summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/pam_smbpass/INSTALL64
-rw-r--r--source3/pam_smbpass/general.h7
-rw-r--r--source3/pam_smbpass/pam_smb_acct.c4
-rw-r--r--source3/pam_smbpass/pam_smb_auth.c5
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c8
-rw-r--r--source3/pam_smbpass/support.c222
6 files changed, 192 insertions, 118 deletions
diff --git a/source3/pam_smbpass/INSTALL b/source3/pam_smbpass/INSTALL
new file mode 100644
index 0000000000..ae2ba02bbb
--- /dev/null
+++ b/source3/pam_smbpass/INSTALL
@@ -0,0 +1,64 @@
+
+Because pam_smbpass is derived from the Samba smbpasswd utility, recent
+versions of pam_smbpass require a copy of the Samba source code to be
+available on the build system. Version 0.7.5 has been tested against
+Samba 2.2.0-alpha3, and this is the recommended version of Samba to use
+for building pam_smbpass. This only affects /building/ pam_smbpass; you
+can still run any version of the Samba server that you want, although
+clearly it saves some disk space to have only one copy of the source
+code on your system (Samba 2.2.0-alpha3 takes roughly 32MB of disk space
+to build pam_smbpass).
+
+Version 0.7.5 features a new build system to make it easier to build
+pam_smbpass.
+
+
+Using the new build system
+==========================
+
+If you don't have a copy of the Samba source code on your machine, and you
+don't have a preferred Samba version (or mirror site), you can build
+pam_smbpass by just typing 'make'.
+
+If you want to use a version other than 2.2.0-alpha3, or you want to
+download the source code from a faster Samba mirror (see
+<http://us1.samba.org/samba/> for a list of mirror sites), please download
+the source code and unpack it before running make. The build scripts will
+attempt to autodetect your Samba source directory, and if it can't be
+found automatically, you will be given the opportunity to specify an
+alternate directory for the Samba sources.
+
+Feedback is welcome if you try (or succeed!) to build pam_smbpass with
+other versions of Samba.
+
+
+Options to 'make'
+=================
+
+By default, pam_smbpass will configure the Samba build tree with the
+options
+
+ --with-fhs --with-privatedir=/etc --with-configdir=/etc
+
+This will configure pam_smbpass to look for the smbpasswd file as
+/etc/smbpasswd (or /etc/smbpasswd.tdb), and the smb.conf file as
+/etc/smb.conf. You can override these options by setting CONFIGOPTS when
+calling make. E.g., if you have your smb.conf file in /usr/etc and your
+smbpasswd file in /usr/etc/private, you might run
+
+ make CONFIGOPTS="--with-privatedir=/usr/etc/private --with-configdir=/usr/etc"
+
+For a complete list of available configuration options, see
+'./samba/configure --help'
+
+
+Installing the module
+=====================
+
+If all goes well in the build process, the file pam_smbpass.so will be
+created in the current directory. Simply install the module into your
+system's PAM module directory:
+
+ install -m 755 -s bin/pam_smbpass.so /lib/security
+
+and you're all set.
diff --git a/source3/pam_smbpass/general.h b/source3/pam_smbpass/general.h
index 0291146cbb..4f13d60131 100644
--- a/source3/pam_smbpass/general.h
+++ b/source3/pam_smbpass/general.h
@@ -121,3 +121,10 @@ struct _pam_failed_auth {
char *agent; /* attempt from user with name */
int count; /* number of failures so far */
};
+
+/*
+ * General use functions go here
+ */
+
+/* from support.c */
+int make_remark(pam_handle_t *, unsigned int, int, const char *);
diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c
index 8d91c456bf..0803ef82a2 100644
--- a/source3/pam_smbpass/pam_smb_acct.c
+++ b/source3/pam_smbpass/pam_smb_acct.c
@@ -33,6 +33,7 @@
#include "support.h"
+
/*
* pam_sm_acct_mgmt() verifies whether or not the account is disabled.
*
@@ -45,15 +46,12 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
int retval;
const char *name;
- const char *p;
SAM_ACCOUNT *sampass = NULL;
extern BOOL in_client;
/* Samba initialization. */
setup_logging( "pam_smbpass", False );
- charset_initialise();
- codepage_initialise(lp_client_code_page());
in_client = True;
ctrl = set_ctrl( flags, argc, argv );
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 9952eb94db..e5cc12e2f6 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -47,6 +47,7 @@ do { \
static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
const char *name, SAM_ACCOUNT *sampass, BOOL exist);
+
/*
* pam_sm_authenticate() authenticates users against the samba password file.
*
@@ -67,13 +68,11 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
BOOL found;
/* Points to memory managed by the PAM library. Do not free. */
- const char *p = NULL;
+ char *p = NULL;
/* Samba initialization. */
setup_logging("pam_smbpass",False);
- charset_initialise();
- codepage_initialise(lp_client_code_page());
in_client = True;
ctrl = set_ctrl(flags, argc, argv);
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 338d873d25..0f52755252 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -35,8 +35,7 @@
int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user, const char *pass_new )
{
- char c;
- int retval, i;
+ int retval;
pstring err_str;
pstring msg_str;
@@ -94,12 +93,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
SAM_ACCOUNT *sampass = NULL;
const char *user;
- const char *pass_old, *pass_new;
+ char *pass_old;
+ char *pass_new;
/* Samba initialization. */
setup_logging( "pam_smbpass", False );
- charset_initialise();
- codepage_initialise(lp_client_code_page());
in_client = True;
ctrl = set_ctrl(flags, argc, argv);
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 86349f8c16..a55dcb0272 100644
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -1,132 +1,135 @@
-/* Unix NT password database implementation, version 0.6.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "general.h"
+ /* Unix NT password database implementation, version 0.6.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
-#include "support.h"
+ #include "includes.h"
+ #include "general.h"
+ #include "support.h"
-#define _pam_overwrite(x) \
-do { \
- register char *__xx__; \
- if ((__xx__=(x))) \
- while (*__xx__) \
- *__xx__++ = '\0'; \
-} while (0)
-/*
- * Don't just free it, forget it too.
- */
+ #define _pam_overwrite(x) \
+ do { \
+ register char *__xx__; \
+ if ((__xx__=(x))) \
+ while (*__xx__) \
+ *__xx__++ = '\0'; \
+ } while (0)
-#define _pam_drop(X) \
-do { \
- if (X) { \
- free(X); \
- X=NULL; \
- } \
-} while (0)
-
-#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
-do { \
- int reply_i; \
- \
- for (reply_i=0; reply_i<replies; ++reply_i) { \
- if (reply[reply_i].resp) { \
- _pam_overwrite(reply[reply_i].resp); \
- free(reply[reply_i].resp); \
- } \
- } \
- if (reply) \
- free(reply); \
-} while (0)
-
-
-int converse(pam_handle_t *, int, int, struct pam_message **,
- struct pam_response **);
-int make_remark(pam_handle_t *, unsigned int, int, const char *);
-void _cleanup(pam_handle_t *, void *, int);
-char *_pam_delete(register char *);
-
-/* syslogging function for errors and other information */
-
-void _log_err( int err, const char *format, ... )
-{
- va_list args;
+ /*
+ * Don't just free it, forget it too.
+ */
- va_start( args, format );
- openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
- vsyslog( err, format, args );
- va_end( args );
- closelog();
-}
+ #define _pam_drop(X) \
+ do { \
+ if (X) { \
+ free(X); \
+ X=NULL; \
+ } \
+ } while (0)
+
+ #define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+ do { \
+ int reply_i; \
+ \
+ for (reply_i=0; reply_i<replies; ++reply_i) { \
+ if (reply[reply_i].resp) { \
+ _pam_overwrite(reply[reply_i].resp); \
+ free(reply[reply_i].resp); \
+ } \
+ } \
+ if (reply) \
+ free(reply); \
+ } while (0)
+
+
+ int converse(pam_handle_t *, int, int, struct pam_message **,
+ struct pam_response **);
+ int make_remark(pam_handle_t *, unsigned int, int, const char *);
+ void _cleanup(pam_handle_t *, void *, int);
+ char *_pam_delete(register char *);
+
+ /* default configuration file location */
+
+ char *servicesf = dyn_CONFIGFILE;
+
+ /* syslogging function for errors and other information */
+
+ void _log_err( int err, const char *format, ... )
+ {
+ va_list args;
+
+ va_start( args, format );
+ openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
+ vsyslog( err, format, args );
+ va_end( args );
+ closelog();
+ }
-/* this is a front-end for module-application conversations */
+ /* this is a front-end for module-application conversations */
-int converse( pam_handle_t * pamh, int ctrl, int nargs
- , struct pam_message **message
- , struct pam_response **response )
-{
- int retval;
- struct pam_conv *conv;
+ int converse( pam_handle_t * pamh, int ctrl, int nargs
+ , struct pam_message **message
+ , struct pam_response **response )
+ {
+ int retval;
+ struct pam_conv *conv;
- retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
- if (retval == PAM_SUCCESS) {
+ retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+ if (retval == PAM_SUCCESS) {
- retval = conv->conv(nargs, (const struct pam_message **) message
- ,response, conv->appdata_ptr);
+ retval = conv->conv(nargs, (const struct pam_message **) message
+ ,response, conv->appdata_ptr);
- if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
- _log_err(LOG_DEBUG, "conversation failure [%s]"
+ if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
+ _log_err(LOG_DEBUG, "conversation failure [%s]"
+ ,pam_strerror(pamh, retval));
+ }
+ } else {
+ _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
,pam_strerror(pamh, retval));
}
- } else {
- _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
- ,pam_strerror(pamh, retval));
- }
- return retval; /* propagate error status */
-}
+ return retval; /* propagate error status */
+ }
-int make_remark( pam_handle_t * pamh, unsigned int ctrl
- , int type, const char *text )
-{
- if (off(SMB__QUIET, ctrl)) {
- struct pam_message *pmsg[1], msg[1];
- struct pam_response *resp;
+ int make_remark( pam_handle_t * pamh, unsigned int ctrl
+ , int type, const char *text )
+ {
+ if (off(SMB__QUIET, ctrl)) {
+ struct pam_message *pmsg[1], msg[1];
+ struct pam_response *resp;
- pmsg[0] = &msg[0];
- msg[0].msg = text;
- msg[0].msg_style = type;
- resp = NULL;
+ pmsg[0] = &msg[0];
+ msg[0].msg = text;
+ msg[0].msg_style = type;
+ resp = NULL;
- return converse(pamh, ctrl, 1, pmsg, &resp);
+ return converse(pamh, ctrl, 1, pmsg, &resp);
+ }
+ return PAM_SUCCESS;
}
- return PAM_SUCCESS;
-}
-/* set the control flags for the SMB module. */
+ /* set the control flags for the SMB module. */
int set_ctrl( int flags, int argc, const char **argv )
{
int i = 0;
- static pstring servicesf = CONFIGFILE;
- const char *service_file = servicesf;
+ const char *service_file = dyn_CONFIGFILE;
unsigned int ctrl;
ctrl = SMB_DEFAULTS; /* the default selection of options */
@@ -136,6 +139,9 @@ int set_ctrl( int flags, int argc, const char **argv )
/* A good, sane default (matches Samba's behavior). */
set( SMB__NONULL, ctrl );
+ /* initialize service file location */
+ service_file=servicesf;
+
if (flags & PAM_SILENT) {
set( SMB__QUIET, ctrl );
}
@@ -165,6 +171,8 @@ int set_ctrl( int flags, int argc, const char **argv )
_log_err( LOG_ERR, "Error loading service file %s", service_file );
}
+ secrets_init();
+
if (lp_null_passwords()) {
set( SMB__NULLOK, ctrl );
}
@@ -303,7 +311,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
uchar hash_pass[16];
uchar lm_pw[16];
uchar nt_pw[16];
- int retval;
+ int retval = PAM_AUTH_ERR;
char *data_name;
const char *name;
@@ -482,7 +490,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
{
int authtok_flag;
int retval;
- const char *item = NULL;
+ char *item = NULL;
char *token;
struct pam_message msg[3], *pmsg[3];