diff options
Diffstat (limited to 'source3/smbd/password.c')
-rw-r--r-- | source3/smbd/password.c | 107 |
1 files changed, 27 insertions, 80 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 711729f86d..aae398dbda 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -21,7 +21,7 @@ #include "includes.h" -#if (defined(NETGROUP) && defined (AUTOMOUNT)) +#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT)) #include "rpcsvc/ypclnt.h" #endif @@ -347,44 +347,6 @@ void add_session_user(char *user) } -#ifdef NO_GETSPNAM -/* a fake shadow password routine which just fills a fake spwd struct - * with the sp_pwdp field. (sreiz@aie.nl) - */ -static struct spwd *getspnam(char *username) /* fake shadow password routine */ -{ - FILE *f; - char line[1024]; - static fstring pw; - static struct spwd static_spwd; - - static_spwd.sp_pwdp=0; - if (!(f=fopen("/etc/master.passwd", "r"))) - return 0; - while (fgets(line, 1024, f)) { - if (!strncmp(line, username, strlen(username)) && - line[strlen(username)]==':') { /* found entry */ - char *p, *q; - - p=line+strlen(username)+1; - if ((q=strchr(p, ':'))) { - *q=0; - if (q-p+1>20) - break; - fstrcpy(pw, p); - static_spwd.sp_pwdp=pw; - } - break; - } - } - fclose(f); - if (static_spwd.sp_pwdp) - return &static_spwd; - return 0; -} -#endif - - #ifdef OSF1_ENH_SEC /**************************************************************************** an enhanced crypt for OSF1 @@ -480,7 +442,7 @@ static void update_protected_database( char *user, BOOL result) } -#ifdef USE_PAM +#ifdef HAVE_PAM /******************************************************************* check on PAM authentication ********************************************************************/ @@ -583,7 +545,7 @@ static BOOL pam_auth(char *this_user,char *password) #endif -#ifdef AFS_AUTH +#ifdef WITH_AFS /******************************************************************* check on AFS authentication ********************************************************************/ @@ -610,7 +572,7 @@ static BOOL afs_auth(char *this_user,char *password) #endif -#ifdef DFS_AUTH +#ifdef WITH_DFS /***************************************************************** This new version of the DFS_AUTH code was donated by Karsten Muuss @@ -645,7 +607,7 @@ static BOOL dfs_auth(char *this_user,char *password) if (dcelogin_atmost_once) return(False); -#ifndef NO_CRYPT +#ifdef HAVE_CRYPT /* * We only go for a DCE login context if the given password * matches that stored in the local password file.. @@ -1099,24 +1061,24 @@ core of password checking routine BOOL password_check(char *password) { -#ifdef USE_PAM +#ifdef HAVE_PAM /* This falls through if the password check fails - - if NO_CRYPT is defined this causes an error msg + - if HAVE_CRYPT is not defined this causes an error msg saying Warning - no crypt available - - if NO_CRYPT is NOT defined this is a potential security hole + - if HAVE_CRYPT is defined this is a potential security hole as it may authenticate via the crypt call when PAM settings say it should fail. - if (pam_auth(this_user,password)) return(True); -Hence we make a direct return to avoid a second chance!!! + if (pam_auth(this_user,password)) return(True); + Hence we make a direct return to avoid a second chance!!! */ return (pam_auth(this_user,password)); #endif -#ifdef AFS_AUTH +#ifdef WITH_AFS if (afs_auth(this_user,password)) return(True); #endif -#ifdef DFS_AUTH +#ifdef WITH_DFS if (dfs_auth(this_user,password)) return(True); #endif @@ -1128,11 +1090,6 @@ Hence we make a direct return to avoid a second chance!!! if (krb4_auth(this_user,password)) return(True); #endif -#ifdef PWDAUTH - if (pwdauth(this_user,password) == 0) - return(True); -#endif - #ifdef OSF1_ENH_SEC { BOOL ret = (strcmp(osf1_bigcrypt(password,this_salt),this_crypted) == 0); @@ -1152,11 +1109,11 @@ Hence we make a direct return to avoid a second chance!!! return(linux_bigcrypt(password,this_salt,this_crypted)); #endif -#ifdef HPUX_10_TRUSTED +#ifdef HAVE_BIGCRYPT return(strcmp(bigcrypt(password,this_salt),this_crypted) == 0); #endif -#ifdef NO_CRYPT +#ifndef HAVE_CRYPT DEBUG(1,("Warning - no crypt available\n")); return(False); #else @@ -1364,7 +1321,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) return(False); } -#ifdef SHADOW_PWD +#ifdef HAVE_GETSPNAM { struct spwd *spass; @@ -1388,15 +1345,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) } #endif -#ifdef SecureWare - { - struct pr_passwd *pr_pw = getprpwnam(pass->pw_name); - if (pr_pw && pr_pw->ufld.fd_encrypt) - pass->pw_passwd = pr_pw->ufld.fd_encrypt; - } -#endif - -#ifdef HPUX_10_TRUSTED +#ifdef HAVE_GETPRPWNAM { struct pr_passwd *pr_pw = getprpwnam(pass->pw_name); if (pr_pw && pr_pw->ufld.fd_encrypt) @@ -1436,23 +1385,21 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd) /* extract relevant info */ fstrcpy(this_user,pass->pw_name); fstrcpy(this_salt,pass->pw_passwd); -#ifdef HPUX - /* The crypt on HPUX won't work with more than 2 salt characters. */ + /* crypt on some platforms (HPUX in particular) + won't work with more than 2 salt characters. */ this_salt[2] = 0; -#endif /* HPUX */ + fstrcpy(this_crypted,pass->pw_passwd); if (!*this_crypted) { if (!lp_null_passwords()) { - DEBUG(2,("Disallowing access to %s due to null password\n",this_user)); - return(False); + DEBUG(2,("Disallowing access to %s due to null password\n",this_user)); + return(False); } -#ifndef PWDAUTH if (!*password) { - DEBUG(3,("Allowing access to %s with null password\n",this_user)); - return(True); + DEBUG(3,("Allowing access to %s with null password\n",this_user)); + return(True); } -#endif } /* try it as it came to us */ @@ -1551,7 +1498,7 @@ validate a group username entry. Return the username or NULL ****************************************************************************/ static char *validate_group(char *group,char *password,int pwlen,int snum) { -#ifdef NETGROUP +#ifdef HAVE_NETGROUP { char *host, *user, *domain; setnetgrent(group); @@ -1568,7 +1515,7 @@ static char *validate_group(char *group,char *password,int pwlen,int snum) } #endif -#if HAVE_GETGRNAM +#ifdef HAVE_GETGRNAM { struct group *gptr = (struct group *)getgrnam(group); char **member; @@ -1824,7 +1771,7 @@ static BOOL check_user_equiv(char *user, char *remote, char *equiv_file) { BOOL host_ok = False; -#ifdef NETGROUP +#ifdef HAVE_NETGROUP if (is_group) { static char *mydomain = NULL; @@ -1836,7 +1783,7 @@ static BOOL check_user_equiv(char *user, char *remote, char *equiv_file) #else if (is_group) { - DEBUG(1,("Netgroups not configured - add -DNETGROUP and recompile\n")); + DEBUG(1,("Netgroups not configured\n")); continue; } #endif |