Unix Password Sync Problem

doug_rintoul at SIL.ORG doug_rintoul at SIL.ORG
Fri May 7 19:00:00 GMT 1999 

There is a problem with smbd/chgpasswd.c in the findpty function in the main CVS
path, at least as of May 9, 1999 and still exists in the CVS I grabbed today. If
HAVE_GRANTPT is not defined then OpenDir is called with the first argument
(conn) being NULL. However when OpenDir (in smbd/dir) was modified for the
virtual file system support it started using conn without checking to see if it
was NULL. The third line in OpenDir is

  DIR *p = conn->vfs_ops.opendir(name);

This causes smbd to segfault when it tries to execute the above statement.
findpty is only called from chat_with_program which is only called when unix
password sync is set. I hacked OpenDir to use the old way of opening a directory
(using dos_opendir) if conn is NULL but there is probably a better solution (I
didn't have time to investigate what conn is used for and how to set it up
before calling OpenDir).

For you RedHat users out there complaining that the unix password sync does not
work for you, I have found a solution. There seems to be a timing problem when
chatting with passwd. The following patch now allows me to reliably change my
password from NT, changing both the unix and samba password.
--------------------- cut here ------------------------------------
--- samba990428/source/smbd/chgpasswd.c Fri Mar 26 16:38:58 1999
+++ samba/source/smbd/chgpasswd.c       Fri May  7 14:52:09 1999
@@ -280,6 +280,8 @@
       return(False);
     }

+    msleep(100);
+
     if (!next_token(&ptr,chatbuf,NULL,sizeof(chatbuf))) break;
     pwd_sub(chatbuf);
     if (!strequal(chatbuf,"."))
@@ -317,6 +319,8 @@

   /* we now have a pty */
   if (pid > 0){                        /* This is the parent process */
+    CatchSignal(SIGCLD, SIG_DFL);
+
     if ((chstat = talktochild(master, chatsequence)) == False) {
       DEBUG(3,("Child failed to change password: %s\n",name));
       kill(pid, SIGKILL); /* be sure to end this process */
@@ -328,6 +332,8 @@
       return(False);
     }

+    CatchChild();
+
     close(master);

     if (pid != wpid) {
--------------------- cut here ------------------------------------

This patch also incorporates Benjamin Kuit's patch he submitted on March 7,
1999. With the above changes, my users can now change their passwords to their
hearts content.

Doug Rintoul
SIL

-----Original Message-----
From: tas at microdisplay.com
Sent: Thursday, May 06, 1999 7:48 PM
To: Doug Rintoul; samba-ntdom at samba.org
Subject: Unix Password Sync Problem


Hi

I am using a NTDOM version of Samba quite successfully,
and I am now tackling the issue of syncronizing passwords
between NT and the Unix (Linux) machines serving as the
SAMBA PDC.

When I have:

   unix password sync = yes
#   passwd program = /usr/bin/passwd %u
#   passwd chat = *password* %n\n *password* %n\n *successful*
   passwd program = /usr/local/samba/mdc/passwdwrapper %u
   passwd chat = *password* %n\n *password* %n\n *alldone*

in my smb.conf, (I have my own wrapper program, is this
okay?) password changes on NT fail with:

Unable to change the password on this account (C0000000BE)

and my log.smb generates (debug level = 4) as its final lines
(do I go higher in levels? what am I looking for?)

[1999/05/06 17:32:11, 3] smbd/ipc.c:reply_trans(3601)
  trans <\PIPE\> data=1176 params=0 setup=2
[1999/05/06 17:32:11, 3] smbd/ipc.c:named_pipe(3456)
  named pipe command on <> name
[1999/05/06 17:32:11, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(387)
  search for pipe pnum=7016
[1999/05/06 17:32:11, 1] smbd/ipc.c:api_fd_reply(3280)
  api_fd_reply: INVALID PIPE HANDLE: 7016
[1999/05/06 17:32:11, 3] smbd/ipc.c:api_no_reply(3198)
  Unsupported API fd command
[1999/05/06 17:32:21, 3] lib/doscalls.c:dos_ChDir(329)
  dos_ChDir to /usr/local/samba/lib

The password changes work fine without the  "unix password sync" section
commented out.
The error happens when I use the machine passwd program or my wrapper
program.

Any suggestions? This should work with the NTDOM path, correct?

Thanks,
Todd

--
[--- [--- [--- [--- [--- [--- [--- [--- [--- [---
Todd Stiers
Director of Systems Administration
The MicroDisplay Corporation
http://www.microdisplay.com (510)243-9515x129
---] ---] ---] ---] ---] ---] ---] ---] ---] ---]

More information about the samba-ntdom mailing list