2025-01-25 06:04:04 +03:00 · 2002-05-09 04:05:37 +00:00 · 2002-05-09 04:05:37 +00:00 · 9ac3ca512a
commit 9ac3ca512a
parent 6337369a90
6 changed files with 186 additions and 112 deletions
--- a/source3/pam_smbpass/INSTALL
+++ b/source3/pam_smbpass/INSTALL
@ -0,0 +1,64 @@
+
+Because pam_smbpass is derived from the Samba smbpasswd utility, recent
+versions of pam_smbpass require a copy of the Samba source code to be
+available on the build system.  Version 0.7.5 has been tested against
+Samba 2.2.0-alpha3, and this is the recommended version of Samba to use
+for building pam_smbpass.  This only affects /building/ pam_smbpass; you
+can still run any version of the Samba server that you want, although
+clearly it saves some disk space to have only one copy of the source
+code on your system (Samba 2.2.0-alpha3 takes roughly 32MB of disk space
+to build pam_smbpass).
+
+Version 0.7.5 features a new build system to make it easier to build
+pam_smbpass.
+
+
+Using the new build system
+==========================
+
+If you don't have a copy of the Samba source code on your machine, and you
+don't have a preferred Samba version (or mirror site), you can build
+pam_smbpass by just typing 'make'.
+
+If you want to use a version other than 2.2.0-alpha3, or you want to
+download the source code from a faster Samba mirror (see
+<http://us1.samba.org/samba/> for a list of mirror sites), please download
+the source code and unpack it before running make.  The build scripts will
+attempt to autodetect your Samba source directory, and if it can't be
+found automatically, you will be given the opportunity to specify an
+alternate directory for the Samba sources.
+
+Feedback is welcome if you try (or succeed!) to build pam_smbpass with
+other versions of Samba.
+
+
+Options to 'make'
+=================
+
+By default, pam_smbpass will configure the Samba build tree with the
+options
+
+    --with-fhs --with-privatedir=/etc --with-configdir=/etc
+
+This will configure pam_smbpass to look for the smbpasswd file as
+/etc/smbpasswd (or /etc/smbpasswd.tdb), and the smb.conf file as
+/etc/smb.conf.  You can override these options by setting CONFIGOPTS when
+calling make.  E.g., if you have your smb.conf file in /usr/etc and your
+smbpasswd file in /usr/etc/private, you might run
+
+    make CONFIGOPTS="--with-privatedir=/usr/etc/private --with-configdir=/usr/etc"
+
+For a complete list of available configuration options, see
+'./samba/configure --help'
+
+
+Installing the module
+=====================
+
+If all goes well in the build process, the file pam_smbpass.so will be
+created in the current directory.  Simply install the module into your
+system's PAM module directory:
+
+	install -m 755 -s bin/pam_smbpass.so /lib/security
+
+and you're all set.
--- a/source3/pam_smbpass/general.h
+++ b/source3/pam_smbpass/general.h
@ -121,3 +121,10 @@ struct _pam_failed_auth {
    char *agent;                /* attempt from user with name */
    int count;                  /* number of failures so far */
 };
+
+/*
+ * General use functions go here 
+ */
+
+/* from support.c */
+int make_remark(pam_handle_t *, unsigned int, int, const char *);
--- a/source3/pam_smbpass/pam_smb_acct.c
+++ b/source3/pam_smbpass/pam_smb_acct.c
@ -33,6 +33,7 @@

 #include "support.h"

+
 /*
 * pam_sm_acct_mgmt() verifies whether or not the account is disabled.
 *
@ -45,15 +46,12 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
    int retval;

    const char *name;
-    const char *p;
    SAM_ACCOUNT *sampass = NULL;

    extern BOOL in_client;

    /* Samba initialization. */
    setup_logging( "pam_smbpass", False );
-    charset_initialise();
-    codepage_initialise(lp_client_code_page());
    in_client = True;

    ctrl = set_ctrl( flags, argc, argv );
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@ -47,6 +47,7 @@ do {								\
 static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
                         const char *name, SAM_ACCOUNT *sampass, BOOL exist);

+
 /*
 * pam_sm_authenticate() authenticates users against the samba password file.
 *
@ -67,13 +68,11 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
    BOOL found;

    /* Points to memory managed by the PAM library. Do not free. */
-    const char *p = NULL;
+    char *p = NULL;


    /* Samba initialization. */
    setup_logging("pam_smbpass",False);
-    charset_initialise();
-    codepage_initialise(lp_client_code_page());
    in_client = True;

    ctrl = set_ctrl(flags, argc, argv);
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@ -35,8 +35,7 @@

 int smb_update_db( pam_handle_t *pamh, int ctrl, const char *user,  const char *pass_new )
 {
- char		c;
- int		retval, i;
+ int		retval;
 pstring	err_str;
 pstring	msg_str;

@ -94,12 +93,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,

    SAM_ACCOUNT *sampass = NULL;
    const char *user;
-    const char *pass_old, *pass_new;
+    char *pass_old;
+    char *pass_new;

    /* Samba initialization. */
    setup_logging( "pam_smbpass", False );
-    charset_initialise();
-    codepage_initialise(lp_client_code_page());
    in_client = True;

    ctrl = set_ctrl(flags, argc, argv);
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@ -62,6 +62,10 @@ int make_remark(pam_handle_t *, unsigned int, int, const char *);
 	void _cleanup(pam_handle_t *, void *, int);
 	char *_pam_delete(register char *);

+	/* default configuration file location */
+
+	char *servicesf = dyn_CONFIGFILE;
+
 	/* syslogging function for errors and other information */

 	void _log_err( int err, const char *format, ... )
@ -125,8 +129,7 @@ int make_remark( pam_handle_t * pamh, unsigned int ctrl
 int set_ctrl( int flags, int argc, const char **argv )
 {
    int i = 0;
-    static pstring servicesf = CONFIGFILE;
-    const char *service_file = servicesf;
+    const char *service_file = dyn_CONFIGFILE;
    unsigned int ctrl;

    ctrl = SMB_DEFAULTS;	/* the default selection of options */
@ -136,6 +139,9 @@ int set_ctrl( int flags, int argc, const char **argv )
    /* A good, sane default (matches Samba's behavior). */
    set( SMB__NONULL, ctrl );

+    /* initialize service file location */
+    service_file=servicesf;
+
    if (flags & PAM_SILENT) {
        set( SMB__QUIET, ctrl );
    }
@ -165,6 +171,8 @@ int set_ctrl( int flags, int argc, const char **argv )
 	_log_err( LOG_ERR, "Error loading service file %s", service_file );
    }

+    secrets_init();
+
    if (lp_null_passwords()) {
        set( SMB__NULLOK, ctrl );
    }
@ -303,7 +311,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
    uchar hash_pass[16];
    uchar lm_pw[16];
    uchar nt_pw[16];
-    int retval;
+    int retval = PAM_AUTH_ERR;
    char *data_name;
    const char *name;

@ -482,7 +490,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
 {
    int authtok_flag;
    int retval;
-    const char *item = NULL;
+    char *item = NULL;
    char *token;

    struct pam_message msg[3], *pmsg[3];