#include "../libcli/auth/pam_errors.h"
#include "param/param.h"
+_PUBLIC_ NTSTATUS auth4_unix_init(TALLOC_CTX *);
+
/* TODO: look at how to best fill in parms retrieveing a struct passwd info
* except in case USER_INFO_DONT_CHECK_UNIX_ACCOUNT is set
*/
pam_error = pam_end(*pamh, 0);
if (pam_error != PAM_SUCCESS) {
- /* no vaild pamh here, can we reliably call pam_strerror ? */
+ /* no valid pamh here, can we reliably call pam_strerror ? */
DEBUG(4,("smb_pam_start: clean up failed, pam_end gave error %d.\n",
pam_error));
return pam_to_nt_status(pam_error);
pam_error = pam_end(*pamh, 0);
if (pam_error != PAM_SUCCESS) {
- /* no vaild pamh here, can we reliably call pam_strerror ? */
+ /* no valid pamh here, can we reliably call pam_strerror ? */
DEBUG(4,("smb_pam_start: clean up failed, pam_end gave error %d.\n",
pam_error));
return pam_to_nt_status(pam_error);
if (pamh != NULL) {
pam_error = pam_end(pamh, 0);
if (pam_error != PAM_SUCCESS) {
- /* no vaild pamh here, can we reliably call pam_strerror ? */
+ /* no valid pamh here, can we reliably call pam_strerror ? */
DEBUG(4,("smb_pam_end: clean up failed, pam_end gave error %d.\n",
pam_error));
return pam_to_nt_status(pam_error);
DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
- pam_error = pam_authenticate(pamh, PAM_SILENT | allow_null_passwords ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+ pam_error = pam_authenticate(pamh, PAM_SILENT | (allow_null_passwords ? 0 : PAM_DISALLOW_NULL_AUTHTOK));
switch( pam_error ){
case PAM_AUTH_ERR:
DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
{
bool ret;
-#ifdef WITH_AFS
- if (afs_auth(username, password))
- return NT_STATUS_OK;
-#endif /* WITH_AFS */
-#ifdef WITH_DFS
- if (dfs_auth(username, password))
- return NT_STATUS_OK;
-#endif /* WITH_DFS */
#ifdef OSF1_ENH_SEC
#endif /* ULTRIX_AUTH */
-#ifdef LINUX_BIGCRYPT
- ret = (linux_bigcrypt(password, salt, crypted));
- if (ret) {
- return NT_STATUS_OK;
- } else {
- return NT_STATUS_WRONG_PASSWORD;
- }
-#endif /* LINUX_BIGCRYPT */
-#if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) && defined(USE_BOTH_CRYPT_CALLS)
-
- /*
- * Some systems have bigcrypt in the C library but might not
- * actually use it for the password hashes (HPUX 10.20) is
- * a noteable example. So we try bigcrypt first, followed
- * by crypt.
- */
-
- if (strcmp(bigcrypt(password, salt), crypted) == 0)
- return NT_STATUS_OK;
- else
- ret = (strcmp((char *)crypt(password, salt), crypted) == 0);
- if (ret) {
- return NT_STATUS_OK;
- } else {
- return NT_STATUS_WRONG_PASSWORD;
- }
-#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
#ifdef HAVE_BIGCRYPT
ret = (strcmp(bigcrypt(password, salt), crypted) == 0);
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* HAVE_CRYPT */
-#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
}
static NTSTATUS check_unix_password(TALLOC_CTX *ctx, struct loadparm_context *lp_ctx,
{
char *username;
char *password;
- char *pwcopy;
char *salt;
char *crypted;
struct passwd *pws;
NTSTATUS nt_status;
- int level = lpcfg_passwordlevel(lp_ctx);
*ret_passwd = NULL;
}
#endif
-#ifdef HAVE_GETPRPWNAM
- {
- struct pr_passwd *pr_pw = getprpwnam(pws->pw_name);
- if (pr_pw && pr_pw->ufld.fd_encrypt) {
- crypted = talloc_strdup(ctx, pr_pw->ufld.fd_encrypt);
- NT_STATUS_HAVE_NO_MEMORY(crypted);
- }
- }
-#endif
#ifdef HAVE_GETPWANAM
{
}
#endif
-#if defined(HAVE_TRUNCATED_SALT)
- /* crypt on some platforms (HPUX in particular)
- won't work with more than 2 salt characters. */
- salt[2] = 0;
-#endif
if (crypted[0] == '\0') {
if (!lpcfg_null_passwords(lp_ctx)) {
return nt_status;
}
- if ( user_info->flags | USER_INFO_CASE_INSENSITIVE_PASSWORD) {
- return nt_status;
- }
-
- /* if the password was given to us with mixed case then we don't
- * need to proceed as we know it hasn't been case modified by the
- * client */
- if (strhasupper(password) && strhaslower(password)) {
- return nt_status;
- }
-
- /* make a copy of it */
- pwcopy = talloc_strdup(ctx, password);
- if (!pwcopy)
- return NT_STATUS_NO_MEMORY;
-
- /* try all lowercase if it's currently all uppercase */
- if (strhasupper(pwcopy)) {
- strlower(pwcopy);
- nt_status = password_check(username, pwcopy, crypted, salt);
- if NT_STATUS_IS_OK(nt_status) {
- *ret_passwd = pws;
- return nt_status;
- }
- }
-
- /* give up? */
- if (level < 1) {
- return NT_STATUS_WRONG_PASSWORD;
- }
-
- /* last chance - all combinations of up to level chars upper! */
- strlower(pwcopy);
+ /* we no longer try different case combinations here. The use
+ * of this code is now web auth, where trying different case
+ * combinations makes no sense
+ */
-#if 0
- if (NT_STATUS_IS_OK(nt_status = string_combinations(pwcopy, password_check, level))) {
- *ret_passwd = pws;
- return nt_status;
- }
-#endif
return NT_STATUS_WRONG_PASSWORD;
}
static const struct auth_operations unix_ops = {
.name = "unix",
- .get_challenge = auth_get_challenge_not_implemented,
.want_check = authunix_want_check,
.check_password = authunix_check_password
};
-_PUBLIC_ NTSTATUS auth_unix_init(void)
+_PUBLIC_ NTSTATUS auth4_unix_init(TALLOC_CTX *ctx)
{
NTSTATUS ret;