From 83e9b1c325964a016b499ad124d161eb20f6c26c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 2 Oct 2009 22:17:42 +1000 Subject: s4-winbind: support the s3 response flags on krb5 auth too This fixes the samba4.blackbox.wbinfo test, which was failing on a wbinfo -K command --- source4/winbind/wb_pam_auth.c | 32 ++++++++++++++++++++++++++------ source4/winbind/wb_samba3_cmd.c | 41 +++++++++++++++++++++++++++++++++++++++-- 2 files changed, 65 insertions(+), 8 deletions(-) diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c index b2579fd6df..0a9c37911b 100644 --- a/source4/winbind/wb_pam_auth.c +++ b/source4/winbind/wb_pam_auth.c @@ -260,11 +260,31 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx, chal, nt_resp, lm_resp); } -NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c) +NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c, + TALLOC_CTX *mem_ctx, + DATA_BLOB *info3, + struct netr_UserSessionKey *user_session_key, + struct netr_LMSessionKey *lm_key, + char **unix_username) { - struct pam_auth_crap_state *state = - talloc_get_type(c->private_data, struct pam_auth_crap_state); - NTSTATUS status = composite_wait(c); - talloc_free(state); - return status; + struct pam_auth_crap_state *state = + talloc_get_type(c->private_data, struct pam_auth_crap_state); + NTSTATUS status = composite_wait(c); + if (NT_STATUS_IS_OK(status)) { + if (info3) { + info3->length = state->info3.length; + info3->data = talloc_steal(mem_ctx, state->info3.data); + } + if (user_session_key) { + *user_session_key = state->user_session_key; + } + if (lm_key) { + *lm_key = state->lm_key; + } + if (unix_username) { + *unix_username = talloc_steal(mem_ctx, state->unix_username); + } + } + talloc_free(state); + return status; } diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c index 280c47a274..c5fba92f14 100644 --- a/source4/winbind/wb_samba3_cmd.c +++ b/source4/winbind/wb_samba3_cmd.c @@ -299,7 +299,7 @@ static void check_machacc_recv(struct composite_context *ctx) struct wbsrv_samba3_call); NTSTATUS status; - status = wb_cmd_pam_auth_recv(ctx); + status = wb_cmd_pam_auth_recv(ctx, s3call, NULL, NULL, NULL, NULL); if (!NT_STATUS_IS_OK(status)) goto done; @@ -734,11 +734,48 @@ static void pam_auth_recv(struct composite_context *ctx) talloc_get_type(ctx->async.private_data, struct wbsrv_samba3_call); NTSTATUS status; + DATA_BLOB info3; + struct netr_UserSessionKey user_session_key; + struct netr_LMSessionKey lm_key; + char *unix_username; - status = wb_cmd_pam_auth_recv(ctx); + status = wb_cmd_pam_auth_recv(ctx, s3call, &info3, + &user_session_key, &lm_key, &unix_username); if (!NT_STATUS_IS_OK(status)) goto done; + if (s3call->request.flags & WBFLAG_PAM_USER_SESSION_KEY) { + memcpy(s3call->response.data.auth.user_session_key, + &user_session_key.key, + sizeof(s3call->response.data.auth.user_session_key)); + } + + if (s3call->request.flags & WBFLAG_PAM_INFO3_TEXT) { + status = wb_samba3_append_info3_as_txt(ctx, s3call, info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("Failed to append INFO3 (TXT): %s\n", + nt_errstr(status))); + goto done; + } + } + + if (s3call->request.flags & WBFLAG_PAM_INFO3_NDR) { + s3call->response.extra_data.data = info3.data; + s3call->response.length += info3.length; + } + + if (s3call->request.flags & WBFLAG_PAM_LMKEY) { + memcpy(s3call->response.data.auth.first_8_lm_hash, + lm_key.key, + sizeof(s3call->response.data.auth.first_8_lm_hash)); + } + + if (s3call->request.flags & WBFLAG_PAM_UNIX_NAME) { + s3call->response.extra_data.data = unix_username; + s3call->response.length += strlen(unix_username)+1; + } + + done: wbsrv_samba3_async_auth_epilogue(status, s3call); } -- cgit