sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

Commit of a modified version of Andrew Bartlett's patch that removes the

Browse Source 
horrid utmp hostname parameter - now uses the client name instead.
Also tidies up some of the unencrypted password checking when PAM
is compiled in.
FIXME ! An pam_accountcheck() is being called even when smb encrypted
passwords are negotiated. Is this the correct thing to do when winbindd
is running ! This needs *SEVERE* testing....
Jeremy.
(This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
This commit is contained in:
Jeremy Allison 2001-04-22 07:20:24 +00:00
parent 130f31f571
commit e277c08631
7 changed files with 225 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
source3/auth/pampass.c
View File

@ -61,8 +61,7 @@ static char *PAM_password;
static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
{
if( pam_error != PAM_SUCCESS)
{
if( pam_error != PAM_SUCCESS) {
DEBUG(dbglvl, ("PAM: %s : %s\n", msg, pam_strerror(pamh, pam_error)));
return False;
}
@ -87,10 +86,8 @@ static int PAM_conv(int num_msg,
if (!reply)
return PAM_CONV_ERR;
for (replies = 0; replies < num_msg; replies++)
{
switch (msg[replies]->msg_style)
{
for (replies = 0; replies < num_msg; replies++) {
switch (msg[replies]->msg_style) {
case PAM_PROMPT_ECHO_ON:
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp =
@ -135,58 +132,58 @@ static struct pam_conv PAM_conversation = {
*/
static BOOL proc_pam_end(pam_handle_t *pamh)
{
int pam_error;
int pam_error;
if( pamh != NULL )
{
if( pamh != NULL ) {
pam_error = pam_end(pamh, 0);
if(pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
DEBUG(4, ("PAM: PAM_END OK.\n"));
return True;
return True;
}
}
DEBUG(2,("PAM: not initialised"));
return False;
}
DEBUG(2,("PAM: not initialised"));
return False;
}
/*
* Start PAM authentication for specified account
*/
static BOOL proc_pam_start(pam_handle_t **pamh, char *user)
static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost)
{
int pam_error;
char * rhost;
int pam_error;
DEBUG(4,("PAM: Init user: %s\n", user));
DEBUG(4,("PAM: Init user: %s\n", user));
pam_error = pam_start("samba", user, &PAM_conversation, pamh);
if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
proc_pam_end(*pamh);
return False;
}
pam_error = pam_start("samba", user, &PAM_conversation, pamh);
if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
proc_pam_end(*pamh);
return False;
}
rhost = client_name();
if (strcmp(rhost,"UNKNOWN") == 0)
rhost = client_addr();
if (rhost == NULL) {
rhost = client_name();
if (strequal(rhost,"UNKNOWN"))
rhost = client_addr();
}
#ifdef PAM_RHOST
DEBUG(4,("PAM: setting rhost to: %s\n", rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
proc_pam_end(*pamh);
return False;
}
DEBUG(4,("PAM: setting rhost to: %s\n", rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
proc_pam_end(*pamh);
return False;
}
#endif
#ifdef PAM_TTY
DEBUG(4,("PAM: setting tty\n"));
pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(*pamh);
return False;
}
DEBUG(4,("PAM: setting tty\n"));
pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(*pamh);
return False;
}
#endif
DEBUG(4,("PAM: Init passed for user: %s\n", user));
return True;
DEBUG(4,("PAM: Init passed for user: %s\n", user));
return True;
}
/*
@ -201,7 +198,7 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password)
* auth required /lib/security/pam_pwdb.so nullok shadow audit
*/
DEBUG(4,("PAM: Authenticate User: %s\n", user));
DEBUG(4,("PAM: Authenticate User: %s\n", user));
pam_error = pam_authenticate(pamh, PAM_SILENT); /* Can we authenticate user? */
switch( pam_error ){
case PAM_AUTH_ERR:
@ -243,7 +240,7 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
{
int pam_error;
DEBUG(4,("PAM: Account Management for User: %s\n", user));
DEBUG(4,("PAM: Account Management for User: %s\n", user));
pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */
switch( pam_error ) {
case PAM_AUTHTOK_EXPIRED:
@ -285,7 +282,7 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
* exporting an AFS cell, be able to /write/ to this cell.
*/
DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
switch( pam_error ) {
case PAM_CRED_UNAVAIL:
@ -321,49 +318,46 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
*/
static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
{
int pam_error;
int pam_error;
PAM_password = NULL;
PAM_username = user;
PAM_password = NULL;
PAM_username = user;
#ifdef PAM_TTY
DEBUG(4,("PAM: tty set to: %s\n", tty));
pam_error = pam_set_item(pamh, PAM_TTY, tty);
if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(pamh);
return False;
}
DEBUG(4,("PAM: tty set to: %s\n", tty));
pam_error = pam_set_item(pamh, PAM_TTY, tty);
if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(pamh);
return False;
}
#endif
if (flag) {
pam_error = pam_open_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
proc_pam_end(pamh);
return False;
}
}
else
{
pam_error = pam_close_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) {
proc_pam_end(pamh);
return False;
}
}
return (True);
if (flag) {
pam_error = pam_open_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
proc_pam_end(pamh);
return False;
}
} else {
pam_error = pam_close_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) {
proc_pam_end(pamh);
return False;
}
}
return (True);
}
/*
* PAM Externally accessible Session handler
*/
BOOL pam_session(BOOL flag, const char *in_user, char *tty)
BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost)
{
pam_handle_t *pamh = NULL;
char * user;
user = malloc(strlen(in_user)+1);
if ( user == NULL )
{
if ( user == NULL ) {
DEBUG(0, ("PAM: PAM_session Malloc Failed!\n"));
return False;
}
@ -371,20 +365,16 @@ BOOL pam_session(BOOL flag, const char *in_user, char *tty)
/* This is freed by PAM */
StrnCpy(user, in_user, strlen(in_user)+1);
if (!proc_pam_start(&pamh, user))
{
proc_pam_end(pamh);
return False;
if (!proc_pam_start(&pamh, user, rhost)) {
proc_pam_end(pamh);
return False;
}
if (proc_pam_session(pamh, user, tty, flag))
{
return proc_pam_end(pamh);
}
else
{
proc_pam_end(pamh);
return False;
if (proc_pam_session(pamh, user, tty, flag)) {
return proc_pam_end(pamh);
} else {
proc_pam_end(pamh);
return False;
}
}
@ -398,12 +388,10 @@ BOOL pam_accountcheck(char * user)
PAM_username = user;
PAM_password = NULL;
if( proc_pam_start(&pamh, user))
{
if ( pam_account(pamh, user, NULL, False))
{
return( proc_pam_end(pamh));
}
if( proc_pam_start(&pamh, user, NULL)) {
if ( pam_account(pamh, user, NULL, False)) {
return( proc_pam_end(pamh));
}
}
DEBUG(0, ("PAM: Account Validation Failed - Rejecting User!\n"));
return( False );
@ -419,12 +407,9 @@ BOOL pam_passcheck(char * user, char * password)
PAM_username = user;
PAM_password = password;
if( proc_pam_start(&pamh, user))
{
if ( pam_auth(pamh, user, password))
{
if ( pam_account(pamh, user, password, True))
{
if( proc_pam_start(&pamh, user, NULL)) {
if ( pam_auth(pamh, user, password)) {
if ( pam_account(pamh, user, password, True)) {
return( proc_pam_end(pamh));
}
}
@ -435,8 +420,10 @@ BOOL pam_passcheck(char * user, char * password)
#else
/* Do *NOT* make this function static. Doing so breaks the compile on gcc */
void pampass_dummy_function( void ) { } /*This stops compiler complaints */
/* If PAM not used, no PAM restrictions on accounts. */
BOOL pam_accountcheck(char * user)
{
return True;
}
#endif /* WITH_PAM */

19
source3/auth/pass_check.c
View File

@ -681,12 +681,13 @@ the function pointer fn() points to a function to call when a successful
match is found and is used to update the encrypted password file
return True on correct match, False otherwise
****************************************************************************/
BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
BOOL (*fn) (char *, char *))
{
pstring pass2;
int level = lp_passwordlevel();
struct passwd *pass;
struct passwd *pass = NULL;
if (password)
password[pwlen] = 0;
@ -708,8 +709,20 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
pass = Get_Pwnam(user, True);
}
#ifdef WITH_PAM
DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen));
/*
* If we're using PAM we want to short-circuit all the
* checks below and dive straight into the PAM code.
*/
fstrcpy(this_user, user);
DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
#else /* Not using PAM */
DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
if (!pass) {
DEBUG(3, ("Couldn't find user %s\n", user));
@ -802,6 +815,8 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
}
}
#endif /* WITH_PAM */
/* try it as it came to us */
if (password_check(password)) {
if (fn)

2
source3/include/proto.h
View File

@ -1922,7 +1922,7 @@ BOOL pdb_generate_sam_sid(void);
/*The following definitions come from passdb/pampass.c */
BOOL pam_session(BOOL flag, const char *in_user, char *tty);
BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost);
BOOL pam_accountcheck(char * user);
BOOL pam_passcheck(char * user, char * password);

181
source3/passdb/pampass.c
View File

@ -61,8 +61,7 @@ static char *PAM_password;
static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
{
if( pam_error != PAM_SUCCESS)
{
if( pam_error != PAM_SUCCESS) {
DEBUG(dbglvl, ("PAM: %s : %s\n", msg, pam_strerror(pamh, pam_error)));
return False;
}
@ -87,10 +86,8 @@ static int PAM_conv(int num_msg,
if (!reply)
return PAM_CONV_ERR;
for (replies = 0; replies < num_msg; replies++)
{
switch (msg[replies]->msg_style)
{
for (replies = 0; replies < num_msg; replies++) {
switch (msg[replies]->msg_style) {
case PAM_PROMPT_ECHO_ON:
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp =
@ -135,58 +132,58 @@ static struct pam_conv PAM_conversation = {
*/
static BOOL proc_pam_end(pam_handle_t *pamh)
{
int pam_error;
int pam_error;
if( pamh != NULL )
{
if( pamh != NULL ) {
pam_error = pam_end(pamh, 0);
if(pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
DEBUG(4, ("PAM: PAM_END OK.\n"));
return True;
return True;
}
}
DEBUG(2,("PAM: not initialised"));
return False;
}
DEBUG(2,("PAM: not initialised"));
return False;
}
/*
* Start PAM authentication for specified account
*/
static BOOL proc_pam_start(pam_handle_t **pamh, char *user)
static BOOL proc_pam_start(pam_handle_t **pamh, char *user, char *rhost)
{
int pam_error;
char * rhost;
int pam_error;
DEBUG(4,("PAM: Init user: %s\n", user));
DEBUG(4,("PAM: Init user: %s\n", user));
pam_error = pam_start("samba", user, &PAM_conversation, pamh);
if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
proc_pam_end(*pamh);
return False;
}
pam_error = pam_start("samba", user, &PAM_conversation, pamh);
if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
proc_pam_end(*pamh);
return False;
}
rhost = client_name();
if (strcmp(rhost,"UNKNOWN") == 0)
rhost = client_addr();
if (rhost == NULL) {
rhost = client_name();
if (strequal(rhost,"UNKNOWN"))
rhost = client_addr();
}
#ifdef PAM_RHOST
DEBUG(4,("PAM: setting rhost to: %s\n", rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
proc_pam_end(*pamh);
return False;
}
DEBUG(4,("PAM: setting rhost to: %s\n", rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
proc_pam_end(*pamh);
return False;
}
#endif
#ifdef PAM_TTY
DEBUG(4,("PAM: setting tty\n"));
pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(*pamh);
return False;
}
DEBUG(4,("PAM: setting tty\n"));
pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(*pamh);
return False;
}
#endif
DEBUG(4,("PAM: Init passed for user: %s\n", user));
return True;
DEBUG(4,("PAM: Init passed for user: %s\n", user));
return True;
}
/*
@ -201,7 +198,7 @@ static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password)
* auth required /lib/security/pam_pwdb.so nullok shadow audit
*/
DEBUG(4,("PAM: Authenticate User: %s\n", user));
DEBUG(4,("PAM: Authenticate User: %s\n", user));
pam_error = pam_authenticate(pamh, PAM_SILENT); /* Can we authenticate user? */
switch( pam_error ){
case PAM_AUTH_ERR:
@ -243,7 +240,7 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
{
int pam_error;
DEBUG(4,("PAM: Account Management for User: %s\n", user));
DEBUG(4,("PAM: Account Management for User: %s\n", user));
pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */
switch( pam_error ) {
case PAM_AUTHTOK_EXPIRED:
@ -285,7 +282,7 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
* exporting an AFS cell, be able to /write/ to this cell.
*/
DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
switch( pam_error ) {
case PAM_CRED_UNAVAIL:
@ -321,49 +318,46 @@ static BOOL pam_account(pam_handle_t *pamh, char * user, char * password, BOOL p
*/
static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
{
int pam_error;
int pam_error;
PAM_password = NULL;
PAM_username = user;
PAM_password = NULL;
PAM_username = user;
#ifdef PAM_TTY
DEBUG(4,("PAM: tty set to: %s\n", tty));
pam_error = pam_set_item(pamh, PAM_TTY, tty);
if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(pamh);
return False;
}
DEBUG(4,("PAM: tty set to: %s\n", tty));
pam_error = pam_set_item(pamh, PAM_TTY, tty);
if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
proc_pam_end(pamh);
return False;
}
#endif
if (flag) {
pam_error = pam_open_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
proc_pam_end(pamh);
return False;
}
}
else
{
pam_error = pam_close_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) {
proc_pam_end(pamh);
return False;
}
}
return (True);
if (flag) {
pam_error = pam_open_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
proc_pam_end(pamh);
return False;
}
} else {
pam_error = pam_close_session(pamh, PAM_SILENT);
if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) {
proc_pam_end(pamh);
return False;
}
}
return (True);
}
/*
* PAM Externally accessible Session handler
*/
BOOL pam_session(BOOL flag, const char *in_user, char *tty)
BOOL pam_session(BOOL flag, const char *in_user, char *tty, char *rhost)
{
pam_handle_t *pamh = NULL;
char * user;
user = malloc(strlen(in_user)+1);
if ( user == NULL )
{
if ( user == NULL ) {
DEBUG(0, ("PAM: PAM_session Malloc Failed!\n"));
return False;
}
@ -371,20 +365,16 @@ BOOL pam_session(BOOL flag, const char *in_user, char *tty)
/* This is freed by PAM */
StrnCpy(user, in_user, strlen(in_user)+1);
if (!proc_pam_start(&pamh, user))
{
proc_pam_end(pamh);
return False;
if (!proc_pam_start(&pamh, user, rhost)) {
proc_pam_end(pamh);
return False;
}
if (proc_pam_session(pamh, user, tty, flag))
{
return proc_pam_end(pamh);
}
else
{
proc_pam_end(pamh);
return False;
if (proc_pam_session(pamh, user, tty, flag)) {
return proc_pam_end(pamh);
} else {
proc_pam_end(pamh);
return False;
}
}
@ -398,12 +388,10 @@ BOOL pam_accountcheck(char * user)
PAM_username = user;
PAM_password = NULL;
if( proc_pam_start(&pamh, user))
{
if ( pam_account(pamh, user, NULL, False))
{
return( proc_pam_end(pamh));
}
if( proc_pam_start(&pamh, user, NULL)) {
if ( pam_account(pamh, user, NULL, False)) {
return( proc_pam_end(pamh));
}
}
DEBUG(0, ("PAM: Account Validation Failed - Rejecting User!\n"));
return( False );
@ -419,12 +407,9 @@ BOOL pam_passcheck(char * user, char * password)
PAM_username = user;
PAM_password = password;
if( proc_pam_start(&pamh, user))
{
if ( pam_auth(pamh, user, password))
{
if ( pam_account(pamh, user, password, True))
{
if( proc_pam_start(&pamh, user, NULL)) {
if ( pam_auth(pamh, user, password)) {
if ( pam_account(pamh, user, password, True)) {
return( proc_pam_end(pamh));
}
}
@ -435,8 +420,10 @@ BOOL pam_passcheck(char * user, char * password)
#else
/* Do *NOT* make this function static. Doing so breaks the compile on gcc */
void pampass_dummy_function( void ) { } /*This stops compiler complaints */
/* If PAM not used, no PAM restrictions on accounts. */
BOOL pam_accountcheck(char * user)
{
return True;
}
#endif /* WITH_PAM */

19
source3/passdb/pass_check.c
View File

@ -681,12 +681,13 @@ the function pointer fn() points to a function to call when a successful
match is found and is used to update the encrypted password file
return True on correct match, False otherwise
****************************************************************************/
BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
BOOL (*fn) (char *, char *))
{
pstring pass2;
int level = lp_passwordlevel();
struct passwd *pass;
struct passwd *pass = NULL;
if (password)
password[pwlen] = 0;
@ -708,8 +709,20 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
pass = Get_Pwnam(user, True);
}
#ifdef WITH_PAM
DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen));
/*
* If we're using PAM we want to short-circuit all the
* checks below and dive straight into the PAM code.
*/
fstrcpy(this_user, user);
DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
#else /* Not using PAM */
DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
if (!pass) {
DEBUG(3, ("Couldn't find user %s\n", user));
@ -802,6 +815,8 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
}
}
#endif /* WITH_PAM */
/* try it as it came to us */
if (password_check(password)) {
if (fn)

19
source3/smbd/password.c
View File

@ -606,24 +606,33 @@ return True if the password is correct, False otherwise
****************************************************************************/
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
{
BOOL ret;
if ((pwlen == 0) && !lp_null_passwords()) {
DEBUG(4,("Null passwords not allowed.\n"));
return False;
}
if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
{
if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) {
/* if 24 bytes long assume it is an encrypted password */
uchar challenge[8];
if (!last_challenge(challenge))
{
if (!last_challenge(challenge)) {
DEBUG(0,("Error: challenge not done for user=%s\n", user));
return False;
}
return pass_check_smb(user, global_myworkgroup,
ret = pass_check_smb(user, global_myworkgroup,
challenge, (uchar *)password, (uchar *)password, pwd);
/*
* Try with PAM (may not be compiled in - returns True if not. JRA).
* FIXME ! Should this be called if we're using winbindd ? What about
* non-local accounts ? JRA.
*/
if (ret)
return pam_accountcheck(user);
}
return pass_check(user, password, pwlen, pwd,

18
source3/smbd/session.c
View File

@ -51,6 +51,7 @@ BOOL session_claim(uint16 vuid)
uint32 pid = (uint32)sys_getpid();
TDB_DATA key;
fstring keystr;
char * hostname;
vuser->session_id = 0;
@ -88,15 +89,12 @@ BOOL session_claim(uint16 vuid)
return False;
}
hostname = client_name();
if (strequal(hostname,"UNKNOWN"))
hostname = client_addr();
fstrcpy(sessionid.username, vuser->user.unix_name);
#if WITH_UTMP
fstrcpy(sessionid.hostname, lp_utmp_hostname());
#else
{
extern fstring remote_machine;
fstrcpy(sessionid.hostname, remote_machine);
}
#endif
fstrcpy(sessionid.hostname, hostname);
slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1, SESSION_TEMPLATE, i);
sessionid.id_num = i;
sessionid.pid = pid;
@ -113,7 +111,7 @@ BOOL session_claim(uint16 vuid)
}
#if WITH_PAM
if (!pam_session(True, sessionid.username, sessionid.id_str)) {
if (!pam_session(True, sessionid.username, sessionid.id_str, sessionid.hostname)) {
DEBUG(1,("pam_session rejected the session for %s [%s]\n",
sessionid.username, sessionid.id_str));
tdb_delete(tdb, key);
@ -169,7 +167,7 @@ void session_yield(uint16 vuid)
#endif
#if WITH_PAM
pam_session(False, sessionid.username, sessionid.id_str);
pam_session(False, sessionid.username, sessionid.id_str, sessionid.hostname);
#endif
tdb_delete(tdb, key);