--- /dev/null
+
+Because pam_smbpass is derived from the Samba smbpasswd utility, recent
+versions of pam_smbpass require a copy of the Samba source code to be
+available on the build system. Version 0.7.5 has been tested against
+Samba 2.2.0-alpha3, and this is the recommended version of Samba to use
+for building pam_smbpass. This only affects /building/ pam_smbpass; you
+can still run any version of the Samba server that you want, although
+clearly it saves some disk space to have only one copy of the source
+code on your system (Samba 2.2.0-alpha3 takes roughly 32MB of disk space
+to build pam_smbpass).
+
+Version 0.7.5 features a new build system to make it easier to build
+pam_smbpass.
+
+
+Using the new build system
+==========================
+
+If you don't have a copy of the Samba source code on your machine, and you
+don't have a preferred Samba version (or mirror site), you can build
+pam_smbpass by just typing 'make'.
+
+If you want to use a version other than 2.2.0-alpha3, or you want to
+download the source code from a faster Samba mirror (see
+<http://us1.samba.org/samba/> for a list of mirror sites), please download
+the source code and unpack it before running make. The build scripts will
+attempt to autodetect your Samba source directory, and if it can't be
+found automatically, you will be given the opportunity to specify an
+alternate directory for the Samba sources.
+
+Feedback is welcome if you try (or succeed!) to build pam_smbpass with
+other versions of Samba.
+
+
+Options to 'make'
+=================
+
+By default, pam_smbpass will configure the Samba build tree with the
+options
+
+ --with-fhs --with-privatedir=/etc --with-configdir=/etc
+
+This will configure pam_smbpass to look for the smbpasswd file as
+/etc/smbpasswd (or /etc/smbpasswd.tdb), and the smb.conf file as
+/etc/smb.conf. You can override these options by setting CONFIGOPTS when
+calling make. E.g., if you have your smb.conf file in /usr/etc and your
+smbpasswd file in /usr/etc/private, you might run
+
+ make CONFIGOPTS="--with-privatedir=/usr/etc/private --with-configdir=/usr/etc"
+
+For a complete list of available configuration options, see
+'./samba/configure --help'
+
+
+Installing the module
+=====================
+
+If all goes well in the build process, the file pam_smbpass.so will be
+created in the current directory. Simply install the module into your
+system's PAM module directory:
+
+ install -m 755 -s bin/pam_smbpass.so /lib/security
+
+and you're all set.
-/* Unix NT password database implementation, version 0.6.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "general.h"
+ /* Unix NT password database implementation, version 0.6.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
-#include "support.h"
+ #include "includes.h"
+ #include "general.h"
+ #include "support.h"
-#define _pam_overwrite(x) \
-do { \
- register char *__xx__; \
- if ((__xx__=(x))) \
- while (*__xx__) \
- *__xx__++ = '\0'; \
-} while (0)
-/*
- * Don't just free it, forget it too.
- */
+ #define _pam_overwrite(x) \
+ do { \
+ register char *__xx__; \
+ if ((__xx__=(x))) \
+ while (*__xx__) \
+ *__xx__++ = '\0'; \
+ } while (0)
-#define _pam_drop(X) \
-do { \
- if (X) { \
- free(X); \
- X=NULL; \
- } \
-} while (0)
-
-#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
-do { \
- int reply_i; \
- \
- for (reply_i=0; reply_i<replies; ++reply_i) { \
- if (reply[reply_i].resp) { \
- _pam_overwrite(reply[reply_i].resp); \
- free(reply[reply_i].resp); \
- } \
- } \
- if (reply) \
- free(reply); \
-} while (0)
-
-
-int converse(pam_handle_t *, int, int, struct pam_message **,
- struct pam_response **);
-int make_remark(pam_handle_t *, unsigned int, int, const char *);
-void _cleanup(pam_handle_t *, void *, int);
-char *_pam_delete(register char *);
-
-/* syslogging function for errors and other information */
-
-void _log_err( int err, const char *format, ... )
-{
- va_list args;
+ /*
+ * Don't just free it, forget it too.
+ */
- va_start( args, format );
- openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
- vsyslog( err, format, args );
- va_end( args );
- closelog();
-}
+ #define _pam_drop(X) \
+ do { \
+ if (X) { \
+ free(X); \
+ X=NULL; \
+ } \
+ } while (0)
+
+ #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+ do { \
+ int reply_i; \
+ \
+ for (reply_i=0; reply_i<replies; ++reply_i) { \
+ if (reply[reply_i].resp) { \
+ _pam_overwrite(reply[reply_i].resp); \
+ free(reply[reply_i].resp); \
+ } \
+ } \
+ if (reply) \
+ free(reply); \
+ } while (0)
+
+
+ int converse(pam_handle_t *, int, int, struct pam_message **,
+ struct pam_response **);
+ int make_remark(pam_handle_t *, unsigned int, int, const char *);
+ void _cleanup(pam_handle_t *, void *, int);
+ char *_pam_delete(register char *);
+
+ /* default configuration file location */
+
+ char *servicesf = dyn_CONFIGFILE;
+
+ /* syslogging function for errors and other information */
+
+ void _log_err( int err, const char *format, ... )
+ {
+ va_list args;
+
+ va_start( args, format );
+ openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
+ vsyslog( err, format, args );
+ va_end( args );
+ closelog();
+ }
-/* this is a front-end for module-application conversations */
+ /* this is a front-end for module-application conversations */
-int converse( pam_handle_t * pamh, int ctrl, int nargs
- , struct pam_message **message
- , struct pam_response **response )
-{
- int retval;
- struct pam_conv *conv;
+ int converse( pam_handle_t * pamh, int ctrl, int nargs
+ , struct pam_message **message
+ , struct pam_response **response )
+ {
+ int retval;
+ struct pam_conv *conv;
- retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
- if (retval == PAM_SUCCESS) {
+ retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+ if (retval == PAM_SUCCESS) {
- retval = conv->conv(nargs, (const struct pam_message **) message
- ,response, conv->appdata_ptr);
+ retval = conv->conv(nargs, (const struct pam_message **) message
+ ,response, conv->appdata_ptr);
- if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
- _log_err(LOG_DEBUG, "conversation failure [%s]"
+ if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
+ _log_err(LOG_DEBUG, "conversation failure [%s]"
+ ,pam_strerror(pamh, retval));
+ }
+ } else {
+ _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
,pam_strerror(pamh, retval));
}
- } else {
- _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
- ,pam_strerror(pamh, retval));
- }
- return retval; /* propagate error status */
-}
+ return retval; /* propagate error status */
+ }
-int make_remark( pam_handle_t * pamh, unsigned int ctrl
- , int type, const char *text )
-{
- if (off(SMB__QUIET, ctrl)) {
- struct pam_message *pmsg[1], msg[1];
- struct pam_response *resp;
+ int make_remark( pam_handle_t * pamh, unsigned int ctrl
+ , int type, const char *text )
+ {
+ if (off(SMB__QUIET, ctrl)) {
+ struct pam_message *pmsg[1], msg[1];
+ struct pam_response *resp;
- pmsg[0] = &msg[0];
- msg[0].msg = text;
- msg[0].msg_style = type;
- resp = NULL;
+ pmsg[0] = &msg[0];
+ msg[0].msg = text;
+ msg[0].msg_style = type;
+ resp = NULL;
- return converse(pamh, ctrl, 1, pmsg, &resp);
+ return converse(pamh, ctrl, 1, pmsg, &resp);
+ }
+ return PAM_SUCCESS;
}
- return PAM_SUCCESS;
-}
-/* set the control flags for the SMB module. */
+ /* set the control flags for the SMB module. */
int set_ctrl( int flags, int argc, const char **argv )
{
int i = 0;
- static pstring servicesf = CONFIGFILE;
- const char *service_file = servicesf;
+ const char *service_file = dyn_CONFIGFILE;
unsigned int ctrl;
ctrl = SMB_DEFAULTS; /* the default selection of options */
/* A good, sane default (matches Samba's behavior). */
set( SMB__NONULL, ctrl );
+ /* initialize service file location */
+ service_file=servicesf;
+
if (flags & PAM_SILENT) {
set( SMB__QUIET, ctrl );
}
_log_err( LOG_ERR, "Error loading service file %s", service_file );
}
+ secrets_init();
+
if (lp_null_passwords()) {
set( SMB__NULLOK, ctrl );
}
uchar hash_pass[16];
uchar lm_pw[16];
uchar nt_pw[16];
- int retval;
+ int retval = PAM_AUTH_ERR;
char *data_name;
const char *name;
{
int authtok_flag;
int retval;
- const char *item = NULL;
+ char *item = NULL;
char *token;
struct pam_message msg[3], *pmsg[3];