diff options
| author | John Terpstra <jht@samba.org> | 2003-04-08 04:42:44 +0000 |
|---|---|---|
| committer | John Terpstra <jht@samba.org> | 2003-04-08 04:42:44 +0000 |
| commit | b15255d7ab8a0b883f97fe57bf7280fbbf8e92b7 (patch) | |
| tree | fc61ab3537d56acf469c2faca0d0a8f47af7221d /source3/pam_smbpass/pam_smb_acct.c | |
| parent | 8490fa485467edd9f03074a39329c3669663b2cf (diff) | |
| download | samba-b15255d7ab8a0b883f97fe57bf7280fbbf8e92b7.tar.gz samba-b15255d7ab8a0b883f97fe57bf7280fbbf8e92b7.tar.bz2 samba-b15255d7ab8a0b883f97fe57bf7280fbbf8e92b7.zip | |
Patch from Steve Langasek <vorlon@netexpress.net>
fix up two issues in
pam_smbpass. The first, more important issue is adding support for the
(apparently new) LOCAL_SET_PASSWORD flag to local_password_change(),
without which pam_smbpass is a complete and utter no-op. The second,
lesser issue is that with the advent of ldapsam, it's possible for
pam_smbpass to generate a SIGPIPE that isn't handled by the calling
application. The most basic signal wrapping is put in place to prevent
this.
Beyond that, the only thing in the patch is a bit of reformatting to
make pam_smb_passwd.c look a bit more like the rest of the code in CVS.
More of that later, I'm sure.
(This used to be commit 1aecda300e0b44c133fe0cd2bafb166621dbc17a)
Diffstat (limited to 'source3/pam_smbpass/pam_smb_acct.c')
| -rw-r--r-- | source3/pam_smbpass/pam_smb_acct.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c index 0803ef82a2..2ea7eea7d8 100644 --- a/source3/pam_smbpass/pam_smb_acct.c +++ b/source3/pam_smbpass/pam_smb_acct.c @@ -47,7 +47,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, const char *name; SAM_ACCOUNT *sampass = NULL; - + void (*oldsig_handler)(int); extern BOOL in_client; /* Samba initialization. */ @@ -69,8 +69,12 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); } + /* Getting into places that might use LDAP -- protect the app + from a SIGPIPE it's not expecting */ + oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); if (!initialize_password_db(True)) { _log_err( LOG_ALERT, "Cannot access samba password database" ); + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_AUTHINFO_UNAVAIL; } @@ -78,8 +82,10 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, pdb_init_sam(&sampass); pdb_getsampwnam(sampass, name ); - if (!sampass) + if (!sampass) { + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_USER_UNKNOWN; + } if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { if (on( SMB_DEBUG, ctrl )) { @@ -90,11 +96,13 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, , "Your account has been disabled; " "please see your system administrator." ); + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_ACCT_EXPIRED; } /* TODO: support for expired passwords. */ + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_SUCCESS; } |