summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-08-26 18:48:46 -0400
committerGünther Deschner <gd@samba.org>2010-08-30 14:24:30 +0200
commit08a8e25d6bfc559b56250efcce8e73845de23194 (patch)
tree2803c4392b2ddb7c2345e840ef1c1c7a8b405513 /source3/auth
parentce60d6d9cf3ebc6b071ebd944047f7cbc2b9e2ec (diff)
downloadsamba-08a8e25d6bfc559b56250efcce8e73845de23194.tar.gz
samba-08a8e25d6bfc559b56250efcce8e73845de23194.tar.bz2
samba-08a8e25d6bfc559b56250efcce8e73845de23194.zip
s3-auth: add helper to get server_info out of kerberos info
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/user_krb5.c100
1 files changed, 100 insertions, 0 deletions
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 2cdcdcc1c3..580e71af86 100644
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -155,6 +155,93 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ char *ntuser,
+ char *ntdomain,
+ char *username,
+ struct passwd *pw,
+ struct PAC_LOGON_INFO *logon_info,
+ bool mapped_to_guest,
+ struct auth_serversupplied_info **server_info)
+{
+ NTSTATUS status;
+
+ if (mapped_to_guest) {
+ status = make_server_info_guest(mem_ctx, server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("make_server_info_guest failed: %s!\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ } else if (logon_info) {
+ /* pass the unmapped username here since map_username()
+ will be called again in make_server_info_info3() */
+
+ status = make_server_info_info3(mem_ctx,
+ ntuser, ntdomain,
+ server_info,
+ &logon_info->info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("make_server_info_info3 failed: %s!\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ } else {
+ /*
+ * We didn't get a PAC, we have to make up the user
+ * ourselves. Try to ask the pdb backend to provide
+ * SID consistency with ntlmssp session setup
+ */
+ struct samu *sampass;
+ /* The stupid make_server_info_XX functions here
+ don't take a talloc context. */
+ struct auth_serversupplied_info *tmp = NULL;
+
+ sampass = samu_new(talloc_tos());
+ if (sampass == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (pdb_getsampwnam(sampass, username)) {
+ DEBUG(10, ("found user %s in passdb, calling "
+ "make_server_info_sam\n", username));
+ status = make_server_info_sam(&tmp, sampass);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+ */
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", username));
+ status = make_server_info_pw(&tmp, username, pw);
+ }
+ TALLOC_FREE(sampass);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("make_server_info_[sam|pw] failed: %s!\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ /* Steal tmp server info into the server_info pointer. */
+ *server_info = talloc_move(mem_ctx, &tmp);
+
+ /* make_server_info_pw does not set the domain. Without this
+ * we end up with the local netbios name in substitutions for
+ * %D. */
+
+ if ((*server_info)->info3 != NULL) {
+ (*server_info)->info3->base.domain.string =
+ talloc_strdup((*server_info)->info3, ntdomain);
+ }
+
+ }
+
+ return NT_STATUS_OK;
+}
+
#else /* HAVE_KRB5 */
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
const char *cli_name,
@@ -169,4 +256,17 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
{
return NT_STATUS_NOT_IMPLEMENTED;
}
+
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ char *ntuser,
+ char *ntdomain,
+ char *username,
+ struct passwd *pw,
+ struct PAC_LOGON_INFO *logon_info,
+ bool mapped_to_guest,
+ struct auth_serversupplied_info **server_info)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
#endif /* HAVE_KRB5 */