diff options
Diffstat (limited to 'source/nsswitch/wbinfo.c')
| -rw-r--r-- | source/nsswitch/wbinfo.c | 142 |
1 files changed, 26 insertions, 116 deletions
diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c index 60524d1d1b..32c6315cce 100644 --- a/source/nsswitch/wbinfo.c +++ b/source/nsswitch/wbinfo.c @@ -879,61 +879,21 @@ static bool wbinfo_lookupname(const char *full_name) return true; } -static char *wbinfo_prompt_pass(const char *prefix, - const char *username) -{ - char *prompt; - const char *ret = NULL; - - prompt = talloc_asprintf(talloc_tos(), "Enter %s's ", username); - if (!prompt) { - return NULL; - } - if (prefix) { - prompt = talloc_asprintf_append(prompt, "%s ", prefix); - if (!prompt) { - return NULL; - } - } - prompt = talloc_asprintf_append(prompt, "password: "); - if (!prompt) { - return NULL; - } - - ret = getpass(prompt); - TALLOC_FREE(prompt); - - return SMB_STRDUP(ret); -} - /* Authenticate a user with a plaintext password */ -static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags) +static bool wbinfo_auth_krb5(char *username, const char *pass, const char *cctype, uint32 flags) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; - char *p; - char *password; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); - p = strchr(username, '%'); - - if (p) { - *p = 0; - fstrcpy(request.data.auth.user, username); - fstrcpy(request.data.auth.pass, p + 1); - *p = '%'; - } else { - fstrcpy(request.data.auth.user, username); - password = wbinfo_prompt_pass(NULL, username); - fstrcpy(request.data.auth.pass, password); - SAFE_FREE(password); - } + fstrcpy(request.data.auth.user, username); + fstrcpy(request.data.auth.pass, pass); request.flags = flags; @@ -974,29 +934,11 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags) /* Authenticate a user with a plaintext password */ -static bool wbinfo_auth(char *username) +static bool wbinfo_auth(char *username, const char *pass) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - char *s = NULL; - char *p = NULL; - char *password = NULL; - char *name = NULL; - - if ((s = SMB_STRDUP(username)) == NULL) { - return false; - } - - if ((p = strchr(s, '%')) != NULL) { - *p = 0; - p++; - password = SMB_STRDUP(p); - } else { - password = wbinfo_prompt_pass(NULL, username); - } - - name = s; - wbc_status = wbcAuthenticateUser(name, password); + wbc_status = wbcAuthenticateUser(username, pass); d_printf("plaintext password authentication %s\n", WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); @@ -1009,15 +951,12 @@ static bool wbinfo_auth(char *username) response.data.auth.error_string); #endif - SAFE_FREE(s); - SAFE_FREE(password); - return WBC_ERROR_IS_OK(wbc_status); } /* Authenticate a user with a challenge/response */ -static bool wbinfo_auth_crap(char *username) +static bool wbinfo_auth_crap(char *username, const char *pass) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcAuthUserParams params; @@ -1027,17 +966,6 @@ static bool wbinfo_auth_crap(char *username) DATA_BLOB nt = data_blob_null; fstring name_user; fstring name_domain; - char *pass; - char *p; - - p = strchr(username, '%'); - - if (p) { - *p = 0; - pass = SMB_STRDUP(p + 1); - } else { - pass = wbinfo_prompt_pass(NULL, username); - } parse_wbinfo_domain_user(username, name_domain, name_user); @@ -1067,7 +995,6 @@ static bool wbinfo_auth_crap(char *username) &lm, &nt, NULL)) { data_blob_free(&names_blob); data_blob_free(&server_chal); - SAFE_FREE(pass); return false; } data_blob_free(&names_blob); @@ -1112,7 +1039,6 @@ static bool wbinfo_auth_crap(char *username) data_blob_free(&nt); data_blob_free(&lm); - SAFE_FREE(pass); return WBC_ERROR_IS_OK(wbc_status); } @@ -1341,28 +1267,6 @@ static bool wbinfo_ping(void) return WBC_ERROR_IS_OK(wbc_status); } -static bool wbinfo_change_user_password(const char *username) -{ - wbcErr wbc_status; - char *old_password = NULL; - char *new_password = NULL; - - old_password = wbinfo_prompt_pass("old", username); - new_password = wbinfo_prompt_pass("new", username); - - wbc_status = wbcChangeUserPassword(username, old_password, new_password); - - /* Display response */ - - d_printf("Password change for user %s %s\n", username, - WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); - - SAFE_FREE(old_password); - SAFE_FREE(new_password); - - return WBC_ERROR_IS_OK(wbc_status); -} - /* Main program */ enum { @@ -1382,8 +1286,7 @@ enum { OPT_UID_INFO, OPT_GROUP_INFO, OPT_VERBOSE, - OPT_ONLINESTATUS, - OPT_CHANGE_USER_PASSWORD + OPT_ONLINESTATUS }; int main(int argc, char **argv, char **envp) @@ -1450,7 +1353,6 @@ int main(int argc, char **argv, char **envp) #endif { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL }, { "verbose", 0, POPT_ARG_NONE, 0, OPT_VERBOSE, "Print additional information per command", NULL }, - { "change-user-password", 0, POPT_ARG_STRING, &string_arg, OPT_CHANGE_USER_PASSWORD, "Change the password for a user", NULL }, POPT_COMMON_CONFIGFILE POPT_COMMON_VERSION POPT_TABLEEND @@ -1653,14 +1555,22 @@ int main(int argc, char **argv, char **envp) break; case 'a': { bool got_error = false; + char *pass; - if (!wbinfo_auth(string_arg)) { + if ((pass = strchr(string_arg, '%')) != NULL) { + *pass = 0; + pass++; + } else { + pass = (char *)""; + } + + if (!wbinfo_auth(string_arg, pass)) { d_fprintf(stderr, "Could not authenticate user %s with " "plaintext password\n", string_arg); got_error = true; } - if (!wbinfo_auth_crap(string_arg)) { + if (!wbinfo_auth_crap(string_arg, pass)) { d_fprintf(stderr, "Could not authenticate user %s with " "challenge/response\n", string_arg); got_error = true; @@ -1675,8 +1585,16 @@ int main(int argc, char **argv, char **envp) WBFLAG_PAM_CACHED_LOGIN | WBFLAG_PAM_FALLBACK_AFTER_KRB5 | WBFLAG_PAM_INFO3_TEXT; + char *pass; + + if ((pass = strchr(string_arg, '%')) != NULL) { + *pass = 0; + pass++; + } else { + pass = (char *)""; + } - if (!wbinfo_auth_krb5(string_arg, "FILE", flags)) { + if (!wbinfo_auth_krb5(string_arg, pass, "FILE", flags)) { d_fprintf(stderr, "Could not authenticate user [%s] with " "Kerberos (ccache: %s)\n", string_arg, "FILE"); goto done; @@ -1731,14 +1649,6 @@ int main(int argc, char **argv, char **envp) goto done; } break; - case OPT_CHANGE_USER_PASSWORD: - if (!wbinfo_change_user_password(string_arg)) { - d_fprintf(stderr, "Could not change user password " - "for user %s\n", string_arg); - goto done; - } - break; - /* generic configuration options */ case OPT_DOMAIN_NAME: break; |