diff options
-rw-r--r-- | source3/nsswitch/wbinfo.c | 32 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_nss.h | 1 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 31 |
3 files changed, 34 insertions, 30 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index a0fdd033d7..7a1aee44cd 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -422,6 +422,7 @@ static BOOL wbinfo_auth(char *username) struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; + fstring name_user, name_domain; char *p; /* Send off request */ @@ -433,11 +434,16 @@ static BOOL wbinfo_auth(char *username) if (p) { *p = 0; - fstrcpy(request.data.auth.user, username); fstrcpy(request.data.auth.pass, p + 1); - *p = '%'; - } else - fstrcpy(request.data.auth.user, username); + } + + parse_wbinfo_domain_user(username, name_domain, name_user); + + if (p) + *p = '%'; + + fstrcpy(request.data.auth.user, name_user); + fstrcpy(request.data.auth.domain, name_domain); result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response); @@ -446,9 +452,10 @@ static BOOL wbinfo_auth(char *username) d_printf("plaintext password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); + if (response.data.auth.nt_status) + d_printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; } @@ -479,8 +486,10 @@ static BOOL wbinfo_auth_crap(char *username) parse_wbinfo_domain_user(username, name_domain, name_user); - fstrcpy(request.data.auth_crap.user, name_user); + if (p) + *p = '%'; + fstrcpy(request.data.auth_crap.user, name_user); fstrcpy(request.data.auth_crap.domain, name_domain); generate_random_buffer(request.data.auth_crap.chal, 8, False); @@ -500,9 +509,10 @@ static BOOL wbinfo_auth_crap(char *username) d_printf("challenge/response password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); - d_printf("error code was %s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status); + if (response.data.auth.nt_status) + d_printf("error code was %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status); return result == NSS_STATUS_SUCCESS; } diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 9eea94e7c0..21081cb09c 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -128,6 +128,7 @@ struct winbindd_request { gid_t gid; /* getgrgid, gid_to_sid */ struct { fstring user; + fstring domain; fstring pass; } auth; /* pam_winbind auth module */ struct { diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 3e7a8ad971..c3ab6615f6 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -57,7 +57,6 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx, enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) { NTSTATUS result; - fstring name_domain, name_user; unsigned char trust_passwd[16]; time_t last_change_time; uint32 smb_uid_low; @@ -76,8 +75,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) /* Ensure null termination */ state->request.data.auth.pass[sizeof(state->request.data.auth.pass)-1]='\0'; - DEBUG(3, ("[%5d]: pam auth %s\n", state->pid, - state->request.data.auth.user)); + DEBUG(3, ("[%5d]: pam auth domain: %s user: %s\n", state->pid, + state->request.data.auth.domain, state->request.data.auth.user)); if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) { DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n")); @@ -87,13 +86,6 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) /* Parse domain and username */ - if (!parse_domain_user(state->request.data.auth.user, name_domain, - name_user)) { - DEBUG(5,("no domain separator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user)); - result = NT_STATUS_INVALID_PARAMETER; - goto done; - } - { unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; @@ -133,11 +125,10 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) goto done; } - result = cli_netlogon_sam_network_logon(cli, mem_ctx, - name_user, name_domain, - global_myname, chal, - lm_resp, nt_resp, - &info3); + result = cli_netlogon_sam_network_logon( + cli, mem_ctx, state->request.data.auth.user, + state->request.data.auth.domain, + global_myname, chal, lm_resp, nt_resp, &info3); uni_group_cache_store_netlogon(mem_ctx, &info3); done: @@ -147,10 +138,12 @@ done: fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); - DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n", - state->request.data.auth.user, - state->response.data.auth.nt_status_string, - state->response.data.auth.pam_error)); + DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, + ("Plain-text authentication for user %s/%s returned %s (PAM: %d)\n", + state->request.data.auth.domain, + state->request.data.auth.user, + state->response.data.auth.nt_status_string, + state->response.data.auth.pam_error)); if (mem_ctx) talloc_destroy(mem_ctx); |