diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/chgpasswd.c | 21 | ||||
-rw-r--r-- | source3/smbd/password.c | 44 | ||||
-rw-r--r-- | source3/smbd/session.c | 20 |
3 files changed, 48 insertions, 37 deletions
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 21b7722307..72e97abc3b 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -54,6 +54,24 @@ extern struct passdb_ops pdb_ops; #if ALLOW_CHANGE_PASSWORD +#ifdef WITH_PAM +BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root) +{ + BOOL ret; + + if (as_root) + become_root(); + + ret = smb_pam_passchange(name, oldpass, newpass); + + if (as_root) + unbecome_root(); + + return ret; +} + +#else /* WITH_PAM */ + static int findpty(char **slave) { int master; @@ -527,7 +545,10 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root) (passwordprogram, name, chatsequence, as_root)); } +#endif /* WITH_PAM */ + #else /* ALLOW_CHANGE_PASSWORD */ + BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root) { DEBUG(0, ("Password changing not compiled in (user=%s)\n", name)); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index ba882f2bf2..03d96bebc0 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -453,25 +453,21 @@ BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8], user_name = pdb_get_username(sampass); - DEBUG(4,("Checking SMB password for user %s\n",user_name)); + DEBUG(4,("smb_password_ok: Checking SMB password for user %s\n",user_name)); if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { - DEBUG(1,("account for user %s was disabled.\n", user_name)); + DEBUG(1,("smb_password_ok: account for user %s was disabled.\n", user_name)); return(False); } - if (chal == NULL) - { - DEBUG(5,("use last SMBnegprot challenge\n")); - if (!last_challenge(challenge)) - { - DEBUG(1,("no challenge done - password failed\n")); + if (chal == NULL) { + DEBUG(5,("smb_password_ok: use last SMBnegprot challenge\n")); + if (!last_challenge(challenge)) { + DEBUG(1,("smb_password_ok: no challenge done - password failed\n")); return False; } - } - else - { - DEBUG(5,("challenge received\n")); + } else { + DEBUG(5,("smb_password_ok: challenge received\n")); memcpy(challenge, chal, 8); } @@ -482,35 +478,33 @@ BOOL smb_password_ok(SAM_ACCOUNT *sampass, uchar chal[8], use it (ie. does it exist in the smbpasswd file). */ DEBUG(4,("smb_password_ok: Checking NT MD4 password\n")); - if (smb_password_check((char *)nt_pass, (uchar *)nt_pw, challenge)) - { - DEBUG(4,("NT MD4 password check succeeded\n")); + if (smb_password_check((char *)nt_pass, (uchar *)nt_pw, challenge)) { + DEBUG(4,("smb_password_ok: NT MD4 password check succeeded\n")); return(True); } - DEBUG(4,("NT MD4 password check failed\n")); + DEBUG(4,("smb_password_ok: NT MD4 password check failed\n")); } /* Try against the lanman password. pdb_get_lanman_passwd(sampass) == NULL means no password, allow access. */ - DEBUG(4,("Checking LM MD4 password\n")); - lm_pw = pdb_get_lanman_passwd(sampass); if((lm_pw == NULL) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) { - DEBUG(4,("no password required for user %s\n",user_name)); + DEBUG(4,("smb_password_ok: no password required for user %s\n",user_name)); return True; } - if((lm_pw != NULL) && smb_password_check((char *)lm_pass,(uchar *)lm_pw, challenge)) - { - DEBUG(4,("LM MD4 password check succeeded\n")); - return(True); + if(lp_lanman_auth() && (lm_pw != NULL)) { + DEBUG(4,("smb_password_ok: Checking LM password\n")); + if(smb_password_check((char *)lm_pass,(uchar *)lm_pw, challenge)) { + DEBUG(4,("smb_password_ok: LM password check succeeded\n")); + return(True); + } + DEBUG(4,("smb_password_ok: LM password check failed\n")); } - DEBUG(4,("LM MD4 password check failed\n")); - return False; } diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 3131fb9f54..40654c0f43 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -99,6 +99,13 @@ BOOL session_claim(uint16 vuid) sessionid.id_num = i; sessionid.pid = pid; + if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, sessionid.hostname)) { + DEBUG(1,("pam_session rejected the session for %s [%s]\n", + sessionid.username, sessionid.id_str)); + tdb_delete(tdb, key); + return False; + } + dlen = tdb_pack(dbuf, sizeof(dbuf), "fffdd", sessionid.username, sessionid.hostname, sessionid.id_str, sessionid.id_num, sessionid.pid); @@ -110,15 +117,6 @@ BOOL session_claim(uint16 vuid) return False; } -#if WITH_PAM - if (!smb_pam_session(True, sessionid.username, sessionid.id_str, sessionid.hostname)) { - DEBUG(1,("smb_pam_session rejected the session for %s [%s]\n", - sessionid.username, sessionid.id_str)); - tdb_delete(tdb, key); - return False; - } -#endif - #if WITH_UTMP if (lp_utmp()) { sys_utmp_claim(sessionid.username, sessionid.hostname, @@ -169,9 +167,7 @@ void session_yield(uint16 vuid) } #endif -#if WITH_PAM - smb_pam_session(False, sessionid.username, sessionid.id_str, sessionid.hostname); -#endif + smb_pam_close_session(sessionid.username, sessionid.id_str, sessionid.hostname); tdb_delete(tdb, key); } |