static int findpty(char **slave)
{
- int master;
- static fstring line;
- SMB_STRUCT_DIR *dirp;
+ int master = -1;
+ char *line = NULL;
+ SMB_STRUCT_DIR *dirp = NULL;
const char *dpname;
+ *slave = NULL;
+
#if defined(HAVE_GRANTPT)
/* Try to open /dev/ptmx. If that fails, fall through to old method. */
- if ((master = sys_open("/dev/ptmx", O_RDWR, 0)) >= 0)
- {
+ if ((master = sys_open("/dev/ptmx", O_RDWR, 0)) >= 0) {
grantpt(master);
unlockpt(master);
- *slave = (char *)ptsname(master);
- if (*slave == NULL)
- {
+ line = (char *)ptsname(master);
+ if (line) {
+ *slave = SMB_STRDUP(line);
+ }
+
+ if (*slave == NULL) {
DEBUG(0,
("findpty: Unable to create master/slave pty pair.\n"));
/* Stop fd leak on error. */
close(master);
return -1;
- }
- else
- {
+ } else {
DEBUG(10,
("findpty: Allocated slave pty %s\n", *slave));
return (master);
}
#endif /* HAVE_GRANTPT */
- fstrcpy(line, "/dev/ptyXX");
+ line = SMB_STRDUP("/dev/ptyXX");
+ if (!line) {
+ return (-1);
+ }
dirp = sys_opendir("/dev");
- if (!dirp)
+ if (!dirp) {
+ SAFE_FREE(line);
return (-1);
- while ((dpname = readdirname(dirp)) != NULL)
- {
- if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5)
- {
+ }
+
+ while ((dpname = readdirname(dirp)) != NULL) {
+ if (strncmp(dpname, "pty", 3) == 0 && strlen(dpname) == 5) {
DEBUG(3,
("pty: try to open %s, line was %s\n", dpname,
line));
line[8] = dpname[3];
line[9] = dpname[4];
- if ((master = sys_open(line, O_RDWR, 0)) >= 0)
- {
+ if ((master = sys_open(line, O_RDWR, 0)) >= 0) {
DEBUG(3, ("pty: opened %s\n", line));
line[5] = 't';
*slave = line;
}
}
sys_closedir(dirp);
+ SAFE_FREE(line);
return (-1);
}
struct termios stermios;
gid_t gid;
uid_t uid;
+ char * const eptrs[1] = { NULL };
if (pass == NULL)
{
DEBUG(3, ("More weirdness, could not open %s\n", slavedev));
return (False);
}
-#if defined(I_PUSH) && defined(I_FIND)
+#if defined(TIOCSCTTY) && !defined(SUNOS5)
+ /*
+ * On patched Solaris 10 TIOCSCTTY is defined but seems not to work,
+ * see the discussion under
+ * https://bugzilla.samba.org/show_bug.cgi?id=5366.
+ */
+ if (ioctl(slave, TIOCSCTTY, 0) < 0)
+ {
+ DEBUG(3, ("Error in ioctl call for slave pty\n"));
+ /* return(False); */
+ }
+#elif defined(I_PUSH) && defined(I_FIND)
if (ioctl(slave, I_FIND, "ptem") == 0) {
ioctl(slave, I_PUSH, "ptem");
}
if (ioctl(slave, I_FIND, "ldterm") == 0) {
ioctl(slave, I_PUSH, "ldterm");
}
-#elif defined(TIOCSCTTY)
- if (ioctl(slave, TIOCSCTTY, 0) < 0)
- {
- DEBUG(3, ("Error in ioctl call for slave pty\n"));
- /* return(False); */
- }
#endif
/* Close master. */
passwordprogram));
/* execl() password-change application */
- if (execl("/bin/sh", "sh", "-c", passwordprogram, NULL) < 0)
+ if (execle("/bin/sh", "sh", "-c", passwordprogram, NULL, eptrs) < 0)
{
DEBUG(3, ("Bad status returned from %s\n", passwordprogram));
return (False);
static int expect(int master, char *issue, char *expected)
{
char buffer[1024];
- int attempts, timeout, nread, len;
+ int attempts, timeout, nread;
+ size_t len;
bool match = False;
for (attempts = 0; attempts < 2; attempts++) {
+ NTSTATUS status;
if (!strequal(issue, ".")) {
if (lp_passwd_chat_debug())
DEBUG(100, ("expect: sending [%s]\n", issue));
if ((len = sys_write(master, issue, strlen(issue))) != strlen(issue)) {
- DEBUG(2,("expect: (short) write returned %d\n", len ));
+ DEBUG(2,("expect: (short) write returned %d\n",
+ (int)len ));
return False;
}
}
nread = 0;
buffer[nread] = 0;
- while ((len = read_socket_with_timeout(master, buffer + nread, 1,
- sizeof(buffer) - nread - 1,
- timeout, NULL)) > 0) {
+ while (True) {
+ status = read_socket_with_timeout(
+ master, buffer + nread, 1,
+ sizeof(buffer) - nread - 1,
+ timeout, &len);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ break;
+ }
nread += len;
buffer[nread] = 0;
if (match)
break;
- if (len < 0) {
- DEBUG(2, ("expect: %s\n", strerror(errno)));
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("expect: %s\n", nt_errstr(status)));
return False;
}
}
static bool chat_with_program(char *passwordprogram, const struct passwd *pass,
char *chatsequence, bool as_root)
{
- char *slavedev;
+ char *slavedev = NULL;
int master;
pid_t pid, wpid;
int wstat;
if ((pid = sys_fork()) < 0) {
DEBUG(3, ("chat_with_program: Cannot fork() child for password change: %s\n", pass->pw_name));
+ SAFE_FREE(slavedev);
close(master);
CatchChild();
return (False);
/* we now have a pty */
if (pid > 0) { /* This is the parent process */
+ /* Don't need this anymore in parent. */
+ SAFE_FREE(slavedev);
+
if ((chstat = talktochild(master, chatsequence)) == False) {
DEBUG(3, ("chat_with_program: Child failed to change password: %s\n", pass->pw_name));
kill(pid, SIGKILL); /* be sure to end this process */
#ifdef WITH_PAM
if (lp_pam_password_change()) {
bool ret;
+#ifdef HAVE_SETLOCALE
+ const char *prevlocale = setlocale(LC_ALL, "C");
+#endif
if (as_root)
become_root();
if (as_root)
unbecome_root();
+#ifdef HAVE_SETLOCALE
+ setlocale(LC_ALL, prevlocale);
+#endif
+
return ret;
}
#endif
if (!pdb_get_pass_can_change(hnd)) {
DEBUG(1, ("user %s does not have permissions to change password\n", username));
if (samr_reject_reason) {
- *samr_reject_reason = REJECT_REASON_OTHER;
+ *samr_reject_reason = SAMR_REJECT_OTHER;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
"denied by Refuse Machine Password Change policy\n",
username));
if (samr_reject_reason) {
- *samr_reject_reason = REJECT_REASON_OTHER;
+ *samr_reject_reason = SAMR_REJECT_OTHER;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
"wait until %s\n", username,
http_timestring(can_change_time)));
if (samr_reject_reason) {
- *samr_reject_reason = REJECT_REASON_OTHER;
+ *samr_reject_reason = SAMR_REJECT_OTHER;
}
return NT_STATUS_ACCOUNT_RESTRICTION;
}
username));
DEBUGADD(1, (" account policy min password len = %d\n", min_len));
if (samr_reject_reason) {
- *samr_reject_reason = REJECT_REASON_TOO_SHORT;
+ *samr_reject_reason = SAMR_REJECT_TOO_SHORT;
}
return NT_STATUS_PASSWORD_RESTRICTION;
/* return NT_STATUS_PWD_TOO_SHORT; */
if (check_passwd_history(hnd,new_passwd)) {
if (samr_reject_reason) {
- *samr_reject_reason = REJECT_REASON_IN_HISTORY;
+ *samr_reject_reason = SAMR_REJECT_IN_HISTORY;
}
return NT_STATUS_PASSWORD_RESTRICTION;
}
- pass = Get_Pwnam(username);
+ pass = Get_Pwnam_alloc(talloc_tos(), username);
if (!pass) {
DEBUG(1, ("change_oem_password: Username %s does not exist in system !?!\n", username));
return NT_STATUS_ACCESS_DENIED;
if (check_ret != 0) {
DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
if (samr_reject_reason) {
- *samr_reject_reason = REJECT_REASON_NOT_COMPLEX;
+ *samr_reject_reason = SAMR_REJECT_COMPLEXITY;
}
+ TALLOC_FREE(pass);
return NT_STATUS_PASSWORD_RESTRICTION;
}
}
if(lp_unix_password_sync() &&
!chgpasswd(username, pass, old_passwd, new_passwd, as_root)) {
+ TALLOC_FREE(pass);
return NT_STATUS_ACCESS_DENIED;
}
+ TALLOC_FREE(pass);
+
if (!pdb_set_plaintext_passwd (hnd, new_passwd)) {
return NT_STATUS_ACCESS_DENIED;
}