Line data    Source code

       1             : /* 
       2             :    Unix SMB/CIFS implementation.
       3             :    Password and authentication handling
       4             :    Copyright (C) Andrew Bartlett              2001
       5             : 
       6             :    This program is free software; you can redistribute it and/or modify
       7             :    it under the terms of the GNU General Public License as published by
       8             :    the Free Software Foundation; either version 3 of the License, or
       9             :    (at your option) any later version.
      10             : 
      11             :    This program is distributed in the hope that it will be useful,
      12             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :    GNU General Public License for more details.
      15             : 
      16             :    You should have received a copy of the GNU General Public License
      17             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      18             : */
      19             : 
      20             : #include "includes.h"
      21             : #include "auth.h"
      22             : #include "system/passwd.h"
      23             : #include "../lib/tsocket/tsocket.h"
      24             : 
      25             : #undef DBGC_CLASS
      26             : #define DBGC_CLASS DBGC_AUTH
      27             : 
      28             : /** Check a plaintext username/password
      29             :  *
      30             :  * Cannot deal with an encrypted password in any manner whatsoever,
      31             :  * unless the account has a null password.
      32             :  **/
      33             : 
      34           0 : static NTSTATUS check_unix_security(const struct auth_context *auth_context,
      35             :                              void *my_private_data, 
      36             :                              TALLOC_CTX *mem_ctx,
      37             :                              const struct auth_usersupplied_info *user_info,
      38             :                              struct auth_serversupplied_info **server_info)
      39             : {
      40           0 :         NTSTATUS nt_status;
      41           0 :         struct passwd *pass = NULL;
      42           0 :         const char *rhost;
      43             : 
      44           0 :         DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
      45             : 
      46           0 :         if (tsocket_address_is_inet(user_info->remote_host, "ip")) {
      47           0 :                 rhost = tsocket_address_inet_addr_string(user_info->remote_host,
      48             :                                                          talloc_tos());
      49           0 :                 if (rhost == NULL) {
      50           0 :                         return NT_STATUS_NO_MEMORY;
      51             :                 }
      52             :         } else {
      53           0 :                 rhost = "127.0.0.1";
      54             :         }
      55             : 
      56           0 :         become_root();
      57           0 :         pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
      58             : 
      59             :         /** @todo This call assumes a ASCII password, no charset transformation is 
      60             :             done.  We may need to revisit this **/
      61           0 :         nt_status = pass_check(pass,
      62             :                                 pass ? pass->pw_name : user_info->mapped.account_name,
      63             :                                 rhost,
      64           0 :                                 user_info->password.plaintext,
      65             :                                 true);
      66             : 
      67           0 :         unbecome_root();
      68             : 
      69           0 :         if (NT_STATUS_IS_OK(nt_status)) {
      70           0 :                 if (pass != NULL) {
      71           0 :                         nt_status = make_server_info_pw(mem_ctx,
      72           0 :                                                         pass->pw_name,
      73             :                                                         pass,
      74             :                                                         server_info);
      75             :                 } else {
      76             :                         /* we need to do something more useful here */
      77           0 :                         nt_status = NT_STATUS_NO_SUCH_USER;
      78             :                 }
      79             :         }
      80             : 
      81           0 :         TALLOC_FREE(pass);
      82           0 :         return nt_status;
      83             : }
      84             : 
      85             : /* module initialisation */
      86           0 : static NTSTATUS auth_init_unix(
      87             :         struct auth_context *auth_context,
      88             :         const char* param,
      89             :         struct auth_methods **auth_method)
      90             : {
      91           0 :         struct auth_methods *result;
      92             : 
      93           0 :         result = talloc_zero(auth_context, struct auth_methods);
      94           0 :         if (result == NULL) {
      95           0 :                 return NT_STATUS_NO_MEMORY;
      96             :         }
      97           0 :         result->name = "unix";
      98           0 :         result->auth = check_unix_security;
      99             : 
     100           0 :         *auth_method = result;
     101           0 :         return NT_STATUS_OK;
     102             : }
     103             : 
     104       31355 : NTSTATUS auth_unix_init(TALLOC_CTX *mem_ctx)
     105             : {
     106       31355 :         return smb_register_auth(AUTH_INTERFACE_VERSION, "unix", auth_init_unix);
     107             : }