diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-10-31 04:17:51 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:33 -0500 |
commit | 0f44011f6f6e49611ec4a65f6d1dc3b5e8983584 (patch) | |
tree | a36d8dcc1fe29ce1ff505975d1ba58c3ab2cc472 | |
parent | 56d3064db62c4534f49477a186b746c6c501e3a0 (diff) | |
download | samba-0f44011f6f6e49611ec4a65f6d1dc3b5e8983584.tar.gz samba-0f44011f6f6e49611ec4a65f6d1dc3b5e8983584.tar.bz2 samba-0f44011f6f6e49611ec4a65f6d1dc3b5e8983584.zip |
r11411: Add to Samba4 the Samba3 patch I just posted for machine account
logins (changing the winbindd interface).
Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing
auth and other replies, such that all replies were having the auth
error strings set. We now do a better job of filling in the right
errors in the right places.
Andrew Bartlett
(This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)
-rw-r--r-- | source4/nsswitch/winbindd_nss.h | 3 | ||||
-rw-r--r-- | source4/winbind/wb_pam_auth.c | 13 | ||||
-rw-r--r-- | source4/winbind/wb_samba3_cmd.c | 58 |
3 files changed, 48 insertions, 26 deletions
diff --git a/source4/nsswitch/winbindd_nss.h b/source4/nsswitch/winbindd_nss.h index a8830a2379..2cbfca65a7 100644 --- a/source4/nsswitch/winbindd_nss.h +++ b/source4/nsswitch/winbindd_nss.h @@ -37,7 +37,7 @@ typedef char winbind_string[256]; /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 11 +#define WINBIND_INTERFACE_VERSION 12 /* Socket commands */ @@ -203,6 +203,7 @@ struct winbindd_request { } auth; /* pam_winbind auth module */ struct { unsigned char chal[8]; + uint32_t logon_parameters; winbind_string user; winbind_string domain; winbind_string lm_resp; diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c index 1316122eab..68cd5fc4b2 100644 --- a/source4/winbind/wb_pam_auth.c +++ b/source4/winbind/wb_pam_auth.c @@ -31,6 +31,7 @@ struct pam_auth_crap_state { struct composite_context *ctx; struct event_context *event_ctx; + uint32_t logon_parameters; const char *domain_name; const char *user_name; const char *workstation; @@ -51,6 +52,7 @@ static struct composite_context *crap_samlogon_send_req(struct wbsrv_domain *dom static NTSTATUS crap_samlogon_recv_req(struct composite_context *ctx, void *p); struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call, + uint32_t logon_parameters, const char *domain, const char *user, const char *workstation, @@ -66,6 +68,8 @@ struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call, state->event_ctx = call->event_ctx; + state->logon_parameters = logon_parameters; + state->domain_name = talloc_strdup(state, domain); if (state->domain_name == NULL) goto failed; @@ -112,7 +116,7 @@ static struct composite_context *crap_samlogon_send_req(struct wbsrv_domain *dom state->ninfo.identity_info.account_name.string = state->user_name; state->ninfo.identity_info.domain_name.string = state->domain_name; - state->ninfo.identity_info.parameter_control = 0; + state->ninfo.identity_info.parameter_control = state->logon_parameters; state->ninfo.identity_info.logon_id_low = 0; state->ninfo.identity_info.logon_id_high = 0; state->ninfo.identity_info.workstation.string = state->workstation; @@ -242,6 +246,7 @@ NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c, } NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call, + uint32_t logon_parameters, const char *domain, const char *user, const char *workstation, DATA_BLOB chal, DATA_BLOB nt_resp, @@ -252,7 +257,8 @@ NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call, char **unix_username) { struct composite_context *c = - wb_cmd_pam_auth_crap_send(call, domain, user, workstation, + wb_cmd_pam_auth_crap_send(call, logon_parameters, + domain, user, workstation, chal, nt_resp, lm_resp); return wb_cmd_pam_auth_crap_recv(c, mem_ctx, info3, user_session_key, lm_key, unix_username); @@ -314,7 +320,8 @@ struct composite_context *wb_cmd_pam_auth_send(struct wbsrv_call *call, if (!NT_STATUS_IS_OK(status)) { return NULL; } - c = wb_cmd_pam_auth_crap_send(call, domain, user, workstation, + c = wb_cmd_pam_auth_crap_send(call, 0 /* logon parameters */, + domain, user, workstation, chal, nt_resp, lm_resp); return c; } diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index 7d0555ceeb..9f4adbdcd0 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -36,17 +36,38 @@ #include "lib/events/events.h" #include "librpc/gen_ndr/ndr_netlogon.h" -static void wbsrv_samba3_async_epilogue(NTSTATUS status, - struct wbsrv_samba3_call *s3call) +static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status, + struct wbsrv_samba3_call *s3call) { + struct winbindd_response *resp = &s3call->response; if (!NT_STATUS_IS_OK(status)) { - struct winbindd_response *resp = &s3call->response; resp->result = WINBINDD_ERROR; WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string, nt_errstr(status)); WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string, - nt_errstr(status)); - resp->data.auth.pam_error = nt_status_to_pam(status); + get_friendly_nt_error_msg(status)); + } else { + resp->result = WINBINDD_OK; + } + + resp->data.auth.pam_error = nt_status_to_pam(status); + resp->data.auth.nt_status = NT_STATUS_V(status); + + status = wbsrv_send_reply(s3call->call); + if (!NT_STATUS_IS_OK(status)) { + wbsrv_terminate_connection(s3call->call->wbconn, + "wbsrv_queue_reply() failed"); + } +} + +static void wbsrv_samba3_async_epilogue(NTSTATUS status, + struct wbsrv_samba3_call *s3call) +{ + struct winbindd_response *resp = &s3call->response; + if (NT_STATUS_IS_OK(status)) { + resp->result = WINBINDD_OK; + } else { + resp->result = WINBINDD_ERROR; } status = wbsrv_send_reply(s3call->call); @@ -129,8 +150,7 @@ static void checkmachacc_recv_creds(struct composite_context *ctx) status = wb_cmd_checkmachacc_recv(ctx); - s3call->response.result = WINBINDD_OK; - wbsrv_samba3_async_epilogue(status, s3call); + wbsrv_samba3_async_auth_epilogue(status, s3call); } static void getdcname_recv_dc(struct composite_context *ctx); @@ -404,20 +424,20 @@ static void pam_auth_crap_recv(struct composite_context *ctx); NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call) { struct composite_context *ctx; - DATA_BLOB chal, nt_resp, lm_resp; DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n")); - chal.data = s3call->request.data.auth_crap.chal; - chal.length = sizeof(s3call->request.data.auth_crap.chal); - nt_resp.data = (uint8_t *)s3call->request.data.auth_crap.nt_resp; - nt_resp.length = s3call->request.data.auth_crap.nt_resp_len; - lm_resp.data = (uint8_t *)s3call->request.data.auth_crap.lm_resp; - lm_resp.length = s3call->request.data.auth_crap.lm_resp_len; + chal.data = s3call->request.data.auth_crap.chal; + chal.length = sizeof(s3call->request.data.auth_crap.chal); + nt_resp.data = (uint8_t *)s3call->request.data.auth_crap.nt_resp; + nt_resp.length = s3call->request.data.auth_crap.nt_resp_len; + lm_resp.data = (uint8_t *)s3call->request.data.auth_crap.lm_resp; + lm_resp.length = s3call->request.data.auth_crap.lm_resp_len; ctx = wb_cmd_pam_auth_crap_send( s3call->call, + s3call->request.data.auth_crap.logon_parameters, s3call->request.data.auth_crap.domain, s3call->request.data.auth_crap.user, s3call->request.data.auth_crap.workstation, @@ -435,7 +455,6 @@ static void pam_auth_crap_recv(struct composite_context *ctx) struct wbsrv_samba3_call *s3call = talloc_get_type(ctx->async.private_data, struct wbsrv_samba3_call); - struct winbindd_response *resp = &s3call->response; NTSTATUS status; DATA_BLOB info3; struct netr_UserSessionKey user_session_key; @@ -468,10 +487,8 @@ static void pam_auth_crap_recv(struct composite_context *ctx) s3call->response.length += strlen(unix_username)+1; } - resp->result = WINBINDD_OK; - done: - wbsrv_samba3_async_epilogue(status, s3call); + wbsrv_samba3_async_auth_epilogue(status, s3call); } static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser, @@ -520,17 +537,14 @@ static void pam_auth_recv(struct composite_context *ctx) struct wbsrv_samba3_call *s3call = talloc_get_type(ctx->async.private_data, struct wbsrv_samba3_call); - struct winbindd_response *resp = &s3call->response; NTSTATUS status; status = wb_cmd_pam_auth_recv(ctx); if (!NT_STATUS_IS_OK(status)) goto done; - resp->result = WINBINDD_OK; - done: - wbsrv_samba3_async_epilogue(status, s3call); + wbsrv_samba3_async_auth_epilogue(status, s3call); } static void list_trustdom_recv_doms(struct composite_context *ctx); |