summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/chgpasswd.c21
-rw-r--r--source3/smbd/password.c44
-rw-r--r--source3/smbd/session.c20
3 files changed, 48 insertions, 37 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 21b7722307..72e97abc3b 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -54,6 +54,24 @@ extern struct passdb_ops pdb_ops;
#if ALLOW_CHANGE_PASSWORD
+#ifdef WITH_PAM
+BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
+{
+ BOOL ret;
+
+ if (as_root)
+ become_root();
+
+ ret = smb_pam_passchange(name, oldpass, newpass);
+
+ if (as_root)
+ unbecome_root();
+
+ return ret;
+}
+
+#else /* WITH_PAM */
+
static int findpty(char **slave)
{
int master;
@@ -527,7 +545,10 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
(passwordprogram, name, chatsequence, as_root));
}
+#endif /* WITH_PAM */
+
#else /* ALLOW_CHANGE_PASSWORD */
+
BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
{
DEBUG(0, ("Password changing not compiled in (user=%s)\n", name));
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index ba882f2bf2..03d96bebc0 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -453,25 +453,21 @@ BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8],
user_name = pdb_get_username(sampass);
- DEBUG(4,("Checking SMB password for user %s\n",user_name));
+ DEBUG(4,("smb_password_ok: Checking SMB password for user %s\n",user_name));
if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
- DEBUG(1,("account for user %s was disabled.\n", user_name));
+ DEBUG(1,("smb_password_ok: account for user %s was disabled.\n", user_name));
return(False);
}
- if (chal == NULL)
- {
- DEBUG(5,("use last SMBnegprot challenge\n"));
- if (!last_challenge(challenge))
- {
- DEBUG(1,("no challenge done - password failed\n"));
+ if (chal == NULL) {
+ DEBUG(5,("smb_password_ok: use last SMBnegprot challenge\n"));
+ if (!last_challenge(challenge)) {
+ DEBUG(1,("smb_password_ok: no challenge done - password failed\n"));
return False;
}
- }
- else
- {
- DEBUG(5,("challenge received\n"));
+ } else {
+ DEBUG(5,("smb_password_ok: challenge received\n"));
memcpy(challenge, chal, 8);
}
@@ -482,35 +478,33 @@ BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8],
use it (ie. does it exist in the smbpasswd file).
*/
DEBUG(4,("smb_password_ok: Checking NT MD4 password\n"));
- if (smb_password_check((char *)nt_pass, (uchar *)nt_pw, challenge))
- {
- DEBUG(4,("NT MD4 password check succeeded\n"));
+ if (smb_password_check((char *)nt_pass, (uchar *)nt_pw, challenge)) {
+ DEBUG(4,("smb_password_ok: NT MD4 password check succeeded\n"));
return(True);
}
- DEBUG(4,("NT MD4 password check failed\n"));
+ DEBUG(4,("smb_password_ok: NT MD4 password check failed\n"));
}
/* Try against the lanman password. pdb_get_lanman_passwd(sampass) == NULL
means no password, allow access. */
- DEBUG(4,("Checking LM MD4 password\n"));
-
lm_pw = pdb_get_lanman_passwd(sampass);
if((lm_pw == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
{
- DEBUG(4,("no password required for user %s\n",user_name));
+ DEBUG(4,("smb_password_ok: no password required for user %s\n",user_name));
return True;
}
- if((lm_pw != NULL) && smb_password_check((char *)lm_pass,(uchar *)lm_pw, challenge))
- {
- DEBUG(4,("LM MD4 password check succeeded\n"));
- return(True);
+ if(lp_lanman_auth() && (lm_pw != NULL)) {
+ DEBUG(4,("smb_password_ok: Checking LM password\n"));
+ if(smb_password_check((char *)lm_pass,(uchar *)lm_pw, challenge)) {
+ DEBUG(4,("smb_password_ok: LM password check succeeded\n"));
+ return(True);
+ }
+ DEBUG(4,("smb_password_ok: LM password check failed\n"));
}
- DEBUG(4,("LM MD4 password check failed\n"));
-
return False;
}
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 3131fb9f54..40654c0f43 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -99,6 +99,13 @@ BOOL session_claim(uint16 vuid)
sessionid.id_num = i;
sessionid.pid = pid;
+ if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, sessionid.hostname)) {
+ DEBUG(1,("pam_session rejected the session for %s [%s]\n",
+ sessionid.username, sessionid.id_str));
+ tdb_delete(tdb, key);
+ return False;
+ }
+
dlen = tdb_pack(dbuf, sizeof(dbuf), "fffdd",
sessionid.username, sessionid.hostname, sessionid.id_str,
sessionid.id_num, sessionid.pid);
@@ -110,15 +117,6 @@ BOOL session_claim(uint16 vuid)
return False;
}
-#if WITH_PAM
- if (!smb_pam_session(True, sessionid.username, sessionid.id_str, sessionid.hostname)) {
- DEBUG(1,("smb_pam_session rejected the session for %s [%s]\n",
- sessionid.username, sessionid.id_str));
- tdb_delete(tdb, key);
- return False;
- }
-#endif
-
#if WITH_UTMP
if (lp_utmp()) {
sys_utmp_claim(sessionid.username, sessionid.hostname,
@@ -169,9 +167,7 @@ void session_yield(uint16 vuid)
}
#endif
-#if WITH_PAM
- smb_pam_session(False, sessionid.username, sessionid.id_str, sessionid.hostname);
-#endif
+ smb_pam_close_session(sessionid.username, sessionid.id_str, sessionid.hostname);
tdb_delete(tdb, key);
}