diff options
author | Tim Potter <tpot@samba.org> | 2001-09-12 06:39:50 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2001-09-12 06:39:50 +0000 |
commit | b800a36b1c81fb37ca963acdc49978ff065fb0d7 (patch) | |
tree | 4fe3edd68f6bbf7db66c75aa8c5c29b79d4dd01a /source3/smbd | |
parent | 39d7983a470cc3470dd7126de35697d965817cb6 (diff) | |
download | samba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.tar.gz samba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.tar.bz2 samba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.zip |
Some patches to authentication:
- the usersupplied_info now contains a smb_username (as it comes across on
the wire) and a unix_username (after being passed through mapping
functions)
- when doing security={server,domain} use the smb_username, otherwise use
the unix_username
(This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/auth.c | 33 | ||||
-rw-r--r-- | source3/smbd/auth_rhosts.c | 2 | ||||
-rw-r--r-- | source3/smbd/auth_smbpasswd.c | 2 | ||||
-rw-r--r-- | source3/smbd/auth_unix.c | 6 | ||||
-rw-r--r-- | source3/smbd/reply.c | 5 |
5 files changed, 29 insertions, 19 deletions
diff --git a/source3/smbd/auth.c b/source3/smbd/auth.c index b707c38c62..0101aa65a2 100644 --- a/source3/smbd/auth.c +++ b/source3/smbd/auth.c @@ -63,7 +63,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info, NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; BOOL done_pam = False; - DEBUG(3, ("check_password: Checking password for user %s with the new password interface\n", user_info->smb_username.str)); + DEBUG(3, ("check_password: Checking password for smb user %s with the new password interface\n", user_info->smb_username.str)); if (!check_domain_match(user_info->smb_username.str, user_info->domain.str)) { return NT_STATUS_LOGON_FAILURE; } @@ -81,7 +81,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info, } if (lp_security() >= SEC_SERVER) { - smb_user_control(user_info->smb_username.str, nt_status); + smb_user_control(user_info->unix_username.str, nt_status); } if (!NT_STATUS_IS_OK(nt_status)) { @@ -97,14 +97,14 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info, if (NT_STATUS_IS_OK(nt_status) && !done_pam) { /* We might not be root if we are an RPC call */ become_root(); - nt_status = smb_pam_accountcheck(user_info->smb_username.str); + nt_status = smb_pam_accountcheck(user_info->unix_username.str); unbecome_root(); } if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(5, ("check_password: Password for user %s suceeded\n", user_info->smb_username.str)); + DEBUG(5, ("check_password: Password for smb user %s suceeded\n", user_info->smb_username.str)); } else { - DEBUG(3, ("check_password: Password for user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status))); + DEBUG(3, ("check_password: Password for smb user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status))); } return nt_status; @@ -121,14 +121,16 @@ SMB hash return True if the password is correct, False otherwise ****************************************************************************/ -NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8], +NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user, + char *domain, uchar chal[8], uchar *lm_pwd, int lm_pwd_len, uchar *nt_pwd, int nt_pwd_len) { auth_usersupplied_info user_info; auth_serversupplied_info server_info; - AUTH_STR ourdomain, theirdomain, smb_username, wksta_name; + AUTH_STR ourdomain, theirdomain, unix_username, smb_username, + wksta_name; ZERO_STRUCT(user_info); ZERO_STRUCT(ourdomain); @@ -145,10 +147,15 @@ NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8], user_info.requested_domain = theirdomain; user_info.domain = ourdomain; - smb_username.str = user; + smb_username.str = smb_user; smb_username.len = strlen(smb_username.str); - user_info.requested_username = smb_username; /* For the time-being */ + /* If unix user is NULL, use smb user */ + + unix_username.str = unix_user ? unix_user : smb_user; + unix_username.len = strlen(unix_username.str); + + user_info.unix_username = unix_username; user_info.smb_username = smb_username; user_info.wksta_name.str = client_name(); @@ -197,7 +204,7 @@ NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8], return check_password(&user_info, &server_info); } -NTSTATUS pass_check_smb(char *user, char *domain, +NTSTATUS pass_check_smb(char *smb_user, char *unix_user, char *domain, uchar *lm_pwd, int lm_pwd_len, uchar *nt_pwd, int nt_pwd_len) { @@ -207,7 +214,7 @@ NTSTATUS pass_check_smb(char *user, char *domain, generate_random_buffer( chal, 8, False); } - return pass_check_smb_with_chal(user, domain, chal, + return pass_check_smb_with_chal(smb_user, unix_user, domain, chal, lm_pwd, lm_pwd_len, nt_pwd, nt_pwd_len); @@ -233,11 +240,11 @@ BOOL password_ok(char *user, char *password, int pwlen) /* The password could be either NTLM or plain LM. Try NTLM first, but fall-through as required. */ - if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) { + if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) { return True; } - if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) { + if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) { return True; } diff --git a/source3/smbd/auth_rhosts.c b/source3/smbd/auth_rhosts.c index b447bed5d1..2492a2a68b 100644 --- a/source3/smbd/auth_rhosts.c +++ b/source3/smbd/auth_rhosts.c @@ -174,7 +174,7 @@ NTSTATUS check_rhosts_security(const auth_usersupplied_info *user_info, NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; become_root(); - if (check_hosts_equiv(user_info->smb_username.str)) { + if (check_hosts_equiv(user_info->unix_username.str)) { nt_status = NT_STATUS_OK; } unbecome_root(); diff --git a/source3/smbd/auth_smbpasswd.c b/source3/smbd/auth_smbpasswd.c index 33b0623643..111a35e068 100644 --- a/source3/smbd/auth_smbpasswd.c +++ b/source3/smbd/auth_smbpasswd.c @@ -152,7 +152,7 @@ NTSTATUS smb_password_ok(SAM_ACCOUNT *sampass, const auth_usersupplied_info *use if (smb_pwd_check_ntlmv2( user_info->nt_resp.buffer, user_info->nt_resp.len, nt_pw, - user_info->chal, user_info->requested_username.str, + user_info->chal, user_info->smb_username.str, user_info->requested_domain.str, (char *)server_info->session_key)) { diff --git a/source3/smbd/auth_unix.c b/source3/smbd/auth_unix.c index 1708320961..ea32a65457 100644 --- a/source3/smbd/auth_unix.c +++ b/source3/smbd/auth_unix.c @@ -73,9 +73,11 @@ NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serve NTSTATUS nt_status; become_root(); - nt_status = (pass_check(user_info->smb_username.str, user_info->plaintext_password.str, + nt_status = (pass_check(user_info->unix_username.str, + user_info->plaintext_password.str, user_info->plaintext_password.len, - lp_update_encrypted() ? update_smbpassword_file : NULL) + lp_update_encrypted() ? + update_smbpassword_file : NULL) ? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE); unbecome_root(); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index c2d38a1076..9e88f58fa6 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -462,7 +462,7 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out smb_username.str = user; smb_username.len = strlen(smb_username.str); - user_info.requested_username = smb_username; /* For the time-being */ + user_info.unix_username = smb_username; /* For the time-being */ user_info.smb_username = smb_username; user_info.wksta_name = wksta_name; @@ -776,7 +776,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int add_session_user(user); if (!guest) { - valid_password = NT_STATUS_IS_OK(pass_check_smb(user, domain, + valid_password = NT_STATUS_IS_OK(pass_check_smb(orig_user, user, + domain, (unsigned char *)smb_apasswd, smb_apasslen, (unsigned char *)smb_ntpasswd, |