From b15255d7ab8a0b883f97fe57bf7280fbbf8e92b7 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 8 Apr 2003 04:42:44 +0000 Subject: Patch from Steve Langasek fix up two issues in pam_smbpass. The first, more important issue is adding support for the (apparently new) LOCAL_SET_PASSWORD flag to local_password_change(), without which pam_smbpass is a complete and utter no-op. The second, lesser issue is that with the advent of ldapsam, it's possible for pam_smbpass to generate a SIGPIPE that isn't handled by the calling application. The most basic signal wrapping is put in place to prevent this. Beyond that, the only thing in the patch is a bit of reformatting to make pam_smb_passwd.c look a bit more like the rest of the code in CVS. More of that later, I'm sure. (This used to be commit 1aecda300e0b44c133fe0cd2bafb166621dbc17a) --- source3/pam_smbpass/pam_smb_acct.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'source3/pam_smbpass/pam_smb_acct.c') diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c index 0803ef82a2..2ea7eea7d8 100644 --- a/source3/pam_smbpass/pam_smb_acct.c +++ b/source3/pam_smbpass/pam_smb_acct.c @@ -47,7 +47,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, const char *name; SAM_ACCOUNT *sampass = NULL; - + void (*oldsig_handler)(int); extern BOOL in_client; /* Samba initialization. */ @@ -69,8 +69,12 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); } + /* Getting into places that might use LDAP -- protect the app + from a SIGPIPE it's not expecting */ + oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); if (!initialize_password_db(True)) { _log_err( LOG_ALERT, "Cannot access samba password database" ); + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_AUTHINFO_UNAVAIL; } @@ -78,8 +82,10 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, pdb_init_sam(&sampass); pdb_getsampwnam(sampass, name ); - if (!sampass) + if (!sampass) { + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_USER_UNKNOWN; + } if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { if (on( SMB_DEBUG, ctrl )) { @@ -90,11 +96,13 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, , "Your account has been disabled; " "please see your system administrator." ); + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_ACCT_EXPIRED; } /* TODO: support for expired passwords. */ + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_SUCCESS; } -- cgit