diff options
Diffstat (limited to 'source4/winbind')
| -rw-r--r-- | source4/winbind/wb_cmd_getgrgid.c | 2 | ||||
| -rw-r--r-- | source4/winbind/wb_cmd_getgrnam.c | 2 | ||||
| -rw-r--r-- | source4/winbind/wb_cmd_getpwuid.c | 2 | ||||
| -rw-r--r-- | source4/winbind/wb_gid2sid.c | 2 | ||||
| -rw-r--r-- | source4/winbind/wb_irpc.c | 4 | ||||
| -rw-r--r-- | source4/winbind/wb_pam_auth.c | 32 | ||||
| -rw-r--r-- | source4/winbind/wb_samba3_cmd.c | 153 | ||||
| -rw-r--r-- | source4/winbind/wb_sids2xids.c | 2 | ||||
| -rw-r--r-- | source4/winbind/wb_uid2sid.c | 2 | ||||
| -rw-r--r-- | source4/winbind/wb_xids2sids.c | 2 |
10 files changed, 186 insertions, 17 deletions
diff --git a/source4/winbind/wb_cmd_getgrgid.c b/source4/winbind/wb_cmd_getgrgid.c index 80f4e9cfc3..010fa220b1 100644 --- a/source4/winbind/wb_cmd_getgrgid.c +++ b/source4/winbind/wb_cmd_getgrgid.c @@ -27,7 +27,7 @@ #include "smbd/service_task.h" #include "libnet/libnet_proto.h" #include "param/param.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "auth/credentials/credentials.h" struct cmd_getgrgid_state { diff --git a/source4/winbind/wb_cmd_getgrnam.c b/source4/winbind/wb_cmd_getgrnam.c index bfc30fc7a6..0e498811f9 100644 --- a/source4/winbind/wb_cmd_getgrnam.c +++ b/source4/winbind/wb_cmd_getgrnam.c @@ -27,7 +27,7 @@ #include "winbind/wb_helper.h" #include "smbd/service_task.h" #include "libnet/libnet_proto.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" struct cmd_getgrnam_state { struct composite_context *ctx; diff --git a/source4/winbind/wb_cmd_getpwuid.c b/source4/winbind/wb_cmd_getpwuid.c index b4e3d972f8..488af561e2 100644 --- a/source4/winbind/wb_cmd_getpwuid.c +++ b/source4/winbind/wb_cmd_getpwuid.c @@ -27,7 +27,7 @@ #include "smbd/service_task.h" #include "libnet/libnet_proto.h" #include "param/param.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "auth/credentials/credentials.h" struct cmd_getpwuid_state { diff --git a/source4/winbind/wb_gid2sid.c b/source4/winbind/wb_gid2sid.c index 834d869845..7fb77bfc35 100644 --- a/source4/winbind/wb_gid2sid.c +++ b/source4/winbind/wb_gid2sid.c @@ -24,7 +24,7 @@ #include "winbind/wb_server.h" #include "smbd/service_task.h" #include "winbind/wb_helper.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "winbind/idmap.h" struct gid2sid_state { diff --git a/source4/winbind/wb_irpc.c b/source4/winbind/wb_irpc.c index 801c2e7dfa..efbc310b68 100644 --- a/source4/winbind/wb_irpc.c +++ b/source4/winbind/wb_irpc.c @@ -22,7 +22,7 @@ #include "winbind/wb_server.h" #include "lib/messaging/irpc.h" #include "libcli/composite/composite.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_winbind.h" #include "smbd/service_task.h" @@ -86,7 +86,7 @@ static NTSTATUS wb_irpc_get_idmap(struct irpc_message *msg, struct wbsrv_service *service = talloc_get_type(msg->private_data, struct wbsrv_service); struct wb_irpc_get_idmap_state *s; - struct composite_context *ctx; + struct composite_context *ctx = NULL; DEBUG(5, ("wb_irpc_get_idmap called\n")); diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c index b2579fd6df..0a9c37911b 100644 --- a/source4/winbind/wb_pam_auth.c +++ b/source4/winbind/wb_pam_auth.c @@ -260,11 +260,31 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, chal, nt_resp, lm_resp); } -NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c) +NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c, + TALLOC_CTX *mem_ctx, + DATA_BLOB *info3, + struct netr_UserSessionKey *user_session_key, + struct netr_LMSessionKey *lm_key, + char **unix_username) { - struct pam_auth_crap_state *state = - talloc_get_type(c->private_data, struct pam_auth_crap_state); - NTSTATUS status = composite_wait(c); - talloc_free(state); - return status; + struct pam_auth_crap_state *state = + talloc_get_type(c->private_data, struct pam_auth_crap_state); + NTSTATUS status = composite_wait(c); + if (NT_STATUS_IS_OK(status)) { + if (info3) { + info3->length = state->info3.length; + info3->data = talloc_steal(mem_ctx, state->info3.data); + } + if (user_session_key) { + *user_session_key = state->user_session_key; + } + if (lm_key) { + *lm_key = state->lm_key; + } + if (unix_username) { + *unix_username = talloc_steal(mem_ctx, state->unix_username); + } + } + talloc_free(state); + return status; } diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index b219615b1e..c5fba92f14 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -29,11 +29,114 @@ #include "libcli/composite/composite.h" #include "version.h" #include "librpc/gen_ndr/netlogon.h" +#include "librpc/gen_ndr/ndr_netlogon.h" #include "libcli/security/security.h" #include "auth/ntlm/pam_errors.h" #include "auth/credentials/credentials.h" #include "smbd/service_task.h" +/* + support the old Samba3 TXT form of the info3 + */ +static NTSTATUS wb_samba3_append_info3_as_txt(TALLOC_CTX *mem_ctx, + struct wbsrv_samba3_call *s3call, + DATA_BLOB info3b) +{ + struct netr_SamInfo3 *info3; + char *ex; + uint32_t i; + enum ndr_err_code ndr_err; + + info3 = talloc(mem_ctx, struct netr_SamInfo3); + NT_STATUS_HAVE_NO_MEMORY(info3); + + /* The Samba3 protocol has a redundent 4 bytes at the start */ + info3b.data += 4; + info3b.length -= 4; + + ndr_err = ndr_pull_struct_blob(&info3b, + mem_ctx, + lp_iconv_convenience(s3call->wbconn->lp_ctx), + info3, + (ndr_pull_flags_fn_t)ndr_pull_netr_SamInfo3); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + + s3call->response.data.auth.info3.logon_time = + nt_time_to_unix(info3->base.last_logon); + s3call->response.data.auth.info3.logoff_time = + nt_time_to_unix(info3->base.last_logoff); + s3call->response.data.auth.info3.kickoff_time = + nt_time_to_unix(info3->base.acct_expiry); + s3call->response.data.auth.info3.pass_last_set_time = + nt_time_to_unix(info3->base.last_password_change); + s3call->response.data.auth.info3.pass_can_change_time = + nt_time_to_unix(info3->base.allow_password_change); + s3call->response.data.auth.info3.pass_must_change_time = + nt_time_to_unix(info3->base.force_password_change); + + s3call->response.data.auth.info3.logon_count = info3->base.logon_count; + s3call->response.data.auth.info3.bad_pw_count = info3->base.bad_password_count; + + s3call->response.data.auth.info3.user_rid = info3->base.rid; + s3call->response.data.auth.info3.group_rid = info3->base.primary_gid; + fstrcpy(s3call->response.data.auth.info3.dom_sid, dom_sid_string(mem_ctx, info3->base.domain_sid)); + + s3call->response.data.auth.info3.num_groups = info3->base.groups.count; + s3call->response.data.auth.info3.user_flgs = info3->base.user_flags; + + s3call->response.data.auth.info3.acct_flags = info3->base.acct_flags; + s3call->response.data.auth.info3.num_other_sids = info3->sidcount; + + fstrcpy(s3call->response.data.auth.info3.user_name, + info3->base.account_name.string); + fstrcpy(s3call->response.data.auth.info3.full_name, + info3->base.full_name.string); + fstrcpy(s3call->response.data.auth.info3.logon_script, + info3->base.logon_script.string); + fstrcpy(s3call->response.data.auth.info3.profile_path, + info3->base.profile_path.string); + fstrcpy(s3call->response.data.auth.info3.home_dir, + info3->base.home_directory.string); + fstrcpy(s3call->response.data.auth.info3.dir_drive, + info3->base.home_drive.string); + + fstrcpy(s3call->response.data.auth.info3.logon_srv, + info3->base.logon_server.string); + fstrcpy(s3call->response.data.auth.info3.logon_dom, + info3->base.domain.string); + + ex = talloc_strdup(mem_ctx, ""); + NT_STATUS_HAVE_NO_MEMORY(ex); + + for (i=0; i < info3->base.groups.count; i++) { + ex = talloc_asprintf_append_buffer(ex, "0x%08X:0x%08X\n", + info3->base.groups.rids[i].rid, + info3->base.groups.rids[i].attributes); + NT_STATUS_HAVE_NO_MEMORY(ex); + } + + for (i=0; i < info3->sidcount; i++) { + char *sid; + + sid = dom_sid_string(mem_ctx, info3->sids[i].sid); + NT_STATUS_HAVE_NO_MEMORY(sid); + + ex = talloc_asprintf_append_buffer(ex, "%s:0x%08X\n", + sid, + info3->sids[i].attributes); + NT_STATUS_HAVE_NO_MEMORY(ex); + + talloc_free(sid); + } + + s3call->response.extra_data.data = ex; + s3call->response.length += talloc_get_size(ex); + + return NT_STATUS_OK; +} + /* Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors. */ @@ -196,7 +299,7 @@ static void check_machacc_recv(struct composite_context *ctx) struct wbsrv_samba3_call); NTSTATUS status; - status = wb_cmd_pam_auth_recv(ctx); + status = wb_cmd_pam_auth_recv(ctx, s3call, NULL, NULL, NULL, NULL); if (!NT_STATUS_IS_OK(status)) goto done; @@ -554,6 +657,15 @@ static void pam_auth_crap_recv(struct composite_context *ctx) sizeof(s3call->response.data.auth.user_session_key)); } + if (s3call->request.flags & WBFLAG_PAM_INFO3_TEXT) { + status = wb_samba3_append_info3_as_txt(ctx, s3call, info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("Failed to append INFO3 (TXT): %s\n", + nt_errstr(status))); + goto done; + } + } + if (s3call->request.flags & WBFLAG_PAM_INFO3_NDR) { s3call->response.extra_data.data = info3.data; s3call->response.length += info3.length; @@ -622,11 +734,48 @@ static void pam_auth_recv(struct composite_context *ctx) talloc_get_type(ctx->async.private_data, struct wbsrv_samba3_call); NTSTATUS status; + DATA_BLOB info3; + struct netr_UserSessionKey user_session_key; + struct netr_LMSessionKey lm_key; + char *unix_username; - status = wb_cmd_pam_auth_recv(ctx); + status = wb_cmd_pam_auth_recv(ctx, s3call, &info3, + &user_session_key, &lm_key, &unix_username); if (!NT_STATUS_IS_OK(status)) goto done; + if (s3call->request.flags & WBFLAG_PAM_USER_SESSION_KEY) { + memcpy(s3call->response.data.auth.user_session_key, + &user_session_key.key, + sizeof(s3call->response.data.auth.user_session_key)); + } + + if (s3call->request.flags & WBFLAG_PAM_INFO3_TEXT) { + status = wb_samba3_append_info3_as_txt(ctx, s3call, info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("Failed to append INFO3 (TXT): %s\n", + nt_errstr(status))); + goto done; + } + } + + if (s3call->request.flags & WBFLAG_PAM_INFO3_NDR) { + s3call->response.extra_data.data = info3.data; + s3call->response.length += info3.length; + } + + if (s3call->request.flags & WBFLAG_PAM_LMKEY) { + memcpy(s3call->response.data.auth.first_8_lm_hash, + lm_key.key, + sizeof(s3call->response.data.auth.first_8_lm_hash)); + } + + if (s3call->request.flags & WBFLAG_PAM_UNIX_NAME) { + s3call->response.extra_data.data = unix_username; + s3call->response.length += strlen(unix_username)+1; + } + + done: wbsrv_samba3_async_auth_epilogue(status, s3call); } diff --git a/source4/winbind/wb_sids2xids.c b/source4/winbind/wb_sids2xids.c index 6b89caf465..d31ac08cf7 100644 --- a/source4/winbind/wb_sids2xids.c +++ b/source4/winbind/wb_sids2xids.c @@ -24,7 +24,7 @@ #include "winbind/wb_server.h" #include "smbd/service_task.h" #include "winbind/wb_helper.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "winbind/idmap.h" struct sids2xids_state { diff --git a/source4/winbind/wb_uid2sid.c b/source4/winbind/wb_uid2sid.c index fd43dd64b9..d626f58eb6 100644 --- a/source4/winbind/wb_uid2sid.c +++ b/source4/winbind/wb_uid2sid.c @@ -24,7 +24,7 @@ #include "winbind/wb_server.h" #include "smbd/service_task.h" #include "winbind/wb_helper.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "winbind/idmap.h" struct uid2sid_state { diff --git a/source4/winbind/wb_xids2sids.c b/source4/winbind/wb_xids2sids.c index a1cf2667ff..dfad51943b 100644 --- a/source4/winbind/wb_xids2sids.c +++ b/source4/winbind/wb_xids2sids.c @@ -24,7 +24,7 @@ #include "winbind/wb_server.h" #include "smbd/service_task.h" #include "winbind/wb_helper.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" #include "winbind/idmap.h" struct xids2sids_state { |