This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* which determines what actions/limitations/allowances become affected.
*********************************************************************/
+#if defined(HAVE_SECURITY_PAM_APPL_H)
#include <security/pam_appl.h>
+#elif defined(HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
/*
* Structure used to communicate between the conversation function
/*
* Macros to help make life easy
*/
-#define COPY_STRING(s) (s) ? strdup(s) : NULL
+#define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL
/*******************************************************************
PAM error handler.
*********************************************************************/
-static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
+static bool smb_pam_error_handler(pam_handle_t *pamh, int pam_error, const char *msg, int dbglvl)
{
if( pam_error != PAM_SUCCESS) {
failure as sucess.
*********************************************************************/
-static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
- char *msg, int dbglvl,
+static bool smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
+ const char *msg, int dbglvl,
NTSTATUS *nt_status)
{
*nt_status = pam_to_nt_status(pam_error);
return PAM_CONV_ERR;
}
- reply = malloc(sizeof(struct pam_response) * num_msg);
+ reply = SMB_MALLOC_ARRAY(struct pam_response, num_msg);
if (!reply)
return PAM_CONV_ERR;
static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass)
{
- pstring_sub(buf, "%u", username);
+ fstring_sub(buf, "%u", username);
all_string_sub(buf, "%o", oldpass, sizeof(fstring));
all_string_sub(buf, "%n", newpass, sizeof(fstring));
}
Create a linked list containing chat data.
***************************************************************/
-static struct chat_struct *make_pw_chat(char *p)
+static struct chat_struct *make_pw_chat(const char *p)
{
fstring prompt;
fstring reply;
struct chat_struct *list = NULL;
struct chat_struct *t;
- struct chat_struct *tmp;
while (1) {
- t = (struct chat_struct *)malloc(sizeof(*t));
+ t = SMB_MALLOC_P(struct chat_struct);
if (!t) {
DEBUG(0,("make_pw_chat: malloc failed!\n"));
return NULL;
ZERO_STRUCTP(t);
- DLIST_ADD_END(list, t, tmp);
+ DLIST_ADD_END(list, t, struct chat_struct*);
if (!next_token(&p, prompt, NULL, sizeof(fstring)))
break;
special_char_sub(prompt);
fstrcpy(t->prompt, prompt);
- strlower(t->prompt);
- trim_string(t->prompt, " ", " ");
+ strlower_m(t->prompt);
+ trim_char(t->prompt, ' ', ' ');
if (!next_token(&p, reply, NULL, sizeof(fstring)))
break;
special_char_sub(reply);
fstrcpy(t->reply, reply);
- strlower(t->reply);
- trim_string(t->reply, " ", " ");
+ strlower_m(t->reply);
+ trim_char(t->reply, ' ', ' ');
}
return list;
struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
struct chat_struct *pw_chat= make_pw_chat(lp_passwd_chat());
struct chat_struct *t;
- BOOL found;
+ bool found;
*resp = NULL;
DEBUG(10,("smb_pam_passchange_conv: starting converstation for %d messages\n", num_msg));
return PAM_CONV_ERR;
}
- reply = malloc(sizeof(struct pam_response) * num_msg);
+ reply = SMB_MALLOC_ARRAY(struct pam_response, num_msg);
if (!reply) {
DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n"));
free_pw_chat(pw_chat);
case PAM_PROMPT_ECHO_ON:
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: PAM said: %s\n", msg[replies]->msg));
fstrcpy(current_prompt, msg[replies]->msg);
- trim_string(current_prompt, " ", " ");
+ trim_char(current_prompt, ' ', ' ');
for (t=pw_chat; t; t=t->next) {
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: trying to match |%s| to |%s|\n",
t->prompt, current_prompt ));
- if (unix_wild_match(t->prompt, current_prompt) == 0) {
+ if (unix_wild_match(t->prompt, current_prompt)) {
fstrcpy(current_reply, t->reply);
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We sent: %s\n", current_reply));
pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
case PAM_PROMPT_ECHO_OFF:
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: %s\n", msg[replies]->msg));
fstrcpy(current_prompt, msg[replies]->msg);
- trim_string(current_prompt, " ", " ");
+ trim_char(current_prompt, ' ', ' ');
for (t=pw_chat; t; t=t->next) {
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |%s| to |%s|\n",
t->prompt, current_prompt ));
- if (unix_wild_match(t->prompt, current_prompt) == 0) {
+ if (unix_wild_match(t->prompt, current_prompt)) {
fstrcpy(current_reply, t->reply);
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply));
pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char *user,
const char *passwd, const char *newpass)
{
- struct pam_conv *pconv = (struct pam_conv *)malloc(sizeof(struct pam_conv));
- struct smb_pam_userdata *udp = (struct smb_pam_userdata *)malloc(sizeof(struct smb_pam_userdata));
+ struct pam_conv *pconv = SMB_MALLOC_P(struct pam_conv);
+ struct smb_pam_userdata *udp = SMB_MALLOC_P(struct smb_pam_userdata);
if (pconv == NULL || udp == NULL) {
SAFE_FREE(pconv);
* PAM Closing out cleanup handler
*/
-static BOOL smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
+static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
{
int pam_error;
* Start PAM authentication for specified account
*/
-static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
+static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
{
int pam_error;
const char *our_rhost;
if (rhost == NULL) {
our_rhost = client_name();
- if (strequal(rhost,"UNKNOWN"))
+ if (strequal(our_rhost,"UNKNOWN"))
our_rhost = client_addr();
} else {
our_rhost = rhost;
pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
switch( pam_error ){
case PAM_AUTH_ERR:
- DEBUG(2, ("smb_pam_auth: PAM: Athentication Error for user %s\n", user));
+ DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
break;
case PAM_CRED_INSUFFICIENT:
DEBUG(2, ("smb_pam_auth: PAM: Insufficient Credentials for user %s\n", user));
/*
* PAM Internal Session Handler
*/
-static BOOL smb_internal_pam_session(pam_handle_t *pamh, const char *user, const char *tty, BOOL flag)
+static bool smb_internal_pam_session(pam_handle_t *pamh, const char *user, const char *tty, bool flag)
{
int pam_error;
* Internal PAM Password Changer.
*/
-static BOOL smb_pam_chauthtok(pam_handle_t *pamh, const char * user)
+static bool smb_pam_chauthtok(pam_handle_t *pamh, const char * user)
{
int pam_error;
* PAM Externally accessible Session handler
*/
-BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
+bool smb_pam_claim_session(char *user, char *tty, char *rhost)
{
pam_handle_t *pamh = NULL;
struct pam_conv *pconv = NULL;
* PAM Externally accessible Session handler
*/
-BOOL smb_pam_close_session(char *user, char *tty, char *rhost)
+bool smb_pam_close_session(char *user, char *tty, char *rhost)
{
pam_handle_t *pamh = NULL;
struct pam_conv *pconv = NULL;
* PAM Password Change Suite
*/
-BOOL smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
+bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
{
/* Appropriate quantities of root should be obtained BEFORE calling this function */
struct pam_conv *pconv = NULL;
}
/* If PAM not used, also no PAM restrictions on sessions. */
-BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
+bool smb_pam_claim_session(char *user, char *tty, char *rhost)
{
return True;
}
/* If PAM not used, also no PAM restrictions on sessions. */
-BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost)
+bool smb_pam_close_session(char *in_user, char *tty, char *rhost)
{
return True;
}