summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/ntlm/auth.c12
-rw-r--r--source4/auth/unix_token.c38
2 files changed, 45 insertions, 5 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 7006125d16..74e97cfd7d 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -407,7 +407,9 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
}
/* Wrapper because we don't want to expose all callers to needing to
- * know that session_info is generated from the main ldb, and because we need to break a depenency loop between the DCE/RPC layer and the generation of unix tokens via IRPC */
+ * know that session_info is generated from the main ldb, and because
+ * we need to break a depenency loop between the DCE/RPC layer and the
+ * generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc,
@@ -417,6 +419,7 @@ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
auth_context->sam_ctx, user_info_dc,
session_info_flags, session_info);
+
if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN)
&& NT_STATUS_IS_OK(status)) {
struct wbc_context *wbc_ctx = wbc_init(auth_context,
@@ -424,12 +427,11 @@ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
auth_context->event_ctx);
if (!wbc_ctx) {
TALLOC_FREE(*session_info);
- DEBUG(1, ("Cannot contact winbind to provide unix token"));
+ DEBUG(1, ("Cannot contact winbind to provide unix token\n"));
return NT_STATUS_INVALID_SERVER_STATE;
}
- status = security_token_to_unix_token(*session_info, wbc_ctx,
- (*session_info)->security_token,
- &(*session_info)->unix_token);
+ status = auth_session_info_fill_unix(wbc_ctx, auth_context->lp_ctx,
+ *session_info);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(*session_info);
}
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index 3cd67ed79a..b7657aad63 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "auth/auth.h"
#include "libcli/wbclient/wbclient.h"
+#include "param/param.h"
/*
form a security_unix_token from the current security_token
@@ -89,3 +90,40 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+/*
+ Fill in the auth_user_info_unix and auth_unix_token elements in a struct session_info
+*/
+NTSTATUS auth_session_info_fill_unix( struct wbc_context *wbc_ctx,
+ struct loadparm_context *lp_ctx,
+ struct auth_session_info *session_info)
+{
+ char *su;
+ size_t len;
+ NTSTATUS status = security_token_to_unix_token(session_info, wbc_ctx,
+ session_info->security_token,
+ &session_info->unix_token);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix);
+ NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info);
+
+ session_info->unix_info->system = security_token_is_system(session_info->security_token);
+
+ session_info->unix_info->unix_name = talloc_asprintf(session_info->unix_info,
+ "%s%s%s", session_info->info->domain_name,
+ lpcfg_winbind_separator(lp_ctx),
+ session_info->info->account_name);
+ NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->unix_name);
+
+ len = strlen(session_info->info->account_name) + 1;
+ session_info->unix_info->sanitized_username = su = talloc_array(session_info->unix_info, char, len);
+ NT_STATUS_HAVE_NO_MEMORY(su);
+
+ alpha_strcpy(su, session_info->info->account_name,
+ ". _-$", len);
+
+ return NT_STATUS_OK;
+}