diff options
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/ntlm/auth.c | 12 | ||||
-rw-r--r-- | source4/auth/unix_token.c | 38 |
2 files changed, 45 insertions, 5 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index 7006125d16..74e97cfd7d 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -407,7 +407,9 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req, } /* Wrapper because we don't want to expose all callers to needing to - * know that session_info is generated from the main ldb, and because we need to break a depenency loop between the DCE/RPC layer and the generation of unix tokens via IRPC */ + * know that session_info is generated from the main ldb, and because + * we need to break a depenency loop between the DCE/RPC layer and the + * generation of unix tokens via IRPC */ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, struct auth4_context *auth_context, struct auth_user_info_dc *user_info_dc, @@ -417,6 +419,7 @@ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx, auth_context->sam_ctx, user_info_dc, session_info_flags, session_info); + if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN) && NT_STATUS_IS_OK(status)) { struct wbc_context *wbc_ctx = wbc_init(auth_context, @@ -424,12 +427,11 @@ static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx, auth_context->event_ctx); if (!wbc_ctx) { TALLOC_FREE(*session_info); - DEBUG(1, ("Cannot contact winbind to provide unix token")); + DEBUG(1, ("Cannot contact winbind to provide unix token\n")); return NT_STATUS_INVALID_SERVER_STATE; } - status = security_token_to_unix_token(*session_info, wbc_ctx, - (*session_info)->security_token, - &(*session_info)->unix_token); + status = auth_session_info_fill_unix(wbc_ctx, auth_context->lp_ctx, + *session_info); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(*session_info); } diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c index 3cd67ed79a..b7657aad63 100644 --- a/source4/auth/unix_token.c +++ b/source4/auth/unix_token.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/auth.h" #include "libcli/wbclient/wbclient.h" +#include "param/param.h" /* form a security_unix_token from the current security_token @@ -89,3 +90,40 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +/* + Fill in the auth_user_info_unix and auth_unix_token elements in a struct session_info +*/ +NTSTATUS auth_session_info_fill_unix( struct wbc_context *wbc_ctx, + struct loadparm_context *lp_ctx, + struct auth_session_info *session_info) +{ + char *su; + size_t len; + NTSTATUS status = security_token_to_unix_token(session_info, wbc_ctx, + session_info->security_token, + &session_info->unix_token); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix); + NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info); + + session_info->unix_info->system = security_token_is_system(session_info->security_token); + + session_info->unix_info->unix_name = talloc_asprintf(session_info->unix_info, + "%s%s%s", session_info->info->domain_name, + lpcfg_winbind_separator(lp_ctx), + session_info->info->account_name); + NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->unix_name); + + len = strlen(session_info->info->account_name) + 1; + session_info->unix_info->sanitized_username = su = talloc_array(session_info->unix_info, char, len); + NT_STATUS_HAVE_NO_MEMORY(su); + + alpha_strcpy(su, session_info->info->account_name, + ". _-$", len); + + return NT_STATUS_OK; +} |