summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-31 04:17:51 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:45:33 -0500
commit0f44011f6f6e49611ec4a65f6d1dc3b5e8983584 (patch)
treea36d8dcc1fe29ce1ff505975d1ba58c3ab2cc472
parent56d3064db62c4534f49477a186b746c6c501e3a0 (diff)
downloadsamba-0f44011f6f6e49611ec4a65f6d1dc3b5e8983584.tar.gz
samba-0f44011f6f6e49611ec4a65f6d1dc3b5e8983584.tar.bz2
samba-0f44011f6f6e49611ec4a65f6d1dc3b5e8983584.zip
r11411: Add to Samba4 the Samba3 patch I just posted for machine account
logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett (This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)
-rw-r--r--source4/nsswitch/winbindd_nss.h3
-rw-r--r--source4/winbind/wb_pam_auth.c13
-rw-r--r--source4/winbind/wb_samba3_cmd.c58
3 files changed, 48 insertions, 26 deletions
diff --git a/source4/nsswitch/winbindd_nss.h b/source4/nsswitch/winbindd_nss.h
index a8830a2379..2cbfca65a7 100644
--- a/source4/nsswitch/winbindd_nss.h
+++ b/source4/nsswitch/winbindd_nss.h
@@ -37,7 +37,7 @@ typedef char winbind_string[256];
/* Update this when you change the interface. */
-#define WINBIND_INTERFACE_VERSION 11
+#define WINBIND_INTERFACE_VERSION 12
/* Socket commands */
@@ -203,6 +203,7 @@ struct winbindd_request {
} auth; /* pam_winbind auth module */
struct {
unsigned char chal[8];
+ uint32_t logon_parameters;
winbind_string user;
winbind_string domain;
winbind_string lm_resp;
diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c
index 1316122eab..68cd5fc4b2 100644
--- a/source4/winbind/wb_pam_auth.c
+++ b/source4/winbind/wb_pam_auth.c
@@ -31,6 +31,7 @@
struct pam_auth_crap_state {
struct composite_context *ctx;
struct event_context *event_ctx;
+ uint32_t logon_parameters;
const char *domain_name;
const char *user_name;
const char *workstation;
@@ -51,6 +52,7 @@ static struct composite_context *crap_samlogon_send_req(struct wbsrv_domain *dom
static NTSTATUS crap_samlogon_recv_req(struct composite_context *ctx, void *p);
struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call,
+ uint32_t logon_parameters,
const char *domain,
const char *user,
const char *workstation,
@@ -66,6 +68,8 @@ struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call,
state->event_ctx = call->event_ctx;
+ state->logon_parameters = logon_parameters;
+
state->domain_name = talloc_strdup(state, domain);
if (state->domain_name == NULL) goto failed;
@@ -112,7 +116,7 @@ static struct composite_context *crap_samlogon_send_req(struct wbsrv_domain *dom
state->ninfo.identity_info.account_name.string = state->user_name;
state->ninfo.identity_info.domain_name.string = state->domain_name;
- state->ninfo.identity_info.parameter_control = 0;
+ state->ninfo.identity_info.parameter_control = state->logon_parameters;
state->ninfo.identity_info.logon_id_low = 0;
state->ninfo.identity_info.logon_id_high = 0;
state->ninfo.identity_info.workstation.string = state->workstation;
@@ -242,6 +246,7 @@ NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c,
}
NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call,
+ uint32_t logon_parameters,
const char *domain, const char *user,
const char *workstation,
DATA_BLOB chal, DATA_BLOB nt_resp,
@@ -252,7 +257,8 @@ NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call,
char **unix_username)
{
struct composite_context *c =
- wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+ wb_cmd_pam_auth_crap_send(call, logon_parameters,
+ domain, user, workstation,
chal, nt_resp, lm_resp);
return wb_cmd_pam_auth_crap_recv(c, mem_ctx, info3, user_session_key,
lm_key, unix_username);
@@ -314,7 +320,8 @@ struct composite_context *wb_cmd_pam_auth_send(struct wbsrv_call *call,
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
- c = wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+ c = wb_cmd_pam_auth_crap_send(call, 0 /* logon parameters */,
+ domain, user, workstation,
chal, nt_resp, lm_resp);
return c;
}
diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c
index 7d0555ceeb..9f4adbdcd0 100644
--- a/source4/winbind/wb_samba3_cmd.c
+++ b/source4/winbind/wb_samba3_cmd.c
@@ -36,17 +36,38 @@
#include "lib/events/events.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
-static void wbsrv_samba3_async_epilogue(NTSTATUS status,
- struct wbsrv_samba3_call *s3call)
+static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status,
+ struct wbsrv_samba3_call *s3call)
{
+ struct winbindd_response *resp = &s3call->response;
if (!NT_STATUS_IS_OK(status)) {
- struct winbindd_response *resp = &s3call->response;
resp->result = WINBINDD_ERROR;
WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
nt_errstr(status));
WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
- nt_errstr(status));
- resp->data.auth.pam_error = nt_status_to_pam(status);
+ get_friendly_nt_error_msg(status));
+ } else {
+ resp->result = WINBINDD_OK;
+ }
+
+ resp->data.auth.pam_error = nt_status_to_pam(status);
+ resp->data.auth.nt_status = NT_STATUS_V(status);
+
+ status = wbsrv_send_reply(s3call->call);
+ if (!NT_STATUS_IS_OK(status)) {
+ wbsrv_terminate_connection(s3call->call->wbconn,
+ "wbsrv_queue_reply() failed");
+ }
+}
+
+static void wbsrv_samba3_async_epilogue(NTSTATUS status,
+ struct wbsrv_samba3_call *s3call)
+{
+ struct winbindd_response *resp = &s3call->response;
+ if (NT_STATUS_IS_OK(status)) {
+ resp->result = WINBINDD_OK;
+ } else {
+ resp->result = WINBINDD_ERROR;
}
status = wbsrv_send_reply(s3call->call);
@@ -129,8 +150,7 @@ static void checkmachacc_recv_creds(struct composite_context *ctx)
status = wb_cmd_checkmachacc_recv(ctx);
- s3call->response.result = WINBINDD_OK;
- wbsrv_samba3_async_epilogue(status, s3call);
+ wbsrv_samba3_async_auth_epilogue(status, s3call);
}
static void getdcname_recv_dc(struct composite_context *ctx);
@@ -404,20 +424,20 @@ static void pam_auth_crap_recv(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
-
DATA_BLOB chal, nt_resp, lm_resp;
DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
- chal.data = s3call->request.data.auth_crap.chal;
- chal.length = sizeof(s3call->request.data.auth_crap.chal);
- nt_resp.data = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
- nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
- lm_resp.data = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
- lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
+ chal.data = s3call->request.data.auth_crap.chal;
+ chal.length = sizeof(s3call->request.data.auth_crap.chal);
+ nt_resp.data = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
+ nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
+ lm_resp.data = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
+ lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
ctx = wb_cmd_pam_auth_crap_send(
s3call->call,
+ s3call->request.data.auth_crap.logon_parameters,
s3call->request.data.auth_crap.domain,
s3call->request.data.auth_crap.user,
s3call->request.data.auth_crap.workstation,
@@ -435,7 +455,6 @@ static void pam_auth_crap_recv(struct composite_context *ctx)
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
- struct winbindd_response *resp = &s3call->response;
NTSTATUS status;
DATA_BLOB info3;
struct netr_UserSessionKey user_session_key;
@@ -468,10 +487,8 @@ static void pam_auth_crap_recv(struct composite_context *ctx)
s3call->response.length += strlen(unix_username)+1;
}
- resp->result = WINBINDD_OK;
-
done:
- wbsrv_samba3_async_epilogue(status, s3call);
+ wbsrv_samba3_async_auth_epilogue(status, s3call);
}
static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
@@ -520,17 +537,14 @@ static void pam_auth_recv(struct composite_context *ctx)
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
- struct winbindd_response *resp = &s3call->response;
NTSTATUS status;
status = wb_cmd_pam_auth_recv(ctx);
if (!NT_STATUS_IS_OK(status)) goto done;
- resp->result = WINBINDD_OK;
-
done:
- wbsrv_samba3_async_epilogue(status, s3call);
+ wbsrv_samba3_async_auth_epilogue(status, s3call);
}
static void list_trustdom_recv_doms(struct composite_context *ctx);