This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
and others (including FreeBSD). */
#ifndef LINUX
+#if defined(HAVE_SECURITY_PAM_APPL_H)
#include <security/pam_appl.h>
+#elif defined(HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
#endif
+#if defined(HAVE_SECURITY_PAM_MODULES_H)
#include <security/pam_modules.h>
+#elif defined(HAVE_PAM_PAM_MODULES_H)
+#include <pam/pam_modules.h>
+#endif
#include "general.h"
err_str[0] = '\0';
msg_str[0] = '\0';
- retval = local_password_change( user, LOCAL_SET_PASSWORD, pass_new,
+ retval = NT_STATUS_IS_OK(local_password_change( user, LOCAL_SET_PASSWORD, pass_new,
err_str, sizeof(err_str),
- msg_str, sizeof(msg_str) );
+ msg_str, sizeof(msg_str) ));
if (!retval) {
if (*err_str) {
extern BOOL in_client;
- SAM_ACCOUNT *sampass = NULL;
+ struct samu *sampass = NULL;
void (*oldsig_handler)(int);
const char *user;
char *pass_old;
char *pass_new;
- NTSTATUS nt_status;
-
/* Samba initialization. */
+ load_case_tables();
setup_logging( "pam_smbpass", False );
in_client = True;
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
- if (!initialize_password_db(True)) {
+ if (!initialize_password_db(False, NULL)) {
_log_err( LOG_ALERT, "Cannot access samba password database" );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_AUTHINFO_UNAVAIL;
}
/* obtain user record */
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) {
+ if ( !(sampass = samu_new( NULL )) ) {
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
- return nt_status_to_pam(nt_status);
+ return nt_status_to_pam(NT_STATUS_NO_MEMORY);
}
if (!pdb_getsampwnam(sampass,user)) {
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_USER_UNKNOWN;
}
+ if (on( SMB_DEBUG, ctrl )) {
+ _log_err( LOG_DEBUG, "Located account for %s", user );
+ }
if (flags & PAM_PRELIM_CHECK) {
/*
if (_smb_blankpasswd( ctrl, sampass )) {
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_SUCCESS;
}
/* tell user what is happening */
#define greeting "Changing password for "
- Announce = (char *) malloc(sizeof(greeting)+strlen(user));
+ Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user));
if (Announce == NULL) {
_log_err(LOG_CRIT, "password: out of memory");
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_BUF_ERR;
}
if (retval != PAM_SUCCESS) {
_log_err( LOG_NOTICE
, "password - (old) token not obtained" );
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
}
}
pass_old = NULL;
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
if (retval != PAM_SUCCESS) {
_log_err( LOG_NOTICE, "password: user not authenticated" );
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
}
, "password: new password not obtained" );
}
pass_old = NULL; /* tidy up */
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
}
if (retval != PAM_SUCCESS) {
_log_err(LOG_NOTICE, "new password not acceptable");
pass_new = pass_old = NULL; /* tidy up */
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
}
retval = smb_update_db(pamh, ctrl, user, pass_new);
if (retval == PAM_SUCCESS) {
+ uid_t uid;
+
/* password updated */
- _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)"
- , user, pdb_get_uid(sampass), uidtoname( getuid() )
- , getuid() );
- } else {
- _log_err( LOG_ERR, "password change failed for user %s"
- , user );
- }
+ if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) {
+ _log_err( LOG_NOTICE, "Unable to get uid for user %s",
+ pdb_get_username(sampass));
+ _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
+ user, uidtoname(getuid()), getuid());
+ } else {
+ _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
+ user, uid, uidtoname(getuid()), getuid());
+ }
+ } else {
+ _log_err( LOG_ERR, "password change failed for user %s", user);
+ }
pass_old = pass_new = NULL;
if (sampass) {
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
sampass = NULL;
}
}
if (sampass) {
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
sampass = NULL;
}
- pdb_free_sam(&sampass);
+ TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
}