Line data Source code
1 : /* 2 : Unix SMB/CIFS implementation. 3 : Password and authentication handling 4 : Copyright (C) Andrew Bartlett 2001 5 : 6 : This program is free software; you can redistribute it and/or modify 7 : it under the terms of the GNU General Public License as published by 8 : the Free Software Foundation; either version 3 of the License, or 9 : (at your option) any later version. 10 : 11 : This program is distributed in the hope that it will be useful, 12 : but WITHOUT ANY WARRANTY; without even the implied warranty of 13 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 : GNU General Public License for more details. 15 : 16 : You should have received a copy of the GNU General Public License 17 : along with this program. If not, see <http://www.gnu.org/licenses/>. 18 : */ 19 : 20 : #include "includes.h" 21 : #include "auth.h" 22 : #include "system/passwd.h" 23 : #include "../lib/tsocket/tsocket.h" 24 : 25 : #undef DBGC_CLASS 26 : #define DBGC_CLASS DBGC_AUTH 27 : 28 : /** Check a plaintext username/password 29 : * 30 : * Cannot deal with an encrypted password in any manner whatsoever, 31 : * unless the account has a null password. 32 : **/ 33 : 34 0 : static NTSTATUS check_unix_security(const struct auth_context *auth_context, 35 : void *my_private_data, 36 : TALLOC_CTX *mem_ctx, 37 : const struct auth_usersupplied_info *user_info, 38 : struct auth_serversupplied_info **server_info) 39 : { 40 0 : NTSTATUS nt_status; 41 0 : struct passwd *pass = NULL; 42 0 : const char *rhost; 43 : 44 0 : DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name)); 45 : 46 0 : if (tsocket_address_is_inet(user_info->remote_host, "ip")) { 47 0 : rhost = tsocket_address_inet_addr_string(user_info->remote_host, 48 : talloc_tos()); 49 0 : if (rhost == NULL) { 50 0 : return NT_STATUS_NO_MEMORY; 51 : } 52 : } else { 53 0 : rhost = "127.0.0.1"; 54 : } 55 : 56 0 : become_root(); 57 0 : pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name); 58 : 59 : /** @todo This call assumes a ASCII password, no charset transformation is 60 : done. We may need to revisit this **/ 61 0 : nt_status = pass_check(pass, 62 : pass ? pass->pw_name : user_info->mapped.account_name, 63 : rhost, 64 0 : user_info->password.plaintext, 65 : true); 66 : 67 0 : unbecome_root(); 68 : 69 0 : if (NT_STATUS_IS_OK(nt_status)) { 70 0 : if (pass != NULL) { 71 0 : nt_status = make_server_info_pw(mem_ctx, 72 0 : pass->pw_name, 73 : pass, 74 : server_info); 75 : } else { 76 : /* we need to do something more useful here */ 77 0 : nt_status = NT_STATUS_NO_SUCH_USER; 78 : } 79 : } 80 : 81 0 : TALLOC_FREE(pass); 82 0 : return nt_status; 83 : } 84 : 85 : /* module initialisation */ 86 0 : static NTSTATUS auth_init_unix( 87 : struct auth_context *auth_context, 88 : const char* param, 89 : struct auth_methods **auth_method) 90 : { 91 0 : struct auth_methods *result; 92 : 93 0 : result = talloc_zero(auth_context, struct auth_methods); 94 0 : if (result == NULL) { 95 0 : return NT_STATUS_NO_MEMORY; 96 : } 97 0 : result->name = "unix"; 98 0 : result->auth = check_unix_security; 99 : 100 0 : *auth_method = result; 101 0 : return NT_STATUS_OK; 102 : } 103 : 104 31181 : NTSTATUS auth_unix_init(TALLOC_CTX *mem_ctx) 105 : { 106 31181 : return smb_register_auth(AUTH_INTERFACE_VERSION, "unix", auth_init_unix); 107 : }