mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s3:smbd: use session_global_id as session number for pam and utmp
Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
parent
92d53dd7dc
commit
b288ddd5c0
@ -154,26 +154,6 @@
|
||||
/* Minimum length of allowed password when changing UNIX password. */
|
||||
#define MINPASSWDLENGTH 5
|
||||
|
||||
/* maximum ID number used for session control. This cannot be larger
|
||||
than 62*62 for the current code */
|
||||
#define MAX_SESSION_ID 3000
|
||||
|
||||
/* For the benifit of PAM and the 'session exec' scripts, we fake up a terminal
|
||||
name. This can be in one of two forms: The first for systems not using
|
||||
utmp (and therefore not constrained as to length or the need for a number
|
||||
< 3000 or so) and the second for systems with this 'well behaved terminal
|
||||
like name' constraint.
|
||||
*/
|
||||
|
||||
#ifndef SESSION_TEMPLATE
|
||||
/* Paramaters are 'pid' and 'vuid' */
|
||||
#define SESSION_TEMPLATE "smb/%lu/%llu"
|
||||
#endif
|
||||
|
||||
#ifndef SESSION_UTMP_TEMPLATE
|
||||
#define SESSION_UTMP_TEMPLATE "smb/%d"
|
||||
#endif
|
||||
|
||||
/* the maximum age in seconds of a password. Should be a lp_ parameter */
|
||||
#define MAX_PASSWORD_AGE (21*24*60*60)
|
||||
|
||||
|
@ -46,7 +46,6 @@ bool session_claim(struct smbXsrv_session *session)
|
||||
struct smbd_server_connection *sconn = session->connection->sconn;
|
||||
struct server_id pid = messaging_server_id(sconn->msg_ctx);
|
||||
TDB_DATA data;
|
||||
int i = 0;
|
||||
struct sessionid sessionid;
|
||||
fstring keystr;
|
||||
struct db_record *rec;
|
||||
@ -67,77 +66,21 @@ bool session_claim(struct smbXsrv_session *session)
|
||||
|
||||
ZERO_STRUCT(sessionid);
|
||||
|
||||
sessionid.id_num = session->global->session_global_id;
|
||||
|
||||
data.dptr = NULL;
|
||||
data.dsize = 0;
|
||||
|
||||
if (lp_utmp()) {
|
||||
snprintf(keystr, sizeof(keystr), "ID/%u", sessionid.id_num);
|
||||
snprintf(sessionid.id_str, sizeof(sessionid.id_str),
|
||||
"smb/%u", sessionid.id_num);
|
||||
|
||||
for (i=1;i<MAX_SESSION_ID;i++) {
|
||||
|
||||
/*
|
||||
* This is very inefficient and needs fixing -- vl
|
||||
*/
|
||||
|
||||
struct server_id sess_pid;
|
||||
TDB_DATA value;
|
||||
|
||||
snprintf(keystr, sizeof(keystr), "ID/%d", i);
|
||||
|
||||
rec = sessionid_fetch_record(NULL, keystr);
|
||||
if (rec == NULL) {
|
||||
DEBUG(1, ("Could not lock \"%s\"\n", keystr));
|
||||
return False;
|
||||
}
|
||||
|
||||
value = dbwrap_record_get_value(rec);
|
||||
|
||||
if (value.dsize != sizeof(sessionid)) {
|
||||
DEBUG(1, ("Re-using invalid record\n"));
|
||||
break;
|
||||
}
|
||||
|
||||
memcpy(&sess_pid,
|
||||
((char *)value.dptr)
|
||||
+ offsetof(struct sessionid, pid),
|
||||
sizeof(sess_pid));
|
||||
|
||||
if (!process_exists(sess_pid)) {
|
||||
DEBUG(5, ("%s has died -- re-using session\n",
|
||||
procid_str_static(&sess_pid)));
|
||||
break;
|
||||
}
|
||||
|
||||
TALLOC_FREE(rec);
|
||||
}
|
||||
|
||||
if (i == MAX_SESSION_ID) {
|
||||
SMB_ASSERT(rec == NULL);
|
||||
DEBUG(1,("session_claim: out of session IDs "
|
||||
"(max is %d)\n", MAX_SESSION_ID));
|
||||
return False;
|
||||
}
|
||||
|
||||
snprintf(sessionid.id_str, sizeof(sessionid.id_str),
|
||||
SESSION_UTMP_TEMPLATE, i);
|
||||
} else
|
||||
{
|
||||
snprintf(keystr, sizeof(keystr), "ID/%s/%llu",
|
||||
procid_str_static(&pid),
|
||||
(unsigned long long)vuser->vuid);
|
||||
|
||||
rec = sessionid_fetch_record(NULL, keystr);
|
||||
if (rec == NULL) {
|
||||
DEBUG(1, ("Could not lock \"%s\"\n", keystr));
|
||||
return False;
|
||||
}
|
||||
|
||||
snprintf(sessionid.id_str, sizeof(sessionid.id_str),
|
||||
SESSION_TEMPLATE, (long unsigned int)getpid(),
|
||||
(unsigned long long)vuser->vuid);
|
||||
rec = sessionid_fetch_record(NULL, keystr);
|
||||
if (rec == NULL) {
|
||||
DEBUG(1, ("Could not lock \"%s\"\n", keystr));
|
||||
return False;
|
||||
}
|
||||
|
||||
SMB_ASSERT(rec != NULL);
|
||||
|
||||
raddr = tsocket_address_inet_addr_string(session->connection->remote_address,
|
||||
talloc_tos());
|
||||
if (raddr == NULL) {
|
||||
@ -149,7 +92,6 @@ bool session_claim(struct smbXsrv_session *session)
|
||||
|
||||
fstrcpy(sessionid.username, vuser->session_info->unix_info->unix_name);
|
||||
fstrcpy(sessionid.hostname, sconn->remote_hostname);
|
||||
sessionid.id_num = i; /* Only valid for utmp sessions */
|
||||
sessionid.pid = pid;
|
||||
sessionid.uid = vuser->session_info->unix_token->uid;
|
||||
sessionid.gid = vuser->session_info->unix_token->gid;
|
||||
|
@ -472,22 +472,23 @@ static int ut_id_encode(int i, char *fourbyte)
|
||||
int nbase;
|
||||
const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||
|
||||
fourbyte[0] = 'S';
|
||||
fourbyte[1] = 'M';
|
||||
|
||||
/*
|
||||
* Encode remaining 2 bytes from 'i'.
|
||||
* 'ut_id_encstr' is the character set on which modulo arithmetic is done.
|
||||
* Example: digits would produce the base-10 numbers from '001'.
|
||||
*/
|
||||
nbase = strlen(ut_id_encstr);
|
||||
|
||||
fourbyte[0] = ut_id_encstr[i % nbase];
|
||||
i /= nbase;
|
||||
fourbyte[1] = ut_id_encstr[i % nbase];
|
||||
i /= nbase;
|
||||
fourbyte[3] = ut_id_encstr[i % nbase];
|
||||
i /= nbase;
|
||||
fourbyte[2] = ut_id_encstr[i % nbase];
|
||||
i /= nbase;
|
||||
|
||||
return(i); /* 0: good; else overflow */
|
||||
/* we do not care about overflows as i is a random number */
|
||||
return 0;
|
||||
}
|
||||
#endif /* defined(HAVE_UT_UT_ID) */
|
||||
|
||||
@ -517,11 +518,6 @@ static bool sys_utmp_fill(struct utmp *u,
|
||||
* ut_line:
|
||||
* If size limit proves troublesome, then perhaps use "ut_id_encode()".
|
||||
*/
|
||||
if (strlen(id_str) > sizeof(u->ut_line)) {
|
||||
DEBUG(1,("id_str [%s] is too long for %lu char utmp field\n",
|
||||
id_str, (unsigned long)sizeof(u->ut_line)));
|
||||
return False;
|
||||
}
|
||||
utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
|
||||
|
||||
#if defined(HAVE_UT_UT_PID)
|
||||
|
Loading…
Reference in New Issue
Block a user