diff options
-rw-r--r-- | source3/auth/auth.c | 91 | ||||
-rw-r--r-- | source3/auth/auth_winbind.c | 16 |
2 files changed, 65 insertions, 42 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 71e9ab0428..09e8f5e722 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -334,6 +334,52 @@ static NTSTATUS make_auth_context(struct auth_context **auth_context) return NT_STATUS_OK; } +BOOL load_auth_module(struct auth_context *auth_context, + const char *module, auth_methods **ret) +{ + static BOOL initialised_static_modules = False; + + struct auth_init_function_entry *entry; + char *module_name = smb_xstrdup(module); + char *module_params = NULL; + char *p; + BOOL good = False; + + /* Initialise static modules if not done so yet */ + if(!initialised_static_modules) { + static_init_auth; + initialised_static_modules = True; + } + + DEBUG(5,("load_auth_module: Attempting to find an auth method to match %s\n", + module)); + + p = strchr(module_name, ':'); + if (p) { + *p = 0; + module_params = p+1; + trim_string(module_params, " ", " "); + } + + trim_string(module_name, " ", " "); + + entry = auth_find_backend_entry(module_name); + + if(!(entry = auth_find_backend_entry(module_name)) && !smb_probe_module("auth", module_name) && + !(entry = auth_find_backend_entry(module_name))) { + DEBUG(0,("load_auth_module: can't find auth method %s!\n", module_name)); + } else if (!NT_STATUS_IS_OK(entry->init(auth_context, module_params, ret))) { + DEBUG(0,("load_auth_module: auth method %s did not correctly init\n", + module)); + } else { + DEBUG(5,("load_auth_module: auth method %s has a valid init\n", + module)); + good = True; + } + SAFE_FREE(module_name); + return good; +} + /*************************************************************************** Make a auth_info struct for the auth subsystem ***************************************************************************/ @@ -344,7 +390,6 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, auth_methods *t = NULL; auth_methods *tmp; NTSTATUS nt_status; - static BOOL initialised_static_modules = False; if (!text_list) { DEBUG(2,("make_auth_context_text_list: No auth method list!?\n")); @@ -354,44 +399,10 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context))) return nt_status; - /* Initialise static modules if not done so yet */ - if(!initialised_static_modules) { - static_init_auth; - initialised_static_modules = True; - } - for (;*text_list; text_list++) { - struct auth_init_function_entry *entry; - char *module_name = smb_xstrdup(*text_list); - char *module_params = NULL; - char *p; - - DEBUG(5,("make_auth_context_text_list: Attempting to find an auth method to match %s\n", - *text_list)); - - p = strchr(module_name, ':'); - if (p) { - *p = 0; - module_params = p+1; - trim_string(module_params, " ", " "); - } - - trim_string(module_name, " ", " "); - - entry = auth_find_backend_entry(module_name); - - if(!(entry = auth_find_backend_entry(module_name)) && !smb_probe_module("auth", module_name) && - !(entry = auth_find_backend_entry(module_name))) { - DEBUG(0,("make_auth_context_text_list: can't find auth method %s!\n", module_name)); - } else if (!NT_STATUS_IS_OK(entry->init(*auth_context, module_params, &t))) { - DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n", - *text_list)); - } else { - DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n", - *text_list)); - DLIST_ADD_END(list, t, tmp); - } - SAFE_FREE(module_name); + if (load_auth_module(*auth_context, *text_list, &t)) { + DLIST_ADD_END(list, t, tmp); + } } (*auth_context)->auth_method_list = list; @@ -417,7 +428,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) { case SEC_DOMAIN: DEBUG(5,("Making default auth method list for security=domain\n")); - auth_method_list = str_list_make("guest sam winbind ntdomain", NULL); + auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL); break; case SEC_SERVER: DEBUG(5,("Making default auth method list for security=server\n")); @@ -443,7 +454,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); - auth_method_list = str_list_make("guest sam winbind ntdomain", NULL); + auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL); break; default: DEBUG(5,("Unknown auth method!\n")); diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index e2a292dd01..df08b6440a 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -103,6 +103,11 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); + if (result == NSS_STATUS_UNAVAIL) { + struct auth_methods *auth_method = my_private_data; + return auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info); + } + nt_status = NT_STATUS(response.data.auth.nt_status); if (result == NSS_STATUS_SUCCESS && response.extra_data) { @@ -127,11 +132,18 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, /* module initialisation */ NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) - return NT_STATUS_NO_MEMORY; (*auth_method)->name = "winbind"; (*auth_method)->auth = check_winbind_security; + + if (param && *param) { + /* we load the 'fallback' module - if winbind isn't here, call this + module */ + if (!load_auth_module(auth_context, param, &(*auth_method)->private_data)) { + return NT_STATUS_UNSUCCESSFUL; + } + + } return NT_STATUS_OK; } |