Problem (and fix) with HP-UX PAM

bryan quigley bryan.quigley at newzealand.sun.com
Tue Oct 10 03:31:26 GMT 2000


Hi there,

I just hit a problem when implementing Samba for a client.  On their
Solaris servers all went as planned.  On their HP servers I found that
with PAM support compiled in and share-level security the users could
only connect to shares marked as "guest ok".  When we changed to
user-level security the users could access all the shares, but guest
access (by WinInstall service) didn't work.  When recompiled without PAM
support both user and guest access was possible with share-level
security (which is what we want, but with PAM).  A bit of creative
debugging showed that within authorise_login in smbd/password.c the code
is supposed to iterate over a number of possible usernames in the string
user_list.  However the loop always ended after the first iteration when
PAM support was compiled in.

The diff below shows how I fixed the problem.  It appears that somewhere
in the HP-UX PAM code there is a strtok call which is overwriting the
static buffer belonging to the strtok call used to control the loop
within authorise_login.  Replacing strtok with strtok_r made everyone
happy.

Regards,
Bryan Q.


Samba: 2.0.7
Server: HP-UX 11.0
Clients: NT4/SP6


bash$ diff -c smbd/password.c- smbd/password.c
*** smbd/password.c-    Tue Oct 10 15:51:53 2000
--- smbd/password.c     Tue Oct 10 15:53:08 2000
***************
*** 729,741 ****
        /* now check the list of session users */
      if (!ok)
      {
        char *auser;
        char *user_list = strdup(session_users);
        if (!user_list) return(False);
  
!       for (auser=strtok(user_list,LIST_SEP); 
             !ok && auser; 
!            auser = strtok(NULL,LIST_SEP))
        {
          fstring user2;
          fstrcpy(user2,auser);
--- 729,742 ----
        /* now check the list of session users */
      if (!ok)
      {
+       char *strtok_ptr;
        char *auser;
        char *user_list = strdup(session_users);
        if (!user_list) return(False);
  
!       for (auser=strtok_r(user_list,LIST_SEP,&strtok_ptr); 
             !ok && auser; 
!            auser = strtok_r(NULL,LIST_SEP,&strtok_ptr))
        {
          fstring user2;
          fstrcpy(user2,auser);



-- 
Bryan Quigley                bryan.quigley at newzealand.sun.com
Systems Engineer                             DDI (4) 462 0729
SolNet Ltd.                               mobile (21) 475 176




More information about the samba mailing list