From nobody@FreeBSD.org  Thu Dec 13 18:58:14 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DED4F16A417
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Dec 2007 18:58:14 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id B8B4013C45B
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Dec 2007 18:58:14 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id lBDIw63D017644
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 13 Dec 2007 18:58:06 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id lBDIw6Jw017643;
	Thu, 13 Dec 2007 18:58:06 GMT
	(envelope-from nobody)
Message-Id: <200712131858.lBDIw6Jw017643@www.freebsd.org>
Date: Thu, 13 Dec 2007 18:58:06 GMT
From: Javier Martn Rueda <jmrueda@diatel.upm.es>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [net/samba3] Unix password synchronization with PAM does not work under Samba 3
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         118677
>Category:       ports
>Synopsis:       [net/samba3] Unix password synchronization with PAM does not work under Samba 3
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    timur
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 13 19:00:04 UTC 2007
>Closed-Date:    Fri Mar 18 10:25:13 UTC 2011
>Last-Modified:  Fri Mar 18 10:25:13 UTC 2011
>Originator:     Javier Martn Rueda
>Release:        FreeBSD 6.2 RELEASE
>Organization:
Universidad Politcnica de Madrid
>Environment:
FreeBSD mad6.diatel.upm.es 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 19 21:07:07 CET 2007     root@fbsd.localdomain:/usr/obj/usr/src/sys/AURORA  i386

>Description:
I set up a Windows NT domain with Samba as the PDC. I activate unix password synchronization in Samba, so that when a user changes the password from a Windows client it is updated in the Unix database as well. The problem is that it does not work. The Windows client reports "You don't have permission to change your password".

The relevant Samba configuration is:

unix password sync = yes
pam password change = yes
passwd chat = *Old*Password:* %o *New*Password* %n *Retype*New*Password* %n

I also create /etc/pam.d/samba with:

password        required        pam_unix.so

By the way, password synchronization without PAM doesn't work either.
The problem is that findpty() in source/chgpasswd.c attempts to find an
unused pseudoterminal device by opening /dev/pty00, /dev/pty01, etc.
That doesn't work because the devices don't show up in /dev unless they
are in use. I suppose that either some rules should be added to
/etc/devfs.rules to make them come up even if they are free, or maybe
the Samba code should be changed to use openpty(3).

>How-To-Repeat:

Configure Samba and PAM as described in "full description" and try to
change a user's password from Windows. You will get "You don't have
permission to change your password".

>Fix:

The pam_unix module creates a child process to execute pwd_mkdb and then
executes waitpid() to check if the child finished ok. The problem is
that the smbd daemon captures SIGCHLD and pam_unix doesn't get that
signal, and concludes that the pwd_mkdb process must have failed
somehow.

I enclose a patch to temporarily disable SIGCHLD capture while PAM
executes. Just drop it in the files directory of the samba port and
rebuild it.


Patch attached with submission follows:

--- smbd/chgpasswd.c.orig	Thu Mar  1 05:54:06 2007
+++ smbd/chgpasswd.c	Thu Dec 13 20:32:44 2007
@@ -502,11 +502,19 @@
 		if (as_root)
 			become_root();
 
+		/*
+		 * We need to temporarily stop CatchChild from eating
+		 * SIGCLD signals as it also eats the exit status code.
+		 * NOTE: pam_unix.so creates a child to run pwd_mkdb.
+		 */
+
+		CatchChildLeaveStatus();
 		if (pass) {
 			ret = smb_pam_passchange(pass->pw_name, oldpass, newpass);
 		} else {
 			ret = smb_pam_passchange(name, oldpass, newpass);
 		}
+		CatchChild();
 			
 		if (as_root)
 			unbecome_root();


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->timur 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Dec 13 19:00:08 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118677 
State-Changed-From-To: open->closed 
State-Changed-By: miwi 
State-Changed-When: Fri Mar 18 10:25:12 UTC 2011 
State-Changed-Why:  
samba3 was removed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=118677 
>Unformatted:
