2 files changed, 22 insertions, 15 deletions

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 6c0fe79845..698c6a1356 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -606,24 +606,33 @@ return True if the password is correct, False otherwise
 ****************************************************************************/
 BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
 {
+	BOOL ret;
+
 	if ((pwlen == 0) && !lp_null_passwords()) {
 		DEBUG(4,("Null passwords not allowed.\n"));
 		return False;
 	}
 
-	if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
-	{
+	if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) {
 		/* if 24 bytes long assume it is an encrypted password */
 		uchar challenge[8];
 
-		if (!last_challenge(challenge))
-		{
+		if (!last_challenge(challenge)) {
 			DEBUG(0,("Error: challenge not done for user=%s\n", user));
 			return False;
 		}
 
-		return pass_check_smb(user, global_myworkgroup,
+		ret = pass_check_smb(user, global_myworkgroup,
 		                      challenge, (uchar *)password, (uchar *)password, pwd);
+
+		/*
+		 * Try with PAM (may not be compiled in - returns True if not. JRA).
+		 * FIXME ! Should this be called if we're using winbindd ? What about
+		 * non-local accounts ? JRA.
+		 */
+
+		if (ret)
+			return pam_accountcheck(user);
 	} 
 
 	return pass_check(user, password, pwlen, pwd, 
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 4ede1d9a68..fb13019812 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -51,6 +51,7 @@ BOOL session_claim(uint16 vuid)
 	uint32 pid = (uint32)sys_getpid();
 	TDB_DATA key;		
 	fstring keystr;
+	char * hostname;
 
 	vuser->session_id = 0;
 
@@ -88,15 +89,12 @@ BOOL session_claim(uint16 vuid)
 		return False;
 	}
 
+	hostname = client_name();
+	if (strequal(hostname,"UNKNOWN"))
+		hostname = client_addr();
+
 	fstrcpy(sessionid.username, vuser->user.unix_name);
-#if WITH_UTMP	
-	fstrcpy(sessionid.hostname, lp_utmp_hostname());
-#else
-	{
-		extern fstring remote_machine;
-		fstrcpy(sessionid.hostname, remote_machine);
-	}
-#endif
+	fstrcpy(sessionid.hostname, hostname);
 	slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1, SESSION_TEMPLATE, i);
 	sessionid.id_num = i;
 	sessionid.pid = pid;
@@ -113,7 +111,7 @@ BOOL session_claim(uint16 vuid)
 	}
 
 #if WITH_PAM
-	if (!pam_session(True, sessionid.username, sessionid.id_str)) {
+	if (!pam_session(True, sessionid.username, sessionid.id_str, sessionid.hostname)) {
 		DEBUG(1,("pam_session rejected the session for %s [%s]\n",
 			 sessionid.username, sessionid.id_str));
 		tdb_delete(tdb, key);
@@ -169,7 +167,7 @@ void session_yield(uint16 vuid)
 #endif
 
 #if WITH_PAM
-	pam_session(False, sessionid.username, sessionid.id_str);
+	pam_session(False, sessionid.username, sessionid.id_str, sessionid.hostname);
 #endif
 
 	tdb_delete(tdb, key);