関数 | |
int | pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc, const char **argv) |
変数 | |
pam_module | _pam_smbpass_acct_modstruct |
int pam_sm_acct_mgmt | ( | pam_handle_t * | pamh, | |
int | flags, | |||
int | argc, | |||
const char ** | argv | |||
) |
pam_smb_acct.c の 42 行で定義されています。
参照先 _log_err()・CatchSignal()・in_client・initialize_password_db()・load_case_tables()・make_remark()・name・nt_status_to_pam()・pdb_get_acct_ctrl()・pdb_get_username()・pdb_getsampwnam()・samu_new()・set_ctrl()・setup_logging().
00044 { 00045 unsigned int ctrl; 00046 int retval; 00047 00048 const char *name; 00049 struct samu *sampass = NULL; 00050 void (*oldsig_handler)(int); 00051 extern BOOL in_client; 00052 00053 /* Samba initialization. */ 00054 load_case_tables(); 00055 setup_logging( "pam_smbpass", False ); 00056 in_client = True; 00057 00058 ctrl = set_ctrl( flags, argc, argv ); 00059 00060 /* get the username */ 00061 00062 retval = pam_get_user( pamh, &name, "Username: " ); 00063 if (retval != PAM_SUCCESS) { 00064 if (on( SMB_DEBUG, ctrl )) { 00065 _log_err( LOG_DEBUG, "acct: could not identify user" ); 00066 } 00067 return retval; 00068 } 00069 if (on( SMB_DEBUG, ctrl )) { 00070 _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); 00071 } 00072 00073 if (geteuid() != 0) { 00074 _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root."); 00075 return PAM_AUTHINFO_UNAVAIL; 00076 } 00077 00078 /* Getting into places that might use LDAP -- protect the app 00079 from a SIGPIPE it's not expecting */ 00080 oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); 00081 if (!initialize_password_db(True)) { 00082 _log_err( LOG_ALERT, "Cannot access samba password database" ); 00083 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); 00084 return PAM_AUTHINFO_UNAVAIL; 00085 } 00086 00087 /* Get the user's record. */ 00088 00089 if (!(sampass = samu_new( NULL ))) { 00090 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); 00091 /* malloc fail. */ 00092 return nt_status_to_pam(NT_STATUS_NO_MEMORY); 00093 } 00094 00095 if (!pdb_getsampwnam(sampass, name )) { 00096 _log_err( LOG_DEBUG, "acct: could not identify user" ); 00097 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); 00098 return PAM_USER_UNKNOWN; 00099 } 00100 00101 /* check for lookup failure */ 00102 if (!strlen(pdb_get_username(sampass)) ) { 00103 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); 00104 return PAM_USER_UNKNOWN; 00105 } 00106 00107 if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { 00108 if (on( SMB_DEBUG, ctrl )) { 00109 _log_err( LOG_DEBUG 00110 , "acct: account %s is administratively disabled", name ); 00111 } 00112 make_remark( pamh, ctrl, PAM_ERROR_MSG 00113 , "Your account has been disabled; " 00114 "please see your system administrator." ); 00115 00116 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); 00117 return PAM_ACCT_EXPIRED; 00118 } 00119 00120 /* TODO: support for expired passwords. */ 00121 00122 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); 00123 return PAM_SUCCESS; 00124 }
struct pam_module _pam_smbpass_acct_modstruct |
初期値:
{ "pam_smbpass", NULL, NULL, pam_sm_acct_mgmt, NULL, NULL, NULL }
pam_smb_acct.c の 128 行で定義されています。