summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-12-30 13:20:39 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-12-30 13:20:39 +0000
commit829188b34fd46644ea65316943a0d61ce717b8e9 (patch)
tree548b88cd676d7ee9b5cdfbf6c812a05377c89631 /source3/utils
parent43772e1d4adbcee49d64a1d09c6494e8e2a4aa92 (diff)
downloadsamba-829188b34fd46644ea65316943a0d61ce717b8e9.tar.gz
samba-829188b34fd46644ea65316943a0d61ce717b8e9.tar.bz2
samba-829188b34fd46644ea65316943a0d61ce717b8e9.zip
Try to gain a bit more consistancy in the output of usernames from ntlm_auth:
Instead of returning a name in DOMAIN\user format, we now return it in the same way that nsswtich does - following the rules of 'winbind use default domain', in the correct case and with the correct seperator. This should help sites who are using Squid or the new SASL code I'm working on, to match back to their unix usernames. Andrew Bartlett (This used to be commit 7a3a5a63612b2698a39f784859496c395505a79b)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/ntlm_auth.c34
1 files changed, 23 insertions, 11 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 87239117bd..bef10b52b3 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -227,7 +227,8 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
uint32 flags,
uint8 lm_key[8],
uint8 nt_key[16],
- char **error_string)
+ char **error_string,
+ char **unix_name)
{
NTSTATUS nt_status;
NSS_STATUS result;
@@ -302,6 +303,11 @@ static NTSTATUS contact_winbind_auth_crap(const char *username,
memcpy(nt_key, response.data.auth.nt_session_key,
sizeof(response.data.auth.nt_session_key));
}
+
+ if (flags & WBFLAG_PAM_UNIX_NAME) {
+ *unix_name = response.extra_data;
+ }
+
return nt_status;
}
@@ -312,15 +318,16 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
char *error_string;
uint8 lm_key[8];
uint8 nt_key[16];
-
+ char *unix_name;
+
nt_status = contact_winbind_auth_crap(ntlmssp_state->user, ntlmssp_state->domain,
ntlmssp_state->workstation,
&ntlmssp_state->chal,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- WBFLAG_PAM_LMKEY | WBFLAG_PAM_NTKEY,
+ WBFLAG_PAM_LMKEY | WBFLAG_PAM_NTKEY | WBFLAG_PAM_UNIX_NAME,
lm_key, nt_key,
- &error_string);
+ &error_string, &unix_name);
if (NT_STATUS_IS_OK(nt_status)) {
if (memcmp(lm_key, zeros, 8) != 0) {
@@ -332,10 +339,13 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
if (memcmp(nt_key, zeros, 16) != 0) {
*nt_session_key = data_blob(nt_key, 16);
}
+ ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state->mem_ctx, unix_name);
+ SAFE_FREE(unix_name);
} else {
DEBUG(NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED) ? 0 : 3,
("Login for user [%s]\\[%s]@[%s] failed due to [%s]\n",
ntlmssp_state->domain, ntlmssp_state->user, ntlmssp_state->workstation, error_string ? error_string : "unknown error (NULL)"));
+ ntlmssp_state->auth_context = NULL;
}
return nt_status;
}
@@ -369,10 +379,12 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *n
if (memcmp(nt_key, zeros, 16) != 0) {
*nt_session_key = data_blob(nt_key, 16);
}
+ ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state->mem_ctx, "%s%c%s", ntlmssp_state->domain, *lp_winbind_separator(), ntlmssp_state->user);
} else {
DEBUG(3, ("Login for user [%s]\\[%s]@[%s] failed due to [%s]\n",
ntlmssp_state->domain, ntlmssp_state->user, ntlmssp_state->workstation,
nt_errstr(nt_status)));
+ ntlmssp_state->auth_context = NULL;
}
return nt_status;
}
@@ -520,7 +532,7 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
x_fprintf(x_stdout, "NA %s\n", nt_errstr(nt_status));
DEBUG(10, ("NTLMSSP %s\n", nt_errstr(nt_status)));
} else {
- x_fprintf(x_stdout, "AF %s\\%s\n", ntlmssp_state->domain, ntlmssp_state->user);
+ x_fprintf(x_stdout, "AF %s\n", (char *)ntlmssp_state->auth_context);
DEBUG(10, ("NTLMSSP OK!\n"));
}
@@ -1368,7 +1380,7 @@ static BOOL check_auth_crap(void)
flags,
(unsigned char *)lm_key,
(unsigned char *)nt_key,
- &error_string);
+ &error_string, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
x_fprintf(x_stdout, "%s (0x%x)\n",
@@ -1476,7 +1488,7 @@ static BOOL test_lm_ntlm_broken(enum ntlm_break break_which)
flags,
lm_key,
nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&lm_response);
@@ -1575,7 +1587,7 @@ static BOOL test_ntlm_in_lm(void)
flags,
lm_key,
nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&nt_response);
@@ -1646,7 +1658,7 @@ static BOOL test_ntlm_in_both(void)
flags,
(unsigned char *)lm_key,
(unsigned char *)nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&nt_response);
@@ -1737,7 +1749,7 @@ static BOOL test_lmv2_ntlmv2_broken(enum ntlm_break break_which)
flags,
NULL,
nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&lmv2_response);
data_blob_free(&ntlmv2_response);
@@ -1881,7 +1893,7 @@ static BOOL test_plaintext(enum ntlm_break break_which)
flags,
lm_key,
nt_key,
- &error_string);
+ &error_string, NULL);
SAFE_FREE(nt_response.data);
SAFE_FREE(lm_response.data);