diff options
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth_util.c | 14 | ||||
-rw-r--r-- | source3/auth/auth_wbc.c (renamed from source3/auth/auth_onefs_wb.c) | 32 |
2 files changed, 31 insertions, 15 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 1f00e22a3c..c39aa8501d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -806,7 +806,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) } /* - * Create an artificial NT token given just a username. (Initially indended + * Create an artificial NT token given just a username. (Initially intended * for force user) * * We go through lookup_name() to avoid problems we had with 'winbind use @@ -859,12 +859,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, goto done; } - if (!sid_to_uid(&user_sid, uid)) { - DEBUG(1, ("sid_to_uid for %s (%s) failed\n", - username, sid_string_dbg(&user_sid))); - goto done; - } - if (sid_check_is_in_our_domain(&user_sid)) { bool ret; @@ -922,6 +916,12 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, unix_user: + if (!sid_to_uid(&user_sid, uid)) { + DEBUG(1, ("sid_to_uid for %s (%s) failed\n", + username, sid_string_dbg(&user_sid))); + goto done; + } + uid_to_unix_users_sid(*uid, &user_sid); pass = getpwuid_alloc(tmp_ctx, *uid); diff --git a/source3/auth/auth_onefs_wb.c b/source3/auth/auth_wbc.c index 49de6966b0..580c8b550d 100644 --- a/source3/auth/auth_onefs_wb.c +++ b/source3/auth/auth_wbc.c @@ -1,7 +1,8 @@ /* Unix SMB/CIFS implementation. - Winbind authentication mechnism, customized for onefs + Winbind client authentication mechanism designed to defer all + authentication to the winbind daemon. Copyright (C) Tim Potter 2000 Copyright (C) Andrew Bartlett 2001 - 2002 @@ -21,6 +22,21 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +/* This auth module is very similar to auth_winbind with 3 distinct + * differences. + * + * 1) Does not fallback to another auth module if winbindd is unavailable + * 2) Does not validate the domain of the user + * 3) Handles unencrypted passwords + * + * The purpose of this module is to defer all authentication decisions (ie: + * local user vs NIS vs LDAP vs AD; encrypted vs plaintext) to the wbc + * compatible daemon. This centeralizes all authentication decisions to a + * single provider. + * + * This auth backend is most useful when used in conjunction with pdb_wbc_sam. + */ + #include "includes.h" #undef DBGC_CLASS @@ -28,7 +44,7 @@ /* Authenticate a user with a challenge/response */ -static NTSTATUS check_onefs_wb_security(const struct auth_context *auth_context, +static NTSTATUS check_wbc_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const auth_usersupplied_info *user_info, @@ -58,7 +74,7 @@ static NTSTATUS check_onefs_wb_security(const struct auth_context *auth_context, user_info->internal_username)); params.level = WBC_AUTH_USER_LEVEL_PLAIN; - params.password.plaintext = user_info->plaintext_password.data; + params.password.plaintext = (char *)user_info->plaintext_password.data; } else { DEBUG(3,("Checking encrypted password for %s.\n", user_info->internal_username)); @@ -116,19 +132,19 @@ static NTSTATUS check_onefs_wb_security(const struct auth_context *auth_context, } /* module initialisation */ -static NTSTATUS auth_init_onefs_wb(struct auth_context *auth_context, const char *param, auth_methods **auth_method) +static NTSTATUS auth_init_wbc(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { return NT_STATUS_NO_MEMORY; } - (*auth_method)->name = "onefs_wb"; - (*auth_method)->auth = check_onefs_wb_security; + (*auth_method)->name = "wbc"; + (*auth_method)->auth = check_wbc_security; return NT_STATUS_OK; } -NTSTATUS auth_onefs_wb_init(void) +NTSTATUS auth_wbc_init(void) { - return smb_register_auth(AUTH_INTERFACE_VERSION, "onefs_wb", auth_init_onefs_wb); + return smb_register_auth(AUTH_INTERFACE_VERSION, "wbc", auth_init_wbc); } |