diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-06-01 21:52:01 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-08-14 11:58:13 +1000 |
commit | 23994e1b53b8528007f6325ce5f286712ec021be (patch) | |
tree | c0e69e1401576756560bf71b73c3725312b7d866 /source3/auth/check_samsec.c | |
parent | 272e49e85c47d88ef0a84bce88e6f8d984f2eae4 (diff) | |
download | samba-23994e1b53b8528007f6325ce5f286712ec021be.tar.gz |
s3:auth Make Samba3 use the new common struct auth_usersupplied_info
This common structure will make it much easier to produce an auth
module for s3compat that calls Samba4's auth subsystem.
In order the make the link work properly (and not map twice), we mark
both that we did try and map the user, as well as if we changed the
user during the mapping.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/auth/check_samsec.c')
-rw-r--r-- | source3/auth/check_samsec.c | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 5228811422a..df5dc31b9c9 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -41,11 +41,10 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { - struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash; + NTSTATUS status; + struct samr_Password _lm_hash, _nt_hash; struct samr_Password *lm_hash = NULL; struct samr_Password *nt_hash = NULL; - struct samr_Password *client_lm_hash = NULL; - struct samr_Password *client_nt_hash = NULL; *user_sess_key = data_blob_null; *lm_sess_key = data_blob_null; @@ -68,36 +67,35 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx, memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash)); nt_hash = &_nt_hash; } - if (user_info->lm_interactive_pwd.data && sizeof(_client_lm_hash.hash) == user_info->lm_interactive_pwd.length) { - memcpy(_client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(_lm_hash.hash)); - client_lm_hash = &_client_lm_hash; - } - if (user_info->nt_interactive_pwd.data && sizeof(_client_nt_hash.hash) == user_info->nt_interactive_pwd.length) { - memcpy(_client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(_nt_hash.hash)); - client_nt_hash = &_client_nt_hash; - } - - if (client_lm_hash || client_nt_hash) { - if (!nt_pw) { - return NT_STATUS_WRONG_PASSWORD; - } - *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); - if (!user_sess_key->data) { - return NT_STATUS_NO_MEMORY; + switch (user_info->password_state) { + case AUTH_PASSWORD_HASH: + status = hash_password_check(mem_ctx, lp_lanman_auth(), + user_info->password.hash.lanman, + user_info->password.hash.nt, + username, + lm_hash, + nt_hash); + if (NT_STATUS_IS_OK(status)) { + if (nt_pw) { + *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); + if (!user_sess_key->data) { + return NT_STATUS_NO_MEMORY; + } + SMBsesskeygen_ntv1(nt_pw, user_sess_key->data); + } } - SMBsesskeygen_ntv1(nt_pw, user_sess_key->data); - return hash_password_check(mem_ctx, lp_lanman_auth(), - client_lm_hash, - client_nt_hash, - username, - lm_hash, - nt_hash); - } else { + return status; + + /* Eventually we should test plaintext passwords in their own + * function, not assuming the caller has done a + * mapping */ + case AUTH_PASSWORD_PLAIN: + case AUTH_PASSWORD_RESPONSE: return ntlm_password_check(mem_ctx, lp_lanman_auth(), lp_ntlm_auth(), user_info->logon_parameters, challenge, - &user_info->lm_resp, &user_info->nt_resp, + &user_info->password.response.lanman, &user_info->password.response.nt, username, user_info->client.account_name, user_info->client.domain_name, @@ -105,6 +103,7 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx, nt_hash, user_sess_key, lm_sess_key); } + return NT_STATUS_INVALID_PARAMETER; } /**************************************************************************** |