*/
#include "includes.h"
+#include "../libcli/auth/pam_errors.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr);
-/*
- * Macros to help make life easy
- */
-
static char *smb_pam_copy_string(const char *s)
{
if (s == NULL) {
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We sent: %s\n", current_reply));
pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
#ifdef DEBUG_PASSWORD
- DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actualy sent: %s\n", current_reply));
+ DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actually sent: %s\n", current_reply));
#endif
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = smb_pam_copy_fstring(
reply[replies].resp = smb_pam_copy_fstring(
current_reply);
#ifdef DEBUG_PASSWORD
- DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply));
+ DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actually sent: %s\n", current_reply));
#endif
found = True;
break;
static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
{
int pam_error;
-#ifdef PAM_RHOST
- const char *our_rhost;
- char addr[INET6_ADDRSTRLEN];
-#endif
*pamh = (pam_handle_t *)NULL;
}
#if HAVE_PAM_RHOST
- if (rhost == NULL) {
- our_rhost = client_name(smbd_server_fd());
- if (strequal(our_rhost,"UNKNOWN"))
- our_rhost = client_addr(smbd_server_fd(), addr,
- sizeof(addr));
- } else {
- our_rhost = rhost;
- }
-
- DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost));
- pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost);
+ DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", rhost));
+ pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
smb_pam_end(*pamh, pconv);
*pamh = (pam_handle_t *)NULL;
* PAM Password Validation Suite
*/
-NTSTATUS smb_pam_passcheck(const char * user, const char * password)
+NTSTATUS smb_pam_passcheck(const char * user, const char * rhost,
+ const char * password)
{
pam_handle_t *pamh = NULL;
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, password, NULL)) == NULL)
return NT_STATUS_LOGON_FAILURE;
- if (!smb_pam_start(&pamh, user, NULL, pconv))
+ if (!smb_pam_start(&pamh, user, rhost, pconv))
return NT_STATUS_LOGON_FAILURE;
if (!NT_STATUS_IS_OK(nt_status = smb_pam_auth(pamh, user))) {
* PAM Password Change Suite
*/
-bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
+bool smb_pam_passchange(const char *user, const char *rhost,
+ const char *oldpassword, const char *newpassword)
{
/* Appropriate quantities of root should be obtained BEFORE calling this function */
struct pam_conv *pconv = NULL;
if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL)
return False;
- if(!smb_pam_start(&pamh, user, NULL, pconv))
+ if(!smb_pam_start(&pamh, user, rhost, pconv))
return False;
if (!smb_pam_chauthtok(pamh, user)) {
git.samba.org / samba.git / blobdiff