summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/winbindd/winbindd_pam.c48
1 files changed, 27 insertions, 21 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index dedab00f1c..456e47b5ae 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1250,8 +1250,11 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
return result;
}
-static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
- struct winbindd_cli_state *state,
+static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ const char *user,
+ const char *pass,
+ uint32_t request_flags,
struct netr_SamInfo3 **info3)
{
@@ -1269,7 +1272,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
/* Parse domain and username */
- parse_domain_user(state->request->data.auth.user, name_domain, name_user);
+ parse_domain_user(user, name_domain, name_user);
/* do password magic */
@@ -1284,10 +1287,11 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
machine. The 'server name' must match the
'workstation' passed to the actual SamLogon call.
*/
- names_blob = NTLMv2_generate_names_blob(state->mem_ctx, global_myname(), lp_workgroup());
+ names_blob = NTLMv2_generate_names_blob(
+ mem_ctx, global_myname(), lp_workgroup());
- if (!SMBNTLMv2encrypt(state->mem_ctx, name_user, name_domain,
- state->request->data.auth.pass,
+ if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain,
+ pass,
&server_chal,
&names_blob,
&lm_resp, &nt_resp, NULL, NULL)) {
@@ -1299,12 +1303,9 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
data_blob_free(&names_blob);
} else {
lm_resp = data_blob_null;
- SMBNTencrypt(state->request->data.auth.pass,
- chal,
- local_nt_response);
+ SMBNTencrypt(pass, chal, local_nt_response);
- nt_resp = data_blob_talloc(state->mem_ctx,
- local_nt_response,
+ nt_resp = data_blob_talloc(mem_ctx, local_nt_response,
sizeof(local_nt_response));
}
@@ -1312,7 +1313,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
DATA_BLOB chal_blob = data_blob_const(chal, sizeof(chal));
result = winbindd_dual_auth_passdb(
- state->mem_ctx, name_domain, name_user,
+ mem_ctx, name_domain, name_user,
&chal_blob, &lm_resp, &nt_resp, info3);
goto done;
}
@@ -1320,7 +1321,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
/* check authentication loop */
result = winbind_samlogon_retry_loop(domain,
- state->mem_ctx,
+ mem_ctx,
0,
domain->dcname,
name_user,
@@ -1338,7 +1339,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
* the samlogon reply info3. When accurate info3 is required by the
* caller, we look up the account flags ourselve - gd */
- if ((state->request->flags & WBFLAG_PAM_INFO3_TEXT) &&
+ if ((request_flags & WBFLAG_PAM_INFO3_TEXT) &&
NT_STATUS_IS_OK(result) && (my_info3->base.acct_flags == 0)) {
struct rpc_pipe_client *samr_pipe;
@@ -1347,7 +1348,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
NTSTATUS status_tmp;
uint32 acct_flags;
- status_tmp = cm_connect_sam(domain, state->mem_ctx,
+ status_tmp = cm_connect_sam(domain, mem_ctx,
&samr_pipe, &samr_domain_handle);
if (!NT_STATUS_IS_OK(status_tmp)) {
@@ -1356,7 +1357,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
goto done;
}
- status_tmp = rpccli_samr_OpenUser(samr_pipe, state->mem_ctx,
+ status_tmp = rpccli_samr_OpenUser(samr_pipe, mem_ctx,
&samr_domain_handle,
MAXIMUM_ALLOWED_ACCESS,
my_info3->base.rid,
@@ -1368,7 +1369,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
goto done;
}
- status_tmp = rpccli_samr_QueryUserInfo(samr_pipe, state->mem_ctx,
+ status_tmp = rpccli_samr_QueryUserInfo(samr_pipe, mem_ctx,
&user_pol,
16,
&info);
@@ -1376,14 +1377,14 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(status_tmp)) {
DEBUG(3, ("could not query user info on SAMR pipe: %s\n",
nt_errstr(status_tmp)));
- rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
+ rpccli_samr_Close(samr_pipe, mem_ctx, &user_pol);
goto done;
}
acct_flags = info->info16.acct_flags;
if (acct_flags == 0) {
- rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
+ rpccli_samr_Close(samr_pipe, mem_ctx, &user_pol);
goto done;
}
@@ -1391,7 +1392,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
DEBUG(10,("successfully retrieved acct_flags 0x%x\n", acct_flags));
- rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
+ rpccli_samr_Close(samr_pipe, mem_ctx, &user_pol);
}
*info3 = my_info3;
@@ -1512,7 +1513,12 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
sam_logon:
/* Check for Samlogon authentication */
if (domain->online) {
- result = winbindd_dual_pam_auth_samlogon(domain, state, &info3);
+ result = winbindd_dual_pam_auth_samlogon(
+ state->mem_ctx, domain,
+ state->request->data.auth.user,
+ state->request->data.auth.pass,
+ state->request->flags,
+ &info3);
if (NT_STATUS_IS_OK(result)) {
DEBUG(10,("winbindd_dual_pam_auth_samlogon succeeded\n"));