diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-07-31 12:05:30 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-07-31 12:05:30 +0000 |
| commit | 2d67a683b735d50f411a4bee9ee5ec17e9a60015 (patch) | |
| tree | c63912f150f6bf879f1690a0c1f101554cee17a8 /source3/auth | |
| parent | 2307a6f50469b08054fad714ede98ca86fe30dcf (diff) | |
| download | samba-2d67a683b735d50f411a4bee9ee5ec17e9a60015.tar.gz samba-2d67a683b735d50f411a4bee9ee5ec17e9a60015.tar.bz2 samba-2d67a683b735d50f411a4bee9ee5ec17e9a60015.zip | |
Winbind updates!
This updates the 'winbind' authentication module and winbind's 'PAM' (actually
netlogon) code to allow smbd to cache connections to the DC.
This is particulary relevent when we need mutex locks already - there is no
parallelism to be gained anyway.
The winbind code authenticates the user, and if successful, passes back the
'info3' struct describing the user. smbd then interprets that in exactly the
same way as an 'ntdomain' logon.
Also, add parinoia to winbind about null termination.
Andrew Bartlett
(This used to be commit 167f122b670d4ef67d78e6f79a2bae3f6e8d67df)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_winbind.c | 70 |
1 files changed, 49 insertions, 21 deletions
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 671e198bf5..5bdccd39f3 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -32,6 +32,30 @@ NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response); +NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3) +{ + uint8 *info3_ndr; + size_t len = response->length - sizeof(response); + prs_struct ps; + if (len > 0) { + info3_ndr = response->extra_data; + if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) { + return NT_STATUS_NO_MEMORY; + } + prs_append_data(&ps, info3_ndr, len); + ps.data_offset = 0; + if (!net_io_user_info3("", info3, &ps, 1, 3)) { + DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + prs_mem_free(&ps); + + return NT_STATUS_OK; + } else { + DEBUG(2, ("get_info3_from_ndr: No info3 struct found!\n")); + return NT_STATUS_UNSUCCESSFUL; + } +} /* Authenticate a user with a challenge/response */ @@ -44,11 +68,11 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; - struct passwd *pw; NTSTATUS nt_status; + NET_USER_INFO_3 info3; if (!user_info) { - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_INVALID_PARAMETER; } if (!auth_context) { @@ -62,11 +86,14 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, ZERO_STRUCT(request); ZERO_STRUCT(response); - snprintf(request.data.auth_crap.user, sizeof(request.data.auth_crap.user), - "%s\\%s", user_info->domain.str, user_info->smb_name.str); + request.data.auth_crap.flags = WINBIND_PAM_INFO3_NDR; - fstrcpy(request.data.auth_crap.user, user_info->smb_name.str); - fstrcpy(request.data.auth_crap.domain, user_info->domain.str); + push_utf8_fstring(request.data.auth_crap.user, + user_info->smb_name.str); + push_utf8_fstring(request.data.auth_crap.domain, + user_info->domain.str); + push_utf8_fstring(request.data.auth_crap.workstation, + user_info->wksta_name.str); memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal)); @@ -76,27 +103,28 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, sizeof(request.data.auth_crap.nt_resp)); memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, - sizeof(request.data.auth_crap.lm_resp_len)); - memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, request.data.auth_crap.lm_resp_len); + memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, + request.data.auth_crap.nt_resp_len); result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); - if (result == NSS_STATUS_SUCCESS) { - - pw = Get_Pwnam(user_info->internal_username.str); - - if (pw) { - if (make_server_info_pw(server_info, pw)) { - nt_status = NT_STATUS_OK; - } else { - nt_status = NT_STATUS_NO_MEMORY; + nt_status = NT_STATUS(response.data.auth.nt_status); + + if (result == NSS_STATUS_SUCCESS && response.extra_data) { + if (NT_STATUS_IS_OK(nt_status)) { + if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) { + nt_status = + make_server_info_info3(mem_ctx, + user_info->internal_username.str, + user_info->smb_name.str, + user_info->domain.str, + server_info, + &info3); } - } else { - nt_status = NT_STATUS_NO_SUCH_USER; } - } else { - nt_status = NT_STATUS_LOGON_FAILURE; + } else if (NT_STATUS_IS_OK(nt_status)) { + nt_status = NT_STATUS_UNSUCCESSFUL; } return nt_status; |