From ae8418d0c400f6458c1eb0b79881fd02629e5acd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 23 Apr 2001 04:15:35 +0000 Subject: Added smb_ prefix to all Samba wrapper pam functions. Fixed off by one bug using StrnCpy instead of strdup(). Jeremy. (This used to be commit d4b1c0be2e700c86a4338bb497777f97e3c960a7) --- source3/auth/pampass.c | 96 ++++++++++---------- source3/auth/pass_check.c | 2 +- source3/configure | 215 +++++++++++++++++++++++++++++++++----------- source3/include/proto.h | 6 +- source3/passdb/pampass.c | 96 ++++++++++---------- source3/passdb/pass_check.c | 2 +- source3/smbd/password.c | 2 +- source3/smbd/session.c | 6 +- 8 files changed, 266 insertions(+), 159 deletions(-) diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index e84a045d49..553ffcd323 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -5,6 +5,7 @@ Copyright (C) Andrew Tridgell 1992-2001 Copyright (C) John H Terpsta 1999-2001 Copyright (C) Andrew Bartlett 2001 + Copyright (C) Jeremy Allison 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -58,7 +59,7 @@ static char *PAM_password; /* * PAM error handler. */ -static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl) +static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl) { if( pam_error != PAM_SUCCESS) { @@ -74,7 +75,7 @@ static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int * echo off means password. */ -static int PAM_conv(int num_msg, +static int smb_pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) @@ -122,21 +123,21 @@ static int PAM_conv(int num_msg, return PAM_SUCCESS; } -static struct pam_conv PAM_conversation = { - &PAM_conv, +static struct pam_conv smb_pam_conversation = { + &smb_pam_conv, NULL }; /* * PAM Closing out cleanup handler */ -static BOOL proc_pam_end(pam_handle_t *pamh) +static BOOL smb_pam_end(pam_handle_t *pamh) { int pam_error; if( pamh != NULL ) { pam_error = pam_end(pamh, 0); - if(pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) { + if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) { DEBUG(4, ("PAM: PAM_END OK.\n")); return True; } @@ -148,15 +149,15 @@ static BOOL proc_pam_end(pam_handle_t *pamh) /* * Start PAM authentication for specified account */ -static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost) +static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost) { int pam_error; DEBUG(4,("PAM: Init user: %s\n", user)); - pam_error = pam_start("samba", user, &PAM_conversation, pamh); - if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) { - proc_pam_end(*pamh); + pam_error = pam_start("samba", user, &smb_pam_conversation, pamh); + if( !smb_pam_error_handler(*pamh, pam_error, "Init Failed", 0)) { + smb_pam_end(*pamh); return False; } @@ -169,16 +170,16 @@ static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost) #ifdef PAM_RHOST DEBUG(4,("PAM: setting rhost to: %s\n", rhost)); pam_error = pam_set_item(*pamh, PAM_RHOST, rhost); - if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { - proc_pam_end(*pamh); + if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { + smb_pam_end(*pamh); return False; } #endif #ifdef PAM_TTY DEBUG(4,("PAM: setting tty\n")); pam_error = pam_set_item(*pamh, PAM_TTY, "samba"); - if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) { - proc_pam_end(*pamh); + if (!smb_pam_error_handler(*pamh, pam_error, "set tty failed", 0)) { + smb_pam_end(*pamh); return False; } #endif @@ -189,7 +190,7 @@ static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost) /* * PAM Authentication Handler */ -static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password) +static BOOL smb_pam_auth(pam_handle_t *pamh, char *user, char *password) { int pam_error; @@ -225,8 +226,8 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password) default: DEBUG(0, ("PAM: UNKNOWN ERROR while authenticating user %s\n", user)); } - if(!pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) { - proc_pam_end(pamh); + if(!smb_pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) { + smb_pam_end(pamh); return False; } /* If this point is reached, the user has been authenticated. */ @@ -236,7 +237,7 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password) /* * PAM Account Handler */ -static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL pam_auth) +static BOOL smb_pam_account(pam_handle_t *pamh, char * user, char * password, BOOL pam_auth) { int pam_error; @@ -264,8 +265,8 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p default: DEBUG(0, ("PAM: UNKNOWN ERROR for User: %s\n", user)); } - if(!pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) { - proc_pam_end(pamh); + if(!smb_pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) { + smb_pam_end(pamh); return False; } @@ -303,8 +304,8 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p default: DEBUG(0, ("PAM: Error Condition Unknown in pam_setcred function call!")); } - if(!pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) { - proc_pam_end(pamh); + if(!smb_pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) { + smb_pam_end(pamh); return False; } @@ -316,7 +317,7 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p /* * PAM Internal Session Handler */ -static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) +static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) { int pam_error; @@ -326,22 +327,22 @@ static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL fla #ifdef PAM_TTY DEBUG(4,("PAM: tty set to: %s\n", tty)); pam_error = pam_set_item(pamh, PAM_TTY, tty); - if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) { - proc_pam_end(pamh); + if (!smb_pam_error_handler(pamh, pam_error, "set tty failed", 0)) { + smb_pam_end(pamh); return False; } #endif if (flag) { pam_error = pam_open_session(pamh, PAM_SILENT); - if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) { - proc_pam_end(pamh); + if (!smb_pam_error_handler(pamh, pam_error, "session setup failed", 0)) { + smb_pam_end(pamh); return False; } } else { pam_error = pam_close_session(pamh, PAM_SILENT); - if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) { - proc_pam_end(pamh); + if (!smb_pam_error_handler(pamh, pam_error, "session close failed", 0)) { + smb_pam_end(pamh); return False; } } @@ -351,29 +352,26 @@ static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL fla /* * PAM Externally accessible Session handler */ -BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost) +BOOL smb_pam_session(BOOL flag, const char *in_user, char *tty, char *rhost) { pam_handle_t *pamh = NULL; char * user; - user = malloc(strlen(in_user)+1); + user = strdup(in_user); if ( user == NULL ) { DEBUG(0, ("PAM: PAM_session Malloc Failed!\n")); return False; } - /* This is freed by PAM */ - StrnCpy(user, in_user, strlen(in_user)+1); - - if (!proc_pam_start(&pamh, user, rhost)) { - proc_pam_end(pamh); + if (!smb_pam_start(&pamh, user, rhost)) { + smb_pam_end(pamh); return False; } - if (proc_pam_session(pamh, user, tty, flag)) { - return proc_pam_end(pamh); + if (smb_internal_pam_session(pamh, user, tty, flag)) { + return smb_pam_end(pamh); } else { - proc_pam_end(pamh); + smb_pam_end(pamh); return False; } } @@ -381,16 +379,16 @@ BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost) /* * PAM Externally accessible Account handler */ -BOOL pam_accountcheck(char * user) +BOOL smb_pam_accountcheck(char * user) { pam_handle_t *pamh = NULL; PAM_username = user; PAM_password = NULL; - if( proc_pam_start(&pamh, user, NULL)) { - if ( pam_account(pamh, user, NULL, False)) { - return( proc_pam_end(pamh)); + if( smb_pam_start(&pamh, user, NULL)) { + if ( smb_pam_account(pamh, user, NULL, False)) { + return( smb_pam_end(pamh)); } } DEBUG(0, ("PAM: Account Validation Failed - Rejecting User!\n")); @@ -400,17 +398,17 @@ BOOL pam_accountcheck(char * user) /* * PAM Password Validation Suite */ -BOOL pam_passcheck(char * user, char * password) +BOOL smb_pam_passcheck(char * user, char * password) { pam_handle_t *pamh = NULL; PAM_username = user; PAM_password = password; - if( proc_pam_start(&pamh, user, NULL)) { - if ( pam_auth(pamh, user, password)) { - if ( pam_account(pamh, user, password, True)) { - return( proc_pam_end(pamh)); + if( smb_pam_start(&pamh, user, NULL)) { + if ( smb_pam_auth(pamh, user, password)) { + if ( smb_pam_account(pamh, user, password, True)) { + return( smb_pam_end(pamh)); } } } @@ -421,7 +419,7 @@ BOOL pam_passcheck(char * user, char * password) #else /* If PAM not used, no PAM restrictions on accounts. */ - BOOL pam_accountcheck(char * user) + BOOL smb_pam_accountcheck(char * user) { return True; } diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 08961e5099..05f7138c3c 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -599,7 +599,7 @@ static BOOL password_check(char *password) { #ifdef WITH_PAM - return (pam_passcheck(this_user, password)); + return (smb_pam_passcheck(this_user, password)); #endif /* WITH_PAM */ #ifdef WITH_AFS diff --git a/source3/configure b/source3/configure index 13d45b9380..39747210b0 100755 --- a/source3/configure +++ b/source3/configure @@ -11174,8 +11174,9 @@ fi ################################################# # check for a PAM password database +with_pam_for_crypt=no echo $ac_n "checking whether to use PAM password database""... $ac_c" 1>&6 -echo "configure:11179: checking whether to use PAM password database" >&5 +echo "configure:11180: checking whether to use PAM password database" >&5 # Check whether --with-pam or --without-pam was given. if test "${with_pam+set}" = set; then withval="$with_pam" @@ -11187,6 +11188,7 @@ if test "${with_pam+set}" = set; then EOF LIBS="$LIBS -lpam" + with_pam_for_crypt=yes ;; *) echo "$ac_t""no" 1>&6 @@ -11198,10 +11200,119 @@ else fi + +############################################### +# test for where we get crypt() from, but only +# if not using PAM +if test $with_pam_for_crypt = no; then +for ac_func in crypt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:11212: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:11240: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +if test x"$ac_cv_func_crypt" = x"no"; then + echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 +echo "configure:11266: checking for crypt in -lcrypt" >&5 +ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lcrypt $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lcrypt"; + cat >> confdefs.h <<\EOF +#define HAVE_CRYPT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +fi +fi + + ################################################# # check for a TDB password database echo $ac_n "checking whether to use TDB password database""... $ac_c" 1>&6 -echo "configure:11205: checking whether to use TDB password database" >&5 +echo "configure:11316: checking whether to use TDB password database" >&5 # Check whether --with-tdbsam or --without-tdbsam was given. if test "${with_tdbsam+set}" = set; then withval="$with_tdbsam" @@ -11227,7 +11338,7 @@ fi ################################################# # check for a LDAP password database echo $ac_n "checking whether to use LDAP password database""... $ac_c" 1>&6 -echo "configure:11231: checking whether to use LDAP password database" >&5 +echo "configure:11342: checking whether to use LDAP password database" >&5 # Check whether --with-ldap or --without-ldap was given. if test "${with_ldap+set}" = set; then withval="$with_ldap" @@ -11253,7 +11364,7 @@ fi ################################################# # check for a NISPLUS password database echo $ac_n "checking whether to use NISPLUS password database""... $ac_c" 1>&6 -echo "configure:11257: checking whether to use NISPLUS password database" >&5 +echo "configure:11368: checking whether to use NISPLUS password database" >&5 # Check whether --with-nisplus or --without-nisplus was given. if test "${with_nisplus+set}" = set; then withval="$with_nisplus" @@ -11278,7 +11389,7 @@ fi ################################################# # check for a NISPLUS_HOME support echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6 -echo "configure:11282: checking whether to use NISPLUS_HOME" >&5 +echo "configure:11393: checking whether to use NISPLUS_HOME" >&5 # Check whether --with-nisplus-home or --without-nisplus-home was given. if test "${with_nisplus_home+set}" = set; then withval="$with_nisplus_home" @@ -11303,7 +11414,7 @@ fi ################################################# # check for the secure socket layer echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6 -echo "configure:11307: checking whether to use SSL" >&5 +echo "configure:11418: checking whether to use SSL" >&5 # Check whether --with-ssl or --without-ssl was given. if test "${with_ssl+set}" = set; then withval="$with_ssl" @@ -11362,7 +11473,7 @@ fi ################################################# # check for syslog logging echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6 -echo "configure:11366: checking whether to use syslog logging" >&5 +echo "configure:11477: checking whether to use syslog logging" >&5 # Check whether --with-syslog or --without-syslog was given. if test "${with_syslog+set}" = set; then withval="$with_syslog" @@ -11387,7 +11498,7 @@ fi ################################################# # check for a shared memory profiling support echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6 -echo "configure:11391: checking whether to use profiling" >&5 +echo "configure:11502: checking whether to use profiling" >&5 # Check whether --with-profile or --without-profile was given. if test "${with_profile+set}" = set; then withval="$with_profile" @@ -11413,7 +11524,7 @@ fi ################################################# # check for experimental netatalk resource fork support echo $ac_n "checking whether to support netatalk""... $ac_c" 1>&6 -echo "configure:11417: checking whether to support netatalk" >&5 +echo "configure:11528: checking whether to support netatalk" >&5 # Check whether --with-netatalk or --without-netatalk was given. if test "${with_netatalk+set}" = set; then withval="$with_netatalk" @@ -11440,7 +11551,7 @@ fi QUOTAOBJS=smbd/noquotas.o echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6 -echo "configure:11444: checking whether to support disk-quotas" >&5 +echo "configure:11555: checking whether to support disk-quotas" >&5 # Check whether --with-quotas or --without-quotas was given. if test "${with_quotas+set}" = set; then withval="$with_quotas" @@ -11464,7 +11575,7 @@ fi # check for experimental utmp accounting echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6 -echo "configure:11468: checking whether to support utmp accounting" >&5 +echo "configure:11579: checking whether to support utmp accounting" >&5 # Check whether --with-utmp or --without-utmp was given. if test "${with_utmp+set}" = set; then withval="$with_utmp" @@ -11490,7 +11601,7 @@ fi # check for MS Dfs support echo $ac_n "checking whether to support Microsoft Dfs""... $ac_c" 1>&6 -echo "configure:11494: checking whether to support Microsoft Dfs" >&5 +echo "configure:11605: checking whether to support Microsoft Dfs" >&5 # Check whether --with-msdfs or --without-msdfs was given. if test "${with_msdfs+set}" = set; then withval="$with_msdfs" @@ -11590,14 +11701,14 @@ fi ################################################# # these tests are taken from the GNU fileutils package echo "checking how to get filesystem space usage" 1>&6 -echo "configure:11594: checking how to get filesystem space usage" >&5 +echo "configure:11705: checking how to get filesystem space usage" >&5 space=no # Test for statvfs64. if test $space = no; then # SVR4 echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6 -echo "configure:11601: checking statvfs64 function (SVR4)" >&5 +echo "configure:11712: checking statvfs64 function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11605,7 +11716,7 @@ else fu_cv_sys_stat_statvfs64=cross else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11734: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statvfs64=yes else @@ -11652,12 +11763,12 @@ fi if test $space = no; then # SVR4 echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6 -echo "configure:11656: checking statvfs function (SVR4)" >&5 +echo "configure:11767: checking statvfs function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -11665,7 +11776,7 @@ int main() { struct statvfs fsd; statvfs (0, &fsd); ; return 0; } EOF -if { (eval echo configure:11669: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:11780: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* fu_cv_sys_stat_statvfs=yes else @@ -11690,7 +11801,7 @@ fi if test $space = no; then # DEC Alpha running OSF/1 echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6 -echo "configure:11694: checking for 3-argument statfs function (DEC OSF/1)" >&5 +echo "configure:11805: checking for 3-argument statfs function (DEC OSF/1)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11698,7 +11809,7 @@ else fu_cv_sys_stat_statfs3_osf1=no else cat > conftest.$ac_ext < @@ -11711,7 +11822,7 @@ else exit (statfs (".", &fsd, sizeof (struct statfs))); } EOF -if { (eval echo configure:11715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs3_osf1=yes else @@ -11738,7 +11849,7 @@ fi if test $space = no; then # AIX echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6 -echo "configure:11742: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 +echo "configure:11853: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11746,7 +11857,7 @@ else fu_cv_sys_stat_statfs2_bsize=no else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11880: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_bsize=yes else @@ -11792,7 +11903,7 @@ fi if test $space = no; then # SVR3 echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6 -echo "configure:11796: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 +echo "configure:11907: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11800,7 +11911,7 @@ else fu_cv_sys_stat_statfs4=no else cat > conftest.$ac_ext < #include @@ -11810,7 +11921,7 @@ else exit (statfs (".", &fsd, sizeof fsd, 0)); } EOF -if { (eval echo configure:11814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11925: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs4=yes else @@ -11837,7 +11948,7 @@ fi if test $space = no; then # 4.4BSD and NetBSD echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6 -echo "configure:11841: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 +echo "configure:11952: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11845,7 +11956,7 @@ else fu_cv_sys_stat_statfs2_fsize=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -11861,7 +11972,7 @@ else exit (statfs (".", &fsd)); } EOF -if { (eval echo configure:11865: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:11976: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_fsize=yes else @@ -11888,7 +11999,7 @@ fi if test $space = no; then # Ultrix echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6 -echo "configure:11892: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 +echo "configure:12003: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -11896,7 +12007,7 @@ else fu_cv_sys_stat_fs_data=no else cat > conftest.$ac_ext < #ifdef HAVE_SYS_PARAM_H @@ -11916,7 +12027,7 @@ else exit (statfs (".", &fsd) != 1); } EOF -if { (eval echo configure:11920: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12031: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_fs_data=yes else @@ -11949,9 +12060,9 @@ fi # file support. # echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6 -echo "configure:11953: checking if large file support can be enabled" >&5 +echo "configure:12064: checking if large file support can be enabled" >&5 cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:12079: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes else @@ -12032,7 +12143,7 @@ fi # check for ACL support echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6 -echo "configure:12036: checking whether to support ACLs" >&5 +echo "configure:12147: checking whether to support ACLs" >&5 # Check whether --with-acl-support or --without-acl-support was given. if test "${with_acl_support+set}" = set; then withval="$with_acl_support" @@ -12070,7 +12181,7 @@ EOF ;; *) echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6 -echo "configure:12074: checking for acl_get_file in -lacl" >&5 +echo "configure:12185: checking for acl_get_file in -lacl" >&5 ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -12078,7 +12189,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lacl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -12117,13 +12228,13 @@ else fi echo $ac_n "checking for ACL support""... $ac_c" 1>&6 -echo "configure:12121: checking for ACL support" >&5 +echo "configure:12232: checking for ACL support" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12131,7 +12242,7 @@ int main() { acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p); ; return 0; } EOF -if { (eval echo configure:12135: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12246: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_POSIX_ACLS=yes else @@ -12151,13 +12262,13 @@ echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6 EOF echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6 -echo "configure:12155: checking for acl_get_perm_np" >&5 +echo "configure:12266: checking for acl_get_perm_np" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12165,7 +12276,7 @@ int main() { acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm); ; return 0; } EOF -if { (eval echo configure:12169: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:12280: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* samba_cv_HAVE_ACL_GET_PERM_NP=yes else @@ -12186,13 +12297,13 @@ EOF fi fi echo $ac_n "checking for XFS ACL support""... $ac_c" 1>&6 -echo "configure:12190: checking for XFS ACL support" >&5 +echo "configure:12301: checking for XFS ACL support" >&5 if eval "test \"`echo '$''{'samba_cv_HAVE_XFS_ACLS'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -12200,7 +12311,7 @@ int main() { char test_str[13] = SGI_ACL_FILE; ; return 0; } EOF -if { (eval echo configure:12204: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:12315: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* samba_cv_HAVE_XFS_ACLS=yes else @@ -12245,11 +12356,11 @@ if test "$cross_compiling" = yes; then : else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:12364: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then echo "configure OK"; else diff --git a/source3/include/proto.h b/source3/include/proto.h index bb5bc6ea32..ae9e8e914f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1922,9 +1922,9 @@ BOOL pdb_generate_sam_sid(void); /*The following definitions come from passdb/pampass.c */ -BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost); -BOOL pam_accountcheck(char * user); -BOOL pam_passcheck(char * user, char * password); +BOOL smb_pam_session(BOOL flag, const char *in_user, char *tty, char *rhost); +BOOL smb_pam_accountcheck(char * user); +BOOL smb_pam_passcheck(char * user, char * password); /*The following definitions come from passdb/pass_check.c */ diff --git a/source3/passdb/pampass.c b/source3/passdb/pampass.c index e84a045d49..553ffcd323 100644 --- a/source3/passdb/pampass.c +++ b/source3/passdb/pampass.c @@ -5,6 +5,7 @@ Copyright (C) Andrew Tridgell 1992-2001 Copyright (C) John H Terpsta 1999-2001 Copyright (C) Andrew Bartlett 2001 + Copyright (C) Jeremy Allison 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -58,7 +59,7 @@ static char *PAM_password; /* * PAM error handler. */ -static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl) +static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl) { if( pam_error != PAM_SUCCESS) { @@ -74,7 +75,7 @@ static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int * echo off means password. */ -static int PAM_conv(int num_msg, +static int smb_pam_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) @@ -122,21 +123,21 @@ static int PAM_conv(int num_msg, return PAM_SUCCESS; } -static struct pam_conv PAM_conversation = { - &PAM_conv, +static struct pam_conv smb_pam_conversation = { + &smb_pam_conv, NULL }; /* * PAM Closing out cleanup handler */ -static BOOL proc_pam_end(pam_handle_t *pamh) +static BOOL smb_pam_end(pam_handle_t *pamh) { int pam_error; if( pamh != NULL ) { pam_error = pam_end(pamh, 0); - if(pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) { + if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) { DEBUG(4, ("PAM: PAM_END OK.\n")); return True; } @@ -148,15 +149,15 @@ static BOOL proc_pam_end(pam_handle_t *pamh) /* * Start PAM authentication for specified account */ -static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost) +static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost) { int pam_error; DEBUG(4,("PAM: Init user: %s\n", user)); - pam_error = pam_start("samba", user, &PAM_conversation, pamh); - if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) { - proc_pam_end(*pamh); + pam_error = pam_start("samba", user, &smb_pam_conversation, pamh); + if( !smb_pam_error_handler(*pamh, pam_error, "Init Failed", 0)) { + smb_pam_end(*pamh); return False; } @@ -169,16 +170,16 @@ static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost) #ifdef PAM_RHOST DEBUG(4,("PAM: setting rhost to: %s\n", rhost)); pam_error = pam_set_item(*pamh, PAM_RHOST, rhost); - if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { - proc_pam_end(*pamh); + if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { + smb_pam_end(*pamh); return False; } #endif #ifdef PAM_TTY DEBUG(4,("PAM: setting tty\n")); pam_error = pam_set_item(*pamh, PAM_TTY, "samba"); - if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) { - proc_pam_end(*pamh); + if (!smb_pam_error_handler(*pamh, pam_error, "set tty failed", 0)) { + smb_pam_end(*pamh); return False; } #endif @@ -189,7 +190,7 @@ static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost) /* * PAM Authentication Handler */ -static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password) +static BOOL smb_pam_auth(pam_handle_t *pamh, char *user, char *password) { int pam_error; @@ -225,8 +226,8 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password) default: DEBUG(0, ("PAM: UNKNOWN ERROR while authenticating user %s\n", user)); } - if(!pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) { - proc_pam_end(pamh); + if(!smb_pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) { + smb_pam_end(pamh); return False; } /* If this point is reached, the user has been authenticated. */ @@ -236,7 +237,7 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password) /* * PAM Account Handler */ -static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL pam_auth) +static BOOL smb_pam_account(pam_handle_t *pamh, char * user, char * password, BOOL pam_auth) { int pam_error; @@ -264,8 +265,8 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p default: DEBUG(0, ("PAM: UNKNOWN ERROR for User: %s\n", user)); } - if(!pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) { - proc_pam_end(pamh); + if(!smb_pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) { + smb_pam_end(pamh); return False; } @@ -303,8 +304,8 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p default: DEBUG(0, ("PAM: Error Condition Unknown in pam_setcred function call!")); } - if(!pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) { - proc_pam_end(pamh); + if(!smb_pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) { + smb_pam_end(pamh); return False; } @@ -316,7 +317,7 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p /* * PAM Internal Session Handler */ -static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) +static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) { int pam_error; @@ -326,22 +327,22 @@ static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL fla #ifdef PAM_TTY DEBUG(4,("PAM: tty set to: %s\n", tty)); pam_error = pam_set_item(pamh, PAM_TTY, tty); - if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) { - proc_pam_end(pamh); + if (!smb_pam_error_handler(pamh, pam_error, "set tty failed", 0)) { + smb_pam_end(pamh); return False; } #endif if (flag) { pam_error = pam_open_session(pamh, PAM_SILENT); - if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) { - proc_pam_end(pamh); + if (!smb_pam_error_handler(pamh, pam_error, "session setup failed", 0)) { + smb_pam_end(pamh); return False; } } else { pam_error = pam_close_session(pamh, PAM_SILENT); - if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) { - proc_pam_end(pamh); + if (!smb_pam_error_handler(pamh, pam_error, "session close failed", 0)) { + smb_pam_end(pamh); return False; } } @@ -351,29 +352,26 @@ static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL fla /* * PAM Externally accessible Session handler */ -BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost) +BOOL smb_pam_session(BOOL flag, const char *in_user, char *tty, char *rhost) { pam_handle_t *pamh = NULL; char * user; - user = malloc(strlen(in_user)+1); + user = strdup(in_user); if ( user == NULL ) { DEBUG(0, ("PAM: PAM_session Malloc Failed!\n")); return False; } - /* This is freed by PAM */ - StrnCpy(user, in_user, strlen(in_user)+1); - - if (!proc_pam_start(&pamh, user, rhost)) { - proc_pam_end(pamh); + if (!smb_pam_start(&pamh, user, rhost)) { + smb_pam_end(pamh); return False; } - if (proc_pam_session(pamh, user, tty, flag)) { - return proc_pam_end(pamh); + if (smb_internal_pam_session(pamh, user, tty, flag)) { + return smb_pam_end(pamh); } else { - proc_pam_end(pamh); + smb_pam_end(pamh); return False; } } @@ -381,16 +379,16 @@ BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost) /* * PAM Externally accessible Account handler */ -BOOL pam_accountcheck(char * user) +BOOL smb_pam_accountcheck(char * user) { pam_handle_t *pamh = NULL; PAM_username = user; PAM_password = NULL; - if( proc_pam_start(&pamh, user, NULL)) { - if ( pam_account(pamh, user, NULL, False)) { - return( proc_pam_end(pamh)); + if( smb_pam_start(&pamh, user, NULL)) { + if ( smb_pam_account(pamh, user, NULL, False)) { + return( smb_pam_end(pamh)); } } DEBUG(0, ("PAM: Account Validation Failed - Rejecting User!\n")); @@ -400,17 +398,17 @@ BOOL pam_accountcheck(char * user) /* * PAM Password Validation Suite */ -BOOL pam_passcheck(char * user, char * password) +BOOL smb_pam_passcheck(char * user, char * password) { pam_handle_t *pamh = NULL; PAM_username = user; PAM_password = password; - if( proc_pam_start(&pamh, user, NULL)) { - if ( pam_auth(pamh, user, password)) { - if ( pam_account(pamh, user, password, True)) { - return( proc_pam_end(pamh)); + if( smb_pam_start(&pamh, user, NULL)) { + if ( smb_pam_auth(pamh, user, password)) { + if ( smb_pam_account(pamh, user, password, True)) { + return( smb_pam_end(pamh)); } } } @@ -421,7 +419,7 @@ BOOL pam_passcheck(char * user, char * password) #else /* If PAM not used, no PAM restrictions on accounts. */ - BOOL pam_accountcheck(char * user) + BOOL smb_pam_accountcheck(char * user) { return True; } diff --git a/source3/passdb/pass_check.c b/source3/passdb/pass_check.c index 08961e5099..05f7138c3c 100644 --- a/source3/passdb/pass_check.c +++ b/source3/passdb/pass_check.c @@ -599,7 +599,7 @@ static BOOL password_check(char *password) { #ifdef WITH_PAM - return (pam_passcheck(this_user, password)); + return (smb_pam_passcheck(this_user, password)); #endif /* WITH_PAM */ #ifdef WITH_AFS diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 698c6a1356..ba882f2bf2 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -632,7 +632,7 @@ BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd) */ if (ret) - return pam_accountcheck(user); + return smb_pam_accountcheck(user); } return pass_check(user, password, pwlen, pwd, diff --git a/source3/smbd/session.c b/source3/smbd/session.c index fb13019812..2f86832b4a 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -111,8 +111,8 @@ BOOL session_claim(uint16 vuid) } #if WITH_PAM - if (!pam_session(True, sessionid.username, sessionid.id_str, sessionid.hostname)) { - DEBUG(1,("pam_session rejected the session for %s [%s]\n", + if (!smb_pam_session(True, sessionid.username, sessionid.id_str, sessionid.hostname)) { + DEBUG(1,("smb_pam_session rejected the session for %s [%s]\n", sessionid.username, sessionid.id_str)); tdb_delete(tdb, key); return False; @@ -167,7 +167,7 @@ void session_yield(uint16 vuid) #endif #if WITH_PAM - pam_session(False, sessionid.username, sessionid.id_str, sessionid.hostname); + smb_pam_session(False, sessionid.username, sessionid.id_str, sessionid.hostname); #endif tdb_delete(tdb, key); -- cgit