diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-06-01 21:52:01 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-08-14 11:58:13 +1000 |
| commit | 23994e1b53b8528007f6325ce5f286712ec021be (patch) | |
| tree | c0e69e1401576756560bf71b73c3725312b7d866 /source3/auth/auth_compat.c | |
| parent | 272e49e85c47d88ef0a84bce88e6f8d984f2eae4 (diff) | |
| download | samba-23994e1b53b8528007f6325ce5f286712ec021be.tar.gz samba-23994e1b53b8528007f6325ce5f286712ec021be.tar.bz2 samba-23994e1b53b8528007f6325ce5f286712ec021be.zip | |
s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.
In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/auth/auth_compat.c')
| -rw-r--r-- | source3/auth/auth_compat.c | 48 |
1 files changed, 22 insertions, 26 deletions
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c index cdd4096654..bd4c433ab9 100644 --- a/source3/auth/auth_compat.c +++ b/source3/auth/auth_compat.c @@ -30,13 +30,12 @@ extern bool global_encrypted_passwords_negotiated; ***************************************************************************/ /**************************************************************************** -check if a username/password is OK assuming the password is a 24 byte -SMB hash +check if a username/password is OK assuming the password is in plaintext return True if the password is correct, False otherwise ****************************************************************************/ NTSTATUS check_plaintext_password(const char *smb_name, - DATA_BLOB plaintext_password, + DATA_BLOB plaintext_blob, struct auth_serversupplied_info **server_info) { struct auth_context *plaintext_auth_context = NULL; @@ -52,7 +51,7 @@ NTSTATUS check_plaintext_password(const char *smb_name, if (!make_user_info_for_reply(&user_info, smb_name, lp_workgroup(), chal, - plaintext_password)) { + plaintext_blob)) { return NT_STATUS_NO_MEMORY; } @@ -68,27 +67,21 @@ static NTSTATUS pass_check_smb(struct auth_context *actx, const char *smb_name, const char *domain, DATA_BLOB lm_pwd, - DATA_BLOB nt_pwd, - DATA_BLOB plaintext_password, - bool encrypted) + DATA_BLOB nt_pwd) { NTSTATUS nt_status; struct auth_serversupplied_info *server_info = NULL; - if (encrypted) { - struct auth_usersupplied_info *user_info = NULL; - if (actx == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - make_user_info_for_reply_enc(&user_info, smb_name, - domain, - lm_pwd, - nt_pwd); - nt_status = actx->check_ntlm_password(actx, user_info, &server_info); - free_user_info(&user_info); - } else { - nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info); - } + struct auth_usersupplied_info *user_info = NULL; + if (actx == NULL) { + return NT_STATUS_INTERNAL_ERROR; + } + make_user_info_for_reply_enc(&user_info, smb_name, + domain, + lm_pwd, + nt_pwd); + nt_status = actx->check_ntlm_password(actx, user_info, &server_info); + free_user_info(&user_info); TALLOC_FREE(server_info); return nt_status; } @@ -113,23 +106,26 @@ bool password_ok(struct auth_context *actx, bool global_encrypted, * Vista sends NTLMv2 here - we need to try the client given workgroup. */ if (session_workgroup) { - if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, null_password, password_blob, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, null_password, password_blob))) { return True; } - if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, password_blob, null_password, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, password_blob, null_password))) { return True; } } - if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob))) { return True; } - if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) { + if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password))) { return True; } } else { - if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) { + struct auth_serversupplied_info *server_info = NULL; + NTSTATUS nt_status = check_plaintext_password(smb_name, password_blob, &server_info); + TALLOC_FREE(server_info); + if (NT_STATUS_IS_OK(nt_status)) { return True; } } |