diff options
-rw-r--r-- | source4/scripting/python/samba/provision.py | 7 | ||||
-rwxr-xr-x | source4/selftest/samba4_tests.sh | 2 | ||||
-rw-r--r-- | source4/selftest/target/Samba4.pm | 2 | ||||
-rw-r--r-- | source4/torture/winbind/struct_based.c | 3 | ||||
-rw-r--r-- | source4/winbind/wb_async_helpers.c | 67 | ||||
-rw-r--r-- | source4/winbind/wb_pam_auth.c | 19 | ||||
-rw-r--r-- | source4/winbind/wb_samba3_cmd.c | 80 | ||||
-rw-r--r-- | source4/winbind/wb_samba3_protocol.c | 3 |
8 files changed, 71 insertions, 112 deletions
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index a8d188e7a3..45965a2429 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -1166,6 +1166,7 @@ def provision_backend(setup_dir=None, message=None, "NETBIOSNAME": names.netbiosname, "DEFAULTSITE": DEFAULTSITE, "CONFIGDN": names.configdn, + "SERVERDN": names.serverdn }) setup_add_ldif(schemadb, setup_path("schema_samba4.ldif"), @@ -1241,9 +1242,9 @@ refint_attributes""" + refint_attributes + "\n"; setup_file(setup_path("modules.conf"), paths.modulesconf, {"REALM": names.realm}) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "user")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "config")) - setup_db_config(setup_path, file, os.path.join(paths.ldapdir, "schema")) + setup_db_config(setup_path, os.path.join(paths.ldapdir, "user")) + setup_db_config(setup_path, os.path.join(paths.ldapdir, "config")) + setup_db_config(setup_path, os.path.join(paths.ldapdir, "schema")) mapping = "schema-map-openldap-2.3" backend_schema = "backend-schema.schema" diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index ed5e46cf03..3a3e1f91b1 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -302,7 +302,7 @@ done WB_OPTS="--option=\"torture:strict mode=yes\"" WB_OPTS="${WB_OPTS} --option=\"torture:timelimit=1\"" -WB_OPTS="${WB_OPTS} --option=\"torture:winbindd separator=\\\\\"" +WB_OPTS="${WB_OPTS} --option=\"torture:winbindd separator=/\"" WB_OPTS="${WB_OPTS} --option=\"torture:winbindd private pipe dir=\$WINBINDD_PRIV_PIPE_DIR\"" WB_OPTS="${WB_OPTS} --option=\"torture:winbindd netbios name=\$SERVER\"" WB_OPTS="${WB_OPTS} --option=\"torture:winbindd netbios domain=\$DOMAIN\"" diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm index 552f6535af..069aff73cf 100644 --- a/source4/selftest/target/Samba4.pm +++ b/source4/selftest/target/Samba4.pm @@ -521,7 +521,7 @@ sub provision($$$$$$) my $ncalrpcdir = "$prefix_abs/ncalrpc"; my $lockdir = "$prefix_abs/lockdir"; my $winbindd_socket_dir = "$prefix_abs/winbind_socket"; - my $winbindd_priv_pipe_dir = "$piddir/smbd.tmp/winbind_pipe"; + my $winbindd_priv_pipe_dir = "$privatedir/smbd.tmp/winbind_pipe"; my $nsswrap_passwd = "$etcdir/passwd"; my $nsswrap_group = "$etcdir/group"; diff --git a/source4/torture/winbind/struct_based.c b/source4/torture/winbind/struct_based.c index 0fe2148b75..51ac0e622a 100644 --- a/source4/torture/winbind/struct_based.c +++ b/source4/torture/winbind/struct_based.c @@ -181,7 +181,8 @@ static bool torture_winbind_struct_netbios_name(struct torture_context *torture) expected = torture_setting_string(torture, "winbindd netbios name", lp_netbios_name(torture->lp_ctx)); - + expected = strupper_talloc(torture, expected); + torture_assert_str_equal(torture, rep.data.netbios_name, expected, "winbindd's netbios name doesn't match"); diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c index 662dd111dd..25d52a16b5 100644 --- a/source4/winbind/wb_async_helpers.c +++ b/source4/winbind/wb_async_helpers.c @@ -305,73 +305,6 @@ NTSTATUS wb_lsa_lookupnames_recv(struct composite_context *c, talloc_free(c); return status; } - - -#if 0 - -struct cmd_checkmachacc_state { - struct composite_context *ctx; - struct wbsrv_call *call; - struct wbsrv_domain *domain; -}; - -static void cmd_checkmachacc_recv_init(struct composite_context *ctx); - - struct composite_context *wb_cmd_checkmachacc_send(struct wbsrv_call *call) -{ - struct composite_context *result, *ctx; - struct cmd_checkmachacc_state *state; - struct wbsrv_service *service = call->wbconn->listen_socket->service; - - result = composite_create(mem_ctx, call->event_ctx; - if (result == NULL) goto failed; - - state = talloc(result, struct cmd_checkmachacc_state); - if (state == NULL) goto failed; - state->ctx = result; - result->private_data = state; - state->call = call; - - state->domain = service->domains; - - ctx = wb_init_domain_send(service, state->domain); - if (ctx == NULL) goto failed; - ctx->async.fn = cmd_checkmachacc_recv_init; - ctx->async.private_data = state; - - return result; - - failed: - talloc_free(result); - return NULL; -} - -static void cmd_checkmachacc_recv_init(struct composite_context *ctx) -{ - struct cmd_checkmachacc_state *state = - talloc_get_type(ctx->async.private_data, - struct cmd_checkmachacc_state); - - state->ctx->status = wb_init_domain_recv(ctx); - if (!composite_is_ok(state->ctx)) return; - - composite_done(state->ctx); -} - - NTSTATUS wb_cmd_checkmachacc_recv(struct composite_context *c) -{ - NTSTATUS status = composite_wait(c); - talloc_free(c); - return status; -} - - NTSTATUS wb_cmd_checkmachacc(struct wbsrv_call *call) -{ - struct composite_context *c = wb_cmd_checkmachacc_send(call); - return wb_cmd_checkmachacc_recv(c); -} -#endif - struct samr_getuserdomgroups_state { struct composite_context *ctx; struct dcerpc_pipe *samr_pipe; diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c index 62744297c6..ee54bcd58f 100644 --- a/source4/winbind/wb_pam_auth.c +++ b/source4/winbind/wb_pam_auth.c @@ -214,14 +214,11 @@ NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c, struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, struct wbsrv_service *service, - const char *domain, - const char *user, - const char *password) + struct cli_credentials *credentials) { - struct cli_credentials *credentials; const char *workstation; NTSTATUS status; - + const char *user, *domain; DATA_BLOB chal, nt_resp, lm_resp, names_blob; int flags = CLI_CRED_NTLM_AUTH; if (lp_client_lanman_auth(service->task->lp_ctx)) { @@ -234,16 +231,6 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, DEBUG(5, ("wbsrv_samba3_pam_auth called\n")); - credentials = cli_credentials_init(mem_ctx); - if (!credentials) { - return NULL; - } - cli_credentials_set_conf(credentials, service->task->lp_ctx); - cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); - cli_credentials_set_username(credentials, user, CRED_SPECIFIED); - - cli_credentials_set_password(credentials, password, CRED_SPECIFIED); - chal = data_blob_talloc(mem_ctx, NULL, 8); if (!chal.data) { return NULL; @@ -269,7 +256,7 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, return NULL; } return wb_cmd_pam_auth_crap_send(mem_ctx, service, - 0 /* logon parameters */, + MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT|MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT /* logon parameters */, domain, user, workstation, chal, nt_resp, lm_resp); } diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index 24074700fc..8ae330df35 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -30,6 +30,8 @@ #include "librpc/gen_ndr/netlogon.h" #include "libcli/security/security.h" #include "auth/pam_errors.h" +#include "auth/credentials/credentials.h" +#include "smbd/service_task.h" /* Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors. @@ -110,10 +112,12 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call) NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call) { - s3call->response.result = WINBINDD_OK; - s3call->response.extra_data.data = - smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); - NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data); + char *path = smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET); + NT_STATUS_HAVE_NO_MEMORY(path); + s3call->response.result = WINBINDD_OK; + s3call->response.extra_data.data = path; + + s3call->response.length += strlen(path) + 1; return NT_STATUS_OK; } @@ -123,41 +127,67 @@ NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call) return NT_STATUS_OK; } -#if 0 -/* - Validate that we have a working pipe to the domain controller. - Return any NT error found in the process +/* Plaintext authentication + + This interface is used by ntlm_auth in it's 'basic' authentication + mode, as well as by pam_winbind to authenticate users where we are + given a plaintext password. */ -static void checkmachacc_recv_creds(struct composite_context *ctx); +static void check_machacc_recv(struct composite_context *ctx); NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call) { + NTSTATUS status; + struct cli_credentials *creds; struct composite_context *ctx; + struct wbsrv_service *service = + s3call->wbconn->listen_socket->service; + + /* Create a credentials structure */ + creds = cli_credentials_init(s3call); + if (creds == NULL) { + return NT_STATUS_NO_MEMORY; + } - DEBUG(5, ("wbsrv_samba3_check_machacc called\n")); + cli_credentials_set_event_context(creds, service->task->event_ctx); - ctx = wb_cmd_checkmachacc_send(s3call->call); - NT_STATUS_HAVE_NO_MEMORY(ctx); + cli_credentials_set_conf(creds, service->task->lp_ctx); + + /* Connect the machine account to the credentials */ + status = cli_credentials_set_machine_account(creds, service->task->lp_ctx); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(creds); + return status; + } + + ctx = wb_cmd_pam_auth_send(s3call, service, creds); + + if (!ctx) { + talloc_free(creds); + return NT_STATUS_NO_MEMORY; + } - ctx->async.fn = checkmachacc_recv_creds; + ctx->async.fn = check_machacc_recv; ctx->async.private_data = s3call; - s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; + s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC; return NT_STATUS_OK; } - -static void checkmachacc_recv_creds(struct composite_context *ctx) + +static void check_machacc_recv(struct composite_context *ctx) { struct wbsrv_samba3_call *s3call = talloc_get_type(ctx->async.private_data, struct wbsrv_samba3_call); NTSTATUS status; - status = wb_cmd_checkmachacc_recv(ctx); + status = wb_cmd_pam_auth_recv(ctx); + + if (!NT_STATUS_IS_OK(status)) goto done; + done: wbsrv_samba3_async_auth_epilogue(status, s3call); } -#endif /* Find the name of a suitable domain controller, by query on the @@ -543,6 +573,7 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) struct composite_context *ctx; struct wbsrv_service *service = s3call->wbconn->listen_socket->service; + struct cli_credentials *credentials; char *user, *domain; if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx, @@ -551,8 +582,17 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call) return NT_STATUS_NO_SUCH_USER; } - ctx = wb_cmd_pam_auth_send(s3call, service, domain, user, - s3call->request.data.auth.pass); + credentials = cli_credentials_init(s3call); + if (!credentials) { + return NT_STATUS_NO_MEMORY; + } + cli_credentials_set_conf(credentials, service->task->lp_ctx); + cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED); + cli_credentials_set_username(credentials, user, CRED_SPECIFIED); + + cli_credentials_set_password(credentials, s3call->request.data.auth.pass, CRED_SPECIFIED); + + ctx = wb_cmd_pam_auth_send(s3call, service, credentials); NT_STATUS_HAVE_NO_MEMORY(ctx); ctx->async.fn = pam_auth_recv; diff --git a/source4/winbind/wb_samba3_protocol.c b/source4/winbind/wb_samba3_protocol.c index b252273cb6..3b97dff276 100644 --- a/source4/winbind/wb_samba3_protocol.c +++ b/source4/winbind/wb_samba3_protocol.c @@ -78,10 +78,8 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call) case WINBINDD_INTERFACE_VERSION: return wbsrv_samba3_interface_version(s3call); -#if 0 case WINBINDD_CHECK_MACHACC: return wbsrv_samba3_check_machacc(s3call); -#endif case WINBINDD_PING: return wbsrv_samba3_ping(s3call); @@ -187,7 +185,6 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call) case WINBINDD_SET_MAPPING: case WINBINDD_SET_HWM: case WINBINDD_DUMP_MAPS: - case WINBINDD_CHECK_MACHACC: case WINBINDD_DOMAIN_INFO: case WINBINDD_SHOW_SEQUENCE: case WINBINDD_WINS_BYIP: |