compile fixes; needs testing

(This used to be commit a3f68a963c0dc5ba5e8601633e9b532fa32145cd)

diff --git a/source3/pam_smbpass/INSTALL b/source3/pam_smbpass/INSTALL
new file mode 100644 (file)
index 0000000..ae2ba02
--- /dev/null
+++ b/source3/pam_smbpass/INSTALL
@@ -0,0 +1,64 @@
+
+Because pam_smbpass is derived from the Samba smbpasswd utility, recent
+versions of pam_smbpass require a copy of the Samba source code to be
+available on the build system.  Version 0.7.5 has been tested against
+Samba 2.2.0-alpha3, and this is the recommended version of Samba to use
+for building pam_smbpass.  This only affects /building/ pam_smbpass; you
+can still run any version of the Samba server that you want, although
+clearly it saves some disk space to have only one copy of the source
+code on your system (Samba 2.2.0-alpha3 takes roughly 32MB of disk space
+to build pam_smbpass).
+
+Version 0.7.5 features a new build system to make it easier to build
+pam_smbpass.
+
+
+Using the new build system
+==========================
+
+If you don't have a copy of the Samba source code on your machine, and you
+don't have a preferred Samba version (or mirror site), you can build
+pam_smbpass by just typing 'make'.
+
+If you want to use a version other than 2.2.0-alpha3, or you want to
+download the source code from a faster Samba mirror (see
+<http://us1.samba.org/samba/> for a list of mirror sites), please download
+the source code and unpack it before running make.  The build scripts will
+attempt to autodetect your Samba source directory, and if it can't be
+found automatically, you will be given the opportunity to specify an
+alternate directory for the Samba sources.
+
+Feedback is welcome if you try (or succeed!) to build pam_smbpass with
+other versions of Samba.
+
+
+Options to 'make'
+=================
+
+By default, pam_smbpass will configure the Samba build tree with the
+options
+
+    --with-fhs --with-privatedir=/etc --with-configdir=/etc
+
+This will configure pam_smbpass to look for the smbpasswd file as
+/etc/smbpasswd (or /etc/smbpasswd.tdb), and the smb.conf file as
+/etc/smb.conf.  You can override these options by setting CONFIGOPTS when
+calling make.  E.g., if you have your smb.conf file in /usr/etc and your
+smbpasswd file in /usr/etc/private, you might run
+
+    make CONFIGOPTS="--with-privatedir=/usr/etc/private --with-configdir=/usr/etc"
+
+For a complete list of available configuration options, see
+'./samba/configure --help'
+
+
+Installing the module
+=====================
+
+If all goes well in the build process, the file pam_smbpass.so will be
+created in the current directory.  Simply install the module into your
+system's PAM module directory:
+
+       install -m 755 -s bin/pam_smbpass.so /lib/security
+
+and you're all set.

diff --git a/source3/pam_smbpass/general.h b/source3/pam_smbpass/general.h
index 0291146cbba38830dbf58dd17658c4cfd94c9519..4f13d6013132eb1aae9469d764ea779dc4774f0b 100644 (file)
--- a/source3/pam_smbpass/general.h
+++ b/source3/pam_smbpass/general.h
@@ -121,3 +121,10 @@ struct _pam_failed_auth {
     char *agent;                /* attempt from user with name */
     int count;                  /* number of failures so far */
 };
     char *agent;                /* attempt from user with name */
     int count;                  /* number of failures so far */
 };

+
+/*
+ * General use functions go here 
+ */
+
+/* from support.c */
+int make_remark(pam_handle_t *, unsigned int, int, const char *);

diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c
index 8d91c456bf4b498944b4344a413752c93bce00bd..0803ef82a23c6b432a88bc557c5f7be16afa5131 100644 (file)
--- a/source3/pam_smbpass/pam_smb_acct.c
+++ b/source3/pam_smbpass/pam_smb_acct.c
@@ -33,6 +33,7 @@
 
 #include "support.h"
 
 
 #include "support.h"
 

+

 /*
  * pam_sm_acct_mgmt() verifies whether or not the account is disabled.
  *
 /*
  * pam_sm_acct_mgmt() verifies whether or not the account is disabled.
  *


@@ -45,15 +46,12 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
     int retval;
 
     const char *name;
     int retval;
 
     const char *name;

-    const char *p;

     SAM_ACCOUNT *sampass = NULL;
 
     extern BOOL in_client;
 
     /* Samba initialization. */
     setup_logging( "pam_smbpass", False );
     SAM_ACCOUNT *sampass = NULL;
 
     extern BOOL in_client;
 
     /* Samba initialization. */
     setup_logging( "pam_smbpass", False );

-    charset_initialise();
-    codepage_initialise(lp_client_code_page());

     in_client = True;
 
     ctrl = set_ctrl( flags, argc, argv );
     in_client = True;
 
     ctrl = set_ctrl( flags, argc, argv );

diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 9952eb94db2ccc7e76e414b26ab44f9ed51c12f0..e5cc12e2f6d40bc4a095ca5ef2ee13b22dcf3139 100644 (file)
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -47,6 +47,7 @@ do {                                                          \
 static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
                          const char *name, SAM_ACCOUNT *sampass, BOOL exist);
 
 static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
                          const char *name, SAM_ACCOUNT *sampass, BOOL exist);
 

+

 /*
  * pam_sm_authenticate() authenticates users against the samba password file.
  *
 /*
  * pam_sm_authenticate() authenticates users against the samba password file.
  *


@@ -67,13 +68,11 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
     BOOL found;
 
     /* Points to memory managed by the PAM library. Do not free. */
     BOOL found;
 
     /* Points to memory managed by the PAM library. Do not free. */

-    const char *p = NULL;
+    char *p = NULL;

 
 
     /* Samba initialization. */
     setup_logging("pam_smbpass",False);
 
 
     /* Samba initialization. */
     setup_logging("pam_smbpass",False);

-    charset_initialise();
-    codepage_initialise(lp_client_code_page());

     in_client = True;
 
     ctrl = set_ctrl(flags, argc, argv);
     in_client = True;
 
     ctrl = set_ctrl(flags, argc, argv);

diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 338d873d257506425f98894ae85926edb80e7e6c..0f527552525c88515ecb8a715bb0f6e68c9d75ec 100644 (file)
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -35,8 +35,7 @@
 
 int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user,  const char *pass_new )
 {
 
 int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user,  const char *pass_new )
 {

- char          c;
- int           retval, i;
+ int           retval;

  pstring       err_str;
  pstring       msg_str;
 
  pstring       err_str;
  pstring       msg_str;
 


@@ -94,12 +93,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
     SAM_ACCOUNT *sampass = NULL;
     const char *user;
 
     SAM_ACCOUNT *sampass = NULL;
     const char *user;

-    const char *pass_old, *pass_new;
+    char *pass_old;
+    char *pass_new;

 
     /* Samba initialization. */
     setup_logging( "pam_smbpass", False );
 
     /* Samba initialization. */
     setup_logging( "pam_smbpass", False );

-    charset_initialise();
-    codepage_initialise(lp_client_code_page());

     in_client = True;
 
     ctrl = set_ctrl(flags, argc, argv);
     in_client = True;
 
     ctrl = set_ctrl(flags, argc, argv);

diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 86349f8c1645e7a5ec7a1d05c3bb81b0791d2922..a55dcb0272d5b267ac61c731dc2681cb884c0f35 100644 (file)
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -1,132 +1,135 @@
-/* Unix NT password database implementation, version 0.6.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "general.h"
+       /* Unix NT password database implementation, version 0.6.
+        *
+        * This program is free software; you can redistribute it and/or modify it under
+        * the terms of the GNU General Public License as published by the Free
+        * Software Foundation; either version 2 of the License, or (at your option)
+        * any later version.
+        *
+        * This program is distributed in the hope that it will be useful, but WITHOUT
+        * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+        * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+        * more details.
+        *
+        * You should have received a copy of the GNU General Public License along with
+        * this program; if not, write to the Free Software Foundation, Inc., 675
+        * Mass Ave, Cambridge, MA 02139, USA.
+        */

 
 

-#include "support.h"
+       #include "includes.h"
+       #include "general.h"

 
 

+       #include "support.h"

 
 

-#define _pam_overwrite(x)        \
-do {                             \
-     register char *__xx__;      \
-     if ((__xx__=(x)))           \
-          while (*__xx__)        \
-               *__xx__++ = '\0'; \
-} while (0)

 
 

-/*
- * Don't just free it, forget it too.
- */
+       #define _pam_overwrite(x)        \
+       do {                             \
+            register char *__xx__;      \
+            if ((__xx__=(x)))           \
+                 while (*__xx__)        \
+                      *__xx__++ = '\0'; \
+       } while (0)

 
 

-#define _pam_drop(X) \
-do {                 \
-    if (X) {         \
-        free(X);     \
-        X=NULL;      \
-    }                \
-} while (0)
-
-#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
-do {                                              \
-    int reply_i;                                  \
-                                                  \
-    for (reply_i=0; reply_i<replies; ++reply_i) { \
-        if (reply[reply_i].resp) {                \
-            _pam_overwrite(reply[reply_i].resp);  \
-            free(reply[reply_i].resp);            \
-        }                                         \
-    }                                             \
-    if (reply)                                    \
-        free(reply);                              \
-} while (0)
-
-
-int converse(pam_handle_t *, int, int, struct pam_message **,
-                        struct pam_response **);
-int make_remark(pam_handle_t *, unsigned int, int, const char *);
-void _cleanup(pam_handle_t *, void *, int);
-char *_pam_delete(register char *);
-
-/* syslogging function for errors and other information */
-
-void _log_err( int err, const char *format, ... )
-{
-    va_list args;
+       /*
+        * Don't just free it, forget it too.
+        */

 
 

-    va_start( args, format );
-    openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
-    vsyslog( err, format, args );
-    va_end( args );
-    closelog();
-}
+       #define _pam_drop(X) \
+       do {                 \
+           if (X) {         \
+               free(X);     \
+               X=NULL;      \
+           }                \
+       } while (0)
+
+       #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+       do {                                              \
+           int reply_i;                                  \
+                                                         \
+           for (reply_i=0; reply_i<replies; ++reply_i) { \
+               if (reply[reply_i].resp) {                \
+                   _pam_overwrite(reply[reply_i].resp);  \
+                   free(reply[reply_i].resp);            \
+               }                                         \
+           }                                             \
+           if (reply)                                    \
+               free(reply);                              \
+       } while (0)
+
+
+       int converse(pam_handle_t *, int, int, struct pam_message **,
+                                struct pam_response **);
+       int make_remark(pam_handle_t *, unsigned int, int, const char *);
+       void _cleanup(pam_handle_t *, void *, int);
+       char *_pam_delete(register char *);
+
+       /* default configuration file location */
+
+       char *servicesf = dyn_CONFIGFILE;
+
+       /* syslogging function for errors and other information */
+
+       void _log_err( int err, const char *format, ... )
+       {
+           va_list args;
+
+           va_start( args, format );
+           openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
+           vsyslog( err, format, args );
+           va_end( args );
+           closelog();
+       }

 
 

-/* this is a front-end for module-application conversations */
+       /* this is a front-end for module-application conversations */

 
 

-int converse( pam_handle_t * pamh, int ctrl, int nargs
-              , struct pam_message **message
-              , struct pam_response **response )
-{
-       int retval;
-       struct pam_conv *conv;
+       int converse( pam_handle_t * pamh, int ctrl, int nargs
+                     , struct pam_message **message
+                     , struct pam_response **response )
+       {
+               int retval;
+               struct pam_conv *conv;

 
 

-       retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
-       if (retval == PAM_SUCCESS) {
+               retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+               if (retval == PAM_SUCCESS) {

 
 

-               retval = conv->conv(nargs, (const struct pam_message **) message
-                                                       ,response, conv->appdata_ptr);
+                       retval = conv->conv(nargs, (const struct pam_message **) message
+                                                               ,response, conv->appdata_ptr);

 
 

-               if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
-                       _log_err(LOG_DEBUG, "conversation failure [%s]"
+                       if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
+                               _log_err(LOG_DEBUG, "conversation failure [%s]"
+                                                ,pam_strerror(pamh, retval));
+                       }
+               } else {
+                       _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"

                                         ,pam_strerror(pamh, retval));
                }
                                         ,pam_strerror(pamh, retval));
                }

-       } else {
-               _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
-                                ,pam_strerror(pamh, retval));
-       }

 
 

-       return retval;                          /* propagate error status */
-}
+               return retval;                          /* propagate error status */
+       }

 
 

-int make_remark( pam_handle_t * pamh, unsigned int ctrl
-                 , int type, const char *text )
-{
-       if (off(SMB__QUIET, ctrl)) {
-               struct pam_message *pmsg[1], msg[1];
-               struct pam_response *resp;
+       int make_remark( pam_handle_t * pamh, unsigned int ctrl
+                        , int type, const char *text )
+       {
+               if (off(SMB__QUIET, ctrl)) {
+                       struct pam_message *pmsg[1], msg[1];
+                       struct pam_response *resp;

 
 

-               pmsg[0] = &msg[0];
-               msg[0].msg = text;
-               msg[0].msg_style = type;
-               resp = NULL;
+                       pmsg[0] = &msg[0];
+                       msg[0].msg = text;
+                       msg[0].msg_style = type;
+                       resp = NULL;

 
 

-               return converse(pamh, ctrl, 1, pmsg, &resp);
+                       return converse(pamh, ctrl, 1, pmsg, &resp);
+               }
+               return PAM_SUCCESS;

        }
        }

-       return PAM_SUCCESS;
-}

 
 
 
 

-/* set the control flags for the SMB module. */
+       /* set the control flags for the SMB module. */

 
 int set_ctrl( int flags, int argc, const char **argv )
 {
     int i = 0;
 
 int set_ctrl( int flags, int argc, const char **argv )
 {
     int i = 0;

-    static pstring servicesf = CONFIGFILE;
-    const char *service_file = servicesf;
+    const char *service_file = dyn_CONFIGFILE;

     unsigned int ctrl;
 
     ctrl = SMB_DEFAULTS;       /* the default selection of options */
     unsigned int ctrl;
 
     ctrl = SMB_DEFAULTS;       /* the default selection of options */


@@ -136,6 +139,9 @@ int set_ctrl( int flags, int argc, const char **argv )
     /* A good, sane default (matches Samba's behavior). */
     set( SMB__NONULL, ctrl );
 
     /* A good, sane default (matches Samba's behavior). */
     set( SMB__NONULL, ctrl );
 

+    /* initialize service file location */
+    service_file=servicesf;
+

     if (flags & PAM_SILENT) {
         set( SMB__QUIET, ctrl );
     }
     if (flags & PAM_SILENT) {
         set( SMB__QUIET, ctrl );
     }


@@ -165,6 +171,8 @@ int set_ctrl( int flags, int argc, const char **argv )
        _log_err( LOG_ERR, "Error loading service file %s", service_file );
     }
 
        _log_err( LOG_ERR, "Error loading service file %s", service_file );
     }
 

+    secrets_init();
+

     if (lp_null_passwords()) {
         set( SMB__NULLOK, ctrl );
     }
     if (lp_null_passwords()) {
         set( SMB__NULLOK, ctrl );
     }


@@ -303,7 +311,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
     uchar hash_pass[16];
     uchar lm_pw[16];
     uchar nt_pw[16];
     uchar hash_pass[16];
     uchar lm_pw[16];
     uchar nt_pw[16];

-    int retval;
+    int retval = PAM_AUTH_ERR;

     char *data_name;
     const char *name;
 
     char *data_name;
     const char *name;
 


@@ -482,7 +490,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
 {
     int authtok_flag;
     int retval;
 {
     int authtok_flag;
     int retval;

-    const char *item = NULL;
+    char *item = NULL;

     char *token;
 
     struct pam_message msg[3], *pmsg[3];
     char *token;
 
     struct pam_message msg[3], *pmsg[3];