Patch to add support for Digital UNIX C2 security
maximum entropy
entropy at tappedin.com
Tue Oct 5 15:23:08 GMT 2004
Greetings,
This patch adds support for the Digital UNIX Security Integration Architecture
(SIA). Without this patch, Samba doesn't work properly on DU systems with C2
security turned on. The flag "--with-sia" must be passed to configure to
enable this support.
Cheers,
entropy
diff -ur samba-3.0.7-orig/source/auth/pass_check.c samba-3.0.7/source/auth/pass_check.c
--- samba-3.0.7-orig/source/auth/pass_check.c Sun Apr 4 03:37:32 2004
+++ samba-3.0.7/source/auth/pass_check.c Tue Sep 14 14:07:52 2004
@@ -33,6 +33,27 @@
static fstring this_crypted;
#endif
+#ifdef WITH_SIA
+/* maxiumum entropy <entropy at tappedin.com> */
+#include <sia.h>
+#include <siad.h>
+
+static BOOL sia_auth(char *user, const char *password)
+{
+ char *myargv[2];
+ int auth_stat;
+
+ myargv[0] = "samba";
+ myargv[1] = NULL;
+
+ if (sia_validate_user(NULL, 1, myargv, NULL, user, NULL, 0, NULL, password) != SIASUCCESS) {
+ return False;
+ } else {
+ return True;
+ }
+}
+#endif /* WITH_SIA */
+
#ifdef WITH_AFS
#include <afs/stds.h>
@@ -502,6 +523,12 @@
return NT_STATUS_OK;
#endif /* WITH_DFS */
+#ifdef WITH_SIA
+ if (sia_auth(this_user, password))
+ return NT_STATUS_OK;
+ return NT_STATUS_WRONG_PASSWORD;
+#else
+
#ifdef OSF1_ENH_SEC
ret = (strcmp(osf1_bigcrypt(password, this_salt),
@@ -579,6 +606,7 @@
}
#endif /* HAVE_CRYPT */
#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
+#endif /* WITH_SIA */
#endif /* WITH_PAM */
}
diff -ur samba-3.0.7-orig/source/configure.in samba-3.0.7/source/configure.in
--- samba-3.0.7-orig/source/configure.in Sat Sep 11 23:47:18 2004
+++ samba-3.0.7/source/configure.in Tue Sep 14 14:07:52 2004
@@ -2468,6 +2468,23 @@
AC_MSG_RESULT(no)
)
+#################################################
+# check for the SIA clear-text auth system
+AC_MSG_CHECKING(whether to use SIA clear-text auth)
+AC_ARG_WITH(sia,
+[ --with-sia Include SIA clear-text auth support (default=no)],
+[ case "$withval" in
+ yes)
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(WITH_SIA,1,[Whether to include SIA support])
+ ;;
+ *)
+ AC_MSG_RESULT(no)
+ ;;
+ esac ],
+ AC_MSG_RESULT(no)
+)
+
########################################################
# Compile with LDAP support?
diff -ur samba-3.0.7-orig/source/include/config.h.in samba-3.0.7/source/include/config.h.in
--- samba-3.0.7-orig/source/include/config.h.in Sun Sep 12 00:05:12 2004
+++ samba-3.0.7/source/include/config.h.in Tue Sep 14 14:07:52 2004
@@ -1785,6 +1785,9 @@
/* Whether to include sendfile() support */
#undef WITH_SENDFILE
+/* Whether to include SIA support */
+#undef WITH_SIA
+
/* Whether to build smbmount */
#undef WITH_SMBMOUNT
More information about the samba-technical
mailing list