r11411: Add to Samba4 the Samba3 patch I just posted for machine account

logins (changing the winbindd interface).

Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing
auth and other replies, such that all replies were having the auth
error strings set.  We now do a better job of filling in the right
errors in the right places.

Andrew Bartlett
(This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)

2 files changed, 46 insertions, 25 deletions

diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c
index 1316122eab..68cd5fc4b2 100644
--- a/source4/winbind/wb_pam_auth.c
+++ b/source4/winbind/wb_pam_auth.c
@@ -31,6 +31,7 @@
 struct pam_auth_crap_state {
 	struct composite_context *ctx;
 	struct event_context *event_ctx;
+	uint32_t logon_parameters;
 	const char *domain_name;
 	const char *user_name;
 	const char *workstation;
@@ -51,6 +52,7 @@ static struct composite_context *crap_samlogon_send_req(struct wbsrv_domain *dom
 static NTSTATUS crap_samlogon_recv_req(struct composite_context *ctx, void *p);
 
 struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call,
+						    uint32_t logon_parameters,
 						    const char *domain,
 						    const char *user,
 						    const char *workstation,
@@ -66,6 +68,8 @@ struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call,
 
 	state->event_ctx = call->event_ctx;
 
+	state->logon_parameters = logon_parameters;
+
 	state->domain_name = talloc_strdup(state, domain);
 	if (state->domain_name == NULL) goto failed;
 
@@ -112,7 +116,7 @@ static struct composite_context *crap_samlogon_send_req(struct wbsrv_domain *dom
 
 	state->ninfo.identity_info.account_name.string = state->user_name;
 	state->ninfo.identity_info.domain_name.string =  state->domain_name;
-	state->ninfo.identity_info.parameter_control = 0;
+	state->ninfo.identity_info.parameter_control = state->logon_parameters;
 	state->ninfo.identity_info.logon_id_low = 0;
 	state->ninfo.identity_info.logon_id_high = 0;
 	state->ninfo.identity_info.workstation.string = state->workstation;
@@ -242,6 +246,7 @@ NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c,
 }
 
 NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call,
+			      uint32_t logon_parameters,
 			      const char *domain, const char *user,
 			      const char *workstation,
 			      DATA_BLOB chal, DATA_BLOB nt_resp,
@@ -252,7 +257,8 @@ NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call,
 			      char **unix_username)
 {
 	struct composite_context *c =
-		wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+		wb_cmd_pam_auth_crap_send(call, logon_parameters, 
+					  domain, user, workstation,
 					  chal, nt_resp, lm_resp);
 	return wb_cmd_pam_auth_crap_recv(c, mem_ctx, info3, user_session_key,
 					 lm_key, unix_username);
@@ -314,7 +320,8 @@ struct composite_context *wb_cmd_pam_auth_send(struct wbsrv_call *call,
 	if (!NT_STATUS_IS_OK(status)) {
 		return NULL;
 	}
-	c = wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+	c = wb_cmd_pam_auth_crap_send(call, 0 /* logon parameters */, 
+				      domain, user, workstation,
 				      chal, nt_resp, lm_resp);
 	return c;
 }
diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c
index 7d0555ceeb..9f4adbdcd0 100644
--- a/source4/winbind/wb_samba3_cmd.c
+++ b/source4/winbind/wb_samba3_cmd.c
@@ -36,17 +36,38 @@
 #include "lib/events/events.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
 
-static void wbsrv_samba3_async_epilogue(NTSTATUS status,
-					struct wbsrv_samba3_call *s3call)
+static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status,
+					     struct wbsrv_samba3_call *s3call)
 {
+	struct winbindd_response *resp = &s3call->response;
 	if (!NT_STATUS_IS_OK(status)) {
-		struct winbindd_response *resp = &s3call->response;
 		resp->result = WINBINDD_ERROR;
 		WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
 					nt_errstr(status));
 		WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
-					nt_errstr(status));
-		resp->data.auth.pam_error = nt_status_to_pam(status);
+					get_friendly_nt_error_msg(status));
+	} else {
+		resp->result = WINBINDD_OK;
+	}
+
+	resp->data.auth.pam_error = nt_status_to_pam(status);
+	resp->data.auth.nt_status = NT_STATUS_V(status);
+
+	status = wbsrv_send_reply(s3call->call);
+	if (!NT_STATUS_IS_OK(status)) {
+		wbsrv_terminate_connection(s3call->call->wbconn,
+					   "wbsrv_queue_reply() failed");
+	}
+}
+
+static void wbsrv_samba3_async_epilogue(NTSTATUS status,
+					struct wbsrv_samba3_call *s3call)
+{
+	struct winbindd_response *resp = &s3call->response;
+	if (NT_STATUS_IS_OK(status)) {
+		resp->result = WINBINDD_OK;
+	} else {
+		resp->result = WINBINDD_ERROR;
 	}
 
 	status = wbsrv_send_reply(s3call->call);
@@ -129,8 +150,7 @@ static void checkmachacc_recv_creds(struct composite_context *ctx)
 
 	status = wb_cmd_checkmachacc_recv(ctx);
 
-	s3call->response.result = WINBINDD_OK;
-	wbsrv_samba3_async_epilogue(status, s3call);
+	wbsrv_samba3_async_auth_epilogue(status, s3call);
 }
 
 static void getdcname_recv_dc(struct composite_context *ctx);
@@ -404,20 +424,20 @@ static void pam_auth_crap_recv(struct composite_context *ctx);
 NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
 {
 	struct composite_context *ctx;
-
 	DATA_BLOB chal, nt_resp, lm_resp;
 
 	DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
 
-	chal.data      = s3call->request.data.auth_crap.chal;
-	chal.length    = sizeof(s3call->request.data.auth_crap.chal);
-	nt_resp.data   = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
-	nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
-	lm_resp.data   = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
-	lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
+	chal.data       = s3call->request.data.auth_crap.chal;
+	chal.length     = sizeof(s3call->request.data.auth_crap.chal);
+	nt_resp.data    = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
+	nt_resp.length  = s3call->request.data.auth_crap.nt_resp_len;
+	lm_resp.data    = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
+	lm_resp.length  = s3call->request.data.auth_crap.lm_resp_len;
 
 	ctx = wb_cmd_pam_auth_crap_send(
 		s3call->call, 
+		s3call->request.data.auth_crap.logon_parameters,
 		s3call->request.data.auth_crap.domain,
 		s3call->request.data.auth_crap.user,
 		s3call->request.data.auth_crap.workstation,
@@ -435,7 +455,6 @@ static void pam_auth_crap_recv(struct composite_context *ctx)
 	struct wbsrv_samba3_call *s3call =
 		talloc_get_type(ctx->async.private_data,
 				struct wbsrv_samba3_call);
-	struct winbindd_response *resp = &s3call->response;
 	NTSTATUS status;
 	DATA_BLOB info3;
 	struct netr_UserSessionKey user_session_key;
@@ -468,10 +487,8 @@ static void pam_auth_crap_recv(struct composite_context *ctx)
 		s3call->response.length += strlen(unix_username)+1;
 	}
 
-	resp->result = WINBINDD_OK;
-
  done:
-	wbsrv_samba3_async_epilogue(status, s3call);
+	wbsrv_samba3_async_auth_epilogue(status, s3call);
 }
 
 static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
@@ -520,17 +537,14 @@ static void pam_auth_recv(struct composite_context *ctx)
 	struct wbsrv_samba3_call *s3call =
 		talloc_get_type(ctx->async.private_data,
 				struct wbsrv_samba3_call);
-	struct winbindd_response *resp = &s3call->response;
 	NTSTATUS status;
 
 	status = wb_cmd_pam_auth_recv(ctx);
 
 	if (!NT_STATUS_IS_OK(status)) goto done;
 
-	resp->result = WINBINDD_OK;
-
  done:
-	wbsrv_samba3_async_epilogue(status, s3call);
+	wbsrv_samba3_async_auth_epilogue(status, s3call);
 }
 
 static void list_trustdom_recv_doms(struct composite_context *ctx);