Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Password and authentication handling
4 : Copyright (C) Andrew Bartlett 2001
5 :
6 : This program is free software; you can redistribute it and/or modify
7 : it under the terms of the GNU General Public License as published by
8 : the Free Software Foundation; either version 3 of the License, or
9 : (at your option) any later version.
10 :
11 : This program is distributed in the hope that it will be useful,
12 : but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : GNU General Public License for more details.
15 :
16 : You should have received a copy of the GNU General Public License
17 : along with this program. If not, see <http://www.gnu.org/licenses/>.
18 : */
19 :
20 : #include "includes.h"
21 : #include "auth.h"
22 : #include "system/passwd.h"
23 : #include "../lib/tsocket/tsocket.h"
24 :
25 : #undef DBGC_CLASS
26 : #define DBGC_CLASS DBGC_AUTH
27 :
28 : /** Check a plaintext username/password
29 : *
30 : * Cannot deal with an encrypted password in any manner whatsoever,
31 : * unless the account has a null password.
32 : **/
33 :
34 0 : static NTSTATUS check_unix_security(const struct auth_context *auth_context,
35 : void *my_private_data,
36 : TALLOC_CTX *mem_ctx,
37 : const struct auth_usersupplied_info *user_info,
38 : struct auth_serversupplied_info **server_info)
39 : {
40 : NTSTATUS nt_status;
41 0 : struct passwd *pass = NULL;
42 : const char *rhost;
43 :
44 0 : DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
45 :
46 0 : if (tsocket_address_is_inet(user_info->remote_host, "ip")) {
47 0 : rhost = tsocket_address_inet_addr_string(user_info->remote_host,
48 : talloc_tos());
49 0 : if (rhost == NULL) {
50 0 : return NT_STATUS_NO_MEMORY;
51 : }
52 : } else {
53 0 : rhost = "127.0.0.1";
54 : }
55 :
56 0 : become_root();
57 0 : pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
58 :
59 : /** @todo This call assumes a ASCII password, no charset transformation is
60 : done. We may need to revisit this **/
61 0 : nt_status = pass_check(pass,
62 : pass ? pass->pw_name : user_info->mapped.account_name,
63 : rhost,
64 0 : user_info->password.plaintext,
65 : true);
66 :
67 0 : unbecome_root();
68 :
69 0 : if (NT_STATUS_IS_OK(nt_status)) {
70 0 : if (pass != NULL) {
71 0 : nt_status = make_server_info_pw(mem_ctx,
72 0 : pass->pw_name,
73 : pass,
74 : server_info);
75 : } else {
76 : /* we need to do something more useful here */
77 0 : nt_status = NT_STATUS_NO_SUCH_USER;
78 : }
79 : }
80 :
81 0 : TALLOC_FREE(pass);
82 0 : return nt_status;
83 : }
84 :
85 : /* module initialisation */
86 0 : static NTSTATUS auth_init_unix(
87 : struct auth_context *auth_context,
88 : const char* param,
89 : struct auth_methods **auth_method)
90 : {
91 : struct auth_methods *result;
92 :
93 0 : result = talloc_zero(auth_context, struct auth_methods);
94 0 : if (result == NULL) {
95 0 : return NT_STATUS_NO_MEMORY;
96 : }
97 0 : result->name = "unix";
98 0 : result->auth = check_unix_security;
99 :
100 0 : *auth_method = result;
101 0 : return NT_STATUS_OK;
102 : }
103 :
104 5149 : NTSTATUS auth_unix_init(TALLOC_CTX *mem_ctx)
105 : {
106 5149 : return smb_register_auth(AUTH_INTERFACE_VERSION, "unix", auth_init_unix);
107 : }
|
