summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/wbinfo.c32
-rw-r--r--source3/nsswitch/winbindd_nss.h1
-rw-r--r--source3/nsswitch/winbindd_pam.c31
3 files changed, 34 insertions, 30 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index a0fdd033d7..7a1aee44cd 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -422,6 +422,7 @@ static BOOL wbinfo_auth(char *username)
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
+ fstring name_user, name_domain;
char *p;
/* Send off request */
@@ -433,11 +434,16 @@ static BOOL wbinfo_auth(char *username)
if (p) {
*p = 0;
- fstrcpy(request.data.auth.user, username);
fstrcpy(request.data.auth.pass, p + 1);
- *p = '%';
- } else
- fstrcpy(request.data.auth.user, username);
+ }
+
+ parse_wbinfo_domain_user(username, name_domain, name_user);
+
+ if (p)
+ *p = '%';
+
+ fstrcpy(request.data.auth.user, name_user);
+ fstrcpy(request.data.auth.domain, name_domain);
result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
@@ -446,9 +452,10 @@ static BOOL wbinfo_auth(char *username)
d_printf("plaintext password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
- d_printf("error code was %s (0x%x)\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status);
+ if (response.data.auth.nt_status)
+ d_printf("error code was %s (0x%x)\n",
+ response.data.auth.nt_status_string,
+ response.data.auth.nt_status);
return result == NSS_STATUS_SUCCESS;
}
@@ -479,8 +486,10 @@ static BOOL wbinfo_auth_crap(char *username)
parse_wbinfo_domain_user(username, name_domain, name_user);
- fstrcpy(request.data.auth_crap.user, name_user);
+ if (p)
+ *p = '%';
+ fstrcpy(request.data.auth_crap.user, name_user);
fstrcpy(request.data.auth_crap.domain, name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8, False);
@@ -500,9 +509,10 @@ static BOOL wbinfo_auth_crap(char *username)
d_printf("challenge/response password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
- d_printf("error code was %s (0x%x)\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status);
+ if (response.data.auth.nt_status)
+ d_printf("error code was %s (0x%x)\n",
+ response.data.auth.nt_status_string,
+ response.data.auth.nt_status);
return result == NSS_STATUS_SUCCESS;
}
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 9eea94e7c0..21081cb09c 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -128,6 +128,7 @@ struct winbindd_request {
gid_t gid; /* getgrgid, gid_to_sid */
struct {
fstring user;
+ fstring domain;
fstring pass;
} auth; /* pam_winbind auth module */
struct {
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 3e7a8ad971..c3ab6615f6 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -57,7 +57,6 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
{
NTSTATUS result;
- fstring name_domain, name_user;
unsigned char trust_passwd[16];
time_t last_change_time;
uint32 smb_uid_low;
@@ -76,8 +75,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
/* Ensure null termination */
state->request.data.auth.pass[sizeof(state->request.data.auth.pass)-1]='\0';
- DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
- state->request.data.auth.user));
+ DEBUG(3, ("[%5d]: pam auth domain: %s user: %s\n", state->pid,
+ state->request.data.auth.domain, state->request.data.auth.user));
if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n"));
@@ -87,13 +86,6 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
/* Parse domain and username */
- if (!parse_domain_user(state->request.data.auth.user, name_domain,
- name_user)) {
- DEBUG(5,("no domain separator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user));
- result = NT_STATUS_INVALID_PARAMETER;
- goto done;
- }
-
{
unsigned char local_lm_response[24];
unsigned char local_nt_response[24];
@@ -133,11 +125,10 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
goto done;
}
- result = cli_netlogon_sam_network_logon(cli, mem_ctx,
- name_user, name_domain,
- global_myname, chal,
- lm_resp, nt_resp,
- &info3);
+ result = cli_netlogon_sam_network_logon(
+ cli, mem_ctx, state->request.data.auth.user,
+ state->request.data.auth.domain,
+ global_myname, chal, lm_resp, nt_resp, &info3);
uni_group_cache_store_netlogon(mem_ctx, &info3);
done:
@@ -147,10 +138,12 @@ done:
fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
state->response.data.auth.pam_error = nt_status_to_pam(result);
- DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n",
- state->request.data.auth.user,
- state->response.data.auth.nt_status_string,
- state->response.data.auth.pam_error));
+ DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
+ ("Plain-text authentication for user %s/%s returned %s (PAM: %d)\n",
+ state->request.data.auth.domain,
+ state->request.data.auth.user,
+ state->response.data.auth.nt_status_string,
+ state->response.data.auth.pam_error));
if (mem_ctx)
talloc_destroy(mem_ctx);