struct pam_response *resp;
pmsg[0] = &msg[0];
- msg[0].msg = text;
+ msg[0].msg = CONST_DISCARD(char *, text);
msg[0].msg_style = type;
resp = NULL;
/* Read some options from the Samba config. Can be overridden by
the PAM config. */
- if(lp_load(service_file,True,False,False) == False) {
+ if(lp_load(service_file,True,False,False,True) == False) {
_log_err( LOG_ERR, "Error loading service file %s", service_file );
}
*/
char * smbpXstrDup( const char *x )
{
- register char *new = NULL;
+ register char *newstr = NULL;
if (x != NULL) {
register int i;
for (i = 0; x[i]; ++i); /* length of string */
- if ((new = malloc(++i)) == NULL) {
+ if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) {
i = 0;
_log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
} else {
while (i-- > 0) {
- new[i] = x[i];
+ newstr[i] = x[i];
}
}
x = NULL;
}
- return new; /* return the duplicate or NULL on error */
+ return newstr; /* return the duplicate or NULL on error */
}
/* ************************************************************** *
}
}
-int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
+int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
const char *p, unsigned int ctrl )
{
- uchar hash_pass[16];
uchar lm_pw[16];
uchar nt_pw[16];
int retval = PAM_AUTH_ERR;
const char *service;
pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()), service ? service : "**unknown**", name);
return PAM_AUTH_ERR;
}
}
- data_name = (char *) malloc( sizeof(FAIL_PREFIX) + strlen( name ));
+ data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name ));
if (data_name == NULL) {
_log_err( LOG_CRIT, "no memory for data-name" );
}
pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
if (data_name != NULL) {
- struct _pam_failed_auth *new = NULL;
+ struct _pam_failed_auth *newauth = NULL;
const struct _pam_failed_auth *old = NULL;
/* get a failure recorder */
- new = (struct _pam_failed_auth *)
- malloc( sizeof(struct _pam_failed_auth) );
+ newauth = SMB_MALLOC_P( struct _pam_failed_auth );
- if (new != NULL) {
+ if (newauth != NULL) {
/* any previous failures for this user ? */
pam_get_data(pamh, data_name, (const void **) &old);
if (old != NULL) {
- new->count = old->count + 1;
- if (new->count >= SMB_MAX_RETRIES) {
+ newauth->count = old->count + 1;
+ if (newauth->count >= SMB_MAX_RETRIES) {
retval = PAM_MAXTRIES;
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
- new->count = 1;
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
+ newauth->count = 1;
}
- new->user = smbpXstrDup( name );
- new->id = pdb_get_uid(sampass);
- new->agent = smbpXstrDup( uidtoname( getuid() ) );
- pam_set_data( pamh, data_name, new, _cleanup_failures );
+ if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) {
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
+ }
+ newauth->user = smbpXstrDup( name );
+ newauth->agent = smbpXstrDup( uidtoname( getuid() ) );
+ pam_set_data( pamh, data_name, newauth, _cleanup_failures );
} else {
_log_err( LOG_CRIT, "no memory for failure recorder" );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
retval = PAM_AUTH_ERR;
}
}
* - to avoid prompting for one in such cases (CG)
*/
-int _smb_blankpasswd( unsigned int ctrl, SAM_ACCOUNT *sampass )
+int _smb_blankpasswd( unsigned int ctrl, struct samu *sampass )
{
int retval;
if (comment != NULL && off(SMB__QUIET, ctrl)) {
pmsg[0] = &msg[0];
msg[0].msg_style = PAM_TEXT_INFO;
- msg[0].msg = comment;
+ msg[0].msg = CONST_DISCARD(char *, comment);
i = 1;
} else {
i = 0;
pmsg[i] = &msg[i];
msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
- msg[i++].msg = prompt1;
+ msg[i++].msg = CONST_DISCARD(char *, prompt1);
if (prompt2 != NULL) {
pmsg[i] = &msg[i];
msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
- msg[i++].msg = prompt2;
+ msg[i++].msg = CONST_DISCARD(char *, prompt2);
expect = 2;
} else
expect = 1;