summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-09-12 06:39:50 +0000
committerTim Potter <tpot@samba.org>2001-09-12 06:39:50 +0000
commitb800a36b1c81fb37ca963acdc49978ff065fb0d7 (patch)
tree4fe3edd68f6bbf7db66c75aa8c5c29b79d4dd01a /source3/smbd
parent39d7983a470cc3470dd7126de35697d965817cb6 (diff)
downloadsamba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.tar.gz
samba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.tar.bz2
samba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.zip
Some patches to authentication:
- the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/auth.c33
-rw-r--r--source3/smbd/auth_rhosts.c2
-rw-r--r--source3/smbd/auth_smbpasswd.c2
-rw-r--r--source3/smbd/auth_unix.c6
-rw-r--r--source3/smbd/reply.c5
5 files changed, 29 insertions, 19 deletions
diff --git a/source3/smbd/auth.c b/source3/smbd/auth.c
index b707c38c62..0101aa65a2 100644
--- a/source3/smbd/auth.c
+++ b/source3/smbd/auth.c
@@ -63,7 +63,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
BOOL done_pam = False;
- DEBUG(3, ("check_password: Checking password for user %s with the new password interface\n", user_info->smb_username.str));
+ DEBUG(3, ("check_password: Checking password for smb user %s with the new password interface\n", user_info->smb_username.str));
if (!check_domain_match(user_info->smb_username.str, user_info->domain.str)) {
return NT_STATUS_LOGON_FAILURE;
}
@@ -81,7 +81,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
}
if (lp_security() >= SEC_SERVER) {
- smb_user_control(user_info->smb_username.str, nt_status);
+ smb_user_control(user_info->unix_username.str, nt_status);
}
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -97,14 +97,14 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
if (NT_STATUS_IS_OK(nt_status) && !done_pam) {
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(user_info->smb_username.str);
+ nt_status = smb_pam_accountcheck(user_info->unix_username.str);
unbecome_root();
}
if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5, ("check_password: Password for user %s suceeded\n", user_info->smb_username.str));
+ DEBUG(5, ("check_password: Password for smb user %s suceeded\n", user_info->smb_username.str));
} else {
- DEBUG(3, ("check_password: Password for user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
+ DEBUG(3, ("check_password: Password for smb user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
}
return nt_status;
@@ -121,14 +121,16 @@ SMB hash
return True if the password is correct, False otherwise
****************************************************************************/
-NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
+NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
+ char *domain, uchar chal[8],
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
auth_usersupplied_info user_info;
auth_serversupplied_info server_info;
- AUTH_STR ourdomain, theirdomain, smb_username, wksta_name;
+ AUTH_STR ourdomain, theirdomain, unix_username, smb_username,
+ wksta_name;
ZERO_STRUCT(user_info);
ZERO_STRUCT(ourdomain);
@@ -145,10 +147,15 @@ NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
user_info.requested_domain = theirdomain;
user_info.domain = ourdomain;
- smb_username.str = user;
+ smb_username.str = smb_user;
smb_username.len = strlen(smb_username.str);
- user_info.requested_username = smb_username; /* For the time-being */
+ /* If unix user is NULL, use smb user */
+
+ unix_username.str = unix_user ? unix_user : smb_user;
+ unix_username.len = strlen(unix_username.str);
+
+ user_info.unix_username = unix_username;
user_info.smb_username = smb_username;
user_info.wksta_name.str = client_name();
@@ -197,7 +204,7 @@ NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
return check_password(&user_info, &server_info);
}
-NTSTATUS pass_check_smb(char *user, char *domain,
+NTSTATUS pass_check_smb(char *smb_user, char *unix_user, char *domain,
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
@@ -207,7 +214,7 @@ NTSTATUS pass_check_smb(char *user, char *domain,
generate_random_buffer( chal, 8, False);
}
- return pass_check_smb_with_chal(user, domain, chal,
+ return pass_check_smb_with_chal(smb_user, unix_user, domain, chal,
lm_pwd, lm_pwd_len,
nt_pwd, nt_pwd_len);
@@ -233,11 +240,11 @@ BOOL password_ok(char *user, char *password, int pwlen)
/* The password could be either NTLM or plain LM. Try NTLM first, but fall-through as
required. */
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
return True;
}
diff --git a/source3/smbd/auth_rhosts.c b/source3/smbd/auth_rhosts.c
index b447bed5d1..2492a2a68b 100644
--- a/source3/smbd/auth_rhosts.c
+++ b/source3/smbd/auth_rhosts.c
@@ -174,7 +174,7 @@ NTSTATUS check_rhosts_security(const auth_usersupplied_info *user_info,
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
become_root();
- if (check_hosts_equiv(user_info->smb_username.str)) {
+ if (check_hosts_equiv(user_info->unix_username.str)) {
nt_status = NT_STATUS_OK;
}
unbecome_root();
diff --git a/source3/smbd/auth_smbpasswd.c b/source3/smbd/auth_smbpasswd.c
index 33b0623643..111a35e068 100644
--- a/source3/smbd/auth_smbpasswd.c
+++ b/source3/smbd/auth_smbpasswd.c
@@ -152,7 +152,7 @@ NTSTATUS smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *use
if (smb_pwd_check_ntlmv2( user_info->nt_resp.buffer,
user_info->nt_resp.len,
nt_pw,
- user_info->chal, user_info->requested_username.str,
+ user_info->chal, user_info->smb_username.str,
user_info->requested_domain.str,
(char *)server_info->session_key))
{
diff --git a/source3/smbd/auth_unix.c b/source3/smbd/auth_unix.c
index 1708320961..ea32a65457 100644
--- a/source3/smbd/auth_unix.c
+++ b/source3/smbd/auth_unix.c
@@ -73,9 +73,11 @@ NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serve
NTSTATUS nt_status;
become_root();
- nt_status = (pass_check(user_info->smb_username.str, user_info->plaintext_password.str,
+ nt_status = (pass_check(user_info->unix_username.str,
+ user_info->plaintext_password.str,
user_info->plaintext_password.len,
- lp_update_encrypted() ? update_smbpassword_file : NULL)
+ lp_update_encrypted() ?
+ update_smbpassword_file : NULL)
? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE);
unbecome_root();
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index c2d38a1076..9e88f58fa6 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -462,7 +462,7 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
smb_username.str = user;
smb_username.len = strlen(smb_username.str);
- user_info.requested_username = smb_username; /* For the time-being */
+ user_info.unix_username = smb_username; /* For the time-being */
user_info.smb_username = smb_username;
user_info.wksta_name = wksta_name;
@@ -776,7 +776,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
add_session_user(user);
if (!guest) {
- valid_password = NT_STATUS_IS_OK(pass_check_smb(user, domain,
+ valid_password = NT_STATUS_IS_OK(pass_check_smb(orig_user, user,
+ domain,
(unsigned char *)smb_apasswd,
smb_apasslen,
(unsigned char *)smb_ntpasswd,