s3: Lift smbd_server_fd() from pass_check()

[samba.git] / source3 / auth / auth_unix.c

diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index f744cba0c434e53c754eee80a8bfcf304590f8d8..87cfdb9dd548752bca1f82c67b00fe41b54ed43f 100644 (file)
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -2,79 +2,27 @@
    Unix SMB/CIFS implementation.
    Password and authentication handling
    Copyright (C) Andrew Bartlett              2001
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
 #include "includes.h"
+#include "../librpc/gen_ndr/samr.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
-/**
- * update the encrypted smbpasswd file from the plaintext username and password
- *  
- *  this ugly hack needs to die, but not quite yet, I think people still use it...
- **/
-static BOOL update_smbpassword_file(const char *user, const char *password)
-{
-       SAM_ACCOUNT     *sampass = NULL;
-       BOOL            ret;
-       
-       pdb_init_sam(&sampass);
-       
-       become_root();
-       ret = pdb_getsampwnam(sampass, user);
-       unbecome_root();
-
-       if(ret == False) {
-               DEBUG(0,("pdb_getsampwnam returned NULL\n"));
-               pdb_free_sam(&sampass);
-               return False;
-       }
-
-       /*
-        * Remove the account disabled flag - we are updating the
-        * users password from a login.
-        */
-       if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
-               pdb_free_sam(&sampass);
-               return False;
-       }
-
-       if (!pdb_set_plaintext_passwd (sampass, password)) {
-               pdb_free_sam(&sampass);
-               return False;
-       }
-
-       /* Now write it into the file. */
-       become_root();
-
-       ret = pdb_update_sam_account (sampass);
-
-       unbecome_root();
-
-       if (ret) {
-               DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
-       }
-
-       pdb_free_sam(&sampass);
-       return ret;
-}
-
-
 /** Check a plaintext username/password
  *
  * Cannot deal with an encrupted password in any manner whatsoever,
@@ -84,26 +32,31 @@ static BOOL update_smbpassword_file(const char *user, const char *password)
 static NTSTATUS check_unix_security(const struct auth_context *auth_context,
                             void *my_private_data, 
                             TALLOC_CTX *mem_ctx,
-                            const auth_usersupplied_info *user_info, 
-                            auth_serversupplied_info **server_info)
+                            const struct auth_usersupplied_info *user_info,
+                            struct auth_serversupplied_info **server_info)
 {
        NTSTATUS nt_status;
        struct passwd *pass = NULL;
+       const char *rhost;
+       char addr[INET6_ADDRSTRLEN];
+
+       DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
        become_root();
-       pass = Get_Pwnam(user_info->internal_username.str);
+       pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
+
+       rhost = client_name(smbd_server_fd());
+       if (strequal(rhost,"UNKNOWN"))
+               rhost = client_addr(smbd_server_fd(), addr, sizeof(addr));
 
-       
        /** @todo This call assumes a ASCII password, no charset transformation is 
            done.  We may need to revisit this **/
        nt_status = pass_check(pass,
-                               pass ? pass->pw_name : user_info->internal_username.str, 
-                               (char *)user_info->plaintext_password.data,
-                               user_info->plaintext_password.length-1,
-                               lp_update_encrypted() ? 
-                               update_smbpassword_file : NULL,
-                               True);
-       
+                               pass ? pass->pw_name : user_info->mapped.account_name,
+                              rhost,
+                               user_info->password.plaintext,
+                               true);
+
        unbecome_root();
 
        if (NT_STATUS_IS_OK(nt_status)) {
@@ -115,18 +68,23 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
                }
        }
 
+       TALLOC_FREE(pass);
        return nt_status;
 }
 
 /* module initialisation */
 static NTSTATUS auth_init_unix(struct auth_context *auth_context, const char* param, auth_methods **auth_method) 
 {
-       if (!make_auth_methods(auth_context, auth_method)) {
+       struct auth_methods *result;
+
+       result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+       if (result == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
+       result->name = "unix";
+       result->auth = check_unix_security;
 
-       (*auth_method)->name = "unix";
-       (*auth_method)->auth = check_unix_security;
+       *auth_method = result;
        return NT_STATUS_OK;
 }