diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-02-08 16:53:13 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-02-09 01:11:06 +0100 |
| commit | a2ce53c1f5301ffcf990dbab837c328ea22739b6 (patch) | |
| tree | 52dde7c4bb16c0d885b8691a4c5c87f8213b0599 /source4/auth/ntlm | |
| parent | f1c0e9532d8e3fb0d8942e4d4e1a122429266b16 (diff) | |
| download | samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.tar.gz samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.tar.bz2 samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.zip | |
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
Diffstat (limited to 'source4/auth/ntlm')
| -rw-r--r-- | source4/auth/ntlm/auth.c | 50 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_anonymous.c | 4 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_developer.c | 82 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 20 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_server.c | 70 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_simple.c | 8 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_unix.c | 99 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_winbind.c | 12 |
8 files changed, 180 insertions, 165 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 1a98fb414f..1558cfdebe 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -103,21 +103,21 @@ PAC isn't available, and for tokenGroups in the DSDB stack. Supply either a principal or a DN ****************************************************************************/ -_PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx, +_PUBLIC_ NTSTATUS auth_get_user_info_dc_principal(TALLOC_CTX *mem_ctx, struct auth_context *auth_ctx, const char *principal, struct ldb_dn *user_dn, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { NTSTATUS nt_status; struct auth_method_context *method; for (method = auth_ctx->methods; method; method = method->next) { - if (!method->ops->get_server_info_principal) { + if (!method->ops->get_user_info_dc_principal) { continue; } - nt_status = method->ops->get_server_info_principal(mem_ctx, auth_ctx, principal, user_dn, server_info); + nt_status = method->ops->get_user_info_dc_principal(mem_ctx, auth_ctx, principal, user_dn, user_info_dc); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) { continue; } @@ -133,9 +133,9 @@ _PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx, * (sync version) * * Check a user's password, as given in the user_info struct and return various - * interesting details in the server_info struct. + * interesting details in the user_info_dc struct. * - * The return value takes precedence over the contents of the server_info + * The return value takes precedence over the contents of the user_info_dc * struct. When the return is other than NT_STATUS_OK the contents * of that structure is undefined. * @@ -146,9 +146,9 @@ _PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx, * * @param user_info Contains the user supplied components, including the passwords. * - * @param mem_ctx The parent memory context for the server_info structure + * @param mem_ctx The parent memory context for the user_info_dc structure * - * @param server_info If successful, contains information about the authentication, + * @param user_info_dc If successful, contains information about the authentication, * including a SAM_ACCOUNT struct describing the user. * * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. @@ -158,7 +158,7 @@ _PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx, _PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { struct tevent_req *subreq; struct tevent_context *ev; @@ -181,7 +181,7 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx, return NT_STATUS_INTERNAL_ERROR; } - status = auth_check_password_recv(subreq, mem_ctx, server_info); + status = auth_check_password_recv(subreq, mem_ctx, user_info_dc); TALLOC_FREE(subreq); return status; @@ -190,7 +190,7 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx, struct auth_check_password_state { struct auth_context *auth_ctx; const struct auth_usersupplied_info *user_info; - struct auth_serversupplied_info *server_info; + struct auth_user_info_dc *user_info_dc; struct auth_method_context *method; }; @@ -202,9 +202,9 @@ static void auth_check_password_async_trigger(struct tevent_context *ev, * async send hook * * Check a user's password, as given in the user_info struct and return various - * interesting details in the server_info struct. + * interesting details in the user_info_dc struct. * - * The return value takes precedence over the contents of the server_info + * The return value takes precedence over the contents of the user_info_dc * struct. When the return is other than NT_STATUS_OK the contents * of that structure is undefined. * @@ -334,7 +334,7 @@ static void auth_check_password_async_trigger(struct tevent_context *ev, status = method->ops->check_password(method, state, state->user_info, - &state->server_info); + &state->user_info_dc); if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { /* the backend has handled the request */ break; @@ -358,16 +358,16 @@ static void auth_check_password_async_trigger(struct tevent_context *ev, * Check a user's Plaintext, LM or NTLM password. * async receive function * - * The return value takes precedence over the contents of the server_info + * The return value takes precedence over the contents of the user_info_dc * struct. When the return is other than NT_STATUS_OK the contents * of that structure is undefined. * * * @param req The async request state * - * @param mem_ctx The parent memory context for the server_info structure + * @param mem_ctx The parent memory context for the user_info_dc structure * - * @param server_info If successful, contains information about the authentication, + * @param user_info_dc If successful, contains information about the authentication, * including a SAM_ACCOUNT struct describing the user. * * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. @@ -376,7 +376,7 @@ static void auth_check_password_async_trigger(struct tevent_context *ev, _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { struct auth_check_password_state *state = tevent_req_data(req, struct auth_check_password_state); @@ -397,10 +397,10 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req, DEBUG(5,("auth_check_password_recv: " "%s authentication for user [%s\\%s] succeeded\n", state->method->ops->name, - state->server_info->domain_name, - state->server_info->account_name)); + state->user_info_dc->info->domain_name, + state->user_info_dc->info->account_name)); - *server_info = talloc_move(mem_ctx, &state->server_info); + *user_info_dc = talloc_move(mem_ctx, &state->user_info_dc); tevent_req_received(req); return NT_STATUS_OK; @@ -410,12 +410,12 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req, * know that session_info is generated from the main ldb */ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, - struct auth_serversupplied_info *server_info, + struct auth_user_info_dc *user_info_dc, uint32_t session_info_flags, struct auth_session_info **session_info) { return auth_generate_session_info(mem_ctx, auth_context->lp_ctx, - auth_context->sam_ctx, server_info, + auth_context->sam_ctx, user_info_dc, session_info_flags, session_info); } @@ -477,7 +477,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char ** ctx->get_challenge = auth_get_challenge; ctx->set_challenge = auth_context_set_challenge; ctx->challenge_may_be_modified = auth_challenge_may_be_modified; - ctx->get_server_info_principal = auth_get_server_info_principal; + ctx->get_user_info_dc_principal = auth_get_user_info_dc_principal; ctx->generate_session_info = auth_generate_session_info_wrapper; *auth_ctx = ctx; @@ -625,7 +625,7 @@ const struct auth_critical_sizes *auth_interface_version(void) sizeof(struct auth_method_context), sizeof(struct auth_context), sizeof(struct auth_usersupplied_info), - sizeof(struct auth_serversupplied_info) + sizeof(struct auth_user_info_dc) }; return &critical_sizes; diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c index d5f1df2891..7535777b60 100644 --- a/source4/auth/ntlm/auth_anonymous.c +++ b/source4/auth/ntlm/auth_anonymous.c @@ -52,9 +52,9 @@ static NTSTATUS anonymous_want_check(struct auth_method_context *ctx, static NTSTATUS anonymous_check_password(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **_server_info) + struct auth_user_info_dc **_user_info_dc) { - return auth_anonymous_server_info(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), _server_info); + return auth_anonymous_user_info_dc(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), _user_info_dc); } static const struct auth_operations anonymous_auth_ops = { diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c index 6384d98986..255f97fd23 100644 --- a/source4/auth/ntlm/auth_developer.c +++ b/source4/auth/ntlm/auth_developer.c @@ -47,10 +47,11 @@ static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx, static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **_server_info) + struct auth_user_info_dc **_user_info_dc) { NTSTATUS nt_status; - struct auth_serversupplied_info *server_info; + struct auth_user_info_dc *user_info_dc; + struct auth_user_info *info; uint32_t error_num; const char *user; @@ -65,62 +66,65 @@ static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx, } NT_STATUS_NOT_OK_RETURN(nt_status); - server_info = talloc(mem_ctx, struct auth_serversupplied_info); - NT_STATUS_HAVE_NO_MEMORY(server_info); + user_info_dc = talloc(mem_ctx, struct auth_user_info_dc); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc); /* This returns a pointer to a struct dom_sid, which is the * same as a 1 element list of struct dom_sid */ - server_info->num_sids = 1; - server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); - NT_STATUS_HAVE_NO_MEMORY(server_info->sids); + user_info_dc->num_sids = 1; + user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_ANONYMOUS); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); /* annoying, but the Anonymous really does have a session key, and it is all zeros! */ - server_info->user_session_key = data_blob_talloc(server_info, NULL, 16); - NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data); + user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data); - server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16); - NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data); + user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data); - data_blob_clear(&server_info->user_session_key); - data_blob_clear(&server_info->lm_session_key); + data_blob_clear(&user_info_dc->user_session_key); + data_blob_clear(&user_info_dc->lm_session_key); - server_info->account_name = talloc_asprintf(server_info, "NAME TO NTSTATUS %s ANONYMOUS LOGON", user); - NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); + user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); - server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY"); - NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); + info->account_name = talloc_asprintf(user_info_dc, "NAME TO NTSTATUS %s ANONYMOUS LOGON", user); + NT_STATUS_HAVE_NO_MEMORY(info->account_name); - server_info->full_name = talloc_asprintf(server_info, "NAME TO NTSTATUS %s Anonymous Logon", user); - NT_STATUS_HAVE_NO_MEMORY(server_info->full_name); + info->domain_name = talloc_strdup(user_info_dc, "NT AUTHORITY"); + NT_STATUS_HAVE_NO_MEMORY(info->domain_name); - server_info->logon_script = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); + info->full_name = talloc_asprintf(user_info_dc, "NAME TO NTSTATUS %s Anonymous Logon", user); + NT_STATUS_HAVE_NO_MEMORY(info->full_name); - server_info->profile_path = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); + info->logon_script = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->logon_script); - server_info->home_directory = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); + info->profile_path = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->profile_path); - server_info->home_drive = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); + info->home_directory = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->home_directory); - server_info->last_logon = 0; - server_info->last_logoff = 0; - server_info->acct_expiry = 0; - server_info->last_password_change = 0; - server_info->allow_password_change = 0; - server_info->force_password_change = 0; + info->home_drive = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->home_drive); - server_info->logon_count = 0; - server_info->bad_password_count = 0; + info->last_logon = 0; + info->last_logoff = 0; + info->acct_expiry = 0; + info->last_password_change = 0; + info->allow_password_change = 0; + info->force_password_change = 0; - server_info->acct_flags = ACB_NORMAL; + info->logon_count = 0; + info->bad_password_count = 0; - server_info->authenticated = false; + info->acct_flags = ACB_NORMAL; - *_server_info = server_info; + info->authenticated = true; + + *_user_info_dc = user_info_dc; return nt_status; } @@ -166,7 +170,7 @@ static NTSTATUS fixed_challenge_want_check(struct auth_method_context *ctx, static NTSTATUS fixed_challenge_check_password(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **_server_info) + struct auth_user_info_dc **_user_info_dc) { /* don't handle any users */ return NT_STATUS_NO_SUCH_USER; diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index d9aec66d52..ef4932e87c 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -237,7 +237,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { NTSTATUS nt_status; const char *account_name = user_info->mapped.account_name; @@ -280,18 +280,18 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx return nt_status; } - nt_status = authsam_make_server_info(tmp_ctx, ctx->auth_ctx->sam_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), + nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), lpcfg_sam_name(ctx->auth_ctx->lp_ctx), domain_dn, msg, user_sess_key, lm_sess_key, - server_info); + user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; } - talloc_steal(mem_ctx, *server_info); + talloc_steal(mem_ctx, *user_info_dc); talloc_free(tmp_ctx); return NT_STATUS_OK; @@ -354,21 +354,21 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx, /* Wrapper for the auth subsystem pointer */ -static NTSTATUS authsam_get_server_info_principal_wrapper(TALLOC_CTX *mem_ctx, +static NTSTATUS authsam_get_user_info_dc_principal_wrapper(TALLOC_CTX *mem_ctx, struct auth_context *auth_context, const char *principal, struct ldb_dn *user_dn, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { - return authsam_get_server_info_principal(mem_ctx, auth_context->lp_ctx, auth_context->sam_ctx, - principal, user_dn, server_info); + return authsam_get_user_info_dc_principal(mem_ctx, auth_context->lp_ctx, auth_context->sam_ctx, + principal, user_dn, user_info_dc); } static const struct auth_operations sam_ignoredomain_ops = { .name = "sam_ignoredomain", .get_challenge = auth_get_challenge_not_implemented, .want_check = authsam_ignoredomain_want_check, .check_password = authsam_check_password_internals, - .get_server_info_principal = authsam_get_server_info_principal_wrapper + .get_user_info_dc_principal = authsam_get_user_info_dc_principal_wrapper }; static const struct auth_operations sam_ops = { @@ -376,7 +376,7 @@ static const struct auth_operations sam_ops = { .get_challenge = auth_get_challenge_not_implemented, .want_check = authsam_want_check, .check_password = authsam_check_password_internals, - .get_server_info_principal = authsam_get_server_info_principal_wrapper + .get_user_info_dc_principal = authsam_get_user_info_dc_principal_wrapper }; _PUBLIC_ NTSTATUS auth_sam_init(void) diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c index 8e9e73c43d..106bc6c15b 100644 --- a/source4/auth/ntlm/auth_server.c +++ b/source4/auth/ntlm/auth_server.c @@ -111,10 +111,11 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX static NTSTATUS server_check_password(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **_server_info) + struct auth_user_info_dc **_user_info_dc) { NTSTATUS nt_status; - struct auth_serversupplied_info *server_info; + struct auth_user_info_dc *user_info_dc; + struct auth_user_info *info; struct cli_credentials *creds; struct smb_composite_sesssetup session_setup; @@ -156,56 +157,59 @@ static NTSTATUS server_check_password(struct auth_method_context *ctx, return nt_status; } - server_info = talloc(mem_ctx, struct auth_serversupplied_info); - NT_STATUS_HAVE_NO_MEMORY(server_info); + user_info_dc = talloc(mem_ctx, struct auth_user_info_dc); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc); - server_info->num_sids = 1; + user_info_dc->num_sids = 1; /* This returns a pointer to a struct dom_sid, which is the * same as a 1 element list of struct dom_sid */ - server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); - NT_STATUS_HAVE_NO_MEMORY(server_info->sids); + user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_ANONYMOUS); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); /* annoying, but the Anonymous really does have a session key, and it is all zeros! */ - server_info->user_session_key = data_blob(NULL, 0); - server_info->lm_session_key = data_blob(NULL, 0); + user_info_dc->user_session_key = data_blob(NULL, 0); + user_info_dc->lm_session_key = data_blob(NULL, 0); - server_info->account_name = talloc_strdup(server_info, user_info->client.account_name); - NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); + user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); - server_info->domain_name = talloc_strdup(server_info, user_info->client.domain_name); - NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); + info->account_name = talloc_strdup(user_info_dc, user_info->client.account_name); + NT_STATUS_HAVE_NO_MEMORY(info->account_name); - server_info->full_name = NULL; + info->domain_name = talloc_strdup(user_info_dc, user_info->client.domain_name); + NT_STATUS_HAVE_NO_MEMORY(info->domain_name); - server_info->logon_script = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); + info->full_name = NULL; - server_info->profile_path = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); + info->logon_script = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->logon_script); - server_info->home_directory = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); + info->profile_path = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->profile_path); - server_info->home_drive = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); + info->home_directory = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->home_directory); - server_info->last_logon = 0; - server_info->last_logoff = 0; - server_info->acct_expiry = 0; - server_info->last_password_change = 0; - server_info->allow_password_change = 0; - server_info->force_password_change = 0; + info->home_drive = talloc_strdup(user_info_dc, ""); + NT_STATUS_HAVE_NO_MEMORY(info->home_drive); - server_info->logon_count = 0; - server_info->bad_password_count = 0; + info->last_logon = 0; + info->last_logoff = 0; + info->acct_expiry = 0; + info->last_password_change = 0; + info->allow_password_change = 0; + info->force_password_change = 0; - server_info->acct_flags = ACB_NORMAL; + info->logon_count = 0; + info->bad_password_count = 0; - server_info->authenticated = false; + info->acct_flags = ACB_NORMAL; - *_server_info = server_info; + info->authenticated = false; + + *_user_info_dc = user_info_dc; return nt_status; } diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c index 1079fba527..75eabe855b 100644 --- a/source4/auth/ntlm/auth_simple.c +++ b/source4/auth/ntlm/auth_simple.c @@ -40,7 +40,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, { struct auth_context *auth_context; struct auth_usersupplied_info *user_info; - struct auth_serversupplied_info *server_info; + struct auth_user_info_dc *user_info_dc; NTSTATUS nt_status; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); @@ -83,7 +83,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, MSV1_0_CLEARTEXT_PASSWORD_ALLOWED | MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED; - nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); + nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; @@ -91,11 +91,11 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, if (session_info) { uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS; - if (server_info->authenticated) { + if (user_info_dc->info->authenticated) { flags |= AUTH_SESSION_INFO_AUTHENTICATED; } nt_status = auth_context->generate_session_info(tmp_ctx, auth_context, - server_info, + user_info_dc, flags, session_info); diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c index 08759aba67..8b41983eef 100644 --- a/source4/auth/ntlm/auth_unix.c +++ b/source4/auth/ntlm/auth_unix.c @@ -31,68 +31,75 @@ /* TODO: look at how to best fill in parms retrieveing a struct passwd info * except in case USER_INFO_DONT_CHECK_UNIX_ACCOUNT is set */ -static NTSTATUS authunix_make_server_info(TALLOC_CTX *mem_ctx, +static NTSTATUS authunix_make_user_info_dc(TALLOC_CTX *mem_ctx, const char *netbios_name, const struct auth_usersupplied_info *user_info, struct passwd *pwd, - struct auth_serversupplied_info **_server_info) + struct auth_user_info_dc **_user_info_dc) { - struct auth_serversupplied_info *server_info; + struct auth_user_info_dc *user_info_dc; + struct auth_user_info *info; NTSTATUS status; /* This is a real, real hack */ if (pwd->pw_uid == 0) { - status = auth_system_server_info(mem_ctx, netbios_name, &server_info); + status = auth_system_user_info_dc(mem_ctx, netbios_name, &user_info_dc); if (!NT_STATUS_IS_OK(status)) { return status; } - server_info->account_name = talloc_steal(server_info, pwd->pw_name); - NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); + user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); + + info->account_name = talloc_steal(info, pwd->pw_name); + NT_STATUS_HAVE_NO_MEMORY(info->account_name); - server_info->domain_name = talloc_strdup(server_info, "unix"); - NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); + info->domain_name = talloc_strdup(info, "unix"); + NT_STATUS_HAVE_NO_MEMORY(info->domain_name); } else { - server_info = talloc(mem_ctx, struct auth_serversupplied_info); - NT_STATUS_HAVE_NO_MEMORY(server_info); + user_info_dc = talloc(mem_ctx, struct auth_user_info_dc); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc); - server_info->authenticated = true; + user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); + NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); + + info->authenticated = true; - server_info->account_name = talloc_steal(server_info, pwd->pw_name); - NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); + info->account_name = talloc_steal(info, pwd->pw_name); + NT_STATUS_HAVE_NO_MEMORY(info->account_name); - server_info->domain_name = talloc_strdup(server_info, "unix"); - NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); + info->domain_name = talloc_strdup(info, "unix"); + NT_STATUS_HAVE_NO_MEMORY(info->domain_name); /* This isn't in any way correct.. */ - server_info->num_sids = 0; - server_info->sids = NULL; - } - server_info->user_session_key = data_blob(NULL,0); - server_info->lm_session_key = data_blob(NULL,0); - - server_info->full_name = talloc_steal(server_info, pwd->pw_gecos); - NT_STATUS_HAVE_NO_MEMORY(server_info->full_name); - server_info->logon_script = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); - server_info->profile_path = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); - server_info->home_directory = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); - server_info->home_drive = talloc_strdup(server_info, ""); - NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); - - server_info->last_logon = 0; - server_info->last_logoff = 0; - server_info->acct_expiry = 0; - server_info->last_password_change = 0; - server_info->allow_password_change = 0; - server_info->force_password_change = 0; - server_info->logon_count = 0; - server_info->bad_password_count = 0; - server_info->acct_flags = 0; - - *_server_info = server_info; + user_info_dc->num_sids = 0; + user_info_dc->sids = NULL; + } + user_info_dc->user_session_key = data_blob(NULL,0); + user_info_dc->lm_session_key = data_blob(NULL,0); + + info->full_name = talloc_steal(info, pwd->pw_gecos); + NT_STATUS_HAVE_NO_MEMORY(info->full_name); + info->logon_script = talloc_strdup(info, ""); + NT_STATUS_HAVE_NO_MEMORY(info->logon_script); + info->profile_path = talloc_strdup(info, ""); + NT_STATUS_HAVE_NO_MEMORY(info->profile_path); + info->home_directory = talloc_strdup(info, ""); + NT_STATUS_HAVE_NO_MEMORY(info->home_directory); + info->home_drive = talloc_strdup(info, ""); + NT_STATUS_HAVE_NO_MEMORY(info->home_drive); + + info->last_logon = 0; + info->last_logoff = 0; + info->acct_expiry = 0; + info->last_password_change = 0; + info->allow_password_change = 0; + info->force_password_change = 0; + info->logon_count = 0; + info->bad_password_count = 0; + info->acct_flags = 0; + + *_user_info_dc = user_info_dc; return NT_STATUS_OK; } @@ -791,7 +798,7 @@ static NTSTATUS authunix_want_check(struct auth_method_context *ctx, static NTSTATUS authunix_check_password(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { TALLOC_CTX *check_ctx; NTSTATUS nt_status; @@ -812,8 +819,8 @@ static NTSTATUS authunix_check_password(struct auth_method_context *ctx, return nt_status; } - nt_status = authunix_make_server_info(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), - user_info, pwd, server_info); + nt_status = authunix_make_user_info_dc(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), + user_info, pwd, user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(check_ctx); return nt_status; diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index b6bf516a4f..30a2f01585 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -131,7 +131,7 @@ struct winbind_check_password_state { static NTSTATUS winbind_check_password(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { NTSTATUS status; struct dcerpc_binding_handle *irpc_handle; @@ -214,11 +214,11 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx, status = dcerpc_winbind_SamLogon_r(irpc_handle, s, &s->req); NT_STATUS_NOT_OK_RETURN(status); - status = make_server_info_netlogon_validation(mem_ctx, + status = make_user_info_dc_netlogon_validation(mem_ctx, user_info->client.account_name, s->req.in.validation_level, &s->req.out.validation, - server_info); + user_info_dc); NT_STATUS_NOT_OK_RETURN(status); return NT_STATUS_OK; @@ -231,7 +231,7 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx, static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) + struct auth_user_info_dc **user_info_dc) { struct wbcAuthUserParams params; struct wbcAuthUserInfo *info = NULL; @@ -301,9 +301,9 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, NT_STATUS_NOT_OK_RETURN(nt_status); validation.sam3 = &info3; - nt_status = make_server_info_netlogon_validation(mem_ctx, + nt_status = make_user_info_dc_netlogon_validation(mem_ctx, user_info->client.account_name, - 3, &validation, server_info); + 3, &validation, user_info_dc); return nt_status; } |