s3:auth Change winbindd -> auth interface to more standard structures

This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

3 files changed, 46 insertions, 24 deletions

diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index df5dc31b9c..46e05aa0c2 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -509,3 +509,40 @@ done:
 	data_blob_free(&lm_sess_key);
 	return nt_status;
 }
+
+/* This helper function for winbindd returns a very similar value to
+ * what a NETLOGON call would give, without the indirection */
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+				  TALLOC_CTX *mem_ctx,
+				  const struct auth_usersupplied_info *user_info,
+				  struct netr_SamInfo3 **pinfo3)
+{
+	struct auth_serversupplied_info *server_info = NULL;
+	struct netr_SamInfo3 *info3;
+	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+	if (!tmp_ctx) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	status = check_sam_security(challenge, tmp_ctx, user_info, &server_info);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("check_sam_security failed: %s\n",
+			   nt_errstr(status)));
+		return status;
+	}
+
+	info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
+	if (info3 == NULL) {
+		talloc_free(tmp_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
+			   nt_errstr(status)));
+		return status;
+	}
+	*pinfo3 = info3;
+	return NT_STATUS_OK;
+}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 02faf880ec..0a417ab043 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -66,6 +66,10 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
 			    TALLOC_CTX *mem_ctx,
 			    const struct auth_usersupplied_info *user_info,
 			    struct auth_serversupplied_info **server_info);
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+				  TALLOC_CTX *mem_ctx,
+				  const struct auth_usersupplied_info *user_info,
+				  struct netr_SamInfo3 **pinfo3);
 NTSTATUS auth_sam_init(void);
 
 /* The following definitions come from auth/auth_server.c  */
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index e2c1d0d1b9..be3b2a5c77 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1133,8 +1133,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
 					  struct netr_SamInfo3 **pinfo3)
 {
 	struct auth_usersupplied_info *user_info = NULL;
-	struct auth_serversupplied_info *server_info = NULL;
-	struct netr_SamInfo3 *info3;
 	NTSTATUS status;
 
 	status = make_user_info(&user_info, user, user, domain, domain,
@@ -1145,30 +1143,13 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	status = check_sam_security(challenge, talloc_tos(), user_info,
-				    &server_info);
-	free_user_info(&user_info);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(10, ("check_ntlm_password failed: %s\n",
-			   nt_errstr(status)));
-		return status;
-	}
-
-	info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
-	if (info3 == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
-			   nt_errstr(status)));
-		return status;
-	}
+	/* We don't want any more mapping of the username */
+	user_info->mapped_state = True;
 
+	status = check_sam_security_info3(challenge, talloc_tos(), user_info,
+					  pinfo3);
+	free_user_info(&user_info);
 	DEBUG(10, ("Authenticated user %s\\%s successfully\n", domain, user));
-	*pinfo3 = info3;
 	return NT_STATUS_OK;
 }