Changeset 745 for trunk/server/source3/auth/auth_unix.c

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• source3/auth/auth_unix.c (modified) (4 diffs)

trunk/server/source3/auth/auth_unix.c

@@ -3 +3 @@
    Password and authentication handling
    Copyright (C) Andrew Bartlett              2001
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
@@ -19 +19 @@
 
 #include "includes.h"
+#include "auth.h"
+#include "system/passwd.h"
+#include "smbd/globals.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
-
-/**
- * update the encrypted smbpasswd file from the plaintext username and password
- *  
- *  this ugly hack needs to die, but not quite yet, I think people still use it...
- **/
-static bool update_smbpassword_file(const char *user, const char *password)
-{
-        struct samu     *sampass;
-        bool            ret;
-        
-        if ( !(sampass = samu_new( NULL )) ) {
-                return False;
-        }
-        
-        become_root();
-        ret = pdb_getsampwnam(sampass, user);
-        unbecome_root();
-
-        if(ret == False) {
-                DEBUG(0,("pdb_getsampwnam returned NULL\n"));
-                TALLOC_FREE(sampass);
-                return False;
-        }
-
-        /*
-         * Remove the account disabled flag - we are updating the
-         * users password from a login.
-         */
-        if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
-                TALLOC_FREE(sampass);
-                return False;
-        }
-
-        if (!pdb_set_plaintext_passwd (sampass, password)) {
-                TALLOC_FREE(sampass);
-                return False;
-        }
-
-        /* Now write it into the file. */
-        become_root();
-
-        ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass));
-
-        unbecome_root();
-
-        if (ret) {
-                DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
-        }
-
-        TALLOC_FREE(sampass);
-        return ret;
-}
-
 
 /** Check a plaintext username/password
@@ -86 +35 @@
                              void *my_private_data, 
                              TALLOC_CTX *mem_ctx,
-                             const auth_usersupplied_info *user_info, 
-                             auth_serversupplied_info **server_info)
+                             const struct auth_usersupplied_info *user_info,
+                             struct auth_serversupplied_info **server_info)
 {
         NTSTATUS nt_status;
         struct passwd *pass = NULL;
 
+        DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
+
         become_root();
-        pass = Get_Pwnam_alloc(talloc_tos(), user_info->internal_username);
+        pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
 
-        
         /** @todo This call assumes a ASCII password, no charset transformation is 
             done.  We may need to revisit this **/
         nt_status = pass_check(pass,
-                                pass ? pass->pw_name : user_info->internal_username, 
-                                (char *)user_info->plaintext_password.data,
-                                user_info->plaintext_password.length-1,
-                                lp_update_encrypted() ? 
-                                update_smbpassword_file : NULL,
-                                True);
-        
+                                pass ? pass->pw_name : user_info->mapped.account_name,
+                               smbd_server_conn->client_id.name,
+                                user_info->password.plaintext,
+                                true);
+
         unbecome_root();
 
         if (NT_STATUS_IS_OK(nt_status)) {
                 if (pass) {
-                        /* if a real user check pam account restrictions */
-                        /* only really perfomed if "obey pam restriction" is true */
-                        nt_status = smb_pam_accountcheck(pass->pw_name);
-                        if (  !NT_STATUS_IS_OK(nt_status)) {
-                                DEBUG(1, ("PAM account restriction prevents user login\n"));
-                        } else {
-                                make_server_info_pw(server_info, pass->pw_name, pass);
-                        }
+                        make_server_info_pw(server_info, pass->pw_name, pass);
                 } else {
                         /* we need to do somthing more useful here */
@@ -131 +72 @@
 static NTSTATUS auth_init_unix(struct auth_context *auth_context, const char* param, auth_methods **auth_method) 
 {
-        if (!make_auth_methods(auth_context, auth_method)) {
+        struct auth_methods *result;
+
+        result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+        if (result == NULL) {
                 return NT_STATUS_NO_MEMORY;
         }
+        result->name = "unix";
+        result->auth = check_unix_security;
 
-        (*auth_method)->name = "unix";
-        (*auth_method)->auth = check_unix_security;
+        *auth_method = result;
         return NT_STATUS_OK;
 }