summaryrefslogtreecommitdiff
path: root/source4/auth/ntlm
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/ntlm')
-rw-r--r--source4/auth/ntlm/auth.c29
-rw-r--r--source4/auth/ntlm/wscript_build2
2 files changed, 25 insertions, 6 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index d2464c3cbf..7006125d16 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -26,7 +26,7 @@
#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
#include "dsdb/samdb/samdb.h"
-
+#include "libcli/wbclient/wbclient.h"
/***************************************************************************
Set a fixed challenge
@@ -407,16 +407,35 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
}
/* Wrapper because we don't want to expose all callers to needing to
- * know that session_info is generated from the main ldb */
+ * know that session_info is generated from the main ldb, and because we need to break a depenency loop between the DCE/RPC layer and the generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
- return auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
- auth_context->sam_ctx, user_info_dc,
- session_info_flags, session_info);
+ NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
+ auth_context->sam_ctx, user_info_dc,
+ session_info_flags, session_info);
+ if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN)
+ && NT_STATUS_IS_OK(status)) {
+ struct wbc_context *wbc_ctx = wbc_init(auth_context,
+ auth_context->msg_ctx,
+ auth_context->event_ctx);
+ if (!wbc_ctx) {
+ TALLOC_FREE(*session_info);
+ DEBUG(1, ("Cannot contact winbind to provide unix token"));
+ return NT_STATUS_INVALID_SERVER_STATE;
+ }
+ status = security_token_to_unix_token(*session_info, wbc_ctx,
+ (*session_info)->security_token,
+ &(*session_info)->unix_token);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(*session_info);
+ }
+ TALLOC_FREE(wbc_ctx);
+ }
+ return status;
}
/***************************************************************************
diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build
index d954ec0086..29e54fd314 100644
--- a/source4/auth/ntlm/wscript_build
+++ b/source4/auth/ntlm/wscript_build
@@ -51,7 +51,7 @@ bld.SAMBA_MODULE('auth4_unix',
bld.SAMBA_LIBRARY('auth4',
source='auth.c auth_util.c auth_simple.c',
autoproto='auth_proto.h',
- deps='samba-util security samdb credentials UTIL_TEVENT',
+ deps='samba-util security samdb credentials UTIL_TEVENT LIBWBCLIENT_OLD auth_unix_token',
private_library=True
)