diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2008-04-25 10:04:20 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2008-04-25 10:04:20 +0100 |
| commit | cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31 (patch) | |
| tree | d0b116699dee35372ed335834989e1c885e8f94a /source4/winbind/wb_samba3_cmd.c | |
| parent | d1432d617e6ed04c33ca214d7f3b0099bdf53065 (diff) | |
| parent | 240d959005f5fd80a38b3734b39dd5d6e425a566 (diff) | |
| download | samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.tar.gz samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.tar.bz2 samba-cc9c4aaa8d02c4c31c9e9a4bb53e5941683fcc31.zip | |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
Conflicts:
source/Makefile
source/auth/config.mk
source/auth/gensec/config.mk
source/build/m4/public.m4
source/build/make/python.mk
source/build/make/rules.mk
source/build/smb_build/header.pm
source/build/smb_build/main.pl
source/build/smb_build/makefile.pm
source/dsdb/config.mk
source/dsdb/samdb/ldb_modules/config.mk
source/kdc/config.mk
source/lib/events/config.mk
source/lib/events/events.c
source/lib/ldb/config.mk
source/lib/nss_wrapper/config.mk
source/lib/policy/config.mk
source/lib/util/config.mk
source/libcli/smb2/config.mk
source/libnet/config.mk
source/librpc/config.mk
source/nbt_server/config.mk
source/ntptr/ntptr_base.c
source/ntvfs/posix/config.mk
source/ntvfs/sysdep/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/rpc_server/service_rpc.c
source/scripting/ejs/config.mk
source/scripting/python/config.mk
source/smb_server/config.mk
source/smbd/server.c
source/torture/config.mk
source/torture/smb2/config.mk
source/wrepl_server/config.mk
(This used to be commit 13bbd420681519894a4036729c43273912c9b402)
Diffstat (limited to 'source4/winbind/wb_samba3_cmd.c')
| -rw-r--r-- | source4/winbind/wb_samba3_cmd.c | 90 |
1 files changed, 66 insertions, 24 deletions
diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index 24074700fc..f0aaaa7778 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -30,6 +30,8 @@ #include "librpc/gen_ndr/netlogon.h" #include "libcli/security/security.h" #include "auth/pam_errors.h" +#include "auth/credentials/credentials.h" +#include "smbd/service_task.h" /* Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors. @@ -41,13 +43,14 @@ static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status, struct winbindd_response *resp = &s3call->response; if (!NT_STATUS_IS_OK(status)) { resp->result = WINBINDD_ERROR; - WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string, - nt_errstr(status)); - WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string, - get_friendly_nt_error_msg(status)); } else { resp->result = WINBINDD_OK; } + + WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string, + nt_errstr(status)); + WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string, + get_friendly_nt_error_msg(status)); resp->data.auth.pam_error = nt_status_to_pam(status); resp->data.auth.nt_status = NT_STATUS_V(status); @@ -110,10 +113,12 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call) NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call) { - s3call->response.result = WINBINDD_OK; - s3call->response.extra_data.data = - smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); - NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data); + char *path = smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); + NT_STATUS_HAVE_NO_MEMORY(path); + s3call->response.result = WINBINDD_OK; + s3call->response.extra_data.data = path; + + s3call->response.length += strlen(path) + 1; return NT_STATUS_OK; } @@ -123,41 +128,65 @@ NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call) return NT_STATUS_OK; } -#if 0 -/* - Validate that we have a working pipe to the domain controller. - Return any NT error found in the process +/* Plaintext authentication + + This interface is used by ntlm_auth in it's 'basic' authentication + mode, as well as by pam_winbind to authenticate users where we are + given a plaintext password. */ -static void checkmachacc_recv_creds(struct composite_context *ctx); +static void check_machacc_recv(struct composite_context *ctx); NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call) { + NTSTATUS status; + struct cli_credentials *creds; struct composite_context *ctx; + struct wbsrv_service *service = + s3call->wbconn->listen_socket->service; + + /* Create a credentials structure */ + creds = cli_credentials_init(s3call); + if (creds == NULL) { + return NT_STATUS_NO_MEMORY; + } - DEBUG(5, ("wbsrv_samba3_check_machacc called\n")); + cli_credentials_set_conf(creds, service->task->lp_ctx); - ctx = wb_cmd_checkmachacc_send(s3call->call); - NT_STATUS_HAVE_NO_MEMORY(ctx); + /* Connect the machine account to the credentials */ + status = cli_credentials_set_machine_account(creds, service->task->lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(creds); + return status; + } - ctx->async.fn = checkmachacc_recv_creds; + ctx = wb_cmd_pam_auth_send(s3call, service, creds); + + if (!ctx) { + talloc_free(creds); + return NT_STATUS_NO_MEMORY; + } + + ctx->async.fn = check_machacc_recv; ctx->async.private_data = s3call; - s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; + s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; return NT_STATUS_OK; } - -static void checkmachacc_recv_creds(struct composite_context *ctx) + +static void check_machacc_recv(struct composite_context *ctx) { struct wbsrv_samba3_call *s3call = talloc_get_type(ctx->async.private_data, struct wbsrv_samba3_call); NTSTATUS status; - status = wb_cmd_checkmachacc_recv(ctx); + status = wb_cmd_pam_auth_recv(ctx); + + if (!NT_STATUS_IS_OK(status)) goto done; + done: wbsrv_samba3_async_auth_epilogue(status, s3call); } -#endif /* Find the name of a suitable domain controller, by query on the @@ -543,6 +572,7 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) struct composite_context *ctx; struct wbsrv_service *service = s3call->wbconn->listen_socket->service; + struct cli_credentials *credentials; char *user, *domain; if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx, @@ -551,8 +581,17 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) return NT_STATUS_NO_SUCH_USER; } - ctx = wb_cmd_pam_auth_send(s3call, service, domain, user, - s3call->request.data.auth.pass); + credentials = cli_credentials_init(s3call); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials, service->task->lp_ctx); + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + cli_credentials_set_username(credentials, user, CRED_SPECIFIED); + + cli_credentials_set_password(credentials, s3call->request.data.auth.pass, CRED_SPECIFIED); + + ctx = wb_cmd_pam_auth_send(s3call, service, credentials); NT_STATUS_HAVE_NO_MEMORY(ctx); ctx->async.fn = pam_auth_recv; @@ -681,6 +720,9 @@ static void list_users_recv(struct composite_context *ctx) if (NT_STATUS_IS_OK(status)) { s3call->response.extra_data.data = extra_data; s3call->response.length += extra_data_len; + if (extra_data) { + s3call->response.length += 1; + } } wbsrv_samba3_async_epilogue(status, s3call); |