summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in7
-rw-r--r--source3/nsswitch/winbindd_cm.c2
-rw-r--r--source3/nsswitch/winbindd_pam.c98
3 files changed, 62 insertions, 45 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index cc297c9207..122b55621a 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -425,16 +425,11 @@ WINBINDD_OBJ1 = \
nsswitch/winbindd_rpc.o \
nsswitch/winbindd_ads.o
-NECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ = \
- rpc_client/cli_netlogon.o rpc_client/cli_login.o \
- auth/auth_util.o
-
WINBINDD_OBJ = \
$(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \
$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
- $(GROUPDB_OBJ) $(PROFILE_OBJ) \
- $(NECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ)
+ $(GROUPDB_OBJ) $(PROFILE_OBJ)
WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \
passdb/secrets.o
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 31ab61a7de..013289ed13 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -684,7 +684,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
return result;
}
- result = cli_nt_setup_creds(conn.cli, trust_passwd);
+ result = new_cli_nt_setup_creds(conn.cli, trust_passwd);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0, ("error connecting to domain password server: %s\n",
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index b602ccf582..f168ce9e35 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -34,16 +34,24 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
int passlen;
unsigned char trust_passwd[16];
time_t last_change_time;
- auth_usersupplied_info *user_info;
uint32 smb_uid_low;
NET_USER_INFO_3 info3;
- NET_ID_INFO_CTR ctr;
struct cli_state *cli;
uchar chal[8];
+ TALLOC_CTX *mem_ctx;
+ DATA_BLOB lm_resp;
+ DATA_BLOB nt_resp;
+
+ extern pstring global_myname;
DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
state->request.data.auth.user));
+ if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
+ DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n"));
+ return WINBINDD_ERROR;
+ }
+
/* Parse domain and username */
if (!parse_domain_user(state->request.data.auth.user, name_domain,
@@ -52,13 +60,20 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
passlen = strlen(state->request.data.auth.pass);
- if (state->request.data.auth.pass[0])
- make_user_info_winbind(&user_info,
- name_user, name_domain,
- state->request.data.auth.pass,
- chal);
- else
+ if (!*state->request.data.auth.pass) {
return WINBINDD_ERROR;
+ } else {
+ unsigned char local_lm_response[24];
+ unsigned char local_nt_response[24];
+
+ generate_random_buffer(chal, 8, False);
+ SMBencrypt( (const uchar *)state->request.data.auth.pass, chal, local_lm_response);
+
+ SMBNTencrypt((const uchar *)state->request.data.auth.pass, chal, local_nt_response);
+
+ lm_resp = data_blob(local_lm_response, sizeof(local_lm_response));
+ nt_resp = data_blob(local_nt_response, sizeof(local_nt_response));
+ }
/*
* Get the machine account password for our primary domain
@@ -84,14 +99,20 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
goto done;
}
- result = cli_nt_login_network(cli, user_info, chal, smb_uid_low,
- &ctr, &info3);
+ result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+ name_user, name_domain,
+ global_myname, chal,
+ lm_resp, nt_resp,
+ &info3);
+
+done:
+ data_blob_free(&lm_resp);
+ data_blob_free(&nt_resp);
- free_user_info(&user_info);
+ cli_shutdown(cli);
- cli_shutdown(cli);
-
- done:
+ talloc_destroy(mem_ctx);
+
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
@@ -103,29 +124,31 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
fstring name_domain, name_user;
unsigned char trust_passwd[16];
time_t last_change_time;
-
- auth_usersupplied_info *user_info;
- uint32 smb_uid_low;
NET_USER_INFO_3 info3;
- NET_ID_INFO_CTR ctr;
struct cli_state *cli;
+ TALLOC_CTX *mem_ctx;
+
+ DATA_BLOB lm_resp, nt_resp;
+
+ extern pstring global_myname;
DEBUG(3, ("[%5d]: pam auth crap %s\n", state->pid,
state->request.data.auth_crap.user));
- /* Parse domain and username */
+ if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
+ DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
+ return WINBINDD_ERROR;
+ }
+ /* Parse domain and username */
if (!parse_domain_user(state->request.data.auth_crap.user, name_domain,
- name_user))
+ name_user))
return WINBINDD_ERROR;
-
- make_user_info_winbind_crap(
- &user_info, name_user,
- name_domain,
- (uchar *)state->request.data.auth_crap.lm_resp,
- state->request.data.auth_crap.lm_resp_len,
- (uchar *)state->request.data.auth_crap.nt_resp,
- state->request.data.auth_crap.nt_resp_len);
+
+
+
+ lm_resp = data_blob(state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len);
+ nt_resp = data_blob(state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len);
/*
* Get the machine account password for our primary domain
@@ -138,10 +161,6 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
return WINBINDD_ERROR;
}
- /* We really don't care what LUID we give the user. */
-
- generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False);
-
ZERO_STRUCT(info3);
result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
@@ -151,14 +170,17 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
goto done;
}
- result = cli_nt_login_network(cli, user_info, state->request.data.auth_crap.chal,
- smb_uid_low, &ctr, &info3);
-
- free_user_info(&user_info);
+ result = cli_netlogon_sam_network_logon(cli, mem_ctx,
+ name_user, name_domain,
+ global_myname, state->request.data.auth_crap.chal,
+ lm_resp, nt_resp,
+ &info3);
+
+done:
+ talloc_destroy(mem_ctx);
- cli_shutdown(cli);
+ cli_shutdown(cli);
- done:
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}