[PATCH] Do pam account check in srv_pipe.c

Andrew Bartlett abartlet at pcug.org.au
Sat May 12 12:11:13 GMT 2001

This patch simply adds the same PAM account check to the
rpc_server/srv_pipe.c file that we now have everywhere else.  Tested in
that I think this function is called in some of the other testing, but I
am not entirly sure how to test this function in particular.

It is, however quite a logical patch, and is already running as root for
the pam call.

Question:  Do we need to do hacks for uppercase usernames (win9X) in
this case?  Can Win9x call this, like it does via NT for the
netlogon_nt.c stuff?


Andrew Bartlett 
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
Index: source/rpc_server/srv_pipe.c
RCS file: /cvsroot/samba/source/rpc_server/srv_pipe.c,v
retrieving revision
diff -u -r1.50.2.14 srv_pipe.c
--- source/rpc_server/srv_pipe.c	8 Apr 2001 20:22:53 -0000
+++ source/rpc_server/srv_pipe.c	12 May 2001 11:17:29 -0000
@@ -380,6 +380,13 @@
 			return False;
+		if (smb_pam_accountcheck(pipe_user_name) != NT_STATUS_NOPROBLEMO) {
+			DEBUG(1,("api_pipe_ntlmssp_verify: PAM denied account for user %s.\n",
+				pipe_user_name));
+			unbecome_root();
+			return False;
+		}
 		if(!(smb_pass = getsmbpwnam(pipe_user_name))) {
 			DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",

More information about the samba-technical mailing list