samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00

94 lines

2.7 KiB

C

Raw Normal View History

This patch does a number of things, mostly smaller than they look :-) In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e) 2001-08-12 15:19:57 +04:00			`/*`
			`Unix SMB/Netbios implementation.`
			`Version 2.2`
			`Password and authentication handling`
			`Copyright (C) Andrew Bartlett 2001`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.`
			`*/`

			`#include "includes.h"`

			`extern int DEBUGLEVEL;`

			`/****************************************************************************`
			`update the encrypted smbpasswd file from the plaintext username and password`

			`this ugly hack needs to die, but not quite yet...`
			`*****************************************************************************/`
			`static BOOL update_smbpassword_file(char user, char password)`
			`{`
			`SAM_ACCOUNT *sampass = NULL;`
			`BOOL ret;`

			`pdb_init_sam(&sampass);`

			`become_root();`
			`ret = pdb_getsampwnam(sampass, user);`
			`unbecome_root();`

			`if(ret == False) {`
			`DEBUG(0,("pdb_getsampwnam returned NULL\n"));`
			`pdb_free_sam(sampass);`
			`return False;`
			`}`

			`/*`
			`* Remove the account disabled flag - we are updating the`
			`* users password from a login.`
			`*/`
			`pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED);`

			`/* Here, the flag is one, because we want to ignore the`
			`XXXXXXX'd out password */`
			`ret = change_oem_password( sampass, password, True);`
			`if (ret == False) {`
			`DEBUG(3,("change_oem_password returned False\n"));`
			`}`

			`pdb_free_sam(sampass);`
			`return ret;`
			`}`


			`/****************************************************************************`
			`check if a username/password is OK assuming the password`
			`in PLAIN TEXT`
			`****************************************************************************/`

the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66) 2001-09-04 11:13:01 +04:00			`NTSTATUS check_unix_security(const auth_usersupplied_info user_info, auth_serversupplied_info server_info)`
This patch does a number of things, mostly smaller than they look :-) In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e) 2001-08-12 15:19:57 +04:00			`{`
the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66) 2001-09-04 11:13:01 +04:00			`NTSTATUS nt_status;`
Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by simply not doing Get_Pwnam() calls in pass_check.c We now make one sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett (This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb) 2001-09-19 09:26:11 +04:00			`struct passwd *pass = NULL;`

This patch does a number of things, mostly smaller than they look :-) In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e) 2001-08-12 15:19:57 +04:00			`become_root();`
Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by simply not doing Get_Pwnam() calls in pass_check.c We now make one sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett (This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb) 2001-09-19 09:26:11 +04:00
			`pass = Get_Pwnam(user_info->unix_username.str, False);`

			`nt_status = (pass_check(pass,`
Fix for MiXed and UPPER case usernames with plaintext PAM passwords. (This used to be commit ba1b411f556bfac8b953c44c81257c7d8fb9817d) 2001-09-20 07:31:57 +04:00			`pass ? pass->pw_name : user_info->unix_username.str,`
Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by simply not doing Get_Pwnam() calls in pass_check.c We now make one sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett (This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb) 2001-09-19 09:26:11 +04:00			`user_info->plaintext_password.str,`
This patch does a number of things, mostly smaller than they look :-) In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e) 2001-08-12 15:19:57 +04:00			`user_info->plaintext_password.len,`
Some patches to authentication: - the usersupplied_info now contains a smb_username (as it comes across on the wire) and a unix_username (after being passed through mapping functions) - when doing security={server,domain} use the smb_username, otherwise use the unix_username (This used to be commit d34fd8ec0716127c7a68eeb8e77d1ae8cc07b547) 2001-09-12 10:39:50 +04:00			`lp_update_encrypted() ?`
Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by simply not doing Get_Pwnam() calls in pass_check.c We now make one sys_getpnam() call in cgi.c and we always call PAM no matter what it returns. We also no longer run the password cracker for these logins. The truly parinod will note the slight difference in call paths, in that we only call crypt for valid password structs (if not --with-pam). The truly parinoid don't run SWAT either, so I don't think this is an issue. Andrew Bartlett (This used to be commit 9020d884935243f28c19cedc88f076f0709e12cb) 2001-09-19 09:26:11 +04:00			`update_smbpassword_file : NULL,`
			`True)`
converted another bunch of stuff to NTSTATUS (This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e) 2001-08-27 23:46:22 +04:00			`? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE);`
This patch does a number of things, mostly smaller than they look :-) In particuar, it moves the domain_client_validate stuff out of auth_domain.c to somwhere where they (I hope) they can be shared with winbind better. (This may need some work) The main purpose of this patch was however to improve some of the internal documentation and to correctly place become_root()/unbecome_root() calls within the code. Finally this patch moves some more of auth.c into other files, auth_unix.c in this case. Andrew Bartlett (This used to be commit ea1c547ac880def29f150de2172c95213509350e) 2001-08-12 15:19:57 +04:00			`unbecome_root();`

			`return nt_status;`
			`}`

94 lines 2.7 KiB C Raw Normal View History Unescape Escape

94 lines

2.7 KiB

C

Raw Normal View History