diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-01-05 23:28:50 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2004-01-05 23:28:50 +0000 |
| commit | 134af28f827ce80856c288e6d850d4fa7a043dd1 (patch) | |
| tree | 0e8ae7b4cbe53f5c37ed4c44c5441d7f8014f52f /source3/utils | |
| parent | 4e1f6feba61aa98bfc552d29acb20efc0f5c2880 (diff) | |
| download | samba-134af28f827ce80856c288e6d850d4fa7a043dd1.tar.gz samba-134af28f827ce80856c288e6d850d4fa7a043dd1.tar.bz2 samba-134af28f827ce80856c288e6d850d4fa7a043dd1.zip | |
(merge from 3.0)
Try to gain a bit more consistancy in the output of usernames from ntlm_auth:
Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.
This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.
--
Get the DOMAIN\username around the right way (I had username\domain...)
Push the unix username into utf8 for it's trip across the socket.
Andrew Bartlett
(This used to be commit 4c2e1189ff84d254f19b604999d011fdb17e538d)
Diffstat (limited to 'source3/utils')
| -rw-r--r-- | source3/utils/ntlm_auth.c | 36 |
1 files changed, 25 insertions, 11 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 8e688d9614..cd917f67cd 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -227,7 +227,8 @@ static NTSTATUS contact_winbind_auth_crap(const char *username, uint32 flags, uint8 lm_key[8], uint8 nt_key[16], - char **error_string) + char **error_string, + char **unix_name) { NTSTATUS nt_status; NSS_STATUS result; @@ -302,6 +303,13 @@ static NTSTATUS contact_winbind_auth_crap(const char *username, memcpy(nt_key, response.data.auth.nt_session_key, sizeof(response.data.auth.nt_session_key)); } + + if (flags & WBFLAG_PAM_UNIX_NAME) { + if (pull_utf8_allocate(unix_name, (char *)response.extra_data) == -1) { + return NT_STATUS_NO_MEMORY; + } + } + return nt_status; } @@ -312,15 +320,16 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB char *error_string; uint8 lm_key[8]; uint8 nt_key[16]; - + char *unix_name; + nt_status = contact_winbind_auth_crap(ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->workstation, &ntlmssp_state->chal, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, - WBFLAG_PAM_LMKEY | WBFLAG_PAM_NTKEY, + WBFLAG_PAM_LMKEY | WBFLAG_PAM_NTKEY | WBFLAG_PAM_UNIX_NAME, lm_key, nt_key, - &error_string); + &error_string, &unix_name); if (NT_STATUS_IS_OK(nt_status)) { if (memcmp(lm_key, zeros, 8) != 0) { @@ -332,10 +341,13 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB if (memcmp(nt_key, zeros, 16) != 0) { *nt_session_key = data_blob(nt_key, 16); } + ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state->mem_ctx, unix_name); + SAFE_FREE(unix_name); } else { DEBUG(NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED) ? 0 : 3, ("Login for user [%s]\\[%s]@[%s] failed due to [%s]\n", ntlmssp_state->domain, ntlmssp_state->user, ntlmssp_state->workstation, error_string ? error_string : "unknown error (NULL)")); + ntlmssp_state->auth_context = NULL; } return nt_status; } @@ -369,10 +381,12 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *n if (memcmp(nt_key, zeros, 16) != 0) { *nt_session_key = data_blob(nt_key, 16); } + ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state->mem_ctx, "%s%c%s", ntlmssp_state->domain, *lp_winbind_separator(), ntlmssp_state->user); } else { DEBUG(3, ("Login for user [%s]\\[%s]@[%s] failed due to [%s]\n", ntlmssp_state->domain, ntlmssp_state->user, ntlmssp_state->workstation, nt_errstr(nt_status))); + ntlmssp_state->auth_context = NULL; } return nt_status; } @@ -520,7 +534,7 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod x_fprintf(x_stdout, "NA %s\n", nt_errstr(nt_status)); DEBUG(10, ("NTLMSSP %s\n", nt_errstr(nt_status))); } else { - x_fprintf(x_stdout, "AF %s\\%s\n", ntlmssp_state->domain, ntlmssp_state->user); + x_fprintf(x_stdout, "AF %s\n", (char *)ntlmssp_state->auth_context); DEBUG(10, ("NTLMSSP OK!\n")); } @@ -1368,7 +1382,7 @@ static BOOL check_auth_crap(void) flags, (unsigned char *)lm_key, (unsigned char *)nt_key, - &error_string); + &error_string, NULL); if (!NT_STATUS_IS_OK(nt_status)) { x_fprintf(x_stdout, "%s (0x%x)\n", @@ -1476,7 +1490,7 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which) flags, lm_key, nt_key, - &error_string); + &error_string, NULL); data_blob_free(&lm_response); @@ -1575,7 +1589,7 @@ static BOOL test_ntlm_in_lm(void) flags, lm_key, nt_key, - &error_string); + &error_string, NULL); data_blob_free(&nt_response); @@ -1646,7 +1660,7 @@ static BOOL test_ntlm_in_both(void) flags, (unsigned char *)lm_key, (unsigned char *)nt_key, - &error_string); + &error_string, NULL); data_blob_free(&nt_response); @@ -1737,7 +1751,7 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which) flags, NULL, nt_key, - &error_string); + &error_string, NULL); data_blob_free(&lmv2_response); data_blob_free(&ntlmv2_response); @@ -1881,7 +1895,7 @@ static BOOL test_plaintext(enum ntlm_break break_which) flags, lm_key, nt_key, - &error_string); + &error_string, NULL); SAFE_FREE(nt_response.data); SAFE_FREE(lm_response.data); |