diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-06-01 21:52:01 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-08-14 11:58:13 +1000 |
commit | 23994e1b53b8528007f6325ce5f286712ec021be (patch) | |
tree | c0e69e1401576756560bf71b73c3725312b7d866 /source3/auth/auth_server.c | |
parent | 272e49e85c47d88ef0a84bce88e6f8d984f2eae4 (diff) | |
download | samba-23994e1b53b8528007f6325ce5f286712ec021be.tar.gz samba-23994e1b53b8528007f6325ce5f286712ec021be.tar.bz2 samba-23994e1b53b8528007f6325ce5f286712ec021be.zip |
s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.
In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/auth/auth_server.c')
-rw-r--r-- | source3/auth/auth_server.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 8f0f98b350..76cafc6d69 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -297,7 +297,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context } if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { - if (user_info->encrypted) { + if (user_info->password_state != AUTH_PASSWORD_PLAIN) { DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; } @@ -326,8 +326,8 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context memset(badpass, 0x1f, sizeof(badpass)); - if((user_info->nt_resp.length == sizeof(badpass)) && - !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) { + if((user_info->password.response.nt.length == sizeof(badpass)) && + !memcmp(badpass, user_info->password.response.nt.data, sizeof(badpass))) { /* * Very unlikely, our random bad password is the same as the users * password. @@ -391,22 +391,24 @@ use this machine as the password server.\n")); * Now we know the password server will correctly set the guest bit, or is * not guest enabled, we can try with the real password. */ - - if (!user_info->encrypted) { + switch (user_info->password_state) { + case AUTH_PASSWORD_PLAIN: /* Plaintext available */ nt_status = cli_session_setup( cli, user_info->client.account_name, - (char *)user_info->plaintext_password.data, - user_info->plaintext_password.length, + user_info->password.plaintext, + strlen(user_info->password.plaintext), NULL, 0, user_info->mapped.domain_name); - } else { + /* currently the hash values include a challenge-response as well */ + case AUTH_PASSWORD_HASH: + case AUTH_PASSWORD_RESPONSE: nt_status = cli_session_setup( cli, user_info->client.account_name, - (char *)user_info->lm_resp.data, - user_info->lm_resp.length, - (char *)user_info->nt_resp.data, - user_info->nt_resp.length, + (char *)user_info->password.response.lanman.data, + user_info->password.response.lanman.length, + (char *)user_info->password.response.nt.data, + user_info->password.response.nt.length, user_info->mapped.domain_name); } |