This patch does a number of things, mostly smaller than they look :-)

In particuar, it moves the domain_client_validate stuff out of
auth_domain.c to somwhere where they (I hope) they can be shared
with winbind better.  (This may need some work)

The main purpose of this patch was however to improve some of the
internal documentation and to correctly place become_root()/unbecome_root()
calls within the code.

Finally this patch moves some more of auth.c into other files, auth_unix.c
in this case.

Andrew Bartlett
(This used to be commit ea1c547ac880def29f150de2172c95213509350e)

1 files changed, 85 insertions, 0 deletions

diff --git a/source3/smbd/auth_unix.c b/source3/smbd/auth_unix.c
new file mode 100644
index 0000000000..89e670747f
--- /dev/null
+++ b/source3/smbd/auth_unix.c
@@ -0,0 +1,85 @@
+/* 
+   Unix SMB/Netbios implementation.
+   Version 2.2
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett              2001
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+/****************************************************************************
+update the encrypted smbpasswd file from the plaintext username and password
+
+this ugly hack needs to die, but not quite yet...
+*****************************************************************************/
+static BOOL update_smbpassword_file(char *user, char *password)
+{
+	SAM_ACCOUNT 	*sampass = NULL;
+	BOOL 		ret;
+	
+	pdb_init_sam(&sampass);
+	
+	become_root();
+	ret = pdb_getsampwnam(sampass, user);
+	unbecome_root();
+
+	if(ret == False) {
+		DEBUG(0,("pdb_getsampwnam returned NULL\n"));
+		pdb_free_sam(sampass);
+		return False;
+	}
+
+	/*
+	 * Remove the account disabled flag - we are updating the
+	 * users password from a login.
+	 */
+	pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED);
+
+	/* Here, the flag is one, because we want to ignore the
+           XXXXXXX'd out password */
+	ret = change_oem_password( sampass, password, True);
+	if (ret == False) {
+		DEBUG(3,("change_oem_password returned False\n"));
+	}
+
+	pdb_free_sam(sampass);
+	return ret;
+}
+
+
+/****************************************************************************
+check if a username/password is OK assuming the password 
+in PLAIN TEXT
+****************************************************************************/
+
+uint32 check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
+{
+	uint32 nt_status;
+	
+	become_root();
+	nt_status = (pass_check(user_info->smb_username.str, user_info->plaintext_password.str,
+				user_info->plaintext_password.len,
+				lp_update_encrypted() ? update_smbpassword_file : NULL) 
+		     ? NT_STATUS_NOPROBLEMO : NT_STATUS_LOGON_FAILURE);
+	unbecome_root();
+
+	return nt_status;
+}
+
+