diff options
Diffstat (limited to 'source/auth/pampass.c')
| -rw-r--r-- | source/auth/pampass.c | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/source/auth/pampass.c b/source/auth/pampass.c index 1a3e55dd44f..018eae3a07e 100644 --- a/source/auth/pampass.c +++ b/source/auth/pampass.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2. PAM Password checking Copyright (C) Andrew Tridgell 1992-2001 Copyright (C) John H Terpsta 1999-2001 @@ -29,9 +30,6 @@ #include "includes.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH - #ifdef WITH_PAM /******************************************************************* @@ -86,8 +84,6 @@ static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl, NTSTATUS *nt_status) { - *nt_status = pam_to_nt_status(pam_error); - if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl)) return True; @@ -186,7 +182,7 @@ static void special_char_sub(char *buf) static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass) { - fstring_sub(buf, "%u", username); + pstring_sub(buf, "%u", username); all_string_sub(buf, "%o", oldpass, sizeof(fstring)); all_string_sub(buf, "%n", newpass, sizeof(fstring)); } @@ -497,7 +493,7 @@ static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho /* * PAM Authentication Handler */ -static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user) { int pam_error; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; @@ -512,27 +508,35 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user) switch( pam_error ){ case PAM_AUTH_ERR: DEBUG(2, ("smb_pam_auth: PAM: Athentication Error for user %s\n", user)); + nt_status = NT_STATUS_WRONG_PASSWORD; break; case PAM_CRED_INSUFFICIENT: DEBUG(2, ("smb_pam_auth: PAM: Insufficient Credentials for user %s\n", user)); + nt_status = NT_STATUS_INSUFFICIENT_LOGON_INFO; break; case PAM_AUTHINFO_UNAVAIL: DEBUG(2, ("smb_pam_auth: PAM: Authentication Information Unavailable for user %s\n", user)); + nt_status = NT_STATUS_LOGON_FAILURE; break; case PAM_USER_UNKNOWN: DEBUG(2, ("smb_pam_auth: PAM: Username %s NOT known to Authentication system\n", user)); + nt_status = NT_STATUS_NO_SUCH_USER; break; case PAM_MAXTRIES: DEBUG(2, ("smb_pam_auth: PAM: One or more authentication modules reports user limit for user %s exceeeded\n", user)); + nt_status = NT_STATUS_REMOTE_SESSION_LIMIT; break; case PAM_ABORT: DEBUG(0, ("smb_pam_auth: PAM: One or more PAM modules failed to load for user %s\n", user)); + nt_status = NT_STATUS_LOGON_FAILURE; break; case PAM_SUCCESS: DEBUG(4, ("smb_pam_auth: PAM: User %s Authenticated OK\n", user)); + nt_status = NT_STATUS_OK; break; default: DEBUG(0, ("smb_pam_auth: PAM: UNKNOWN ERROR while authenticating user %s\n", user)); + nt_status = NT_STATUS_LOGON_FAILURE; break; } @@ -553,23 +557,30 @@ static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user) switch( pam_error ) { case PAM_AUTHTOK_EXPIRED: DEBUG(2, ("smb_pam_account: PAM: User %s is valid but password is expired\n", user)); + nt_status = NT_STATUS_PASSWORD_EXPIRED; break; case PAM_ACCT_EXPIRED: DEBUG(2, ("smb_pam_account: PAM: User %s no longer permitted to access system\n", user)); + nt_status = NT_STATUS_ACCOUNT_EXPIRED; break; case PAM_AUTH_ERR: DEBUG(2, ("smb_pam_account: PAM: There was an authentication error for user %s\n", user)); + nt_status = NT_STATUS_LOGON_FAILURE; break; case PAM_PERM_DENIED: DEBUG(0, ("smb_pam_account: PAM: User %s is NOT permitted to access system at this time\n", user)); + nt_status = NT_STATUS_ACCOUNT_RESTRICTION; break; case PAM_USER_UNKNOWN: DEBUG(0, ("smb_pam_account: PAM: User \"%s\" is NOT known to account management\n", user)); + nt_status = NT_STATUS_NO_SUCH_USER; break; case PAM_SUCCESS: DEBUG(4, ("smb_pam_account: PAM: Account OK for User: %s\n", user)); + nt_status = NT_STATUS_OK; break; default: + nt_status = NT_STATUS_ACCOUNT_DISABLED; DEBUG(0, ("smb_pam_account: PAM: UNKNOWN PAM ERROR (%d) during Account Management for User: %s\n", pam_error, user)); break; } @@ -582,7 +593,7 @@ static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user) * PAM Credential Setting */ -static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, const char * user) +static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) { int pam_error; NTSTATUS nt_status = NT_STATUS_NO_TOKEN; @@ -597,21 +608,27 @@ static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, const char * user) switch( pam_error ) { case PAM_CRED_UNAVAIL: DEBUG(0, ("smb_pam_setcred: PAM: Credentials not found for user:%s\n", user )); + nt_status = NT_STATUS_NO_TOKEN; break; case PAM_CRED_EXPIRED: DEBUG(0, ("smb_pam_setcred: PAM: Credentials for user: \"%s\" EXPIRED!\n", user )); + nt_status = NT_STATUS_PASSWORD_EXPIRED; break; case PAM_USER_UNKNOWN: DEBUG(0, ("smb_pam_setcred: PAM: User: \"%s\" is NOT known so can not set credentials!\n", user )); + nt_status = NT_STATUS_NO_SUCH_USER; break; case PAM_CRED_ERR: DEBUG(0, ("smb_pam_setcred: PAM: Unknown setcredentials error - unable to set credentials for %s\n", user )); + nt_status = NT_STATUS_LOGON_FAILURE; break; case PAM_SUCCESS: DEBUG(4, ("smb_pam_setcred: PAM: SetCredentials OK for User: %s\n", user)); + nt_status = NT_STATUS_OK; break; default: DEBUG(0, ("smb_pam_setcred: PAM: UNKNOWN PAM ERROR (%d) during SetCredentials for User: %s\n", pam_error, user)); + nt_status = NT_STATUS_NO_TOKEN; break; } @@ -622,7 +639,7 @@ static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, const char * user) /* * PAM Internal Session Handler */ -static BOOL smb_internal_pam_session(pam_handle_t *pamh, const char *user, const char *tty, BOOL flag) +static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) { int pam_error; @@ -788,7 +805,7 @@ NTSTATUS smb_pam_accountcheck(const char * user) * PAM Password Validation Suite */ -NTSTATUS smb_pam_passcheck(const char * user, const char * password) +NTSTATUS smb_pam_passcheck(char * user, char * password) { pam_handle_t *pamh = NULL; NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; |