bool session_claim(struct smbXsrv_session *session) { struct auth_session_info *session_info = session->global->auth_session_info; const char *username; const char *hostname; unsigned int id_num; fstring id_str; /* don't register sessions for the guest user - its just too expensive to go through pam session code for browsing etc */ if (security_session_user_level(session_info, NULL) < SECURITY_USER) { return true; } id_num = session->global->session_global_id; snprintf(id_str, sizeof(id_str), "smb/%u", id_num); /* Make clear that we require the optional unix_token in the source3 code */ SMB_ASSERT(session_info->unix_token); username = session_info->unix_info->unix_name; hostname = session->global->channels[0].remote_name; if (!smb_pam_claim_session(username, id_str, hostname)) { DEBUG(1,("pam_session rejected the session for %s [%s]\n", username, id_str)); return false; } if (lp_utmp()) { sys_utmp_claim(username, hostname, id_str, id_num); } return true; }
/* called when a session is created */ BOOL session_claim(user_struct *vuser) { int i = 0; TDB_DATA data; struct sockaddr sa; struct in_addr *client_ip; struct sessionid sessionid; uint32 pid = (uint32)sys_getpid(); TDB_DATA key; fstring keystr; char * hostname; int tdb_store_flag; /* If using utmp, we do an inital 'lock hold' store, but we don't need this if we are just using the (unique) pid/vuid combination */ vuser->session_keystr = NULL; /* don't register sessions for the guest user - its just too expensive to go through pam session code for browsing etc */ if (vuser->guest) { return True; } if (!tdb) { tdb = tdb_open_log(lock_path("sessionid.tdb"), 0, TDB_CLEAR_IF_FIRST|TDB_DEFAULT, O_RDWR | O_CREAT, 0644); if (!tdb) { DEBUG(1,("session_claim: failed to open sessionid tdb\n")); return False; } } ZERO_STRUCT(sessionid); data.dptr = NULL; data.dsize = 0; if (lp_utmp()) { for (i=1;i<MAX_SESSION_ID;i++) { slprintf(keystr, sizeof(keystr)-1, "ID/%d", i); key.dptr = keystr; key.dsize = strlen(keystr)+1; if (tdb_store(tdb, key, data, TDB_INSERT) == 0) break; } if (i == MAX_SESSION_ID) { DEBUG(1,("session_claim: out of session IDs (max is %d)\n", MAX_SESSION_ID)); return False; } slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1, SESSION_UTMP_TEMPLATE, i); tdb_store_flag = TDB_MODIFY; } else { slprintf(keystr, sizeof(keystr)-1, "ID/%lu/%u", (long unsigned int)sys_getpid(), vuser->vuid); slprintf(sessionid.id_str, sizeof(sessionid.id_str)-1, SESSION_TEMPLATE, (long unsigned int)sys_getpid(), vuser->vuid); key.dptr = keystr; key.dsize = strlen(keystr)+1; tdb_store_flag = TDB_REPLACE; } /* If 'hostname lookup' == yes, then do the DNS lookup. This is needed because utmp and PAM both expect DNS names client_name() handles this case internally. */ hostname = client_name(); if (strcmp(hostname, "UNKNOWN") == 0) { hostname = client_addr(); } fstrcpy(sessionid.username, vuser->user.unix_name); fstrcpy(sessionid.hostname, hostname); sessionid.id_num = i; /* Only valid for utmp sessions */ sessionid.pid = pid; sessionid.uid = vuser->uid; sessionid.gid = vuser->gid; fstrcpy(sessionid.remote_machine, get_remote_machine_name()); fstrcpy(sessionid.ip_addr, client_addr()); client_ip = client_inaddr(&sa); if (!smb_pam_claim_session(sessionid.username, sessionid.id_str, sessionid.hostname)) { DEBUG(1,("pam_session rejected the session for %s [%s]\n", sessionid.username, sessionid.id_str)); if (tdb_store_flag == TDB_MODIFY) { tdb_delete(tdb, key); } return False; } data.dptr = (char *)&sessionid; data.dsize = sizeof(sessionid); if (tdb_store(tdb, key, data, tdb_store_flag) != 0) { DEBUG(1,("session_claim: unable to create session id record\n")); return False; } if (lp_utmp()) { sys_utmp_claim(sessionid.username, sessionid.hostname, client_ip, sessionid.id_str, sessionid.id_num); } vuser->session_keystr = strdup(keystr); if (!vuser->session_keystr) { DEBUG(0, ("session_claim: strdup() failed for session_keystr\n")); return False; } return True; }