diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2008-04-15 22:08:49 +0200 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2008-04-15 22:08:49 +0200 |
commit | 038987543043346cdcd8a4b8fe2970cd1350a7a7 (patch) | |
tree | 63df88d6cc354bd766a4b9b3f36d3e43bf67872b /source4/winbind | |
parent | f01c377bc039b776ded213f455cdb79d682ae7b2 (diff) | |
parent | b708a3d1e7f8d98bc6cedad8d405b1434d32a22e (diff) | |
download | samba-038987543043346cdcd8a4b8fe2970cd1350a7a7.tar.gz samba-038987543043346cdcd8a4b8fe2970cd1350a7a7.tar.bz2 samba-038987543043346cdcd8a4b8fe2970cd1350a7a7.zip |
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into registry
(This used to be commit 70ebb22c3df178a26c26c0a25c5722ff9ccdb0b4)
Diffstat (limited to 'source4/winbind')
-rw-r--r-- | source4/winbind/config.mk | 36 | ||||
-rw-r--r-- | source4/winbind/idmap.c | 4 | ||||
-rw-r--r-- | source4/winbind/wb_async_helpers.c | 67 | ||||
-rw-r--r-- | source4/winbind/wb_pam_auth.c | 19 | ||||
-rw-r--r-- | source4/winbind/wb_samba3_cmd.c | 80 | ||||
-rw-r--r-- | source4/winbind/wb_samba3_protocol.c | 3 |
6 files changed, 83 insertions, 126 deletions
diff --git a/source4/winbind/config.mk b/source4/winbind/config.mk index 8c9b3f1225..3165fc2d21 100644 --- a/source4/winbind/config.mk +++ b/source4/winbind/config.mk @@ -6,7 +6,19 @@ INIT_FUNCTION = server_service_winbind_init SUBSYSTEM = service PRIVATE_PROTO_HEADER = wb_proto.h -OBJ_FILES = \ +PRIVATE_DEPENDENCIES = \ + WB_HELPER \ + IDMAP \ + NDR_WINBIND \ + process_model \ + RPC_NDR_LSA \ + dcerpc_samr \ + PAM_ERRORS \ + LIBCLI_LDAP +# End SUBSYSTEM WINBIND +####################### + +WINBIND_OBJ_FILES = $(addprefix winbind/, \ wb_server.o \ wb_irpc.o \ wb_samba3_protocol.o \ @@ -36,36 +48,24 @@ OBJ_FILES = \ wb_cmd_setpwent.o \ wb_cmd_getpwent.o \ wb_pam_auth.o \ - wb_sam_logon.o -PRIVATE_DEPENDENCIES = \ - WB_HELPER \ - IDMAP \ - NDR_WINBIND \ - process_model \ - RPC_NDR_LSA \ - dcerpc_samr \ - PAM_ERRORS \ - LIBCLI_LDAP -# End SUBSYSTEM WINBIND -####################### + wb_sam_logon.o) ################################################ # Start SUBYSTEM WB_HELPER [SUBSYSTEM::WB_HELPER] PRIVATE_PROTO_HEADER = wb_helper.h -OBJ_FILES = \ - wb_async_helpers.o \ - wb_utils.o PUBLIC_DEPENDENCIES = RPC_NDR_LSA dcerpc_samr # End SUBSYSTEM WB_HELPER ################################################ +WB_HELPER_OBJ_FILES = $(addprefix winbind/, wb_async_helpers.o wb_utils.o) + ################################################ # Start SUBYSTEM IDMAP [SUBSYSTEM::IDMAP] PRIVATE_PROTO_HEADER = idmap_proto.h -OBJ_FILES = \ - idmap.o PUBLIC_DEPENDENCIES = SAMDB_COMMON # End SUBSYSTEM IDMAP ################################################ + +IDMAP_OBJ_FILES = winbind/idmap.o diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c index 92ac41f1d2..0c729825db 100644 --- a/source4/winbind/idmap.c +++ b/source4/winbind/idmap.c @@ -654,7 +654,7 @@ NTSTATUS idmap_xids_to_sids(struct idmap_context *idmap_ctx, &id[i].sid); } if (!NT_STATUS_IS_OK(id[i].status)) { - DEBUG(1, ("idmapping failed for id[%d]\n", i)); + DEBUG(1, ("idmapping xid_to_sid failed for id[%d]\n", i)); error_count++; } } @@ -699,7 +699,7 @@ NTSTATUS idmap_sids_to_xids(struct idmap_context *idmap_ctx, &id[i].unixid); } if (!NT_STATUS_IS_OK(id[i].status)) { - DEBUG(1, ("idmapping failed for id[%d]\n", i)); + DEBUG(1, ("idmapping sid_to_xid failed for id[%d]\n", i)); error_count++; } } diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c index 662dd111dd..25d52a16b5 100644 --- a/source4/winbind/wb_async_helpers.c +++ b/source4/winbind/wb_async_helpers.c @@ -305,73 +305,6 @@ NTSTATUS wb_lsa_lookupnames_recv(struct composite_context *c, talloc_free(c); return status; } - - -#if 0 - -struct cmd_checkmachacc_state { - struct composite_context *ctx; - struct wbsrv_call *call; - struct wbsrv_domain *domain; -}; - -static void cmd_checkmachacc_recv_init(struct composite_context *ctx); - - struct composite_context *wb_cmd_checkmachacc_send(struct wbsrv_call *call) -{ - struct composite_context *result, *ctx; - struct cmd_checkmachacc_state *state; - struct wbsrv_service *service = call->wbconn->listen_socket->service; - - result = composite_create(mem_ctx, call->event_ctx; - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_checkmachacc_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - state->call = call; - - state->domain = service->domains; - - ctx = wb_init_domain_send(service, state->domain); - if (ctx == NULL) goto failed; - ctx->async.fn = cmd_checkmachacc_recv_init; - ctx->async.private_data = state; - - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void cmd_checkmachacc_recv_init(struct composite_context *ctx) -{ - struct cmd_checkmachacc_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_checkmachacc_state); - - state->ctx->status = wb_init_domain_recv(ctx); - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - - NTSTATUS wb_cmd_checkmachacc_recv(struct composite_context *c) -{ - NTSTATUS status = composite_wait(c); - talloc_free(c); - return status; -} - - NTSTATUS wb_cmd_checkmachacc(struct wbsrv_call *call) -{ - struct composite_context *c = wb_cmd_checkmachacc_send(call); - return wb_cmd_checkmachacc_recv(c); -} -#endif - struct samr_getuserdomgroups_state { struct composite_context *ctx; struct dcerpc_pipe *samr_pipe; diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c index 62744297c6..ee54bcd58f 100644 --- a/source4/winbind/wb_pam_auth.c +++ b/source4/winbind/wb_pam_auth.c @@ -214,14 +214,11 @@ NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c, struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, struct wbsrv_service *service, - const char *domain, - const char *user, - const char *password) + struct cli_credentials *credentials) { - struct cli_credentials *credentials; const char *workstation; NTSTATUS status; - + const char *user, *domain; DATA_BLOB chal, nt_resp, lm_resp, names_blob; int flags = CLI_CRED_NTLM_AUTH; if (lp_client_lanman_auth(service->task->lp_ctx)) { @@ -234,16 +231,6 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, DEBUG(5, ("wbsrv_samba3_pam_auth called\n")); - credentials = cli_credentials_init(mem_ctx); - if (!credentials) { - return NULL; - } - cli_credentials_set_conf(credentials, service->task->lp_ctx); - cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); - cli_credentials_set_username(credentials, user, CRED_SPECIFIED); - - cli_credentials_set_password(credentials, password, CRED_SPECIFIED); - chal = data_blob_talloc(mem_ctx, NULL, 8); if (!chal.data) { return NULL; @@ -269,7 +256,7 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, return NULL; } return wb_cmd_pam_auth_crap_send(mem_ctx, service, - 0 /* logon parameters */, + MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT|MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT /* logon parameters */, domain, user, workstation, chal, nt_resp, lm_resp); } diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index 24074700fc..8ae330df35 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -30,6 +30,8 @@ #include "librpc/gen_ndr/netlogon.h" #include "libcli/security/security.h" #include "auth/pam_errors.h" +#include "auth/credentials/credentials.h" +#include "smbd/service_task.h" /* Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors. @@ -110,10 +112,12 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call) NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call) { - s3call->response.result = WINBINDD_OK; - s3call->response.extra_data.data = - smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); - NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data); + char *path = smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); + NT_STATUS_HAVE_NO_MEMORY(path); + s3call->response.result = WINBINDD_OK; + s3call->response.extra_data.data = path; + + s3call->response.length += strlen(path) + 1; return NT_STATUS_OK; } @@ -123,41 +127,67 @@ NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call) return NT_STATUS_OK; } -#if 0 -/* - Validate that we have a working pipe to the domain controller. - Return any NT error found in the process +/* Plaintext authentication + + This interface is used by ntlm_auth in it's 'basic' authentication + mode, as well as by pam_winbind to authenticate users where we are + given a plaintext password. */ -static void checkmachacc_recv_creds(struct composite_context *ctx); +static void check_machacc_recv(struct composite_context *ctx); NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call) { + NTSTATUS status; + struct cli_credentials *creds; struct composite_context *ctx; + struct wbsrv_service *service = + s3call->wbconn->listen_socket->service; + + /* Create a credentials structure */ + creds = cli_credentials_init(s3call); + if (creds == NULL) { + return NT_STATUS_NO_MEMORY; + } - DEBUG(5, ("wbsrv_samba3_check_machacc called\n")); + cli_credentials_set_event_context(creds, service->task->event_ctx); - ctx = wb_cmd_checkmachacc_send(s3call->call); - NT_STATUS_HAVE_NO_MEMORY(ctx); + cli_credentials_set_conf(creds, service->task->lp_ctx); + + /* Connect the machine account to the credentials */ + status = cli_credentials_set_machine_account(creds, service->task->lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(creds); + return status; + } + + ctx = wb_cmd_pam_auth_send(s3call, service, creds); + + if (!ctx) { + talloc_free(creds); + return NT_STATUS_NO_MEMORY; + } - ctx->async.fn = checkmachacc_recv_creds; + ctx->async.fn = check_machacc_recv; ctx->async.private_data = s3call; - s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; + s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; return NT_STATUS_OK; } - -static void checkmachacc_recv_creds(struct composite_context *ctx) + +static void check_machacc_recv(struct composite_context *ctx) { struct wbsrv_samba3_call *s3call = talloc_get_type(ctx->async.private_data, struct wbsrv_samba3_call); NTSTATUS status; - status = wb_cmd_checkmachacc_recv(ctx); + status = wb_cmd_pam_auth_recv(ctx); + + if (!NT_STATUS_IS_OK(status)) goto done; + done: wbsrv_samba3_async_auth_epilogue(status, s3call); } -#endif /* Find the name of a suitable domain controller, by query on the @@ -543,6 +573,7 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) struct composite_context *ctx; struct wbsrv_service *service = s3call->wbconn->listen_socket->service; + struct cli_credentials *credentials; char *user, *domain; if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx, @@ -551,8 +582,17 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) return NT_STATUS_NO_SUCH_USER; } - ctx = wb_cmd_pam_auth_send(s3call, service, domain, user, - s3call->request.data.auth.pass); + credentials = cli_credentials_init(s3call); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials, service->task->lp_ctx); + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + cli_credentials_set_username(credentials, user, CRED_SPECIFIED); + + cli_credentials_set_password(credentials, s3call->request.data.auth.pass, CRED_SPECIFIED); + + ctx = wb_cmd_pam_auth_send(s3call, service, credentials); NT_STATUS_HAVE_NO_MEMORY(ctx); ctx->async.fn = pam_auth_recv; diff --git a/source4/winbind/wb_samba3_protocol.c b/source4/winbind/wb_samba3_protocol.c index b252273cb6..3b97dff276 100644 --- a/source4/winbind/wb_samba3_protocol.c +++ b/source4/winbind/wb_samba3_protocol.c @@ -78,10 +78,8 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call) case WINBINDD_INTERFACE_VERSION: return wbsrv_samba3_interface_version(s3call); -#if 0 case WINBINDD_CHECK_MACHACC: return wbsrv_samba3_check_machacc(s3call); -#endif case WINBINDD_PING: return wbsrv_samba3_ping(s3call); @@ -187,7 +185,6 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call) case WINBINDD_SET_MAPPING: case WINBINDD_SET_HWM: case WINBINDD_DUMP_MAPS: - case WINBINDD_CHECK_MACHACC: case WINBINDD_DOMAIN_INFO: case WINBINDD_SHOW_SEQUENCE: case WINBINDD_WINS_BYIP: |