summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth.c91
-rw-r--r--source3/auth/auth_winbind.c16
2 files changed, 65 insertions, 42 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 71e9ab0428..09e8f5e722 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -334,6 +334,52 @@ static NTSTATUS make_auth_context(struct auth_context **auth_context)
return NT_STATUS_OK;
}
+BOOL load_auth_module(struct auth_context *auth_context,
+ const char *module, auth_methods **ret)
+{
+ static BOOL initialised_static_modules = False;
+
+ struct auth_init_function_entry *entry;
+ char *module_name = smb_xstrdup(module);
+ char *module_params = NULL;
+ char *p;
+ BOOL good = False;
+
+ /* Initialise static modules if not done so yet */
+ if(!initialised_static_modules) {
+ static_init_auth;
+ initialised_static_modules = True;
+ }
+
+ DEBUG(5,("load_auth_module: Attempting to find an auth method to match %s\n",
+ module));
+
+ p = strchr(module_name, ':');
+ if (p) {
+ *p = 0;
+ module_params = p+1;
+ trim_string(module_params, " ", " ");
+ }
+
+ trim_string(module_name, " ", " ");
+
+ entry = auth_find_backend_entry(module_name);
+
+ if(!(entry = auth_find_backend_entry(module_name)) && !smb_probe_module("auth", module_name) &&
+ !(entry = auth_find_backend_entry(module_name))) {
+ DEBUG(0,("load_auth_module: can't find auth method %s!\n", module_name));
+ } else if (!NT_STATUS_IS_OK(entry->init(auth_context, module_params, ret))) {
+ DEBUG(0,("load_auth_module: auth method %s did not correctly init\n",
+ module));
+ } else {
+ DEBUG(5,("load_auth_module: auth method %s has a valid init\n",
+ module));
+ good = True;
+ }
+ SAFE_FREE(module_name);
+ return good;
+}
+
/***************************************************************************
Make a auth_info struct for the auth subsystem
***************************************************************************/
@@ -344,7 +390,6 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
auth_methods *t = NULL;
auth_methods *tmp;
NTSTATUS nt_status;
- static BOOL initialised_static_modules = False;
if (!text_list) {
DEBUG(2,("make_auth_context_text_list: No auth method list!?\n"));
@@ -354,44 +399,10 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context)))
return nt_status;
- /* Initialise static modules if not done so yet */
- if(!initialised_static_modules) {
- static_init_auth;
- initialised_static_modules = True;
- }
-
for (;*text_list; text_list++) {
- struct auth_init_function_entry *entry;
- char *module_name = smb_xstrdup(*text_list);
- char *module_params = NULL;
- char *p;
-
- DEBUG(5,("make_auth_context_text_list: Attempting to find an auth method to match %s\n",
- *text_list));
-
- p = strchr(module_name, ':');
- if (p) {
- *p = 0;
- module_params = p+1;
- trim_string(module_params, " ", " ");
- }
-
- trim_string(module_name, " ", " ");
-
- entry = auth_find_backend_entry(module_name);
-
- if(!(entry = auth_find_backend_entry(module_name)) && !smb_probe_module("auth", module_name) &&
- !(entry = auth_find_backend_entry(module_name))) {
- DEBUG(0,("make_auth_context_text_list: can't find auth method %s!\n", module_name));
- } else if (!NT_STATUS_IS_OK(entry->init(*auth_context, module_params, &t))) {
- DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n",
- *text_list));
- } else {
- DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n",
- *text_list));
- DLIST_ADD_END(list, t, tmp);
- }
- SAFE_FREE(module_name);
+ if (load_auth_module(*auth_context, *text_list, &t)) {
+ DLIST_ADD_END(list, t, tmp);
+ }
}
(*auth_context)->auth_method_list = list;
@@ -417,7 +428,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
{
case SEC_DOMAIN:
DEBUG(5,("Making default auth method list for security=domain\n"));
- auth_method_list = str_list_make("guest sam winbind ntdomain", NULL);
+ auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL);
break;
case SEC_SERVER:
DEBUG(5,("Making default auth method list for security=server\n"));
@@ -443,7 +454,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
break;
case SEC_ADS:
DEBUG(5,("Making default auth method list for security=ADS\n"));
- auth_method_list = str_list_make("guest sam winbind ntdomain", NULL);
+ auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL);
break;
default:
DEBUG(5,("Unknown auth method!\n"));
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index e2a292dd01..df08b6440a 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -103,6 +103,11 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+ if (result == NSS_STATUS_UNAVAIL) {
+ struct auth_methods *auth_method = my_private_data;
+ return auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
+ }
+
nt_status = NT_STATUS(response.data.auth.nt_status);
if (result == NSS_STATUS_SUCCESS && response.extra_data) {
@@ -127,11 +132,18 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
/* module initialisation */
NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method))
- return NT_STATUS_NO_MEMORY;
(*auth_method)->name = "winbind";
(*auth_method)->auth = check_winbind_security;
+
+ if (param && *param) {
+ /* we load the 'fallback' module - if winbind isn't here, call this
+ module */
+ if (!load_auth_module(auth_context, param, &(*auth_method)->private_data)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ }
return NT_STATUS_OK;
}