diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/auth.c | 5 | ||||
-rw-r--r-- | source3/auth/pampass.c | 6 | ||||
-rw-r--r-- | source3/include/proto.h | 3 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 2 | ||||
-rw-r--r-- | source3/smbd/smb2_sesssetup.c | 3 |
5 files changed, 11 insertions, 8 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index d92d327721..cabff53180 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "smbd/globals.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -284,7 +285,9 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, if (!(*server_info)->guest) { /* We might not be root if we are an RPC call */ become_root(); - nt_status = smb_pam_accountcheck(unix_username); + nt_status = smb_pam_accountcheck( + unix_username, + smbd_server_conn->client_id.name); unbecome_root(); if (NT_STATUS_IS_OK(nt_status)) { diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 50bfec1a0c..69a746747a 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -773,7 +773,7 @@ bool smb_pam_close_session(char *user, char *tty, char *rhost) * PAM Externally accessible Account handler */ -NTSTATUS smb_pam_accountcheck(const char * user) +NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost) { NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; pam_handle_t *pamh = NULL; @@ -787,7 +787,7 @@ NTSTATUS smb_pam_accountcheck(const char * user) if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL) return NT_STATUS_NO_MEMORY; - if (!smb_pam_start(&pamh, user, NULL, pconv)) + if (!smb_pam_start(&pamh, user, rhost, pconv)) return NT_STATUS_ACCOUNT_DISABLED; if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) @@ -869,7 +869,7 @@ bool smb_pam_passchange(const char * user, const char * oldpassword, const char #else /* If PAM not used, no PAM restrictions on accounts. */ -NTSTATUS smb_pam_accountcheck(const char * user) +NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost) { return NT_STATUS_OK; } diff --git a/source3/include/proto.h b/source3/include/proto.h index 50309a931c..43a510b4b2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -221,10 +221,9 @@ NTSTATUS auth_wbc_init(void); bool smb_pam_claim_session(char *user, char *tty, char *rhost); bool smb_pam_close_session(char *user, char *tty, char *rhost); -NTSTATUS smb_pam_accountcheck(const char * user); +NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost); NTSTATUS smb_pam_passcheck(const char * user, const char * password); bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword); -NTSTATUS smb_pam_accountcheck(const char * user); bool smb_pam_claim_session(char *user, char *tty, char *rhost); bool smb_pam_close_session(char *in_user, char *tty, char *rhost); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index a476ed42ae..9ff5d55133 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -427,7 +427,7 @@ static void reply_spnego_kerberos(struct smb_request *req, /* if a real user check pam account restrictions */ /* only really perfomed if "obey pam restriction" is true */ /* do this before an eventual mapping to guest occurs */ - ret = smb_pam_accountcheck(pw->pw_name); + ret = smb_pam_accountcheck(pw->pw_name, sconn->client_id.name); if ( !NT_STATUS_IS_OK(ret)) { DEBUG(1,("PAM account restriction " "prevents user login\n")); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index df00b4f654..4a91e845fc 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -294,7 +294,8 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, /* if a real user check pam account restrictions */ /* only really perfomed if "obey pam restriction" is true */ /* do this before an eventual mapping to guest occurs */ - status = smb_pam_accountcheck(pw->pw_name); + status = smb_pam_accountcheck( + pw->pw_name, smb2req->sconn->client_id.name); if (!NT_STATUS_IS_OK(status)) { DEBUG(1,("smb2: PAM account restriction " "prevents user login\n")); |