sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-31 01:48:16 +03:00
Code
samba-mirror/source/auth/auth_unix.c
Andrew Bartlett e7634f81c5 This commit is number 3 of 4. 
In particular this commit focuses on:

Changing the Get_Pwnam code so that it can work in a const-enforced
environment.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.

----

These changes allow for 'const' in the Samba tree.

There are a number of good reasons to do this:

	- I want to allow the SAM_ACCOUNT structure to move from wasteful
	pstrings and fstrings to  allocated strings.  We can't do that if
	people are modifying these outputs, as they may well make
	assumptions about getting pstrings and fstrings

	- I want --with-pam_smbpass to compile with a slightly sane
	volume of warnings, currently its  pretty bad, even in 2.2
	where is compiles at all.

	- Tridge assures me that he no longer opposes 'const religion'
	based on the ability to  #define const the problem away.

	- Changed Get_Pwnam(x,y) into two variants (so that the const
	parameter can work correctly): - Get_Pwnam(const x) and
	Get_Pwnam_Modify(x).

	- Reworked smbd/chgpasswd.c to work with these mods, passing
	around a 'struct passwd' rather  than the modified username
-

106 lines
2.9 KiB
C
Raw Blame History

/*
Unix SMB/Netbios implementation.
Version 2.2
Password and authentication handling
Copyright (C) Andrew Bartlett 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
/****************************************************************************
update the encrypted smbpasswd file from the plaintext username and password
this ugly hack needs to die, but not quite yet...
*****************************************************************************/
static BOOL update_smbpassword_file(char *user, char *password)
{
SAM_ACCOUNT *sampass = NULL;
BOOL ret;
pdb_init_sam(&sampass);
become_root();
ret = pdb_getsampwnam(sampass, user);
unbecome_root();
if(ret == False) {
DEBUG(0,("pdb_getsampwnam returned NULL\n"));
pdb_free_sam(&sampass);
return False;
}
/*
* Remove the account disabled flag - we are updating the
* users password from a login.
*/
if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) {
pdb_free_sam(&sampass);
return False;
}
if (!pdb_set_plaintext_passwd (sampass, password)) {
pdb_free_sam(&sampass);
return False;
}
/* Now write it into the file. */
become_root();
/* Here, the override flag is True, because we want to ignore the
XXXXXXX'd out password */
ret = pdb_update_sam_account (sampass, True);
unbecome_root();
if (ret) {
DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
}
memset(password, '\0', strlen(password));
pdb_free_sam(&sampass);
return ret;
}
/****************************************************************************
check if a username/password is OK assuming the password
in PLAIN TEXT
****************************************************************************/
NTSTATUS check_unix_security(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info)
{
NTSTATUS nt_status;
struct passwd *pass = NULL;
become_root();
pass = Get_Pwnam(user_info->unix_username.str);
nt_status = pass_check(pass,
pass ? pass->pw_name : user_info->unix_username.str,
user_info->plaintext_password.str,
user_info->plaintext_password.len,
lp_update_encrypted() ?
update_smbpassword_file : NULL,
True);
unbecome_root();
return nt_status;
}
View Git Blame Copy Permalink