Fw: Problem (and fix) with HP-UX PAM

Tim Potter tpot at linuxcare.com.au
Tue Oct 10 03:41:41 GMT 2000


------- start of forwarded message -------
From: bryan quigley <bryan.quigley at newzealand.sun.com>
To: samba at samba.org
Message-ID: <39E28D8E.C54B7D77 at newzealand.sun.com>
Subject: Problem (and fix) with HP-UX PAM
Date: Tue, 10 Oct 2000 16:31:26 +1300

Hi there,

I just hit a problem when implementing Samba for a client.  On their
Solaris servers all went as planned.  On their HP servers I found that
with PAM support compiled in and share-level security the users could
only connect to shares marked as "guest ok".  When we changed to
user-level security the users could access all the shares, but guest
access (by WinInstall service) didn't work.  When recompiled without PAM
support both user and guest access was possible with share-level
security (which is what we want, but with PAM).  A bit of creative
debugging showed that within authorise_login in smbd/password.c the code
is supposed to iterate over a number of possible usernames in the string
user_list.  However the loop always ended after the first iteration when
PAM support was compiled in.

The diff below shows how I fixed the problem.  It appears that somewhere
in the HP-UX PAM code there is a strtok call which is overwriting the
static buffer belonging to the strtok call used to control the loop
within authorise_login.  Replacing strtok with strtok_r made everyone
happy.

Regards,
Bryan Q.


Samba: 2.0.7
Server: HP-UX 11.0
Clients: NT4/SP6


bash$ diff -c smbd/password.c- smbd/password.c
*** smbd/password.c-    Tue Oct 10 15:51:53 2000
--- smbd/password.c     Tue Oct 10 15:53:08 2000
***************
*** 729,741 ****
        /* now check the list of session users */
      if (!ok)
      {
        char *auser;
        char *user_list = strdup(session_users);
        if (!user_list) return(False);
  
!       for (auser=strtok(user_list,LIST_SEP); 
             !ok && auser; 
!            auser = strtok(NULL,LIST_SEP))
        {
          fstring user2;
          fstrcpy(user2,auser);
--- 729,742 ----
        /* now check the list of session users */
      if (!ok)
      {
+       char *strtok_ptr;
        char *auser;
        char *user_list = strdup(session_users);
        if (!user_list) return(False);
  
!       for (auser=strtok_r(user_list,LIST_SEP,&strtok_ptr); 
             !ok && auser; 
!            auser = strtok_r(NULL,LIST_SEP,&strtok_ptr))
        {
          fstring user2;
          fstrcpy(user2,auser);



-- 
Bryan Quigley                bryan.quigley at newzealand.sun.com
Systems Engineer                             DDI (4) 462 0729
SolNet Ltd.                               mobile (21) 475 176
------- end of forwarded message -------





More information about the samba-technical mailing list