return ctrl;
};
-static void _pam_winbind_free_context(struct pwb_context *ctx)
+static int _pam_winbind_free_context(struct pwb_context *ctx)
{
+ if (!ctx) {
+ return 0;
+ }
+
if (ctx->dict) {
iniparser_freedict(ctx->dict);
}
- SAFE_FREE(ctx);
+ return 0;
}
static int _pam_winbind_init_context(pam_handle_t *pamh,
{
struct pwb_context *r = NULL;
- r = (struct pwb_context *)malloc(sizeof(struct pwb_context));
+ r = TALLOC_ZERO_P(NULL, struct pwb_context);
if (!r) {
return PAM_BUF_ERR;
}
- ZERO_STRUCTP(r);
+ talloc_set_destructor(r, _pam_winbind_free_context);
r->pamh = pamh;
r->flags = flags;
r->argv = argv;
r->ctrl = _pam_parse(pamh, flags, argc, argv, &r->dict);
if (r->ctrl == -1) {
- _pam_winbind_free_context(r);
+ TALLOC_FREE(r);
return PAM_SYSTEM_ERR;
}
"(error_status = %d)", pamh, data,
error_status);
}
- SAFE_FREE(data);
+ TALLOC_FREE(data);
}
return;
}
- ret = pam_set_data(ctx->pamh, data_name, (void *)strdup(value),
+ ret = pam_set_data(ctx->pamh, data_name, talloc_strdup(NULL, value),
_pam_winbind_cleanup_func);
if (ret) {
_pam_log_debug(ctx, LOG_DEBUG,
"Could not set data %s: %s\n",
data_name, pam_strerror(ctx->pamh, ret));
}
-
}
/**
* @return string (caller needs to free).
*/
-static char *_pam_compose_pwd_restriction_string(struct winbindd_response *response)
+static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx,
+ struct winbindd_response *response)
{
char *str = NULL;
- size_t offset = 0, ret = 0, str_size = 1024;
- str = (char *)malloc(str_size);
+ str = talloc_asprintf(ctx, "Your password ");
if (!str) {
- return NULL;
- }
-
- memset(str, '\0', str_size);
-
- offset = snprintf(str, str_size, "Your password ");
- if (offset == -1) {
goto failed;
}
if (response->data.auth.policy.min_length_password > 0) {
- ret = snprintf(str+offset, str_size-offset,
+ str = talloc_asprintf_append(str,
"must be at least %d characters; ",
response->data.auth.policy.min_length_password);
- if (ret == -1) {
+ if (!str) {
goto failed;
}
- offset += ret;
}
if (response->data.auth.policy.password_history > 0) {
- ret = snprintf(str+offset, str_size-offset,
+ str = talloc_asprintf_append(str,
"cannot repeat any of your previous %d "
"passwords; ",
response->data.auth.policy.password_history);
- if (ret == -1) {
+ if (!str) {
goto failed;
}
- offset += ret;
}
if (response->data.auth.policy.password_properties &
DOMAIN_PASSWORD_COMPLEX) {
- ret = snprintf(str+offset, str_size-offset,
+ str = talloc_asprintf_append(str,
"must contain capitals, numerals "
"or punctuation; "
"and cannot contain your account "
"or full name; ");
- if (ret == -1) {
+ if (!str) {
goto failed;
}
- offset += ret;
}
- ret = snprintf(str+offset, str_size-offset,
+ str = talloc_asprintf_append(str,
"Please type a different password. "
"Type a password which meets these requirements in "
"both text boxes.");
- if (ret == -1) {
+ if (!str) {
goto failed;
}
return str;
failed:
- SAFE_FREE(str);
+ TALLOC_FREE(str);
return NULL;
}
}
pwd_restriction_string =
- _pam_compose_pwd_restriction_string(&response);
+ _pam_compose_pwd_restriction_string(ctx, &response);
if (pwd_restriction_string) {
_make_remark(ctx, PAM_ERROR_MSG,
pwd_restriction_string);
- SAFE_FREE(pwd_restriction_string);
+ TALLOC_FREE(pwd_restriction_string);
}
}
if (ctx->dict) {
char *key = NULL;
- if (!asprintf(&key, "global:%s", item)) {
+ key = talloc_asprintf(ctx, "global:%s", item);
+ if (!key) {
goto out;
}
parm_opt = iniparser_getstr(ctx->dict, key);
- SAFE_FREE(key);
+ TALLOC_FREE(key);
_pam_log_debug(ctx, LOG_INFO, "CONFIG file: %s '%s'\n",
item, parm_opt);
if (ctx->dict) {
char *key = NULL;
- if (!asprintf(&key, "global:%s", item)) {
+ key = talloc_asprintf(ctx, "global:%s", item);
+ if (!key) {
goto out;
}
parm_opt = iniparser_getint(ctx->dict, key, -1);
- SAFE_FREE(key);
+ TALLOC_FREE(key);
_pam_log_debug(ctx, LOG_INFO,
"CONFIG file: %s '%d'\n",
struct winbindd_request req;
struct winbindd_response resp;
int retval;
- char *account_name;
- int account_name_len;
char sep;
/* This cannot work when the winbind separator = @ */
return NULL;
}
- account_name_len = asprintf(&account_name, "%s\\%s",
- resp.data.name.dom_name,
- resp.data.name.name);
-
- return account_name;
+ return talloc_asprintf(ctx, "%s\\%s",
+ resp.data.name.dom_name,
+ resp.data.name.name);
}
PAM_EXTERN
real_username);
if (samaccountname) {
free(real_username);
- real_username = samaccountname;
+ real_username = strdup(samaccountname);
}
}
char *new_authtok_required_during_auth = NULL;
- if (!asprintf(&new_authtok_required, "%d", retval)) {
+ new_authtok_required = talloc_asprintf(NULL, "%d", retval);
+ if (!new_authtok_required) {
retval = PAM_BUF_ERR;
goto out;
}
retval = PAM_SUCCESS;
- if (!asprintf(&new_authtok_required_during_auth, "%d", true)) {
+ new_authtok_required_during_auth = talloc_asprintf(NULL, "%d", true);
+ if (!new_authtok_required_during_auth) {
retval = PAM_BUF_ERR;
goto out;
}
_PAM_LOG_FUNCTION_LEAVE("pam_sm_authenticate", ctx, retval);
- _pam_winbind_free_context(ctx);
+ TALLOC_FREE(ctx);
return retval;
}
_PAM_LOG_FUNCTION_LEAVE("pam_sm_setcred", ctx, ret);
- _pam_winbind_free_context(ctx);
+ TALLOC_FREE(ctx);
return ret;
}
_PAM_LOG_FUNCTION_LEAVE("pam_sm_acct_mgmt", ctx, ret);
- _pam_winbind_free_context(ctx);
+ TALLOC_FREE(ctx);
return ret;
}
out:
_PAM_LOG_FUNCTION_LEAVE("pam_sm_open_session", ctx, ret);
- _pam_winbind_free_context(ctx);
+ TALLOC_FREE(ctx);
return ret;
}
_PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, retval);
- _pam_winbind_free_context(ctx);
+ TALLOC_FREE(ctx);
return retval;
}
time_t pwdlastset_prelim = 0;
/* instruct user what is happening */
-#define greeting "Changing password for "
- Announce = (char *) malloc(sizeof(greeting) + strlen(user));
- if (Announce == NULL) {
+
+#define greeting "Changing password for"
+ Announce = talloc_asprintf(ctx, "%s %s", greeting, user);
+ if (!Announce) {
_pam_log(ctx, LOG_CRIT,
"password - out of memory");
ret = PAM_BUF_ERR;
goto out;
}
- (void) strcpy(Announce, greeting);
- (void) strcpy(Announce + sizeof(greeting) - 1, user);
#undef greeting
lctrl = ctx->ctrl | WINBIND__OLD_PASSWORD;
"(current) NT password: ",
NULL,
(const char **) &pass_old);
+ TALLOC_FREE(Announce);
if (ret != PAM_SUCCESS) {
_pam_log(ctx, LOG_NOTICE,
"password - (old) token not obtained");
_PAM_LOG_FUNCTION_LEAVE("pam_sm_chauthtok", ctx, ret);
- _pam_winbind_free_context(ctx);
+ TALLOC_FREE(ctx);
return ret;
}
git.samba.org / jra / samba / .git / commitdiff