diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-07-22 04:10:07 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:29:55 -0500 |
| commit | b16362fab65d0700bd6a8cf6569a9e21c7e6b069 (patch) | |
| tree | cd68807d497dac925038d03c3786308825b02e10 /source4/auth/auth_winbind.c | |
| parent | 176c0d1b771d0e81167a12eb81eddb40732b074a (diff) | |
| download | samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.tar.gz samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.tar.bz2 samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.zip | |
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
Diffstat (limited to 'source4/auth/auth_winbind.c')
| -rw-r--r-- | source4/auth/auth_winbind.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/source4/auth/auth_winbind.c b/source4/auth/auth_winbind.c index 8a6a5a720b..878e706b9b 100644 --- a/source4/auth/auth_winbind.c +++ b/source4/auth/auth_winbind.c @@ -59,27 +59,35 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx, struct netr_SamInfo3 info3; /* Send off request */ + const struct auth_usersupplied_info *user_info_temp; + nt_status = encrypt_user_info(mem_ctx, ctx->auth_ctx, + AUTH_PASSWORD_RESPONSE, + user_info, &user_info_temp); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + user_info = user_info_temp; ZERO_STRUCT(request); ZERO_STRUCT(response); request.flags = WBFLAG_PAM_INFO3_NDR; fstrcpy(request.data.auth_crap.user, - user_info->account_name); + user_info->client.account_name); fstrcpy(request.data.auth_crap.domain, - user_info->domain_name); + user_info->client.domain_name); fstrcpy(request.data.auth_crap.workstation, user_info->workstation_name); memcpy(request.data.auth_crap.chal, ctx->auth_ctx->challenge.data.data, sizeof(request.data.auth_crap.chal)); - request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length, + request.data.auth_crap.lm_resp_len = MIN(user_info->password.response.lanman.length, sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length, + request.data.auth_crap.nt_resp_len = MIN(user_info->password.response.nt.length, sizeof(request.data.auth_crap.nt_resp)); - memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, + memcpy(request.data.auth_crap.lm_resp, user_info->password.response.lanman.data, request.data.auth_crap.lm_resp_len); - memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, + memcpy(request.data.auth_crap.nt_resp, user_info->password.response.nt.data, request.data.auth_crap.nt_resp_len); result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); @@ -96,19 +104,19 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx, validation.sam3 = &info3; nt_status = make_server_info_netlogon_validation(mem_ctx, - user_info->account_name, + user_info->client.account_name, 3, &validation, server_info); return nt_status; } else if (result == NSS_STATUS_SUCCESS && !response.extra_data) { DEBUG(0, ("Winbindd authenticated the user [%s]\\[%s], " "but did not include the required info3 reply!\n", - user_info->domain_name, user_info->account_name)); + user_info->client.domain_name, user_info->client.account_name)); return NT_STATUS_INSUFFICIENT_LOGON_INFO; } else if (NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("Winbindd authentication for [%s]\\[%s] failed, " "but no error code is available!\n", - user_info->domain_name, user_info->account_name)); + user_info->client.domain_name, user_info->client.account_name)); return NT_STATUS_NO_LOGON_SERVERS; } |