[SCM] Samba Shared Repository - branch v3-2-test updated -
release-3-2-0pre2-636-gbf960f5
Günther Deschner
gd at samba.org
Thu Apr 3 14:28:21 GMT 2008
The branch, v3-2-test has been updated
via bf960f57e7adf09cdf096f2c72065ea1ff8b0daa (commit)
via d62676cf886d910334b3d6f7ce0147b75ef53aec (commit)
via fe8acb064433b286938e0b572ca1faa8a54414b7 (commit)
via ea2175ee0e6288ccb132e86b9dd0bf8a0e4169c9 (commit)
from 9d0e5a13215d4904084e81fde6098c70ee4d4636 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit bf960f57e7adf09cdf096f2c72065ea1ff8b0daa
Author: Günther Deschner <gd at samba.org>
Date: Thu Apr 3 15:41:26 2008 +0200
Use pwb_context in pam_winbind.
Guenther
commit d62676cf886d910334b3d6f7ce0147b75ef53aec
Author: Günther Deschner <gd at samba.org>
Date: Thu Apr 3 13:23:34 2008 +0200
Add _pam_winbind_init/free_context.
Guenther
commit fe8acb064433b286938e0b572ca1faa8a54414b7
Author: Günther Deschner <gd at samba.org>
Date: Thu Apr 3 13:19:46 2008 +0200
Add pwb_context to pam_winbind.h.
Guenther
commit ea2175ee0e6288ccb132e86b9dd0bf8a0e4169c9
Author: Günther Deschner <gd at samba.org>
Date: Thu Apr 3 13:06:14 2008 +0200
Make more functions in pam_winbind static.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/pam_winbind.c | 781 ++++++++++++++++++++---------------------
source/nsswitch/pam_winbind.h | 9 +
2 files changed, 395 insertions(+), 395 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index d2aea66..9a9bce7 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -12,18 +12,18 @@
#include "pam_winbind.h"
-#define _PAM_LOG_FUNCTION_ENTER(function, pamh, ctrl, flags) \
+#define _PAM_LOG_FUNCTION_ENTER(function, ctx) \
do { \
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: %p] ENTER: " \
- function " (flags: 0x%04x)", pamh, flags); \
- _pam_log_state(pamh, ctrl); \
+ _pam_log_debug(ctx, LOG_DEBUG, "[pamh: %p] ENTER: " \
+ function " (flags: 0x%04x)", ctx->pamh, ctx->flags); \
+ _pam_log_state(ctx); \
} while (0)
-#define _PAM_LOG_FUNCTION_LEAVE(function, pamh, ctrl, retval) \
+#define _PAM_LOG_FUNCTION_LEAVE(function, ctx, retval) \
do { \
- _pam_log_debug(pamh, ctrl, LOG_DEBUG, "[pamh: %p] LEAVE: " \
- function " returning %d", pamh, retval); \
- _pam_log_state(pamh, ctrl); \
+ _pam_log_debug(ctx, LOG_DEBUG, "[pamh: %p] LEAVE: " \
+ function " returning %d", ctx->pamh, retval); \
+ _pam_log_state(ctx); \
} while (0)
/* data tokens */
@@ -88,8 +88,21 @@ static bool _pam_log_is_silent(int ctrl)
return on(ctrl, WINBIND_SILENT);
}
-static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
-static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
+static void _pam_log(struct pwb_context *r, int err, const char *format, ...) PRINTF_ATTRIBUTE(3,4);
+static void _pam_log(struct pwb_context *r, int err, const char *format, ...)
+{
+ va_list args;
+
+ if (_pam_log_is_silent(r->ctrl)) {
+ return;
+ }
+
+ va_start(args, format);
+ _pam_log_int(r->pamh, err, format, args);
+ va_end(args);
+}
+static void __pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
+static void __pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
{
va_list args;
@@ -128,8 +141,21 @@ static bool _pam_log_is_debug_state_enabled(int ctrl)
return _pam_log_is_debug_enabled(ctrl);
}
-static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
-static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
+static void _pam_log_debug(struct pwb_context *r, int err, const char *format, ...) PRINTF_ATTRIBUTE(3,4);
+static void _pam_log_debug(struct pwb_context *r, int err, const char *format, ...)
+{
+ va_list args;
+
+ if (!_pam_log_is_debug_enabled(r->ctrl)) {
+ return;
+ }
+
+ va_start(args, format);
+ _pam_log_int(r->pamh, err, format, args);
+ va_end(args);
+}
+static void __pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
+static void __pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
{
va_list args;
@@ -142,44 +168,43 @@ static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const ch
va_end(args);
}
-static void _pam_log_state_datum(const pam_handle_t *pamh,
- int ctrl,
+static void _pam_log_state_datum(struct pwb_context *ctx,
int item_type,
const char *key,
int is_string)
{
const void *data = NULL;
if (item_type != 0) {
- pam_get_item(pamh, item_type, &data);
+ pam_get_item(ctx->pamh, item_type, &data);
} else {
- pam_get_data(pamh, key, &data);
+ pam_get_data(ctx->pamh, key, &data);
}
if (data != NULL) {
const char *type = (item_type != 0) ? "ITEM" : "DATA";
if (is_string != 0) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ _pam_log_debug(ctx, LOG_DEBUG,
"[pamh: %p] STATE: %s(%s) = \"%s\" (%p)",
- pamh, type, key, (const char *)data,
+ ctx->pamh, type, key, (const char *)data,
data);
} else {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ _pam_log_debug(ctx, LOG_DEBUG,
"[pamh: %p] STATE: %s(%s) = %p",
- pamh, type, key, data);
+ ctx->pamh, type, key, data);
}
}
}
-#define _PAM_LOG_STATE_DATA_POINTER(pamh, ctrl, module_data_name) \
- _pam_log_state_datum(pamh, ctrl, 0, module_data_name, 0)
+#define _PAM_LOG_STATE_DATA_POINTER(ctx, module_data_name) \
+ _pam_log_state_datum(ctx, 0, module_data_name, 0)
-#define _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, module_data_name) \
- _pam_log_state_datum(pamh, ctrl, 0, module_data_name, 1)
+#define _PAM_LOG_STATE_DATA_STRING(ctx, module_data_name) \
+ _pam_log_state_datum(ctx, 0, module_data_name, 1)
-#define _PAM_LOG_STATE_ITEM_POINTER(pamh, ctrl, item_type) \
- _pam_log_state_datum(pamh, ctrl, item_type, #item_type, 0)
+#define _PAM_LOG_STATE_ITEM_POINTER(ctx, item_type) \
+ _pam_log_state_datum(ctx, item_type, #item_type, 0)
-#define _PAM_LOG_STATE_ITEM_STRING(pamh, ctrl, item_type) \
- _pam_log_state_datum(pamh, ctrl, item_type, #item_type, 1)
+#define _PAM_LOG_STATE_ITEM_STRING(ctx, item_type) \
+ _pam_log_state_datum(ctx, item_type, #item_type, 1)
#ifdef DEBUG_PASSWORD
#define _LOG_PASSWORD_AS_STRING 1
@@ -187,42 +212,42 @@ static void _pam_log_state_datum(const pam_handle_t *pamh,
#define _LOG_PASSWORD_AS_STRING 0
#endif
-#define _PAM_LOG_STATE_ITEM_PASSWORD(pamh, ctrl, item_type) \
- _pam_log_state_datum(pamh, ctrl, item_type, #item_type, \
+#define _PAM_LOG_STATE_ITEM_PASSWORD(ctx, item_type) \
+ _pam_log_state_datum(ctx, item_type, #item_type, \
_LOG_PASSWORD_AS_STRING)
-static void _pam_log_state(const pam_handle_t *pamh, int ctrl)
+static void _pam_log_state(struct pwb_context *ctx)
{
- if (!_pam_log_is_debug_state_enabled(ctrl)) {
+ if (!_pam_log_is_debug_state_enabled(ctx->ctrl)) {
return;
}
- _PAM_LOG_STATE_ITEM_STRING(pamh, ctrl, PAM_SERVICE);
- _PAM_LOG_STATE_ITEM_STRING(pamh, ctrl, PAM_USER);
- _PAM_LOG_STATE_ITEM_STRING(pamh, ctrl, PAM_TTY);
- _PAM_LOG_STATE_ITEM_STRING(pamh, ctrl, PAM_RHOST);
- _PAM_LOG_STATE_ITEM_STRING(pamh, ctrl, PAM_RUSER);
- _PAM_LOG_STATE_ITEM_PASSWORD(pamh, ctrl, PAM_OLDAUTHTOK);
- _PAM_LOG_STATE_ITEM_PASSWORD(pamh, ctrl, PAM_AUTHTOK);
- _PAM_LOG_STATE_ITEM_STRING(pamh, ctrl, PAM_USER_PROMPT);
- _PAM_LOG_STATE_ITEM_POINTER(pamh, ctrl, PAM_CONV);
+ _PAM_LOG_STATE_ITEM_STRING(ctx, PAM_SERVICE);
+ _PAM_LOG_STATE_ITEM_STRING(ctx, PAM_USER);
+ _PAM_LOG_STATE_ITEM_STRING(ctx, PAM_TTY);
+ _PAM_LOG_STATE_ITEM_STRING(ctx, PAM_RHOST);
+ _PAM_LOG_STATE_ITEM_STRING(ctx, PAM_RUSER);
+ _PAM_LOG_STATE_ITEM_PASSWORD(ctx, PAM_OLDAUTHTOK);
+ _PAM_LOG_STATE_ITEM_PASSWORD(ctx, PAM_AUTHTOK);
+ _PAM_LOG_STATE_ITEM_STRING(ctx, PAM_USER_PROMPT);
+ _PAM_LOG_STATE_ITEM_POINTER(ctx, PAM_CONV);
#ifdef PAM_FAIL_DELAY
- _PAM_LOG_STATE_ITEM_POINTER(pamh, ctrl, PAM_FAIL_DELAY);
+ _PAM_LOG_STATE_ITEM_POINTER(ctx, PAM_FAIL_DELAY);
#endif
#ifdef PAM_REPOSITORY
- _PAM_LOG_STATE_ITEM_POINTER(pamh, ctrl, PAM_REPOSITORY);
+ _PAM_LOG_STATE_ITEM_POINTER(ctx, PAM_REPOSITORY);
#endif
- _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_HOMEDIR);
- _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_LOGONSCRIPT);
- _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_LOGONSERVER);
- _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_PROFILEPATH);
- _PAM_LOG_STATE_DATA_STRING(pamh, ctrl,
+ _PAM_LOG_STATE_DATA_STRING(ctx, PAM_WINBIND_HOMEDIR);
+ _PAM_LOG_STATE_DATA_STRING(ctx, PAM_WINBIND_LOGONSCRIPT);
+ _PAM_LOG_STATE_DATA_STRING(ctx, PAM_WINBIND_LOGONSERVER);
+ _PAM_LOG_STATE_DATA_STRING(ctx, PAM_WINBIND_PROFILEPATH);
+ _PAM_LOG_STATE_DATA_STRING(ctx,
PAM_WINBIND_NEW_AUTHTOK_REQD);
/* Use atoi to get PAM result code */
- _PAM_LOG_STATE_DATA_STRING(pamh, ctrl,
+ _PAM_LOG_STATE_DATA_STRING(ctx,
PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH);
- _PAM_LOG_STATE_DATA_POINTER(pamh, ctrl, PAM_WINBIND_PWD_LAST_SET);
+ _PAM_LOG_STATE_DATA_POINTER(ctx, PAM_WINBIND_PWD_LAST_SET);
}
static int _pam_parse(const pam_handle_t *pamh,
@@ -328,7 +353,7 @@ config_from_pam:
else if (!strcasecmp(*v, "cached_login"))
ctrl |= WINBIND_CACHED_LOGIN;
else {
- _pam_log(pamh, ctrl, LOG_ERR,
+ __pam_log(pamh, ctrl, LOG_ERR,
"pam_parse: unknown option: %s", *v);
return -1;
}
@@ -346,13 +371,52 @@ config_from_pam:
return ctrl;
};
+static void _pam_winbind_free_context(struct pwb_context *ctx)
+{
+ if (ctx->dict) {
+ iniparser_freedict(ctx->dict);
+ }
+
+ SAFE_FREE(ctx);
+}
+
+static int _pam_winbind_init_context(pam_handle_t *pamh,
+ int flags,
+ int argc,
+ const char **argv,
+ struct pwb_context **ctx_p)
+{
+ struct pwb_context *r = NULL;
+
+ r = (struct pwb_context *)malloc(sizeof(struct pwb_context));
+ if (!r) {
+ return PAM_BUF_ERR;
+ }
+
+ ZERO_STRUCTP(r);
+
+ r->pamh = pamh;
+ r->flags = flags;
+ r->argc = argc;
+ r->argv = argv;
+ r->ctrl = _pam_parse(pamh, flags, argc, argv, &r->dict);
+ if (r->ctrl == -1) {
+ _pam_winbind_free_context(r);
+ return PAM_SYSTEM_ERR;
+ }
+
+ *ctx_p = r;
+
+ return PAM_SUCCESS;
+}
+
static void _pam_winbind_cleanup_func(pam_handle_t *pamh,
void *data,
int error_status)
{
int ctrl = _pam_parse(pamh, 0, 0, NULL, NULL);
if (_pam_log_is_debug_state_enabled(ctrl)) {
- _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ __pam_log_debug(pamh, ctrl, LOG_DEBUG,
"[pamh: %p] CLEAN: cleaning up PAM data %p "
"(error_status = %d)", pamh, data,
error_status);
@@ -407,7 +471,7 @@ static const struct ntstatus_errors {
{NULL, NULL}
};
-const char *_get_ntstatus_error_string(const char *nt_status_string)
+static const char *_get_ntstatus_error_string(const char *nt_status_string)
{
int i;
for (i=0; ntstatus_errors[i].ntstatus_string != NULL; i++) {
@@ -423,7 +487,7 @@ const char *_get_ntstatus_error_string(const char *nt_status_string)
/* Attempt a conversation */
-static int converse(pam_handle_t *pamh,
+static int converse(const pam_handle_t *pamh,
int nargs,
struct pam_message **message,
struct pam_response **response)
@@ -442,8 +506,7 @@ static int converse(pam_handle_t *pamh,
}
-static int _make_remark(pam_handle_t * pamh,
- int flags,
+static int _make_remark(struct pwb_context *ctx,
int type,
const char *text)
{
@@ -452,7 +515,7 @@ static int _make_remark(pam_handle_t * pamh,
struct pam_message *pmsg[1], msg[1];
struct pam_response *resp;
- if (flags & WINBIND_SILENT) {
+ if (ctx->flags & WINBIND_SILENT) {
return PAM_SUCCESS;
}
@@ -461,7 +524,7 @@ static int _make_remark(pam_handle_t * pamh,
msg[0].msg_style = type;
resp = NULL;
- retval = converse(pamh, 1, pmsg, &resp);
+ retval = converse(ctx->pamh, 1, pmsg, &resp);
if (resp) {
_pam_drop_reply(resp, 1);
@@ -469,8 +532,7 @@ static int _make_remark(pam_handle_t * pamh,
return retval;
}
-static int _make_remark_v(pam_handle_t *pamh,
- int flags,
+static int _make_remark_v(struct pwb_context *ctx,
int type,
const char *format,
va_list args)
@@ -480,29 +542,28 @@ static int _make_remark_v(pam_handle_t *pamh,
ret = vasprintf(&var, format, args);
if (ret < 0) {
- _pam_log(pamh, 0, LOG_ERR, "memory allocation failure");
+ _pam_log(ctx, LOG_ERR, "memory allocation failure");
return ret;
}
- ret = _make_remark(pamh, flags, type, var);
+ ret = _make_remark(ctx, type, var);
SAFE_FREE(var);
return ret;
}
-static int _make_remark_format(pam_handle_t * pamh, int flags, int type, const char *format, ...) PRINTF_ATTRIBUTE(4,5);
-static int _make_remark_format(pam_handle_t * pamh, int flags, int type, const char *format, ...)
+static int _make_remark_format(struct pwb_context *ctx, int type, const char *format, ...) PRINTF_ATTRIBUTE(3,4);
+static int _make_remark_format(struct pwb_context *ctx, int type, const char *format, ...)
{
int ret;
va_list args;
va_start(args, format);
- ret = _make_remark_v(pamh, flags, type, format, args);
+ ret = _make_remark_v(ctx, type, format, args);
va_end(args);
return ret;
}
-static int pam_winbind_request(pam_handle_t *pamh,
- int ctrl,
+static int pam_winbind_request(struct pwb_context *ctx,
enum winbindd_cmd req_type,
struct winbindd_request *request,
struct winbindd_response *response)
@@ -511,7 +572,7 @@ static int pam_winbind_request(pam_handle_t *pamh,
winbindd_init_request(request, req_type);
if (winbind_write_sock(request, sizeof(*request), 0, 0) == -1) {
- _pam_log(pamh, ctrl, LOG_ERR,
+ _pam_log(ctx, LOG_ERR,
"pam_winbind_request: write to socket failed!");
winbind_close_sock();
return PAM_SERVICE_ERR;
@@ -519,7 +580,7 @@ static int pam_winbind_request(pam_handle_t *pamh,
/* Wait for reply */
if (winbindd_read_reply(response) == -1) {
- _pam_log(pamh, ctrl, LOG_ERR,
+ _pam_log(ctx, LOG_ERR,
"pam_winbind_request: read from socket failed!");
winbind_close_sock();
return PAM_SERVICE_ERR;
@@ -539,11 +600,11 @@ static int pam_winbind_request(pam_handle_t *pamh,
case WINBINDD_GETPWNAM:
case WINBINDD_LOOKUPNAME:
if (strlen(response->data.auth.nt_status_string) > 0) {
- _pam_log(pamh, ctrl, LOG_ERR,
+ _pam_log(ctx, LOG_ERR,
"request failed, NT error was %s",
response->data.auth.nt_status_string);
} else {
- _pam_log(pamh, ctrl, LOG_ERR, "request failed");
+ _pam_log(ctx, LOG_ERR, "request failed");
}
return PAM_USER_UNKNOWN;
default:
@@ -551,23 +612,22 @@ static int pam_winbind_request(pam_handle_t *pamh,
}
if (response->data.auth.pam_error != PAM_SUCCESS) {
- _pam_log(pamh, ctrl, LOG_ERR,
+ _pam_log(ctx, LOG_ERR,
"request failed: %s, "
"PAM error was %s (%d), NT error was %s",
response->data.auth.error_string,
- pam_strerror(pamh, response->data.auth.pam_error),
+ pam_strerror(ctx->pamh, response->data.auth.pam_error),
response->data.auth.pam_error,
response->data.auth.nt_status_string);
return response->data.auth.pam_error;
}
- _pam_log(pamh, ctrl, LOG_ERR, "request failed, but PAM error 0!");
+ _pam_log(ctx, LOG_ERR, "request failed, but PAM error 0!");
return PAM_SERVICE_ERR;
}
-static int pam_winbind_request_log(pam_handle_t *pamh,
- int ctrl,
+static int pam_winbind_request_log(struct pwb_context *ctx,
enum winbindd_cmd req_type,
struct winbindd_request *request,
struct winbindd_response *response,
@@ -575,34 +635,34 @@ static int pam_winbind_request_log(pam_handle_t *pamh,
{
int retval;
- retval = pam_winbind_request(pamh, ctrl, req_type, request, response);
+ retval = pam_winbind_request(ctx, req_type, request, response);
switch (retval) {
case PAM_AUTH_ERR:
/* incorrect password */
- _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' denied access "
+ _pam_log(ctx, LOG_WARNING, "user '%s' denied access "
"(incorrect password or invalid membership)", user);
return retval;
case PAM_ACCT_EXPIRED:
/* account expired */
- _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' account expired",
+ _pam_log(ctx, LOG_WARNING, "user '%s' account expired",
user);
return retval;
case PAM_AUTHTOK_EXPIRED:
/* password expired */
- _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' password expired",
+ _pam_log(ctx, LOG_WARNING, "user '%s' password expired",
user);
return retval;
case PAM_NEW_AUTHTOK_REQD:
/* new password required */
- _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' new password "
+ _pam_log(ctx, LOG_WARNING, "user '%s' new password "
"required", user);
return retval;
case PAM_USER_UNKNOWN:
/* the user does not exist */
- _pam_log_debug(pamh, ctrl, LOG_NOTICE, "user '%s' not found",
+ _pam_log_debug(ctx, LOG_NOTICE, "user '%s' not found",
user);
- if (ctrl & WINBIND_UNKNOWN_OK_ARG) {
+ if (ctx->ctrl & WINBIND_UNKNOWN_OK_ARG) {
return PAM_IGNORE;
}
return retval;
@@ -612,15 +672,15 @@ static int pam_winbind_request_log(pam_handle_t *pamh,
case WINBINDD_INFO:
break;
case WINBINDD_PAM_AUTH:
- _pam_log(pamh, ctrl, LOG_NOTICE,
+ _pam_log(ctx, LOG_NOTICE,
"user '%s' granted access", user);
break;
case WINBINDD_PAM_CHAUTHTOK:
- _pam_log(pamh, ctrl, LOG_NOTICE,
+ _pam_log(ctx, LOG_NOTICE,
"user '%s' password changed", user);
break;
default:
- _pam_log(pamh, ctrl, LOG_NOTICE,
+ _pam_log(ctx, LOG_NOTICE,
"user '%s' OK", user);
break;
}
@@ -628,7 +688,7 @@ static int pam_winbind_request_log(pam_handle_t *pamh,
return retval;
default:
/* we don't know anything about this return value */
- _pam_log(pamh, ctrl, LOG_ERR,
+ _pam_log(ctx, LOG_ERR,
"internal module error (retval = %d, user = '%s')",
retval, user);
return retval;
@@ -647,8 +707,7 @@ static int pam_winbind_request_log(pam_handle_t *pamh,
* @return boolean Returns true if message has been sent, false if not.
*/
-static bool _pam_send_password_expiry_message(pam_handle_t *pamh,
- int ctrl,
+static bool _pam_send_password_expiry_message(struct pwb_context *ctx,
time_t next_change,
time_t now,
int warn_pwd_expire,
@@ -662,7 +721,7 @@ static bool _pam_send_password_expiry_message(pam_handle_t *pamh,
--
Samba Shared Repository
More information about the samba-cvs
mailing list