NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
BOOL done_pam = False;
- DEBUG(3, ("check_password: Checking password for user %s with the new password interface\n", user_info->smb_username.str));
+ DEBUG(3, ("check_password: Checking password for smb user %s with the new password interface\n", user_info->smb_username.str));
if (!check_domain_match(user_info->smb_username.str, user_info->domain.str)) {
return NT_STATUS_LOGON_FAILURE;
}
}
if (lp_security() >= SEC_SERVER) {
- smb_user_control(user_info->smb_username.str, nt_status);
+ smb_user_control(user_info->unix_username.str, nt_status);
}
if (!NT_STATUS_IS_OK(nt_status)) {
if (NT_STATUS_IS_OK(nt_status) && !done_pam) {
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(user_info->smb_username.str);
+ nt_status = smb_pam_accountcheck(user_info->unix_username.str);
unbecome_root();
}
if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5, ("check_password: Password for user %s suceeded\n", user_info->smb_username.str));
+ DEBUG(5, ("check_password: Password for smb user %s suceeded\n", user_info->smb_username.str));
} else {
- DEBUG(3, ("check_password: Password for user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
+ DEBUG(3, ("check_password: Password for smb user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
}
return nt_status;
return True if the password is correct, False otherwise
****************************************************************************/
-NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
+NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
+ char *domain, uchar chal[8],
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
auth_usersupplied_info user_info;
auth_serversupplied_info server_info;
- AUTH_STR ourdomain, theirdomain, smb_username, wksta_name;
+ AUTH_STR ourdomain, theirdomain, unix_username, smb_username,
+ wksta_name;
ZERO_STRUCT(user_info);
ZERO_STRUCT(ourdomain);
user_info.requested_domain = theirdomain;
user_info.domain = ourdomain;
- smb_username.str = user;
+ smb_username.str = smb_user;
smb_username.len = strlen(smb_username.str);
- user_info.requested_username = smb_username; /* For the time-being */
+ /* If unix user is NULL, use smb user */
+
+ unix_username.str = unix_user ? unix_user : smb_user;
+ unix_username.len = strlen(unix_username.str);
+
+ user_info.unix_username = unix_username;
user_info.smb_username = smb_username;
user_info.wksta_name.str = client_name();
return check_password(&user_info, &server_info);
}
-NTSTATUS pass_check_smb(char *user, char *domain,
+NTSTATUS pass_check_smb(char *smb_user, char *unix_user, char *domain,
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
generate_random_buffer( chal, 8, False);
}
- return pass_check_smb_with_chal(user, domain, chal,
+ return pass_check_smb_with_chal(smb_user, unix_user, domain, chal,
lm_pwd, lm_pwd_len,
nt_pwd, nt_pwd_len);
/* The password could be either NTLM or plain LM. Try NTLM first, but fall-through as
required. */
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
return True;
}
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
become_root();
- if (check_hosts_equiv(user_info->smb_username.str)) {
+ if (check_hosts_equiv(user_info->unix_username.str)) {
nt_status = NT_STATUS_OK;
}
unbecome_root();
if (smb_pwd_check_ntlmv2( user_info->nt_resp.buffer,
user_info->nt_resp.len,
nt_pw,
- user_info->chal, user_info->requested_username.str,
+ user_info->chal, user_info->smb_username.str,
user_info->requested_domain.str,
(char *)server_info->session_key))
{
NTSTATUS nt_status;
become_root();
- nt_status = (pass_check(user_info->smb_username.str, user_info->plaintext_password.str,
+ nt_status = (pass_check(user_info->unix_username.str,
+ user_info->plaintext_password.str,
user_info->plaintext_password.len,
- lp_update_encrypted() ? update_smbpassword_file : NULL)
+ lp_update_encrypted() ?
+ update_smbpassword_file : NULL)
? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE);
unbecome_root();
AUTH_STR requested_domain; /* domain name string */
AUTH_STR domain; /* domain name after mapping */
- AUTH_STR requested_username;
- AUTH_STR smb_username; /* user name string (after mapping) */
+ AUTH_STR unix_username; /* username after mapping */
+ AUTH_STR smb_username; /* username before mapping */
AUTH_STR wksta_name; /* workstation name (netbios calling name) unicode string */
} auth_usersupplied_info;
cli_shutdown(&cli);
return status;
}
-
user_info.smb_username.str = name_user;
user_info.smb_username.len = strlen(name_user);
- user_info.requested_username.str = name_user;
- user_info.requested_username.len = strlen(name_user);
+ user_info.unix_username.str = name_user;
+ user_info.unix_username.len = strlen(name_user);
user_info.wksta_name.str = global_myname;
user_info.wksta_name.len = strlen(user_info.wksta_name.str);
user_info.smb_username.str = name_user;
user_info.smb_username.len = strlen(name_user);
- user_info.requested_username.str = name_user;
- user_info.requested_username.len = strlen(name_user);
+ user_info.unix_username.str = name_user;
+ user_info.unix_username.len = strlen(name_user);
user_info.wksta_name.str = global_myname;
user_info.wksta_name.len = strlen(user_info.wksta_name.str);
smb_username.str = user;
smb_username.len = strlen(smb_username.str);
- user_info.requested_username = smb_username; /* For the time-being */
+ user_info.unix_username = smb_username; /* For the time-being */
user_info.smb_username = smb_username;
#if 0
become_root();
p->ntlmssp_auth_validated =
- NT_STATUS_IS_OK(pass_check_smb_with_chal(pipe_user_name, domain,
+ NT_STATUS_IS_OK(pass_check_smb_with_chal(pipe_user_name, NULL, domain,
(uchar*)p->challenge,
lm_owf, lm_pw_len,
nt_owf, nt_pw_len));
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
BOOL done_pam = False;
- DEBUG(3, ("check_password: Checking password for user %s with the new password interface\n", user_info->smb_username.str));
+ DEBUG(3, ("check_password: Checking password for smb user %s with the new password interface\n", user_info->smb_username.str));
if (!check_domain_match(user_info->smb_username.str, user_info->domain.str)) {
return NT_STATUS_LOGON_FAILURE;
}
}
if (lp_security() >= SEC_SERVER) {
- smb_user_control(user_info->smb_username.str, nt_status);
+ smb_user_control(user_info->unix_username.str, nt_status);
}
if (!NT_STATUS_IS_OK(nt_status)) {
if (NT_STATUS_IS_OK(nt_status) && !done_pam) {
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(user_info->smb_username.str);
+ nt_status = smb_pam_accountcheck(user_info->unix_username.str);
unbecome_root();
}
if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5, ("check_password: Password for user %s suceeded\n", user_info->smb_username.str));
+ DEBUG(5, ("check_password: Password for smb user %s suceeded\n", user_info->smb_username.str));
} else {
- DEBUG(3, ("check_password: Password for user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
+ DEBUG(3, ("check_password: Password for smb user %s FAILED with error %s\n", user_info->smb_username.str, get_nt_error_msg(nt_status)));
}
return nt_status;
return True if the password is correct, False otherwise
****************************************************************************/
-NTSTATUS pass_check_smb_with_chal(char *user, char *domain, uchar chal[8],
+NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
+ char *domain, uchar chal[8],
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
auth_usersupplied_info user_info;
auth_serversupplied_info server_info;
- AUTH_STR ourdomain, theirdomain, smb_username, wksta_name;
+ AUTH_STR ourdomain, theirdomain, unix_username, smb_username,
+ wksta_name;
ZERO_STRUCT(user_info);
ZERO_STRUCT(ourdomain);
user_info.requested_domain = theirdomain;
user_info.domain = ourdomain;
- smb_username.str = user;
+ smb_username.str = smb_user;
smb_username.len = strlen(smb_username.str);
- user_info.requested_username = smb_username; /* For the time-being */
+ /* If unix user is NULL, use smb user */
+
+ unix_username.str = unix_user ? unix_user : smb_user;
+ unix_username.len = strlen(unix_username.str);
+
+ user_info.unix_username = unix_username;
user_info.smb_username = smb_username;
user_info.wksta_name.str = client_name();
return check_password(&user_info, &server_info);
}
-NTSTATUS pass_check_smb(char *user, char *domain,
+NTSTATUS pass_check_smb(char *smb_user, char *unix_user, char *domain,
uchar *lm_pwd, int lm_pwd_len,
uchar *nt_pwd, int nt_pwd_len)
{
generate_random_buffer( chal, 8, False);
}
- return pass_check_smb_with_chal(user, domain, chal,
+ return pass_check_smb_with_chal(smb_user, unix_user, domain, chal,
lm_pwd, lm_pwd_len,
nt_pwd, nt_pwd_len);
/* The password could be either NTLM or plain LM. Try NTLM first, but fall-through as
required. */
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), NULL, 0, (unsigned char *)password, pwlen))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(user, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(user, NULL, lp_workgroup(), (unsigned char *)password, pwlen, NULL, 0))) {
return True;
}
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
become_root();
- if (check_hosts_equiv(user_info->smb_username.str)) {
+ if (check_hosts_equiv(user_info->unix_username.str)) {
nt_status = NT_STATUS_OK;
}
unbecome_root();
if (smb_pwd_check_ntlmv2( user_info->nt_resp.buffer,
user_info->nt_resp.len,
nt_pw,
- user_info->chal, user_info->requested_username.str,
+ user_info->chal, user_info->smb_username.str,
user_info->requested_domain.str,
(char *)server_info->session_key))
{
NTSTATUS nt_status;
become_root();
- nt_status = (pass_check(user_info->smb_username.str, user_info->plaintext_password.str,
+ nt_status = (pass_check(user_info->unix_username.str,
+ user_info->plaintext_password.str,
user_info->plaintext_password.len,
- lp_update_encrypted() ? update_smbpassword_file : NULL)
+ lp_update_encrypted() ?
+ update_smbpassword_file : NULL)
? NT_STATUS_OK : NT_STATUS_LOGON_FAILURE);
unbecome_root();
smb_username.str = user;
smb_username.len = strlen(smb_username.str);
- user_info.requested_username = smb_username; /* For the time-being */
+ user_info.unix_username = smb_username; /* For the time-being */
user_info.smb_username = smb_username;
user_info.wksta_name = wksta_name;
add_session_user(user);
if (!guest) {
- valid_password = NT_STATUS_IS_OK(pass_check_smb(user, domain,
+ valid_password = NT_STATUS_IS_OK(pass_check_smb(orig_user, user,
+ domain,
(unsigned char *)smb_apasswd,
smb_apasslen,
(unsigned char *)smb_ntpasswd,