compile fixes; needs testing

(This used to be commit a3f68a963c)

source3/pam_smbpass/INSTALL

@@ -0,0 +1,64 @@
+
+Because pam_smbpass is derived from the Samba smbpasswd utility, recent
+versions of pam_smbpass require a copy of the Samba source code to be
+available on the build system.  Version 0.7.5 has been tested against
+Samba 2.2.0-alpha3, and this is the recommended version of Samba to use
+for building pam_smbpass.  This only affects /building/ pam_smbpass; you
+can still run any version of the Samba server that you want, although
+clearly it saves some disk space to have only one copy of the source
+code on your system (Samba 2.2.0-alpha3 takes roughly 32MB of disk space
+to build pam_smbpass).
+
+Version 0.7.5 features a new build system to make it easier to build
+pam_smbpass.
+
+
+Using the new build system
+==========================
+
+If you don't have a copy of the Samba source code on your machine, and you
+don't have a preferred Samba version (or mirror site), you can build
+pam_smbpass by just typing 'make'.
+
+If you want to use a version other than 2.2.0-alpha3, or you want to
+download the source code from a faster Samba mirror (see
+<http://us1.samba.org/samba/> for a list of mirror sites), please download
+the source code and unpack it before running make.  The build scripts will
+attempt to autodetect your Samba source directory, and if it can't be
+found automatically, you will be given the opportunity to specify an
+alternate directory for the Samba sources.
+
+Feedback is welcome if you try (or succeed!) to build pam_smbpass with
+other versions of Samba.
+
+
+Options to 'make'
+=================
+
+By default, pam_smbpass will configure the Samba build tree with the
+options
+
+    --with-fhs --with-privatedir=/etc --with-configdir=/etc
+
+This will configure pam_smbpass to look for the smbpasswd file as
+/etc/smbpasswd (or /etc/smbpasswd.tdb), and the smb.conf file as
+/etc/smb.conf.  You can override these options by setting CONFIGOPTS when
+calling make.  E.g., if you have your smb.conf file in /usr/etc and your
+smbpasswd file in /usr/etc/private, you might run
+
+    make CONFIGOPTS="--with-privatedir=/usr/etc/private --with-configdir=/usr/etc"
+
+For a complete list of available configuration options, see
+'./samba/configure --help'
+
+
+Installing the module
+=====================
+
+If all goes well in the build process, the file pam_smbpass.so will be
+created in the current directory.  Simply install the module into your
+system's PAM module directory:
+
+	install -m 755 -s bin/pam_smbpass.so /lib/security
+
+and you're all set.

source3/pam_smbpass/general.h

@@ -121,3 +121,10 @@ struct _pam_failed_auth {
     char *agent;                /* attempt from user with name */
     int count;                  /* number of failures so far */
 };
+
+/*
+ * General use functions go here 
+ */
+
+/* from support.c */
+int make_remark(pam_handle_t *, unsigned int, int, const char *);

source3/pam_smbpass/pam_smb_acct.c

@@ -33,6 +33,7 @@
 
 #include "support.h"
 
+
 /*
  * pam_sm_acct_mgmt() verifies whether or not the account is disabled.
  *
@@ -45,15 +46,12 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
     int retval;
 
     const char *name;
-    const char *p;
     SAM_ACCOUNT *sampass = NULL;
 
     extern BOOL in_client;
 
     /* Samba initialization. */
     setup_logging( "pam_smbpass", False );
-    charset_initialise();
-    codepage_initialise(lp_client_code_page());
     in_client = True;
 
     ctrl = set_ctrl( flags, argc, argv );

source3/pam_smbpass/pam_smb_auth.c

@@ -47,6 +47,7 @@ do {								\
 static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
                          const char *name, SAM_ACCOUNT *sampass, BOOL exist);
 
+
 /*
  * pam_sm_authenticate() authenticates users against the samba password file.
  *
@@ -67,13 +68,11 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
     BOOL found;
 
     /* Points to memory managed by the PAM library. Do not free. */
-    const char *p = NULL;
+    char *p = NULL;
 
 
     /* Samba initialization. */
     setup_logging("pam_smbpass",False);
-    charset_initialise();
-    codepage_initialise(lp_client_code_page());
     in_client = True;
 
     ctrl = set_ctrl(flags, argc, argv);

source3/pam_smbpass/pam_smb_passwd.c

@@ -35,8 +35,7 @@
 
 int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user,  const char *pass_new )
 {
- char		c;
- int		retval, i;
+ int		retval;
  pstring	err_str;
  pstring	msg_str;
 
@@ -94,12 +93,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
     SAM_ACCOUNT *sampass = NULL;
     const char *user;
-    const char *pass_old, *pass_new;
+    char *pass_old;
+    char *pass_new;
 
     /* Samba initialization. */
     setup_logging( "pam_smbpass", False );
-    charset_initialise();
-    codepage_initialise(lp_client_code_page());
     in_client = True;
 
     ctrl = set_ctrl(flags, argc, argv);

source3/pam_smbpass/support.c

@@ -1,132 +1,135 @@
-/* Unix NT password database implementation, version 0.6.
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
+	/* Unix NT password database implementation, version 0.6.
+	 *
+	 * This program is free software; you can redistribute it and/or modify it under
+	 * the terms of the GNU General Public License as published by the Free
+	 * Software Foundation; either version 2 of the License, or (at your option)
+	 * any later version.
+	 *
+	 * This program is distributed in the hope that it will be useful, but WITHOUT
+	 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+	 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+	 * more details.
+	 *
+	 * You should have received a copy of the GNU General Public License along with
+	 * this program; if not, write to the Free Software Foundation, Inc., 675
+	 * Mass Ave, Cambridge, MA 02139, USA.
+	 */
 
-#include "includes.h"
-#include "general.h"
+	#include "includes.h"
+	#include "general.h"
 
-#include "support.h"
+	#include "support.h"
 
 
-#define _pam_overwrite(x)        \
-do {                             \
-     register char *__xx__;      \
-     if ((__xx__=(x)))           \
-          while (*__xx__)        \
-               *__xx__++ = '\0'; \
-} while (0)
+	#define _pam_overwrite(x)        \
+	do {                             \
+	     register char *__xx__;      \
+	     if ((__xx__=(x)))           \
+		  while (*__xx__)        \
+		       *__xx__++ = '\0'; \
+	} while (0)
 
-/*
- * Don't just free it, forget it too.
- */
+	/*
+	 * Don't just free it, forget it too.
+	 */
 
-#define _pam_drop(X) \
-do {                 \
-    if (X) {         \
-        free(X);     \
-        X=NULL;      \
-    }                \
-} while (0)
+	#define _pam_drop(X) \
+	do {                 \
+	    if (X) {         \
+		free(X);     \
+		X=NULL;      \
+	    }                \
+	} while (0)
 
-#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
-do {                                              \
-    int reply_i;                                  \
-                                                  \
-    for (reply_i=0; reply_i<replies; ++reply_i) { \
-        if (reply[reply_i].resp) {                \
-            _pam_overwrite(reply[reply_i].resp);  \
-            free(reply[reply_i].resp);            \
-        }                                         \
-    }                                             \
-    if (reply)                                    \
-        free(reply);                              \
-} while (0)
+	#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+	do {                                              \
+	    int reply_i;                                  \
+							  \
+	    for (reply_i=0; reply_i<replies; ++reply_i) { \
+		if (reply[reply_i].resp) {                \
+		    _pam_overwrite(reply[reply_i].resp);  \
+		    free(reply[reply_i].resp);            \
+		}                                         \
+	    }                                             \
+	    if (reply)                                    \
+		free(reply);                              \
+	} while (0)
 
 
-int converse(pam_handle_t *, int, int, struct pam_message **,
-			 struct pam_response **);
-int make_remark(pam_handle_t *, unsigned int, int, const char *);
-void _cleanup(pam_handle_t *, void *, int);
-char *_pam_delete(register char *);
+	int converse(pam_handle_t *, int, int, struct pam_message **,
+				 struct pam_response **);
+	int make_remark(pam_handle_t *, unsigned int, int, const char *);
+	void _cleanup(pam_handle_t *, void *, int);
+	char *_pam_delete(register char *);
 
-/* syslogging function for errors and other information */
+	/* default configuration file location */
 
-void _log_err( int err, const char *format, ... )
-{
-    va_list args;
+	char *servicesf = dyn_CONFIGFILE;
 
-    va_start( args, format );
-    openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
-    vsyslog( err, format, args );
-    va_end( args );
-    closelog();
-}
+	/* syslogging function for errors and other information */
 
-/* this is a front-end for module-application conversations */
+	void _log_err( int err, const char *format, ... )
+	{
+	    va_list args;
 
-int converse( pam_handle_t * pamh, int ctrl, int nargs
-              , struct pam_message **message
-              , struct pam_response **response )
-{
-	int retval;
-	struct pam_conv *conv;
+	    va_start( args, format );
+	    openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
+	    vsyslog( err, format, args );
+	    va_end( args );
+	    closelog();
+	}
 
-	retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
-	if (retval == PAM_SUCCESS) {
+	/* this is a front-end for module-application conversations */
 
-		retval = conv->conv(nargs, (const struct pam_message **) message
-							,response, conv->appdata_ptr);
+	int converse( pam_handle_t * pamh, int ctrl, int nargs
+		      , struct pam_message **message
+		      , struct pam_response **response )
+	{
+		int retval;
+		struct pam_conv *conv;
 
-		if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
-			_log_err(LOG_DEBUG, "conversation failure [%s]"
+		retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+		if (retval == PAM_SUCCESS) {
+
+			retval = conv->conv(nargs, (const struct pam_message **) message
+								,response, conv->appdata_ptr);
+
+			if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
+				_log_err(LOG_DEBUG, "conversation failure [%s]"
+						 ,pam_strerror(pamh, retval));
+			}
+		} else {
+			_log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
 					 ,pam_strerror(pamh, retval));
 		}
-	} else {
-		_log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
-				 ,pam_strerror(pamh, retval));
+
+		return retval;				/* propagate error status */
 	}
 
-	return retval;				/* propagate error status */
-}
+	int make_remark( pam_handle_t * pamh, unsigned int ctrl
+			 , int type, const char *text )
+	{
+		if (off(SMB__QUIET, ctrl)) {
+			struct pam_message *pmsg[1], msg[1];
+			struct pam_response *resp;
 
-int make_remark( pam_handle_t * pamh, unsigned int ctrl
-                 , int type, const char *text )
-{
-	if (off(SMB__QUIET, ctrl)) {
-		struct pam_message *pmsg[1], msg[1];
-		struct pam_response *resp;
+			pmsg[0] = &msg[0];
+			msg[0].msg = text;
+			msg[0].msg_style = type;
+			resp = NULL;
 
-		pmsg[0] = &msg[0];
-		msg[0].msg = text;
-		msg[0].msg_style = type;
-		resp = NULL;
-
-		return converse(pamh, ctrl, 1, pmsg, &resp);
+			return converse(pamh, ctrl, 1, pmsg, &resp);
+		}
+		return PAM_SUCCESS;
 	}
-	return PAM_SUCCESS;
-}
 
 
-/* set the control flags for the SMB module. */
+	/* set the control flags for the SMB module. */
 
 int set_ctrl( int flags, int argc, const char **argv )
 {
     int i = 0;
-    static pstring servicesf = CONFIGFILE;
-    const char *service_file = servicesf;
+    const char *service_file = dyn_CONFIGFILE;
     unsigned int ctrl;
 
     ctrl = SMB_DEFAULTS;	/* the default selection of options */
@@ -136,6 +139,9 @@ int set_ctrl( int flags, int argc, const char **argv )
     /* A good, sane default (matches Samba's behavior). */
     set( SMB__NONULL, ctrl );
 
+    /* initialize service file location */
+    service_file=servicesf;
+
     if (flags & PAM_SILENT) {
         set( SMB__QUIET, ctrl );
     }
@@ -165,6 +171,8 @@ int set_ctrl( int flags, int argc, const char **argv )
 	_log_err( LOG_ERR, "Error loading service file %s", service_file );
     }
 
+    secrets_init();
+
     if (lp_null_passwords()) {
         set( SMB__NULLOK, ctrl );
     }
@@ -303,7 +311,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
     uchar hash_pass[16];
     uchar lm_pw[16];
     uchar nt_pw[16];
-    int retval;
+    int retval = PAM_AUTH_ERR;
     char *data_name;
     const char *name;
 
@@ -482,7 +490,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
 {
     int authtok_flag;
     int retval;
-    const char *item = NULL;
+    char *item = NULL;
     char *token;
 
     struct pam_message msg[3], *pmsg[3];