r25026: Move param/param.h out of includes.h
[kai/samba-autobuild/.git] / source4 / auth / auth_unix.c
index 6cea18522346ad41d4cbf785d9a67b735789c3ba..dd000e94459690ffc2d0a41b8e5a18a6427b24ca 100644 (file)
@@ -7,7 +7,7 @@
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
    
    This program is distributed in the hope that it will be useful,
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
 #include "auth/auth.h"
 #include "system/passwd.h" /* needed by some systems for struct passwd */
 #include "lib/socket/socket.h" 
+#include "auth/pam_errors.h"
+#include "param/param.h"
 
 /* TODO: look at how to best fill in parms retrieveing a struct passwd info
  * except in case USER_INFO_DONT_CHECK_UNIX_ACCOUNT is set
@@ -196,6 +197,7 @@ static int smb_pam_conv(int num_msg, const struct pam_message **msg,
                                (*reply)[num].resp_retcode = PAM_SUCCESS;
                                (*reply)[num].resp = NULL;
                                DEBUG(4,("PAM Info message in conversation function: %s\n", (msg[num]->msg)));
+                               break;
 
                        case PAM_ERROR_MSG:
                                (*reply)[num].resp_retcode = PAM_SUCCESS;
@@ -204,6 +206,10 @@ static int smb_pam_conv(int num_msg, const struct pam_message **msg,
                                break;
 
                        default:
+                               while (num > 0) {
+                                       SAFE_FREE((*reply)[num-1].resp);
+                                       num--;
+                               }
                                SAFE_FREE(*reply);
                                *reply = NULL;
                                DEBUG(1,("Error: PAM subsystme sent an UNKNOWN message type to the conversation function!\n"));
@@ -316,7 +322,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
        pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
        switch( pam_error ){
                case PAM_AUTH_ERR:
-                       DEBUG(2, ("smb_pam_auth: PAM: Athentication Error for user %s\n", user));
+                       DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
                        break;
                case PAM_CRED_INSUFFICIENT:
                        DEBUG(2, ("smb_pam_auth: PAM: Insufficient Credentials for user %s\n", user));
@@ -739,7 +745,7 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, const struct auth_usersuppl
                strlower(pwcopy);
                nt_status = password_check(username, pwcopy, crypted, salt);
                if NT_STATUS_IS_OK(nt_status) {
-                       *ret_passwd = pwd;
+                       *ret_passwd = pws;
                        return nt_status;
                }
        }
@@ -767,20 +773,26 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, const struct auth_usersuppl
  *
  **/
 
+static NTSTATUS authunix_want_check(struct auth_method_context *ctx,
+                                   TALLOC_CTX *mem_ctx,
+                                   const struct auth_usersupplied_info *user_info)
+{
+       if (!user_info->mapped.account_name || !*user_info->mapped.account_name) {
+               return NT_STATUS_NOT_IMPLEMENTED;
+       }
+
+       return NT_STATUS_OK;
+}
+
 static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
                                        TALLOC_CTX *mem_ctx,
                                        const struct auth_usersupplied_info *user_info,
-                                       struct  auth_serversupplied_info **server_info)
+                                       struct auth_serversupplied_info **server_info)
 {
        TALLOC_CTX *check_ctx;
        NTSTATUS nt_status;
        struct passwd *pwd;
 
-       if (! user_info->mapped.account_name || ! *user_info->mapped.account_name) {
-               /* 'not for me' */
-               return NT_STATUS_NOT_IMPLEMENTED;
-       }
-
        if (user_info->password_state != AUTH_PASSWORD_PLAIN) {
                return NT_STATUS_INVALID_PARAMETER;
        }
@@ -791,13 +803,13 @@ static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
        }
 
        nt_status = check_unix_password(check_ctx, user_info, &pwd);
-       if ( ! NT_STATUS_IS_OK(nt_status)) {
+       if (!NT_STATUS_IS_OK(nt_status)) {
                talloc_free(check_ctx);
                return nt_status;
        }
 
        nt_status = authunix_make_server_info(mem_ctx, user_info, pwd, server_info);
-       if ( ! NT_STATUS_IS_OK(nt_status)) {
+       if (!NT_STATUS_IS_OK(nt_status)) {
                talloc_free(check_ctx);
                return nt_status;
        }
@@ -809,7 +821,8 @@ static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
 static const struct auth_operations unix_ops = {
        .name           = "unix",
        .get_challenge  = auth_get_challenge_not_implemented,
-       .check_password = authunix_check_password
+       .want_check     = authunix_want_check,
+       .check_password = authunix_check_password
 };
 
 NTSTATUS auth_unix_init(void)