summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/provision.py7
-rwxr-xr-xsource4/selftest/samba4_tests.sh2
-rw-r--r--source4/selftest/target/Samba4.pm2
-rw-r--r--source4/torture/winbind/struct_based.c3
-rw-r--r--source4/winbind/wb_async_helpers.c67
-rw-r--r--source4/winbind/wb_pam_auth.c19
-rw-r--r--source4/winbind/wb_samba3_cmd.c80
-rw-r--r--source4/winbind/wb_samba3_protocol.c3
8 files changed, 71 insertions, 112 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index a8d188e7a3..45965a2429 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1166,6 +1166,7 @@ def provision_backend(setup_dir=None, message=None,
"NETBIOSNAME": names.netbiosname,
"DEFAULTSITE": DEFAULTSITE,
"CONFIGDN": names.configdn,
+ "SERVERDN": names.serverdn
})
setup_add_ldif(schemadb, setup_path("schema_samba4.ldif"),
@@ -1241,9 +1242,9 @@ refint_attributes""" + refint_attributes + "\n";
setup_file(setup_path("modules.conf"), paths.modulesconf,
{"REALM": names.realm})
- setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "user"))
- setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "config"))
- setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "schema"))
+ setup_db_config(setup_path, os.path.join(paths.ldapdir, "user"))
+ setup_db_config(setup_path, os.path.join(paths.ldapdir, "config"))
+ setup_db_config(setup_path, os.path.join(paths.ldapdir, "schema"))
mapping = "schema-map-openldap-2.3"
backend_schema = "backend-schema.schema"
diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh
index ed5e46cf03..3a3e1f91b1 100755
--- a/source4/selftest/samba4_tests.sh
+++ b/source4/selftest/samba4_tests.sh
@@ -302,7 +302,7 @@ done
WB_OPTS="--option=\"torture:strict mode=yes\""
WB_OPTS="${WB_OPTS} --option=\"torture:timelimit=1\""
-WB_OPTS="${WB_OPTS} --option=\"torture:winbindd separator=\\\\\""
+WB_OPTS="${WB_OPTS} --option=\"torture:winbindd separator=/\""
WB_OPTS="${WB_OPTS} --option=\"torture:winbindd private pipe dir=\$WINBINDD_PRIV_PIPE_DIR\""
WB_OPTS="${WB_OPTS} --option=\"torture:winbindd netbios name=\$SERVER\""
WB_OPTS="${WB_OPTS} --option=\"torture:winbindd netbios domain=\$DOMAIN\""
diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm
index 552f6535af..069aff73cf 100644
--- a/source4/selftest/target/Samba4.pm
+++ b/source4/selftest/target/Samba4.pm
@@ -521,7 +521,7 @@ sub provision($$$$$$)
my $ncalrpcdir = "$prefix_abs/ncalrpc";
my $lockdir = "$prefix_abs/lockdir";
my $winbindd_socket_dir = "$prefix_abs/winbind_socket";
- my $winbindd_priv_pipe_dir = "$piddir/smbd.tmp/winbind_pipe";
+ my $winbindd_priv_pipe_dir = "$privatedir/smbd.tmp/winbind_pipe";
my $nsswrap_passwd = "$etcdir/passwd";
my $nsswrap_group = "$etcdir/group";
diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c
index 0fe2148b75..51ac0e622a 100644
--- a/source4/torture/winbind/struct_based.c
+++ b/source4/torture/winbind/struct_based.c
@@ -181,7 +181,8 @@ static bool torture_winbind_struct_netbios_name(struct torture_context *torture)
expected = torture_setting_string(torture,
"winbindd netbios name",
lp_netbios_name(torture->lp_ctx));
-
+ expected = strupper_talloc(torture, expected);
+
torture_assert_str_equal(torture,
rep.data.netbios_name, expected,
"winbindd's netbios name doesn't match");
diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c
index 662dd111dd..25d52a16b5 100644
--- a/source4/winbind/wb_async_helpers.c
+++ b/source4/winbind/wb_async_helpers.c
@@ -305,73 +305,6 @@ NTSTATUS wb_lsa_lookupnames_recv(struct composite_context *c,
talloc_free(c);
return status;
}
-
-
-#if 0
-
-struct cmd_checkmachacc_state {
- struct composite_context *ctx;
- struct wbsrv_call *call;
- struct wbsrv_domain *domain;
-};
-
-static void cmd_checkmachacc_recv_init(struct composite_context *ctx);
-
- struct composite_context *wb_cmd_checkmachacc_send(struct wbsrv_call *call)
-{
- struct composite_context *result, *ctx;
- struct cmd_checkmachacc_state *state;
- struct wbsrv_service *service = call->wbconn->listen_socket->service;
-
- result = composite_create(mem_ctx, call->event_ctx;
- if (result == NULL) goto failed;
-
- state = talloc(result, struct cmd_checkmachacc_state);
- if (state == NULL) goto failed;
- state->ctx = result;
- result->private_data = state;
- state->call = call;
-
- state->domain = service->domains;
-
- ctx = wb_init_domain_send(service, state->domain);
- if (ctx == NULL) goto failed;
- ctx->async.fn = cmd_checkmachacc_recv_init;
- ctx->async.private_data = state;
-
- return result;
-
- failed:
- talloc_free(result);
- return NULL;
-}
-
-static void cmd_checkmachacc_recv_init(struct composite_context *ctx)
-{
- struct cmd_checkmachacc_state *state =
- talloc_get_type(ctx->async.private_data,
- struct cmd_checkmachacc_state);
-
- state->ctx->status = wb_init_domain_recv(ctx);
- if (!composite_is_ok(state->ctx)) return;
-
- composite_done(state->ctx);
-}
-
- NTSTATUS wb_cmd_checkmachacc_recv(struct composite_context *c)
-{
- NTSTATUS status = composite_wait(c);
- talloc_free(c);
- return status;
-}
-
- NTSTATUS wb_cmd_checkmachacc(struct wbsrv_call *call)
-{
- struct composite_context *c = wb_cmd_checkmachacc_send(call);
- return wb_cmd_checkmachacc_recv(c);
-}
-#endif
-
struct samr_getuserdomgroups_state {
struct composite_context *ctx;
struct dcerpc_pipe *samr_pipe;
diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c
index 62744297c6..ee54bcd58f 100644
--- a/source4/winbind/wb_pam_auth.c
+++ b/source4/winbind/wb_pam_auth.c
@@ -214,14 +214,11 @@ NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c,
struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
struct wbsrv_service *service,
- const char *domain,
- const char *user,
- const char *password)
+ struct cli_credentials *credentials)
{
- struct cli_credentials *credentials;
const char *workstation;
NTSTATUS status;
-
+ const char *user, *domain;
DATA_BLOB chal, nt_resp, lm_resp, names_blob;
int flags = CLI_CRED_NTLM_AUTH;
if (lp_client_lanman_auth(service->task->lp_ctx)) {
@@ -234,16 +231,6 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
DEBUG(5, ("wbsrv_samba3_pam_auth called\n"));
- credentials = cli_credentials_init(mem_ctx);
- if (!credentials) {
- return NULL;
- }
- cli_credentials_set_conf(credentials, service->task->lp_ctx);
- cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
- cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
-
- cli_credentials_set_password(credentials, password, CRED_SPECIFIED);
-
chal = data_blob_talloc(mem_ctx, NULL, 8);
if (!chal.data) {
return NULL;
@@ -269,7 +256,7 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
return NULL;
}
return wb_cmd_pam_auth_crap_send(mem_ctx, service,
- 0 /* logon parameters */,
+ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT|MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT /* logon parameters */,
domain, user, workstation,
chal, nt_resp, lm_resp);
}
diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c
index 24074700fc..8ae330df35 100644
--- a/source4/winbind/wb_samba3_cmd.c
+++ b/source4/winbind/wb_samba3_cmd.c
@@ -30,6 +30,8 @@
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/security/security.h"
#include "auth/pam_errors.h"
+#include "auth/credentials/credentials.h"
+#include "smbd/service_task.h"
/*
Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors.
@@ -110,10 +112,12 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call)
NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
{
- s3call->response.result = WINBINDD_OK;
- s3call->response.extra_data.data =
- smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
- NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data);
+ char *path = smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
+ NT_STATUS_HAVE_NO_MEMORY(path);
+ s3call->response.result = WINBINDD_OK;
+ s3call->response.extra_data.data = path;
+
+ s3call->response.length += strlen(path) + 1;
return NT_STATUS_OK;
}
@@ -123,41 +127,67 @@ NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call)
return NT_STATUS_OK;
}
-#if 0
-/*
- Validate that we have a working pipe to the domain controller.
- Return any NT error found in the process
+/* Plaintext authentication
+
+ This interface is used by ntlm_auth in it's 'basic' authentication
+ mode, as well as by pam_winbind to authenticate users where we are
+ given a plaintext password.
*/
-static void checkmachacc_recv_creds(struct composite_context *ctx);
+static void check_machacc_recv(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call)
{
+ NTSTATUS status;
+ struct cli_credentials *creds;
struct composite_context *ctx;
+ struct wbsrv_service *service =
+ s3call->wbconn->listen_socket->service;
+
+ /* Create a credentials structure */
+ creds = cli_credentials_init(s3call);
+ if (creds == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- DEBUG(5, ("wbsrv_samba3_check_machacc called\n"));
+ cli_credentials_set_event_context(creds, service->task->event_ctx);
- ctx = wb_cmd_checkmachacc_send(s3call->call);
- NT_STATUS_HAVE_NO_MEMORY(ctx);
+ cli_credentials_set_conf(creds, service->task->lp_ctx);
+
+ /* Connect the machine account to the credentials */
+ status = cli_credentials_set_machine_account(creds, service->task->lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return status;
+ }
+
+ ctx = wb_cmd_pam_auth_send(s3call, service, creds);
+
+ if (!ctx) {
+ talloc_free(creds);
+ return NT_STATUS_NO_MEMORY;
+ }
- ctx->async.fn = checkmachacc_recv_creds;
+ ctx->async.fn = check_machacc_recv;
ctx->async.private_data = s3call;
- s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
+ s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
return NT_STATUS_OK;
}
-
-static void checkmachacc_recv_creds(struct composite_context *ctx)
+
+static void check_machacc_recv(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
NTSTATUS status;
- status = wb_cmd_checkmachacc_recv(ctx);
+ status = wb_cmd_pam_auth_recv(ctx);
+
+ if (!NT_STATUS_IS_OK(status)) goto done;
+ done:
wbsrv_samba3_async_auth_epilogue(status, s3call);
}
-#endif
/*
Find the name of a suitable domain controller, by query on the
@@ -543,6 +573,7 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
struct composite_context *ctx;
struct wbsrv_service *service =
s3call->wbconn->listen_socket->service;
+ struct cli_credentials *credentials;
char *user, *domain;
if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx,
@@ -551,8 +582,17 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
return NT_STATUS_NO_SUCH_USER;
}
- ctx = wb_cmd_pam_auth_send(s3call, service, domain, user,
- s3call->request.data.auth.pass);
+ credentials = cli_credentials_init(s3call);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials, service->task->lp_ctx);
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+
+ cli_credentials_set_password(credentials, s3call->request.data.auth.pass, CRED_SPECIFIED);
+
+ ctx = wb_cmd_pam_auth_send(s3call, service, credentials);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = pam_auth_recv;
diff --git a/source4/winbind/wb_samba3_protocol.c b/source4/winbind/wb_samba3_protocol.c
index b252273cb6..3b97dff276 100644
--- a/source4/winbind/wb_samba3_protocol.c
+++ b/source4/winbind/wb_samba3_protocol.c
@@ -78,10 +78,8 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call)
case WINBINDD_INTERFACE_VERSION:
return wbsrv_samba3_interface_version(s3call);
-#if 0
case WINBINDD_CHECK_MACHACC:
return wbsrv_samba3_check_machacc(s3call);
-#endif
case WINBINDD_PING:
return wbsrv_samba3_ping(s3call);
@@ -187,7 +185,6 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call)
case WINBINDD_SET_MAPPING:
case WINBINDD_SET_HWM:
case WINBINDD_DUMP_MAPS:
- case WINBINDD_CHECK_MACHACC:
case WINBINDD_DOMAIN_INFO:
case WINBINDD_SHOW_SEQUENCE:
case WINBINDD_WINS_BYIP: