " );
if (retval != PAM_SUCCESS) {
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "acct: could not identify user" );
}
return retval;
}
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
}
/* Getting into places that might use LDAP -- protect the app
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
if (!initialize_password_db(True)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_AUTHINFO_UNAVAIL;
}
/* Get the user's record. */
pdb_init_sam(&sampass);
pdb_getsampwnam(sampass, name );
if (!sampass) {
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_USER_UNKNOWN;
}
if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
if (on( SMB_DEBUG, ctrl )) {
_log_err( LOG_DEBUG
, "acct: account %s is administratively disabled", name );
}
make_remark( pamh, ctrl, PAM_ERROR_MSG
, "Your account has been disabled; "
"please see your system administrator." );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_ACCT_EXPIRED;
}
/* TODO: support for expired passwords. */
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_SUCCESS;
}
/* static module data */
#ifdef PAM_STATIC
struct pam_module _pam_smbpass_acct_modstruct = {
"pam_smbpass",
NULL,
NULL,
pam_sm_acct_mgmt,
NULL,
NULL,
NULL
};
#endif
View Git Blame Copy Permalink