Patch to add support for Digital UNIX C2 security

Tue Oct 5 15:23:08 GMT 2004

Greetings,

This patch adds support for the Digital UNIX Security Integration Architecture
(SIA).  Without this patch, Samba doesn't work properly on DU systems with C2
security turned on.  The flag "--with-sia" must be passed to configure to
enable this support.

Cheers,
entropy


diff -ur samba-3.0.7-orig/source/auth/pass_check.c samba-3.0.7/source/auth/pass_check.c

--- samba-3.0.7-orig/source/auth/pass_check.c	Sun Apr  4 03:37:32 2004
+++ samba-3.0.7/source/auth/pass_check.c	Tue Sep 14 14:07:52 2004
@@ -33,6 +33,27 @@
 static fstring this_crypted;
 #endif
 
+#ifdef WITH_SIA
+/* maxiumum entropy <entropy at tappedin.com> */
+#include <sia.h>
+#include <siad.h>
+
+static BOOL sia_auth(char *user, const char *password)
+{ 
+  char *myargv[2];
+  int auth_stat;
+
+  myargv[0] = "samba";
+  myargv[1] = NULL;
+
+  if (sia_validate_user(NULL, 1, myargv, NULL, user, NULL, 0, NULL, password) != SIASUCCESS) {
+    return False;
+  } else {
+    return True;
+  }
+} 
+#endif /* WITH_SIA */
+
 #ifdef WITH_AFS
 
 #include <afs/stds.h>
@@ -502,6 +523,12 @@
 		return NT_STATUS_OK;
 #endif /* WITH_DFS */
 
+#ifdef WITH_SIA
+	if (sia_auth(this_user, password))
+		return NT_STATUS_OK;
+	return NT_STATUS_WRONG_PASSWORD;
+#else
+
 #ifdef OSF1_ENH_SEC
 	
 	ret = (strcmp(osf1_bigcrypt(password, this_salt),
@@ -579,6 +606,7 @@
 	}
 #endif /* HAVE_CRYPT */
 #endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
+#endif /* WITH_SIA */
 #endif /* WITH_PAM */
 }
 
diff -ur samba-3.0.7-orig/source/configure.in samba-3.0.7/source/configure.in
--- samba-3.0.7-orig/source/configure.in	Sat Sep 11 23:47:18 2004
+++ samba-3.0.7/source/configure.in	Tue Sep 14 14:07:52 2004
@@ -2468,6 +2468,23 @@
   AC_MSG_RESULT(no)
 )
 
+#################################################
+# check for the SIA clear-text auth system
+AC_MSG_CHECKING(whether to use SIA clear-text auth)
+AC_ARG_WITH(sia,
+[  --with-sia              Include SIA clear-text auth support (default=no)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(WITH_SIA,1,[Whether to include SIA support])
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
 ########################################################
 # Compile with LDAP support?
 
diff -ur samba-3.0.7-orig/source/include/config.h.in samba-3.0.7/source/include/config.h.in
--- samba-3.0.7-orig/source/include/config.h.in	Sun Sep 12 00:05:12 2004
+++ samba-3.0.7/source/include/config.h.in	Tue Sep 14 14:07:52 2004
@@ -1785,6 +1785,9 @@
 /* Whether to include sendfile() support */
 #undef WITH_SENDFILE
 
+/* Whether to include SIA support */
+#undef WITH_SIA
+
 /* Whether to build smbmount */
 #undef WITH_SMBMOUNT
 
