r4620: - add interface functions to the auth subsystem so that callers doesn't need to

use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
author: Stefan Metzmacher <metze@samba.org> 2005-01-09 12:55:25 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:08:34 -0500
commit: 46a32687da249174a666d9166fccbe705c8beba0 (patch)
tree: 07a43ce2b630ea0a943c01ba4d631c9da18630c8 /source4/auth/auth_winbind.c
parent: b61b22d73a0b0fb3322884e3712c89a52a47f56b (diff)
download: samba-46a32687da249174a666d9166fccbe705c8beba0.tar.gz
samba-46a32687da249174a666d9166fccbe705c8beba0.tar.bz2
samba-46a32687da249174a666d9166fccbe705c8beba0.zip
1 files changed, 37 insertions, 64 deletions
diff --git a/source4/auth/auth_winbind.c b/source4/auth/auth_winbind.c
index 8305bd1644..2ded310ebc 100644
--- a/source4/auth/auth_winbind.c
+++ b/source4/auth/auth_winbind.c
@@ -5,6 +5,7 @@
 
    Copyright (C) Tim Potter 2000
    Copyright (C) Andrew Bartlett 2001 - 2002
+   Copyright (C) Stefan Metzmacher 2005
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -25,9 +26,6 @@
 #include "librpc/gen_ndr/ndr_netlogon.h"
 #include "auth/auth.h"
 
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_AUTH
-
 static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, struct netr_SamInfo3 *info3)
 {
 	size_t len = response->length - sizeof(struct winbindd_response);
@@ -36,7 +34,7 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response
 		DATA_BLOB blob;
 		blob.length = len - 4;
 		blob.data = (uint8_t *)(((char *)response->extra_data) + 4);
-		
+
 		status = ndr_pull_struct_blob(&blob, mem_ctx, info3,
 					      (ndr_pull_flags_fn_t)ndr_pull_netr_SamInfo3);
 
@@ -48,28 +46,16 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response
 }
 
 /* Authenticate a user with a challenge/response */
-
-static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
-				     void *my_private_data, 
-				     TALLOC_CTX *mem_ctx,
-				     const struct auth_usersupplied_info *user_info, 
-				     struct auth_serversupplied_info **server_info)
+static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
+				       TALLOC_CTX *mem_ctx,
+				       const struct auth_usersupplied_info *user_info, 
+				       struct auth_serversupplied_info **server_info)
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
         NSS_STATUS result;
 	NTSTATUS nt_status;
-	struct netr_SamInfo3 info3;
-
-	if (!user_info) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
-
-	if (!auth_context) {
-		DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n", 
-			 user_info->internal_username.str));		
-		return NT_STATUS_UNSUCCESSFUL;
-	}		
+	struct netr_SamInfo3 info3;		
 
 	/* Send off request */
 
@@ -77,84 +63,71 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 	ZERO_STRUCT(response);
 	request.flags = WBFLAG_PAM_INFO3_NDR;
 	fstrcpy(request.data.auth_crap.user, 
-		user_info->smb_name.str);
+		user_info->account_name);
 	fstrcpy(request.data.auth_crap.domain, 
-			  user_info->domain.str);
+		user_info->domain_name);
 	fstrcpy(request.data.auth_crap.workstation, 
-			  user_info->wksta_name.str);
+		user_info->workstation_name);
+
+	memcpy(request.data.auth_crap.chal, ctx->auth_ctx->challenge.data.data, sizeof(request.data.auth_crap.chal));
 
-	memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal));
-	
 	request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length, 
 						 sizeof(request.data.auth_crap.lm_resp));
 	request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length, 
 						 sizeof(request.data.auth_crap.nt_resp));
-	
+
 	memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, 
 	       request.data.auth_crap.lm_resp_len);
 	memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, 
 	       request.data.auth_crap.nt_resp_len);
-	
+
 	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
 
 	nt_status = NT_STATUS(response.data.auth.nt_status);
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		return nt_status;
-	}
+	NT_STATUS_NOT_OK_RETURN(nt_status);
 
 	if (result == NSS_STATUS_SUCCESS && response.extra_data) {
+		union netr_Validation validation;
+
 		nt_status = get_info3_from_ndr(mem_ctx, &response, &info3);
-		if (NT_STATUS_IS_OK(nt_status)) { 
-			union netr_Validation validation;
-			validation.sam3 = &info3;
-			nt_status = 
-				make_server_info_netlogon_validation(mem_ctx, 
-								     user_info->internal_username.str, 
-								     server_info,
-								     3,
-								     &validation); 
-		}
 		SAFE_FREE(response.extra_data);
+		NT_STATUS_NOT_OK_RETURN(nt_status); 
+
+		validation.sam3 = &info3;
+		nt_status = make_server_info_netlogon_validation(mem_ctx, 
+								 user_info->account_name, 
+								 3, &validation,
+								 server_info);
+		return nt_status;
 	} else if (result == NSS_STATUS_SUCCESS && !response.extra_data) {
 		DEBUG(0, ("Winbindd authenticated the user [%s]\\[%s], "
 			  "but did not include the required info3 reply!\n", 
-			  user_info->smb_name.str, user_info->domain.str));
-		nt_status = NT_STATUS_INSUFFICIENT_LOGON_INFO;
+			  user_info->domain_name, user_info->account_name));
+		return NT_STATUS_INSUFFICIENT_LOGON_INFO;
 	} else if (NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(1, ("Winbindd authentication for [%s]\\[%s] failed, "
 			  "but no error code is available!\n", 
-			  user_info->smb_name.str, user_info->domain.str));
-		nt_status = NT_STATUS_NO_LOGON_SERVERS;
+			  user_info->domain_name, user_info->account_name));
+		return NT_STATUS_NO_LOGON_SERVERS;
 	}
 
         return nt_status;
 }
 
-/* module initialisation */
-static NTSTATUS auth_init_winbind(struct auth_context *auth_context, 
-					  const char *param, 
-					  struct auth_methods **auth_method) 
-{
-	if (!make_auth_methods(auth_context, auth_method))
-		return NT_STATUS_NO_MEMORY;
-
-	(*auth_method)->name = "winbind";
-	(*auth_method)->auth = check_winbind_security;
-	return NT_STATUS_OK;
-}
+static const struct auth_operations winbind_ops = {
+	.name		= "winbind",
+	.get_challenge	= auth_get_challenge_not_implemented,
+	.check_password	= winbind_check_password
+};
 
 NTSTATUS auth_winbind_init(void)
 {
 	NTSTATUS ret;
-	struct auth_operations ops;
 
-	ops.name = "winbind";
-	ops.init = auth_init_winbind;
-	ret = auth_register(&ops);
+	ret = auth_register(&winbind_ops);
 	if (!NT_STATUS_IS_OK(ret)) {
-		DEBUG(0,("Failed to register '%s' auth backend!\n",
-			ops.name));
+		DEBUG(0,("Failed to register 'winbind' auth backend!\n"));
+		return ret;
 	}
 	return ret;
 }
author	Stefan Metzmacher <metze@samba.org>	2005-01-09 12:55:25 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:08:34 -0500
commit	46a32687da249174a666d9166fccbe705c8beba0 (patch)
tree	07a43ce2b630ea0a943c01ba4d631c9da18630c8 /source4/auth/auth_winbind.c
parent	b61b22d73a0b0fb3322884e3712c89a52a47f56b (diff)
download	samba-46a32687da249174a666d9166fccbe705c8beba0.tar.gz samba-46a32687da249174a666d9166fccbe705c8beba0.tar.bz2 samba-46a32687da249174a666d9166fccbe705c8beba0.zip