From b15255d7ab8a0b883f97fe57bf7280fbbf8e92b7 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 8 Apr 2003 04:42:44 +0000 Subject: Patch from Steve Langasek fix up two issues in pam_smbpass. The first, more important issue is adding support for the (apparently new) LOCAL_SET_PASSWORD flag to local_password_change(), without which pam_smbpass is a complete and utter no-op. The second, lesser issue is that with the advent of ldapsam, it's possible for pam_smbpass to generate a SIGPIPE that isn't handled by the calling application. The most basic signal wrapping is put in place to prevent this. Beyond that, the only thing in the patch is a bit of reformatting to make pam_smb_passwd.c look a bit more like the rest of the code in CVS. More of that later, I'm sure. (This used to be commit 1aecda300e0b44c133fe0cd2bafb166621dbc17a) --- source3/pam_smbpass/pam_smb_auth.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/pam_smbpass/pam_smb_auth.c') diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index e5cc12e2f6..f4cbb59af3 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -36,6 +36,8 @@ #define AUTH_RETURN \ do { \ + /* Restore application signal handler */ \ + CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); \ if(ret_data) { \ *ret_data = retval; \ pam_set_data( pamh, "smb_setcred_return" \ @@ -65,6 +67,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, SAM_ACCOUNT *sampass = NULL; extern BOOL in_client; const char *name; + void (*oldsig_handler)(int); BOOL found; /* Points to memory managed by the PAM library. Do not free. */ @@ -93,6 +96,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, _log_err( LOG_DEBUG, "username [%s] obtained", name ); } + /* Getting into places that might use LDAP -- protect the app + from a SIGPIPE it's not expecting */ + oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); + if (!initialize_password_db(True)) { _log_err( LOG_ALERT, "Cannot access samba password database" ); retval = PAM_AUTHINFO_UNAVAIL; -- cgit