summaryrefslogtreecommitdiffstats
path: root/source3/auth/pampass.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth/pampass.c')
-rw-r--r--source3/auth/pampass.c96
1 files changed, 47 insertions, 49 deletions
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index e84a045d49f..553ffcd323c 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -5,6 +5,7 @@
Copyright (C) Andrew Tridgell 1992-2001
Copyright (C) John H Terpsta 1999-2001
Copyright (C) Andrew Bartlett 2001
+ Copyright (C) Jeremy Allison 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -58,7 +59,7 @@ static char *PAM_password;
/*
* PAM error handler.
*/
-static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
+static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
{
if( pam_error != PAM_SUCCESS) {
@@ -74,7 +75,7 @@ static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int
* echo off means password.
*/
-static int PAM_conv(int num_msg,
+static int smb_pam_conv(int num_msg,
const struct pam_message **msg,
struct pam_response **resp,
void *appdata_ptr)
@@ -122,21 +123,21 @@ static int PAM_conv(int num_msg,
return PAM_SUCCESS;
}
-static struct pam_conv PAM_conversation = {
- &PAM_conv,
+static struct pam_conv smb_pam_conversation = {
+ &smb_pam_conv,
NULL
};
/*
* PAM Closing out cleanup handler
*/
-static BOOL proc_pam_end(pam_handle_t *pamh)
+static BOOL smb_pam_end(pam_handle_t *pamh)
{
int pam_error;
if( pamh != NULL ) {
pam_error = pam_end(pamh, 0);
- if(pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
+ if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
DEBUG(4, ("PAM: PAM_END OK.\n"));
return True;
}
@@ -148,15 +149,15 @@ static BOOL proc_pam_end(pam_handle_t *pamh)
/*
* Start PAM authentication for specified account
*/
-static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost)
+static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost)
{
int pam_error;
DEBUG(4,("PAM: Init user: %s\n", user));
- pam_error = pam_start("samba", user, &PAM_conversation, pamh);
- if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
- proc_pam_end(*pamh);
+ pam_error = pam_start("samba", user, &smb_pam_conversation, pamh);
+ if( !smb_pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
+ smb_pam_end(*pamh);
return False;
}
@@ -169,16 +170,16 @@ static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost)
#ifdef PAM_RHOST
DEBUG(4,("PAM: setting rhost to: %s\n", rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
- if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
- proc_pam_end(*pamh);
+ if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
+ smb_pam_end(*pamh);
return False;
}
#endif
#ifdef PAM_TTY
DEBUG(4,("PAM: setting tty\n"));
pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
- if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
- proc_pam_end(*pamh);
+ if (!smb_pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
+ smb_pam_end(*pamh);
return False;
}
#endif
@@ -189,7 +190,7 @@ static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost)
/*
* PAM Authentication Handler
*/
-static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password)
+static BOOL smb_pam_auth(pam_handle_t *pamh, char *user, char *password)
{
int pam_error;
@@ -225,8 +226,8 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password)
default:
DEBUG(0, ("PAM: UNKNOWN ERROR while authenticating user %s\n", user));
}
- if(!pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) {
- proc_pam_end(pamh);
+ if(!smb_pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) {
+ smb_pam_end(pamh);
return False;
}
/* If this point is reached, the user has been authenticated. */
@@ -236,7 +237,7 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password)
/*
* PAM Account Handler
*/
-static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL pam_auth)
+static BOOL smb_pam_account(pam_handle_t *pamh, char * user, char * password, BOOL pam_auth)
{
int pam_error;
@@ -264,8 +265,8 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
default:
DEBUG(0, ("PAM: UNKNOWN ERROR for User: %s\n", user));
}
- if(!pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) {
- proc_pam_end(pamh);
+ if(!smb_pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) {
+ smb_pam_end(pamh);
return False;
}
@@ -303,8 +304,8 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
default:
DEBUG(0, ("PAM: Error Condition Unknown in pam_setcred function call!"));
}
- if(!pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) {
- proc_pam_end(pamh);
+ if(!smb_pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) {
+ smb_pam_end(pamh);
return False;
}
@@ -316,7 +317,7 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
/*
* PAM Internal Session Handler
*/
-static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
+static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
{
int pam_error;
@@ -326,22 +327,22 @@ static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL fla
#ifdef PAM_TTY
DEBUG(4,("PAM: tty set to: %s\n", tty));
pam_error = pam_set_item(pamh, PAM_TTY, tty);
- if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
- proc_pam_end(pamh);
+ if (!smb_pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
+ smb_pam_end(pamh);
return False;
}
#endif
if (flag) {
pam_error = pam_open_session(pamh, PAM_SILENT);
- if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
- proc_pam_end(pamh);
+ if (!smb_pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
+ smb_pam_end(pamh);
return False;
}
} else {
pam_error = pam_close_session(pamh, PAM_SILENT);
- if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) {
- proc_pam_end(pamh);
+ if (!smb_pam_error_handler(pamh, pam_error, "session close failed", 0)) {
+ smb_pam_end(pamh);
return False;
}
}
@@ -351,29 +352,26 @@ static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL fla
/*
* PAM Externally accessible Session handler
*/
-BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost)
+BOOL smb_pam_session(BOOL flag, const char *in_user, char *tty, char *rhost)
{
pam_handle_t *pamh = NULL;
char * user;
- user = malloc(strlen(in_user)+1);
+ user = strdup(in_user);
if ( user == NULL ) {
DEBUG(0, ("PAM: PAM_session Malloc Failed!\n"));
return False;
}
- /* This is freed by PAM */
- StrnCpy(user, in_user, strlen(in_user)+1);
-
- if (!proc_pam_start(&pamh, user, rhost)) {
- proc_pam_end(pamh);
+ if (!smb_pam_start(&pamh, user, rhost)) {
+ smb_pam_end(pamh);
return False;
}
- if (proc_pam_session(pamh, user, tty, flag)) {
- return proc_pam_end(pamh);
+ if (smb_internal_pam_session(pamh, user, tty, flag)) {
+ return smb_pam_end(pamh);
} else {
- proc_pam_end(pamh);
+ smb_pam_end(pamh);
return False;
}
}
@@ -381,16 +379,16 @@ BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost)
/*
* PAM Externally accessible Account handler
*/
-BOOL pam_accountcheck(char * user)
+BOOL smb_pam_accountcheck(char * user)
{
pam_handle_t *pamh = NULL;
PAM_username = user;
PAM_password = NULL;
- if( proc_pam_start(&pamh, user, NULL)) {
- if ( pam_account(pamh, user, NULL, False)) {
- return( proc_pam_end(pamh));
+ if( smb_pam_start(&pamh, user, NULL)) {
+ if ( smb_pam_account(pamh, user, NULL, False)) {
+ return( smb_pam_end(pamh));
}
}
DEBUG(0, ("PAM: Account Validation Failed - Rejecting User!\n"));
@@ -400,17 +398,17 @@ BOOL pam_accountcheck(char * user)
/*
* PAM Password Validation Suite
*/
-BOOL pam_passcheck(char * user, char * password)
+BOOL smb_pam_passcheck(char * user, char * password)
{
pam_handle_t *pamh = NULL;
PAM_username = user;
PAM_password = password;
- if( proc_pam_start(&pamh, user, NULL)) {
- if ( pam_auth(pamh, user, password)) {
- if ( pam_account(pamh, user, password, True)) {
- return( proc_pam_end(pamh));
+ if( smb_pam_start(&pamh, user, NULL)) {
+ if ( smb_pam_auth(pamh, user, password)) {
+ if ( smb_pam_account(pamh, user, password, True)) {
+ return( smb_pam_end(pamh));
}
}
}
@@ -421,7 +419,7 @@ BOOL pam_passcheck(char * user, char * password)
#else
/* If PAM not used, no PAM restrictions on accounts. */
- BOOL pam_accountcheck(char * user)
+ BOOL smb_pam_accountcheck(char * user)
{
return True;
}