int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; int retval, *ret_data = NULL; struct samu *sampass = NULL; const char *name; void (*oldsig_handler)(int) = NULL; bool found; /* Points to memory managed by the PAM library. Do not free. */ char *p = NULL; /* Samba initialization. */ load_case_tables(); lp_set_in_client(True); ctrl = set_ctrl(pamh, flags, argc, argv); /* Get a few bytes so we can pass our return value to pam_sm_setcred(). */ ret_data = SMB_MALLOC_P(int); /* we need to do this before we call AUTH_RETURN */ /* Getting into places that might use LDAP -- protect the app from a SIGPIPE it's not expecting */ oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); /* get the username */ retval = pam_get_user( pamh, &name, "Username: "******"auth: could not identify user"); } AUTH_RETURN; } if (on( SMB_DEBUG, ctrl )) { _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name ); } if (geteuid() != 0) { _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root."); retval = PAM_AUTHINFO_UNAVAIL; AUTH_RETURN; } if (!initialize_password_db(True, NULL)) { _log_err(pamh, LOG_ALERT, "Cannot access samba password database" ); retval = PAM_AUTHINFO_UNAVAIL; AUTH_RETURN; } sampass = samu_new( NULL ); if (!sampass) { _log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct" ); retval = nt_status_to_pam(NT_STATUS_NO_MEMORY); AUTH_RETURN; } found = pdb_getsampwnam( sampass, name ); if (on( SMB_MIGRATE, ctrl )) { retval = _smb_add_user(pamh, ctrl, name, sampass, found); TALLOC_FREE(sampass); AUTH_RETURN; } if (!found) { _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name); retval = PAM_USER_UNKNOWN; TALLOC_FREE(sampass); sampass = NULL; AUTH_RETURN; } /* if this user does not have a password... */ if (_smb_blankpasswd( ctrl, sampass )) { TALLOC_FREE(sampass); retval = PAM_SUCCESS; AUTH_RETURN; } /* get this user's authentication token */ retval = _smb_read_password(pamh, ctrl, NULL, "Password: "******"auth: no password provided for [%s]", name); TALLOC_FREE(sampass); AUTH_RETURN; } /* verify the password of this user */ retval = _smb_verify_password( pamh, sampass, p, ctrl ); TALLOC_FREE(sampass); p = NULL; AUTH_RETURN; }
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; int retval, *ret_data = NULL; SAM_ACCOUNT *sampass = NULL; extern BOOL in_client; const char *name; void (*oldsig_handler)(int); BOOL found; /* Points to memory managed by the PAM library. Do not free. */ char *p = NULL; /* Samba initialization. */ setup_logging("pam_smbpass",False); in_client = True; ctrl = set_ctrl(flags, argc, argv); /* Get a few bytes so we can pass our return value to pam_sm_setcred(). */ ret_data = malloc(sizeof(int)); /* get the username */ retval = pam_get_user( pamh, &name, "Username: "******"auth: could not identify user"); } AUTH_RETURN; } if (on( SMB_DEBUG, ctrl )) { _log_err( LOG_DEBUG, "username [%s] obtained", name ); } /* Getting into places that might use LDAP -- protect the app from a SIGPIPE it's not expecting */ oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); if (!initialize_password_db(True)) { _log_err( LOG_ALERT, "Cannot access samba password database" ); retval = PAM_AUTHINFO_UNAVAIL; AUTH_RETURN; } pdb_init_sam(&sampass); found = pdb_getsampwnam( sampass, name ); if (on( SMB_MIGRATE, ctrl )) { retval = _smb_add_user(pamh, ctrl, name, sampass, found); pdb_free_sam(&sampass); AUTH_RETURN; } if (!found) { _log_err(LOG_ALERT, "Failed to find entry for user %s.", name); retval = PAM_USER_UNKNOWN; pdb_free_sam(&sampass); sampass = NULL; AUTH_RETURN; } /* if this user does not have a password... */ if (_smb_blankpasswd( ctrl, sampass )) { pdb_free_sam(&sampass); retval = PAM_SUCCESS; AUTH_RETURN; } /* get this user's authentication token */ retval = _smb_read_password(pamh, ctrl, NULL, "Password: "******"auth: no password provided for [%s]" , name); pdb_free_sam(&sampass); AUTH_RETURN; } /* verify the password of this user */ retval = _smb_verify_password( pamh, sampass, p, ctrl ); pdb_free_sam(&sampass); p = NULL; AUTH_RETURN; }