*/
#include "includes.h"
+#include "auth.h"
+#include "../libcli/auth/pam_errors.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr);
-/*
- * Macros to help make life easy
- */
-
static char *smb_pam_copy_string(const char *s)
{
if (s == NULL) {
ZERO_STRUCTP(t);
- DLIST_ADD_END(list, t, struct chat_struct*);
+ DLIST_ADD_END(list, t);
if (!next_token_talloc(frame, &p, &prompt, NULL)) {
break;
special_char_sub(prompt);
fstrcpy(t->prompt, prompt);
- strlower_m(t->prompt);
+ (void)strlower_m(t->prompt);
trim_char(t->prompt, ' ', ' ');
if (!next_token_talloc(frame, &p, &reply, NULL)) {
special_char_sub(reply);
fstrcpy(t->reply, reply);
- strlower_m(t->reply);
+ (void)strlower_m(t->reply);
trim_char(t->reply, ' ', ' ');
}
if (num_msg <= 0)
return PAM_CONV_ERR;
- if ((pw_chat = make_pw_chat(lp_passwd_chat())) == NULL)
+ if ((pw_chat = make_pw_chat(lp_passwd_chat(talloc_tos()))) == NULL)
return PAM_CONV_ERR;
/*
*/
DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
- pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+ pam_error = pam_authenticate(pamh, PAM_SILENT | (lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK));
switch( pam_error ){
case PAM_AUTH_ERR:
DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
* PAM Externally accessible Session handler
*/
-bool smb_pam_claim_session(char *user, char *tty, char *rhost)
+bool smb_pam_claim_session(const char *user, const char *tty, const char *rhost)
{
pam_handle_t *pamh = NULL;
struct pam_conv *pconv = NULL;
* PAM Externally accessible Session handler
*/
-bool smb_pam_close_session(char *user, char *tty, char *rhost)
+bool smb_pam_close_session(const char *user, const char *tty, const char *rhost)
{
pam_handle_t *pamh = NULL;
struct pam_conv *pconv = NULL;
* PAM Password Validation Suite
*/
-NTSTATUS smb_pam_passcheck(const char * user, const char * password)
+NTSTATUS smb_pam_passcheck(const char * user, const char * rhost,
+ const char * password)
{
pam_handle_t *pamh = NULL;
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
struct pam_conv *pconv = NULL;
- const char *rhost;
- char addr[INET6_ADDRSTRLEN];
/*
* Note we can't ignore PAM here as this is the only
if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, password, NULL)) == NULL)
return NT_STATUS_LOGON_FAILURE;
- rhost = client_name(smbd_server_fd());
- if (strequal(rhost,"UNKNOWN"))
- rhost = client_addr(smbd_server_fd(), addr, sizeof(addr));
-
if (!smb_pam_start(&pamh, user, rhost, pconv))
return NT_STATUS_LOGON_FAILURE;
}
/* If PAM not used, also no PAM restrictions on sessions. */
-bool smb_pam_claim_session(char *user, char *tty, char *rhost)
+bool smb_pam_claim_session(const char *user, const char *tty, const char *rhost)
{
return True;
}
/* If PAM not used, also no PAM restrictions on sessions. */
-bool smb_pam_close_session(char *in_user, char *tty, char *rhost)
+bool smb_pam_close_session(const char *in_user, const char *tty, const char *rhost)
{
return True;
}