Cause the winbind auth module to call the ntdomain module if winbind is not

running. This causes Samba not to contact the NT domain controller if Winbind is there, but the user had the wrong password. Andrew Bartlett (This used to be commit 119a1c276a05d0017f39cc0b7118f12a4f51886e)
author: Andrew Bartlett <abartlet@samba.org> 2003-04-16 08:45:12 +0000
committer: Andrew Bartlett <abartlet@samba.org> 2003-04-16 08:45:12 +0000
commit: be67c109866530d6fe329a0b797c0647c7aceb56 (patch)
tree: 2027ed26efa2578780434b7e959e866f0adcc552 /source3
parent: 030e760cdb0a180f6d053700c255eea9613ad948 (diff)
download: samba-be67c109866530d6fe329a0b797c0647c7aceb56.tar.gz
samba-be67c109866530d6fe329a0b797c0647c7aceb56.tar.bz2
samba-be67c109866530d6fe329a0b797c0647c7aceb56.zip
2 files changed, 65 insertions, 42 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 71e9ab0428..09e8f5e722 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -334,6 +334,52 @@ static NTSTATUS make_auth_context(struct auth_context **auth_context)
 	return NT_STATUS_OK;
 }
 
+BOOL load_auth_module(struct auth_context *auth_context, 
+		      const char *module, auth_methods **ret) 
+{
+	static BOOL initialised_static_modules = False;
+
+	struct auth_init_function_entry *entry;
+	char *module_name = smb_xstrdup(module);
+	char *module_params = NULL;
+	char *p;
+	BOOL good = False;
+
+	/* Initialise static modules if not done so yet */
+	if(!initialised_static_modules) {
+		static_init_auth;
+		initialised_static_modules = True;
+	}
+	
+	DEBUG(5,("load_auth_module: Attempting to find an auth method to match %s\n",
+		 module));
+	
+	p = strchr(module_name, ':');
+	if (p) {
+		*p = 0;
+		module_params = p+1;
+		trim_string(module_params, " ", " ");
+	}
+	
+	trim_string(module_name, " ", " ");
+	
+	entry = auth_find_backend_entry(module_name);
+	
+	if(!(entry = auth_find_backend_entry(module_name)) && !smb_probe_module("auth", module_name) && 
+	   !(entry = auth_find_backend_entry(module_name))) {
+		DEBUG(0,("load_auth_module: can't find auth method %s!\n", module_name));
+	} else if (!NT_STATUS_IS_OK(entry->init(auth_context, module_params, ret))) {
+		DEBUG(0,("load_auth_module: auth method %s did not correctly init\n",
+			 module));
+	} else {
+		DEBUG(5,("load_auth_module: auth method %s has a valid init\n",
+			 module));
+		good = True;
+	}
+	SAFE_FREE(module_name);
+	return good;
+}
+
 /***************************************************************************
  Make a auth_info struct for the auth subsystem
 ***************************************************************************/
@@ -344,7 +390,6 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
 	auth_methods *t = NULL;
 	auth_methods *tmp;
 	NTSTATUS nt_status;
-	static BOOL initialised_static_modules = False;
 
 	if (!text_list) {
 		DEBUG(2,("make_auth_context_text_list: No auth method list!?\n"));
@@ -354,44 +399,10 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
 	if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context)))
 		return nt_status;
 
-	/* Initialise static modules if not done so yet */
-	if(!initialised_static_modules) {
-		static_init_auth;
-		initialised_static_modules = True;
-	}
-	
 	for (;*text_list; text_list++) { 
-			struct auth_init_function_entry *entry;
-			char *module_name = smb_xstrdup(*text_list);
-			char *module_params = NULL;
-			char *p;
-
-			DEBUG(5,("make_auth_context_text_list: Attempting to find an auth method to match %s\n",
-				 *text_list));
-
-			p = strchr(module_name, ':');
-			if (p) {
-				*p = 0;
-				module_params = p+1;
-				trim_string(module_params, " ", " ");
-			}
-
-			trim_string(module_name, " ", " ");
-
-			entry = auth_find_backend_entry(module_name);
-
-			if(!(entry = auth_find_backend_entry(module_name)) && !smb_probe_module("auth", module_name) && 
-			   !(entry = auth_find_backend_entry(module_name))) {
-				DEBUG(0,("make_auth_context_text_list: can't find auth method %s!\n", module_name));
-			} else if (!NT_STATUS_IS_OK(entry->init(*auth_context, module_params, &t))) {
-				DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n",
-							*text_list));
-			} else {
-				DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n",
-							*text_list));
-				DLIST_ADD_END(list, t, tmp);
-			}
-			SAFE_FREE(module_name);
+		if (load_auth_module(*auth_context, *text_list, &t)) {
+		    DLIST_ADD_END(list, t, tmp);
+		}
 	}
 	
 	(*auth_context)->auth_method_list = list;
@@ -417,7 +428,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
 		{
 		case SEC_DOMAIN:
 			DEBUG(5,("Making default auth method list for security=domain\n"));
-			auth_method_list = str_list_make("guest sam winbind ntdomain", NULL);
+			auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL);
 			break;
 		case SEC_SERVER:
 			DEBUG(5,("Making default auth method list for security=server\n"));
@@ -443,7 +454,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
 			break;
 		case SEC_ADS:
 			DEBUG(5,("Making default auth method list for security=ADS\n"));
-			auth_method_list = str_list_make("guest sam winbind ntdomain", NULL);
+			auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL);
 			break;
 		default:
 			DEBUG(5,("Unknown auth method!\n"));
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index e2a292dd01..df08b6440a 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -103,6 +103,11 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 	
 	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
 
+	if (result == NSS_STATUS_UNAVAIL) {
+		struct auth_methods *auth_method = my_private_data;
+		return auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
+	}
+
 	nt_status = NT_STATUS(response.data.auth.nt_status);
 
 	if (result == NSS_STATUS_SUCCESS && response.extra_data) {
@@ -127,11 +132,18 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 /* module initialisation */
 NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 
 {
-	if (!make_auth_methods(auth_context, auth_method))
-		return NT_STATUS_NO_MEMORY;
 
 	(*auth_method)->name = "winbind";
 	(*auth_method)->auth = check_winbind_security;
+
+	if (param && *param) {
+		/* we load the 'fallback' module - if winbind isn't here, call this
+		   module */
+		if (!load_auth_module(auth_context, param, &(*auth_method)->private_data)) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+		
+	}
 	return NT_STATUS_OK;
 }
author	Andrew Bartlett <abartlet@samba.org>	2003-04-16 08:45:12 +0000
committer	Andrew Bartlett <abartlet@samba.org>	2003-04-16 08:45:12 +0000
commit	be67c109866530d6fe329a0b797c0647c7aceb56 (patch)
tree	2027ed26efa2578780434b7e959e866f0adcc552 /source3
parent	030e760cdb0a180f6d053700c255eea9613ad948 (diff)
download	samba-be67c109866530d6fe329a0b797c0647c7aceb56.tar.gz samba-be67c109866530d6fe329a0b797c0647c7aceb56.tar.bz2 samba-be67c109866530d6fe329a0b797c0647c7aceb56.zip