Patch from Steve Langasek <corlon@netexpress.net>

fix up two issues in
pam_smbpass.  The first, more important issue is adding support for the
(apparently new) LOCAL_SET_PASSWORD flag to local_password_change(),
without which pam_smbpass is a complete and utter no-op.  The second,
lesser issue is that with the advent of ldapsam, it's possible for
pam_smbpass to generate a SIGPIPE that isn't handled by the calling
application.  The most basic signal wrapping is put in place to prevent
this.

Beyond that, the only thing in the patch is a bit of reformatting to
make pam_smb_passwd.c look a bit more like the rest of the code in CVS.
(This used to be commit 7cb5af35273097f913bff6894fe03050a18e1def)

1 files changed, 7 insertions, 0 deletions

diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index e5cc12e2f6..f4cbb59af3 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -36,6 +36,8 @@
 
 #define AUTH_RETURN						\
 do {								\
+	/* Restore application signal handler */		\
+	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);	\
 	if(ret_data) {						\
 		*ret_data = retval;				\
 		pam_set_data( pamh, "smb_setcred_return"	\
@@ -65,6 +67,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
     SAM_ACCOUNT *sampass = NULL;
     extern BOOL in_client;
     const char *name;
+    void (*oldsig_handler)(int);
     BOOL found;
 
     /* Points to memory managed by the PAM library. Do not free. */
@@ -93,6 +96,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
         _log_err( LOG_DEBUG, "username [%s] obtained", name );
     }
 
+    /* Getting into places that might use LDAP -- protect the app
+       from a SIGPIPE it's not expecting */
+    oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
+
     if (!initialize_password_db(True)) {
         _log_err( LOG_ALERT, "Cannot access samba password database" );
         retval = PAM_AUTHINFO_UNAVAIL;