summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-04-22 07:20:24 +0000
committerJeremy Allison <jra@samba.org>2001-04-22 07:20:24 +0000
commite277c08631316ccda875a09a67ebb220c495c5a9 (patch)
treeee9941fd02f0d9e551691de1719eb0a2205fb81b /source3/smbd
parent130f31f5713d43ea2f237cfe0fc142a171eeb82f (diff)
downloadsamba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.gz
samba-e277c08631316ccda875a09a67ebb220c495c5a9.tar.bz2
samba-e277c08631316ccda875a09a67ebb220c495c5a9.zip
Commit of a modified version of Andrew Bartlett's patch that removes the
horrid utmp hostname parameter - now uses the client name instead. Also tidies up some of the unencrypted password checking when PAM is compiled in. FIXME ! An pam_accountcheck() is being called even when smb encrypted passwords are negotiated. Is this the correct thing to do when winbindd is running ! This needs *SEVERE* testing.... Jeremy. (This used to be commit 071c799f479dd25efdb9c41745fc8f2beea7b568)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/password.c19
-rw-r--r--source3/smbd/session.c18
2 files changed, 22 insertions, 15 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 6c0fe79845..698c6a1356 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -606,24 +606,33 @@ return True if the password is correct, False otherwise
****************************************************************************/
BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
{
+ BOOL ret;
+
if ((pwlen == 0) && !lp_null_passwords()) {
DEBUG(4,("Null passwords not allowed.\n"));
return False;
}
- if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
- {
+ if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) {
/* if 24 bytes long assume it is an encrypted password */
uchar challenge[8];
- if (!last_challenge(challenge))
- {
+ if (!last_challenge(challenge)) {
DEBUG(0,("Error: challenge not done for user=%s\n", user));
return False;
}
- return pass_check_smb(user, global_myworkgroup,
+ ret = pass_check_smb(user, global_myworkgroup,
challenge, (uchar *)password, (uchar *)password, pwd);
+
+ /*
+ * Try with PAM (may not be compiled in - returns True if not. JRA).
+ * FIXME ! Should this be called if we're using winbindd ? What about
+ * non-local accounts ? JRA.
+ */
+
+ if (ret)
+ return pam_accountcheck(user);
}
return pass_check(user, password, pwlen, pwd,
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 4ede1d9a68..fb13019812 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -51,6 +51,7 @@ BOOL session_claim(uint16 vuid)
uint32 pid = (uint32)sys_getpid();
TDB_DATA key;
fstring keystr;
+ char * hostname;
vuser->session_id = 0;
@@ -88,15 +89,12 @@ BOOL session_claim(uint16 vuid)
return False;
}
+ hostname = client_name();
+ if (strequal(hostname,"UNKNOWN"))
+ hostname = client_addr();
+
fstrcpy(sessionid.username, vuser->user.unix_name);
-#if WITH_UTMP
- fstrcpy(sessionid.hostname, lp_utmp_hostname());
-#else
- {
- extern fstring remote_machine;
- fstrcpy(sessionid.hostname, remote_machine);
- }
-#endif
+ fstrcpy(sessionid.hostname, hostname);
slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1, SESSION_TEMPLATE, i);
sessionid.id_num = i;
sessionid.pid = pid;
@@ -113,7 +111,7 @@ BOOL session_claim(uint16 vuid)
}
#if WITH_PAM
- if (!pam_session(True, sessionid.username, sessionid.id_str)) {
+ if (!pam_session(True, sessionid.username, sessionid.id_str, sessionid.hostname)) {
DEBUG(1,("pam_session rejected the session for %s [%s]\n",
sessionid.username, sessionid.id_str));
tdb_delete(tdb, key);
@@ -169,7 +167,7 @@ void session_yield(uint16 vuid)
#endif
#if WITH_PAM
- pam_session(False, sessionid.username, sessionid.id_str);
+ pam_session(False, sessionid.username, sessionid.id_str, sessionid.hostname);
#endif
tdb_delete(tdb, key);