summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-05-17 06:08:49 +0000
committerTim Potter <tpot@samba.org>2001-05-17 06:08:49 +0000
commit2d27d8c720b705e8ca9575682948c0750c1bb080 (patch)
tree279642be0c653bb1215685164b623dba9d96d462 /source3
parent89de0c46ad994bd15217b4eb6c8d3793e35ffb92 (diff)
downloadsamba-2d27d8c720b705e8ca9575682948c0750c1bb080.tar.gz
samba-2d27d8c720b705e8ca9575682948c0750c1bb080.tar.bz2
samba-2d27d8c720b705e8ca9575682948c0750c1bb080.zip
Fixes to get pam_auth() functionality working again.
(This used to be commit 083b74c743f0026693fa0fbe665ed08a3ac706b8)
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in11
-rw-r--r--source3/nsswitch/winbindd_pam.c49
-rw-r--r--source3/smbd/password.c21
-rw-r--r--source3/smbd/reply.c2
4 files changed, 35 insertions, 48 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index dbbf4b717d..89ea6d4282 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -368,10 +368,17 @@ WINBINDD_OBJ1 = \
nsswitch/winbindd_sid.o \
nsswitch/winbindd_misc.o
+UNECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ = \
+ smbd/password.o smbd/session.o smbd/uid.o smbd/sec_ctx.o \
+ rpc_client/cli_netlogon.o rpc_client/cli_login.o \
+ smbd/chgpasswd.o
+
WINBINDD_OBJ = \
$(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \
$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
- $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(GROUPDB_OBJ)
+ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
+ $(GROUPDB_OBJ) \
+ $(UNECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ)
WBINFO_OBJ = nsswitch/wbinfo.o
@@ -407,6 +414,8 @@ debug2html : CHECK bin/debug2html
smbfilter : CHECK bin/smbfilter
+nsswitch : CHECK $(WINBIND_PROGS)
+
.SUFFIXES:
.SUFFIXES: .c .o .po .po32 .lo
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 57b2394799..d9197bcb0e 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -50,56 +50,33 @@ static void parse_domain_user(char *domuser, fstring domain, fstring user)
enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
{
- NET_USER_INFO_3 info3;
- uchar ntpw[16];
- uchar lmpw[16];
- uchar trust_passwd[16];
- uint32 status;
- fstring server;
+ BOOL result, user_exists;
fstring name_domain, name_user;
- extern pstring global_myname;
+ int passlen;
DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
state->request.data.auth.user));
/* Parse domain and username */
+
parse_domain_user(state->request.data.auth.user, name_domain,
name_user);
/* don't allow the null domain */
- if (strcmp(name_domain,"") == 0) return WINBINDD_ERROR;
-
- ZERO_STRUCT(info3);
-
- if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) {
- DEBUG(1, ("could not get trust password for domain %s\n",
- name_domain));
- return WINBINDD_ERROR;
- }
- nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw);
+ if (strcmp(name_domain,"") == 0)
+ return WINBINDD_ERROR;
- slprintf(server, sizeof(server), "\\\\%s", server_state.controller);
-
-#if 0
-
- /* XXX */
-
- status = domain_client_validate_backend(server,
- name_user, name_domain,
- global_myname, SEC_CHAN_WKSTA,
- trust_passwd,
- NULL,
- lmpw, sizeof(lmpw),
- ntpw, sizeof(ntpw), &info3);
-#else
- status = NT_STATUS_UNSUCCESSFUL;
-#endif
-
+ passlen = strlen(state->request.data.auth.pass);
- if (status != NT_STATUS_NOPROBLEMO) return WINBINDD_ERROR;
+ result = domain_client_validate(name_user, name_domain,
+ state->request.data.auth.pass,
+ passlen,
+ state->request.data.auth.pass,
+ passlen, &user_exists,
+ server_state.controller);
- return WINBINDD_OK;
+ return result ? WINBINDD_OK : WINBINDD_ERROR;
}
/* Change a user password */
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 01fc9cdd53..303ed783e9 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -1416,8 +1416,6 @@ static BOOL attempt_connect_to_dc(struct cli_state *pcli, struct in_addr *ip, un
return connect_to_domain_password_server(pcli, dc_name, trust_passwd);
}
-
-
/***********************************************************************
We have been asked to dynamcially determine the IP addresses of
the PDC and BDC's for this DOMAIN, and query them in turn.
@@ -1491,17 +1489,16 @@ static BOOL find_connect_pdc(struct cli_state *pcli, unsigned char *trust_passwd
return connected_ok;
}
-
-
/***********************************************************************
Do the same as security=server, but using NT Domain calls and a session
- key from the machine password.
+ key from the machine password. If the server parameter is specified
+ use it, otherwise figure out a server from the 'password server' param.
************************************************************************/
BOOL domain_client_validate( char *user, char *domain,
char *smb_apasswd, int smb_apasslen,
char *smb_ntpasswd, int smb_ntpasslen,
- BOOL *user_exists)
+ BOOL *user_exists, char *server)
{
unsigned char local_challenge[8];
unsigned char local_lm_response[24];
@@ -1541,7 +1538,7 @@ BOOL domain_client_validate( char *user, char *domain,
* Not encrypted - do so.
*/
- DEBUG(3,("domain_client_validate: User passwords not in encrypted format.\n"));
+ DEBUG(5,("domain_client_validate: User passwords not in encrypted format.\n"));
generate_random_buffer( local_challenge, 8, False);
SMBencrypt( (uchar *)smb_apasswd, local_challenge, local_lm_response);
SMBNTencrypt((uchar *)smb_ntpasswd, local_challenge, local_nt_response);
@@ -1586,9 +1583,13 @@ BOOL domain_client_validate( char *user, char *domain,
* PDC/BDC. Contact each in turn and try and authenticate.
*/
- pserver = lp_passwordserver();
- if (! *pserver) pserver = "*";
- p = pserver;
+ if (server) {
+ p = server;
+ } else {
+ pserver = lp_passwordserver();
+ if (! *pserver) pserver = "*";
+ p = pserver;
+ }
while (!connected_ok &&
next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 41970c4040..2e4837013e 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -616,7 +616,7 @@ static BOOL check_domain_security(char *orig_user, char *domain, char *unix_user
ret = domain_client_validate(orig_user, domain,
smb_apasswd, smb_apasslen,
smb_ntpasswd, smb_ntpasslen,
- &user_exists);
+ &user_exists, NULL);
if(ret) {
/*