diff options
Diffstat (limited to 'source4/auth/ntlm')
| -rw-r--r-- | source4/auth/ntlm/auth.c | 29 | ||||
| -rw-r--r-- | source4/auth/ntlm/wscript_build | 2 |
2 files changed, 25 insertions, 6 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index d2464c3cbf..7006125d16 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -26,7 +26,7 @@ #include "auth/ntlm/auth_proto.h" #include "param/param.h" #include "dsdb/samdb/samdb.h" - +#include "libcli/wbclient/wbclient.h" /*************************************************************************** Set a fixed challenge @@ -407,16 +407,35 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req, } /* Wrapper because we don't want to expose all callers to needing to - * know that session_info is generated from the main ldb */ + * know that session_info is generated from the main ldb, and because we need to break a depenency loop between the DCE/RPC layer and the generation of unix tokens via IRPC */ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, struct auth_user_info_dc *user_info_dc, uint32_t session_info_flags, struct auth_session_info **session_info) { - return auth_generate_session_info(mem_ctx, auth_context->lp_ctx, - auth_context->sam_ctx, user_info_dc, - session_info_flags, session_info); + NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, + auth_context->sam_ctx, user_info_dc, + session_info_flags, session_info); + if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN) + && NT_STATUS_IS_OK(status)) { + struct wbc_context *wbc_ctx = wbc_init(auth_context, + auth_context->msg_ctx, + auth_context->event_ctx); + if (!wbc_ctx) { + TALLOC_FREE(*session_info); + DEBUG(1, ("Cannot contact winbind to provide unix token")); + return NT_STATUS_INVALID_SERVER_STATE; + } + status = security_token_to_unix_token(*session_info, wbc_ctx, + (*session_info)->security_token, + &(*session_info)->unix_token); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(*session_info); + } + TALLOC_FREE(wbc_ctx); + } + return status; } /*************************************************************************** diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build index d954ec0086..29e54fd314 100644 --- a/source4/auth/ntlm/wscript_build +++ b/source4/auth/ntlm/wscript_build @@ -51,7 +51,7 @@ bld.SAMBA_MODULE('auth4_unix', bld.SAMBA_LIBRARY('auth4', source='auth.c auth_util.c auth_simple.c', autoproto='auth_proto.h', - deps='samba-util security samdb credentials UTIL_TEVENT', + deps='samba-util security samdb credentials UTIL_TEVENT LIBWBCLIENT_OLD auth_unix_token', private_library=True ) |