summaryrefslogtreecommitdiffstats
path: root/source3/auth/auth.c
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-09-12 06:39:50 +0000
committerTim Potter <tpot@samba.org>2001-09-12 06:39:50 +0000
commitb800a36b1c81fb37ca963acdc49978ff065fb0d7 (patch)
tree4fe3edd68f6bbf7db66c75aa8c5c29b79d4dd01a /source3/auth/auth.c
parent39d7983a470cc3470dd7126de35697d965817cb6 (diff)
downloadsamba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.tar.gz
samba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.tar.xz
samba-b800a36b1c81fb37ca963acdc49978ff065fb0d7.zip
Some patches to authentication:
- the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547)
Diffstat (limited to 'source3/auth/auth.c')
-rw-r--r--source3/auth/auth.c33
1 files changed, 20 insertions, 13 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index b707c38c621..0101aa65a22 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -63,7 +63,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
BOOL done_pam = False;
- DEBUG(3, ("check_password: Checking password for user %s with the new password interface\n", user_info->smb_username.str));
+ DEBUG(3, ("check_password: Checking password for smb user %s with the new password interface\n", user_info->smb_username.str));
if (!check_domain_match(user_info->smb_username.str, user_info->domain.str)) {
return NT_STATUS_LOGON_FAILURE;
}
@@ -81,7 +81,7 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
}
if (lp_security() >= SEC_SERVER) {
- smb_user_control(user_info->smb_username.str, nt_status);
+ smb_user_control(user_info->unix_username.str, nt_status);
}
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -97,14 +97,14 @@ NTSTATUS check_password(const auth_usersupplied_info *user_info,
if (NT_STATUS_IS_OK(nt_status) && !done_pam) {
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(user_info->smb_username.str);
+ nt_status = smb_pam_accountcheck(user_info->unix_username.str);
unbecome_root();
}
if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5, ("check_password: Password for user %s suceeded\n", user_info->smb_username.str));
+ DEBUG(5, ("check_password: Password for smb user %s suceeded\n", user_info->smb_username.str));
} else {
- DEBUG(3, ("check_password: Password for user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
+ DEBUG(3, ("check_password: Password for smb user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
}
return nt_status;
@@ -121,14 +121,16 @@ SMB hash
return True if the password is correct, False otherwise
****************************************************************************/
-NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
+NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
+ char *domain, uchar chal[8],
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
auth_usersupplied_info user_info;
auth_serversupplied_info server_info;
- AUTH_STR ourdomain, theirdomain, smb_username, wksta_name;
+ AUTH_STR ourdomain, theirdomain, unix_username, smb_username,
+ wksta_name;
ZERO_STRUCT(user_info);
ZERO_STRUCT(ourdomain);
@@ -145,10 +147,15 @@ NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
user_info.requested_domain = theirdomain;
user_info.domain = ourdomain;
- smb_username.str = user;
+ smb_username.str = smb_user;
smb_username.len = strlen(smb_username.str);
- user_info.requested_username = smb_username; /* For the time-being */
+ /* If unix user is NULL, use smb user */
+
+ unix_username.str = unix_user ? unix_user : smb_user;
+ unix_username.len = strlen(unix_username.str);
+
+ user_info.unix_username = unix_username;
user_info.smb_username = smb_username;
user_info.wksta_name.str = client_name();
@@ -197,7 +204,7 @@ NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
return check_password(&user_info, &server_info);
}
-NTSTATUS pass_check_smb(char *user, char *domain,
+NTSTATUS pass_check_smb(char *smb_user, char *unix_user, char *domain,
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
@@ -207,7 +214,7 @@ NTSTATUS pass_check_smb(char *user, char *domain,
generate_random_buffer( chal, 8, False);
}
- return pass_check_smb_with_chal(user, domain, chal,
+ return pass_check_smb_with_chal(smb_user, unix_user, domain, chal,
lm_pwd, lm_pwd_len,
nt_pwd, nt_pwd_len);
@@ -233,11 +240,11 @@ BOOL password_ok(char *user, char *password, int pwlen)
/* The password could be either NTLM or plain LM. Try NTLM first, but fall-through as
required. */
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
return True;
}