Hi there,
I just hit a problem when implementing Samba for a client. On their
Solaris servers all went as planned. On their HP servers I found that
with PAM support compiled in and share-level security the users could
only connect to shares marked as "guest ok". When we changed to
user-level security the users could access all the shares, but guest
access (by WinInstall service) didn't work. When recompiled without PAM
support both user and guest access was possible with share-level
security (which is what we want, but with PAM). A bit of creative
debugging showed that within authorise_login in smbd/password.c the code
is supposed to iterate over a number of possible usernames in the string
user_list. However the loop always ended after the first iteration when
PAM support was compiled in.
The diff below shows how I fixed the problem. It appears that somewhere
in the HP-UX PAM code there is a strtok call which is overwriting the
static buffer belonging to the strtok call used to control the loop
within authorise_login. Replacing strtok with strtok_r made everyone
happy.
Regards,
Bryan Q.
Samba: 2.0.7
Server: HP-UX 11.0
Clients: NT4/SP6
bash$ diff -c smbd/password.c- smbd/password.c
*** smbd/password.c- Tue Oct 10 15:51:53 2000
--- smbd/password.c Tue Oct 10 15:53:08 2000
***************
*** 729,741 ****
/* now check the list of session users */
if (!ok)
{
char *auser;
char *user_list = strdup(session_users);
if (!user_list) return(False);
! for (auser=strtok(user_list,LIST_SEP);
!ok && auser;
! auser = strtok(NULL,LIST_SEP))
{
fstring user2;
fstrcpy(user2,auser);
--- 729,742 ----
/* now check the list of session users */
if (!ok)
{
+ char *strtok_ptr;
char *auser;
char *user_list = strdup(session_users);
if (!user_list) return(False);
! for (auser=strtok_r(user_list,LIST_SEP,&strtok_ptr);
!ok && auser;
! auser = strtok_r(NULL,LIST_SEP,&strtok_ptr))
{
fstring user2;
fstrcpy(user2,auser);
--
Bryan Quigley bryan.quigley@newzealand.sun.com
Systems Engineer DDI (4) 462 0729
SolNet Ltd. mobile (21) 475 176