diff options
author | Simo Sorce <idra@samba.org> | 2010-08-26 18:48:46 -0400 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2010-08-30 14:24:30 +0200 |
commit | 08a8e25d6bfc559b56250efcce8e73845de23194 (patch) | |
tree | 2803c4392b2ddb7c2345e840ef1c1c7a8b405513 /source3/auth | |
parent | ce60d6d9cf3ebc6b071ebd944047f7cbc2b9e2ec (diff) | |
download | samba-08a8e25d6bfc559b56250efcce8e73845de23194.tar.gz samba-08a8e25d6bfc559b56250efcce8e73845de23194.tar.bz2 samba-08a8e25d6bfc559b56250efcce8e73845de23194.zip |
s3-auth: add helper to get server_info out of kerberos info
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/user_krb5.c | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c index 2cdcdcc1c3..580e71af86 100644 --- a/source3/auth/user_krb5.c +++ b/source3/auth/user_krb5.c @@ -155,6 +155,93 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, + char *ntuser, + char *ntdomain, + char *username, + struct passwd *pw, + struct PAC_LOGON_INFO *logon_info, + bool mapped_to_guest, + struct auth_serversupplied_info **server_info) +{ + NTSTATUS status; + + if (mapped_to_guest) { + status = make_server_info_guest(mem_ctx, server_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("make_server_info_guest failed: %s!\n", + nt_errstr(status))); + return status; + } + + } else if (logon_info) { + /* pass the unmapped username here since map_username() + will be called again in make_server_info_info3() */ + + status = make_server_info_info3(mem_ctx, + ntuser, ntdomain, + server_info, + &logon_info->info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("make_server_info_info3 failed: %s!\n", + nt_errstr(status))); + return status; + } + + } else { + /* + * We didn't get a PAC, we have to make up the user + * ourselves. Try to ask the pdb backend to provide + * SID consistency with ntlmssp session setup + */ + struct samu *sampass; + /* The stupid make_server_info_XX functions here + don't take a talloc context. */ + struct auth_serversupplied_info *tmp = NULL; + + sampass = samu_new(talloc_tos()); + if (sampass == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (pdb_getsampwnam(sampass, username)) { + DEBUG(10, ("found user %s in passdb, calling " + "make_server_info_sam\n", username)); + status = make_server_info_sam(&tmp, sampass); + } else { + /* + * User not in passdb, make it up artificially + */ + DEBUG(10, ("didn't find user %s in passdb, calling " + "make_server_info_pw\n", username)); + status = make_server_info_pw(&tmp, username, pw); + } + TALLOC_FREE(sampass); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("make_server_info_[sam|pw] failed: %s!\n", + nt_errstr(status))); + return status; + } + + /* Steal tmp server info into the server_info pointer. */ + *server_info = talloc_move(mem_ctx, &tmp); + + /* make_server_info_pw does not set the domain. Without this + * we end up with the local netbios name in substitutions for + * %D. */ + + if ((*server_info)->info3 != NULL) { + (*server_info)->info3->base.domain.string = + talloc_strdup((*server_info)->info3, ntdomain); + } + + } + + return NT_STATUS_OK; +} + #else /* HAVE_KRB5 */ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx, const char *cli_name, @@ -169,4 +256,17 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx, { return NT_STATUS_NOT_IMPLEMENTED; } + +NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx, + char *ntuser, + char *ntdomain, + char *username, + struct passwd *pw, + struct PAC_LOGON_INFO *logon_info, + bool mapped_to_guest, + struct auth_serversupplied_info **server_info) +{ + return NT_STATUS_NOT_IMPLEMENTED; +} + #endif /* HAVE_KRB5 */ |