[PATCH] Do pam account check in srv_pipe.c
Andrew Bartlett
abartlet at pcug.org.au
Sat May 12 12:11:13 GMT 2001
This patch simply adds the same PAM account check to the
rpc_server/srv_pipe.c file that we now have everywhere else. Tested in
that I think this function is called in some of the other testing, but I
am not entirly sure how to test this function in particular.
It is, however quite a logical patch, and is already running as root for
the pam call.
Question: Do we need to do hacks for uppercase usernames (win9X) in
this case? Can Win9x call this, like it does via NT for the
netlogon_nt.c stuff?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
Index: source/rpc_server/srv_pipe.c
===================================================================
RCS file: /cvsroot/samba/source/rpc_server/srv_pipe.c,v
retrieving revision 1.50.2.14
diff -u -r1.50.2.14 srv_pipe.c
--- source/rpc_server/srv_pipe.c 8 Apr 2001 20:22:53 -0000 1.50.2.14
+++ source/rpc_server/srv_pipe.c 12 May 2001 11:17:29 -0000
@@ -380,6 +380,13 @@
return False;
}
+ if (smb_pam_accountcheck(pipe_user_name) != NT_STATUS_NOPROBLEMO) {
+ DEBUG(1,("api_pipe_ntlmssp_verify: PAM denied account for user %s.\n",
+ pipe_user_name));
+ unbecome_root();
+ return False;
+ }
+
if(!(smb_pass = getsmbpwnam(pipe_user_name))) {
DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
pipe_user_name));
More information about the samba-technical
mailing list