summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-10-07 11:31:45 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:39:32 -0500
commit1377cca5f4beb43cf67fcc65eed79f14178d6349 (patch)
tree79a693899d0c1377e4009e4088018bc561ea9af4 /source4/auth
parent5158636aff545de3115e747b53ce68f753151bd7 (diff)
downloadsamba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.gz
samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.tar.bz2
samba-1377cca5f4beb43cf67fcc65eed79f14178d6349.zip
r10810: This adds the hooks required to communicate the current user from the
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth_sam.c4
-rw-r--r--source4/auth/auth_util.c115
2 files changed, 117 insertions, 2 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 1df2103eb6..de4be9586c 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -521,7 +521,7 @@ NTSTATUS sam_get_server_info(TALLOC_CTX *mem_ctx, const char *account_name, cons
struct ldb_message **domain_msgs;
void *sam_ctx;
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
@@ -558,7 +558,7 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
return NT_STATUS_NOT_IMPLEMENTED;
}
- sam_ctx = samdb_connect(mem_ctx);
+ sam_ctx = samdb_connect(mem_ctx, system_session(mem_ctx));
if (sam_ctx == NULL) {
return NT_STATUS_INVALID_SYSTEM_SERVICE;
}
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 19fd63ed2e..da5df9b368 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -427,6 +427,73 @@ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, struct auth_serversuppl
return NT_STATUS_OK;
}
+NTSTATUS auth_system_server_info(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **_server_info)
+{
+ struct auth_serversupplied_info *server_info;
+ server_info = talloc(mem_ctx, struct auth_serversupplied_info);
+ NT_STATUS_HAVE_NO_MEMORY(server_info);
+
+ server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_SYSTEM);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
+
+ /* is this correct? */
+ server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_ADMINISTRATORS);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
+
+ server_info->n_domain_groups = 0;
+ server_info->domain_groups = NULL;
+
+ /* annoying, but the Anonymous really does have a session key,
+ and it is all zeros! */
+ server_info->user_session_key = data_blob_talloc(server_info, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+
+ server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+
+ data_blob_clear(&server_info->user_session_key);
+ data_blob_clear(&server_info->lm_session_key);
+
+ server_info->account_name = talloc_strdup(server_info, "sYSTEM");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+
+ server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+
+ server_info->full_name = talloc_strdup(server_info, "System");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
+
+ server_info->logon_script = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+
+ server_info->profile_path = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+
+ server_info->home_directory = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+
+ server_info->home_drive = talloc_strdup(server_info, "");
+ NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+
+ server_info->last_logon = 0;
+ server_info->last_logoff = 0;
+ server_info->acct_expiry = 0;
+ server_info->last_password_change = 0;
+ server_info->allow_password_change = 0;
+ server_info->force_password_change = 0;
+
+ server_info->logon_count = 0;
+ server_info->bad_password_count = 0;
+
+ server_info->acct_flags = ACB_NORMAL;
+
+ server_info->authenticated = False;
+
+ *_server_info = server_info;
+
+ return NT_STATUS_OK;
+}
+
NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info *server_info,
struct auth_session_info **_session_info)
@@ -482,6 +549,54 @@ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
return NT_STATUS_OK;
}
+struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS nt_status;
+ struct auth_session_info *session_info = NULL;
+ nt_status = auth_anonymous_session_info(mem_ctx, &session_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return NULL;
+ }
+ return session_info;
+}
+
+NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
+ struct auth_session_info **_session_info)
+{
+ NTSTATUS nt_status;
+ struct auth_serversupplied_info *server_info = NULL;
+ struct auth_session_info *session_info = NULL;
+ TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
+
+ nt_status = auth_system_server_info(mem_ctx,
+ &server_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(mem_ctx);
+ return nt_status;
+ }
+
+ /* references the server_info into the session_info */
+ nt_status = auth_generate_session_info(parent_ctx, server_info, &session_info);
+ talloc_free(mem_ctx);
+
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ *_session_info = session_info;
+
+ return NT_STATUS_OK;
+}
+
+struct auth_session_info *system_session(TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS nt_status;
+ struct auth_session_info *session_info = NULL;
+ nt_status = auth_system_session_info(mem_ctx, &session_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return NULL;
+ }
+ return session_info;
+}
+
/****************************************************************************
prints a struct auth_session_info security token to debug output.
****************************************************************************/