diff options
-rw-r--r-- | source3/include/includes.h | 8 | ||||
-rw-r--r-- | source3/nmbd/nmbd_packets.c | 17 | ||||
-rw-r--r-- | source3/smbd/password.c | 30 |
3 files changed, 52 insertions, 3 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h index f9c29fd41d..94bf23cef5 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -299,9 +299,9 @@ typedef unsigned short mode_t; #include <rpcsvc/ypclnt.h> #include <termios.h> #include <sys/stropts.h> -#ifndef USE_LIBDES +#if !defined(USE_LIBDES) && !defined(KRB4_AUTH) #include <crypt.h> -#endif /* USE_LIBDES */ +#endif /* !USE_LIBDES && !KRB4_AUTH */ extern int gettimeofday (struct timeval *, void *); extern int gethostname (char *name, int namelen); extern int innetgr (const char *, const char *, const char *, const char *); @@ -1140,6 +1140,10 @@ union semun { #include <krb5.h> #endif +#ifdef KRB4_AUTH +#include <krb.h> +#endif + #ifdef NO_UTIMBUF struct utimbuf { time_t actime; diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c index cd99343e70..f14c62c4eb 100644 --- a/source3/nmbd/nmbd_packets.c +++ b/source3/nmbd/nmbd_packets.c @@ -59,6 +59,21 @@ static int find_subnet_fd_for_address( struct in_addr local_ip ) } /*************************************************************************** +Utility function to find the specific fd to send a mailslot packet out on. +**************************************************************************/ + +static int find_subnet_mailslot_fd_for_address( struct in_addr local_ip ) +{ + struct subnet_record *subrec; + + for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) + if(ip_equal(local_ip, subrec->myip)) + return subrec->dgram_sock; + + return ClientDGRAM; +} + +/*************************************************************************** Get/Set problematic nb_flags as network byte order 16 bit int. **************************************************************************/ @@ -1828,7 +1843,7 @@ BOOL send_mailslot(BOOL unique, char *mailslot,char *buf,int len, p.ip = dest_ip; p.port = DGRAM_PORT; - p.fd = ClientDGRAM; + p.fd = find_subnet_mailslot_fd_for_address( src_ip ); p.timestamp = time(NULL); p.packet_type = DGRAM_PACKET; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 607d01d2cf..1911515404 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -670,6 +670,32 @@ static BOOL krb5_auth(char *this_user,char *password) } #endif /* KRB5_AUTH */ +#ifdef KRB4_AUTH +/******************************************************************* +check on Kerberos authentication +********************************************************************/ +static BOOL krb4_auth(char *this_user,char *password) +{ + char realm[REALM_SZ]; + char tkfile[MAXPATHLEN]; + + if (krb_get_lrealm(realm, 1) != KSUCCESS) + (void) strncpy(realm, KRB_REALM, sizeof (realm)); + + (void) sprintf(tkfile, "/tmp/samba_tkt_%d", getpid()); + + krb_set_tkt_string(tkfile); + if (krb_verify_user(this_user, "", realm, + password, 0, + "rmcd") == KSUCCESS) { + unlink(tkfile); + return 1; + } + unlink(tkfile); + return 0; +} +#endif /* KRB4_AUTH */ + #ifdef LINUX_BIGCRYPT /**************************************************************************** an enhanced crypt for Linux to handle password longer than 8 characters @@ -775,6 +801,10 @@ Hence we make a direct return to avoid a second chance!!! if (krb5_auth(this_user,password)) return(True); #endif +#ifdef KRB4_AUTH + if (krb4_auth(this_user,password)) return(True); +#endif + #ifdef PWDAUTH if (pwdauth(this_user,password) == 0) return(True); |