summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-05-17 19:04:31 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-08-14 11:58:13 +1000
commit70211ea6a3517cb64f18fe7768078e7d51c51ca1 (patch)
tree1173ab9a51b1813facb2b2bff5acea4fa7e07865
parentb1b9752506e73766ec66c3c5d26797e9f0112527 (diff)
downloadsamba-70211ea6a3517cb64f18fe7768078e7d51c51ca1.tar.gz
samba-70211ea6a3517cb64f18fe7768078e7d51c51ca1.tar.bz2
samba-70211ea6a3517cb64f18fe7768078e7d51c51ca1.zip
s3:auth Change winbindd -> auth interface to more standard structures
This removes conversions to and from the source3 varient of the server_info structure when replaced in s3compat, and presents a tidier interface to winbindd in any case. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--source3/auth/check_samsec.c37
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/winbindd/winbindd_pam.c29
3 files changed, 46 insertions, 24 deletions
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index df5dc31b9c..46e05aa0c2 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -509,3 +509,40 @@ done:
data_blob_free(&lm_sess_key);
return nt_status;
}
+
+/* This helper function for winbindd returns a very similar value to
+ * what a NETLOGON call would give, without the indirection */
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ struct netr_SamInfo3 **pinfo3)
+{
+ struct auth_serversupplied_info *server_info = NULL;
+ struct netr_SamInfo3 *info3;
+ NTSTATUS status;
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ status = check_sam_security(challenge, tmp_ctx, user_info, &server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("check_sam_security failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
+ if (info3 == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ *pinfo3 = info3;
+ return NT_STATUS_OK;
+}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 02faf880ec..0a417ab043 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -66,6 +66,10 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info);
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ struct netr_SamInfo3 **pinfo3);
NTSTATUS auth_sam_init(void);
/* The following definitions come from auth/auth_server.c */
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index e2c1d0d1b9..be3b2a5c77 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1133,8 +1133,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
struct netr_SamInfo3 **pinfo3)
{
struct auth_usersupplied_info *user_info = NULL;
- struct auth_serversupplied_info *server_info = NULL;
- struct netr_SamInfo3 *info3;
NTSTATUS status;
status = make_user_info(&user_info, user, user, domain, domain,
@@ -1145,30 +1143,13 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
return status;
}
- status = check_sam_security(challenge, talloc_tos(), user_info,
- &server_info);
- free_user_info(&user_info);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("check_ntlm_password failed: %s\n",
- nt_errstr(status)));
- return status;
- }
-
- info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
- if (info3 == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
- nt_errstr(status)));
- return status;
- }
+ /* We don't want any more mapping of the username */
+ user_info->mapped_state = True;
+ status = check_sam_security_info3(challenge, talloc_tos(), user_info,
+ pinfo3);
+ free_user_info(&user_info);
DEBUG(10, ("Authenticated user %s\\%s successfully\n", domain, user));
- *pinfo3 = info3;
return NT_STATUS_OK;
}