diff options
| -rw-r--r-- | source3/auth/check_samsec.c | 37 | ||||
| -rw-r--r-- | source3/include/proto.h | 4 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 29 |
3 files changed, 46 insertions, 24 deletions
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index df5dc31b9c..46e05aa0c2 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -509,3 +509,40 @@ done: data_blob_free(&lm_sess_key); return nt_status; } + +/* This helper function for winbindd returns a very similar value to + * what a NETLOGON call would give, without the indirection */ +NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + struct netr_SamInfo3 **pinfo3) +{ + struct auth_serversupplied_info *server_info = NULL; + struct netr_SamInfo3 *info3; + NTSTATUS status; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NT_STATUS_NO_MEMORY; + } + status = check_sam_security(challenge, tmp_ctx, user_info, &server_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("check_sam_security failed: %s\n", + nt_errstr(status))); + return status; + } + + info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3); + if (info3 == NULL) { + talloc_free(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + + status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n", + nt_errstr(status))); + return status; + } + *pinfo3 = info3; + return NT_STATUS_OK; +} diff --git a/source3/include/proto.h b/source3/include/proto.h index 02faf880ec..0a417ab043 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -66,6 +66,10 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info); +NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + struct netr_SamInfo3 **pinfo3); NTSTATUS auth_sam_init(void); /* The following definitions come from auth/auth_server.c */ diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index e2c1d0d1b9..be3b2a5c77 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1133,8 +1133,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx, struct netr_SamInfo3 **pinfo3) { struct auth_usersupplied_info *user_info = NULL; - struct auth_serversupplied_info *server_info = NULL; - struct netr_SamInfo3 *info3; NTSTATUS status; status = make_user_info(&user_info, user, user, domain, domain, @@ -1145,30 +1143,13 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx, return status; } - status = check_sam_security(challenge, talloc_tos(), user_info, - &server_info); - free_user_info(&user_info); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("check_ntlm_password failed: %s\n", - nt_errstr(status))); - return status; - } - - info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3); - if (info3 == NULL) { - return NT_STATUS_NO_MEMORY; - } - - status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n", - nt_errstr(status))); - return status; - } + /* We don't want any more mapping of the username */ + user_info->mapped_state = True; + status = check_sam_security_info3(challenge, talloc_tos(), user_info, + pinfo3); + free_user_info(&user_info); DEBUG(10, ("Authenticated user %s\\%s successfully\n", domain, user)); - *pinfo3 = info3; return NT_STATUS_OK; } |