*/
#include "includes.h"
+#include "smbd/globals.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
if (!(*server_info)->guest) {
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(unix_username);
+ nt_status = smb_pam_accountcheck(
+ unix_username,
+ smbd_server_conn->client_id.name);
unbecome_root();
if (NT_STATUS_IS_OK(nt_status)) {
* PAM Externally accessible Account handler
*/
-NTSTATUS smb_pam_accountcheck(const char * user)
+NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost)
{
NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED;
pam_handle_t *pamh = NULL;
if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
return NT_STATUS_NO_MEMORY;
- if (!smb_pam_start(&pamh, user, NULL, pconv))
+ if (!smb_pam_start(&pamh, user, rhost, pconv))
return NT_STATUS_ACCOUNT_DISABLED;
if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user)))
#else
/* If PAM not used, no PAM restrictions on accounts. */
-NTSTATUS smb_pam_accountcheck(const char * user)
+NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost)
{
return NT_STATUS_OK;
}
bool smb_pam_claim_session(char *user, char *tty, char *rhost);
bool smb_pam_close_session(char *user, char *tty, char *rhost);
-NTSTATUS smb_pam_accountcheck(const char * user);
+NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost);
NTSTATUS smb_pam_passcheck(const char * user, const char * password);
bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword);
-NTSTATUS smb_pam_accountcheck(const char * user);
bool smb_pam_claim_session(char *user, char *tty, char *rhost);
bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
/* if a real user check pam account restrictions */
/* only really perfomed if "obey pam restriction" is true */
/* do this before an eventual mapping to guest occurs */
- ret = smb_pam_accountcheck(pw->pw_name);
+ ret = smb_pam_accountcheck(pw->pw_name, sconn->client_id.name);
if ( !NT_STATUS_IS_OK(ret)) {
DEBUG(1,("PAM account restriction "
"prevents user login\n"));
/* if a real user check pam account restrictions */
/* only really perfomed if "obey pam restriction" is true */
/* do this before an eventual mapping to guest occurs */
- status = smb_pam_accountcheck(pw->pw_name);
+ status = smb_pam_accountcheck(
+ pw->pw_name, smb2req->sconn->client_id.name);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("smb2: PAM account restriction "
"prevents user login\n"));