From 705f4c205685b0a167402ff54e37abd75b92a72d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 3 Sep 2010 10:39:18 +0200 Subject: s4:auth_winbind: remove unused winbind_samba3 backend This uses the winbind protocol directly, which needs to be avoided! metze --- source4/auth/ntlm/auth_winbind.c | 121 --------------------------------------- source4/auth/ntlm/wscript_build | 2 +- 2 files changed, 1 insertion(+), 122 deletions(-) diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 06be4fc913..86526dc64b 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -25,37 +25,12 @@ #include "auth/auth.h" #include "auth/ntlm/auth_proto.h" #include "auth/auth_sam_reply.h" -#include "nsswitch/winbind_client.h" -#include "librpc/gen_ndr/ndr_netlogon.h" #include "librpc/gen_ndr/ndr_winbind.h" #include "lib/messaging/irpc.h" #include "param/param.h" #include "nsswitch/libwbclient/wbclient.h" #include "libcli/security/dom_sid.h" -static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, struct netr_SamInfo3 *info3) -{ - size_t len = response->length - sizeof(struct winbindd_response); - if (len > 4) { - enum ndr_err_code ndr_err; - DATA_BLOB blob; - blob.length = len - 4; - blob.data = (uint8_t *)(((char *)response->extra_data.data) + 4); - - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, - info3, - (ndr_pull_flags_fn_t)ndr_pull_netr_SamInfo3); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return ndr_map_error2ntstatus(ndr_err); - } - - return NT_STATUS_OK; - } else { - DEBUG(2, ("get_info3_from_ndr: No info3 struct found!\n")); - return NT_STATUS_UNSUCCESSFUL; - } -} - static NTSTATUS get_info3_from_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, struct wbcAuthUserInfo *info, struct netr_SamInfo3 *info3) @@ -145,89 +120,6 @@ static NTSTATUS winbind_want_check(struct auth_method_context *ctx, return NT_STATUS_OK; } -/* - Authenticate a user with a challenge/response - using the samba3 winbind protocol -*/ -static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx, - TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - NTSTATUS nt_status; - struct netr_SamInfo3 info3; - - /* Send off request */ - const struct auth_usersupplied_info *user_info_temp; - nt_status = encrypt_user_info(mem_ctx, ctx->auth_ctx, - AUTH_PASSWORD_RESPONSE, - user_info, &user_info_temp); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - user_info = user_info_temp; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - request.flags = WBFLAG_PAM_INFO3_NDR; - - request.data.auth_crap.logon_parameters = user_info->logon_parameters; - - safe_strcpy(request.data.auth_crap.user, - user_info->client.account_name, sizeof(fstring)); - safe_strcpy(request.data.auth_crap.domain, - user_info->client.domain_name, sizeof(fstring)); - safe_strcpy(request.data.auth_crap.workstation, - user_info->workstation_name, sizeof(fstring)); - - memcpy(request.data.auth_crap.chal, ctx->auth_ctx->challenge.data.data, sizeof(request.data.auth_crap.chal)); - - request.data.auth_crap.lm_resp_len = MIN(user_info->password.response.lanman.length, - sizeof(request.data.auth_crap.lm_resp)); - request.data.auth_crap.nt_resp_len = MIN(user_info->password.response.nt.length, - sizeof(request.data.auth_crap.nt_resp)); - - memcpy(request.data.auth_crap.lm_resp, user_info->password.response.lanman.data, - request.data.auth_crap.lm_resp_len); - memcpy(request.data.auth_crap.nt_resp, user_info->password.response.nt.data, - request.data.auth_crap.nt_resp_len); - - result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); - - nt_status = NT_STATUS(response.data.auth.nt_status); - NT_STATUS_NOT_OK_RETURN(nt_status); - - if (result == NSS_STATUS_SUCCESS && response.extra_data.data) { - union netr_Validation validation; - - nt_status = get_info3_from_ndr(mem_ctx, &response, &info3); - SAFE_FREE(response.extra_data.data); - NT_STATUS_NOT_OK_RETURN(nt_status); - - validation.sam3 = &info3; - nt_status = make_server_info_netlogon_validation(mem_ctx, - user_info->client.account_name, - 3, &validation, - server_info); - return nt_status; - } else if (result == NSS_STATUS_SUCCESS && !response.extra_data.data) { - DEBUG(0, ("Winbindd authenticated the user [%s]\\[%s], " - "but did not include the required info3 reply!\n", - user_info->client.domain_name, user_info->client.account_name)); - return NT_STATUS_INSUFFICIENT_LOGON_INFO; - } else if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(1, ("Winbindd authentication for [%s]\\[%s] failed, " - "but no error code is available!\n", - user_info->client.domain_name, user_info->client.account_name)); - return NT_STATUS_NO_LOGON_SERVERS; - } - - return nt_status; -} - struct winbind_check_password_state { struct winbind_SamLogon req; }; @@ -416,13 +308,6 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, } -static const struct auth_operations winbind_samba3_ops = { - .name = "winbind_samba3", - .get_challenge = auth_get_challenge_not_implemented, - .want_check = winbind_want_check, - .check_password = winbind_check_password_samba3 -}; - static const struct auth_operations winbind_ops = { .name = "winbind", .get_challenge = auth_get_challenge_not_implemented, @@ -441,12 +326,6 @@ _PUBLIC_ NTSTATUS auth_winbind_init(void) { NTSTATUS ret; - ret = auth_register(&winbind_samba3_ops); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0,("Failed to register 'winbind_samba3' auth backend!\n")); - return ret; - } - ret = auth_register(&winbind_ops); if (!NT_STATUS_IS_OK(ret)) { DEBUG(0,("Failed to register 'winbind' auth backend!\n")); diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build index 673b5fc7fe..6368d2d1ca 100644 --- a/source4/auth/ntlm/wscript_build +++ b/source4/auth/ntlm/wscript_build @@ -27,7 +27,7 @@ bld.SAMBA_MODULE('auth_winbind', source='auth_winbind.c', subsystem='auth', init_function='auth_winbind_init', - deps='NDR_WINBIND MESSAGING LIBWINBIND-CLIENT LIBWBCLIENT' + deps='NDR_WINBIND MESSAGING LIBWBCLIENT' ) -- cgit