From 2de935d89ff4412a82d1d5503a398d6273fd25b8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Jan 2002 04:50:45 +0000 Subject: Further rpc_client removal, this time from winbindd. Also removed the dependency on auth_util.o, which makes things nicer. Finally, this kills off the NECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ makefile variable - becouse Samba dependencies are starting to be sane again! Andrew Bartlett (This used to be commit 4609edcac3b70c11025f0c5aa0ddbeed93369c84) --- source3/nsswitch/winbindd_pam.c | 98 +++++++++++++++++++++++++---------------- 1 file changed, 60 insertions(+), 38 deletions(-) (limited to 'source3/nsswitch/winbindd_pam.c') diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index b602ccf582..f168ce9e35 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -34,16 +34,24 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) int passlen; unsigned char trust_passwd[16]; time_t last_change_time; - auth_usersupplied_info *user_info; uint32 smb_uid_low; NET_USER_INFO_3 info3; - NET_ID_INFO_CTR ctr; struct cli_state *cli; uchar chal[8]; + TALLOC_CTX *mem_ctx; + DATA_BLOB lm_resp; + DATA_BLOB nt_resp; + + extern pstring global_myname; DEBUG(3, ("[%5d]: pam auth %s\n", state->pid, state->request.data.auth.user)); + if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) { + DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n")); + return WINBINDD_ERROR; + } + /* Parse domain and username */ if (!parse_domain_user(state->request.data.auth.user, name_domain, @@ -52,13 +60,20 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) passlen = strlen(state->request.data.auth.pass); - if (state->request.data.auth.pass[0]) - make_user_info_winbind(&user_info, - name_user, name_domain, - state->request.data.auth.pass, - chal); - else + if (!*state->request.data.auth.pass) { return WINBINDD_ERROR; + } else { + unsigned char local_lm_response[24]; + unsigned char local_nt_response[24]; + + generate_random_buffer(chal, 8, False); + SMBencrypt( (const uchar *)state->request.data.auth.pass, chal, local_lm_response); + + SMBNTencrypt((const uchar *)state->request.data.auth.pass, chal, local_nt_response); + + lm_resp = data_blob(local_lm_response, sizeof(local_lm_response)); + nt_resp = data_blob(local_nt_response, sizeof(local_nt_response)); + } /* * Get the machine account password for our primary domain @@ -84,14 +99,20 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) goto done; } - result = cli_nt_login_network(cli, user_info, chal, smb_uid_low, - &ctr, &info3); + result = cli_netlogon_sam_network_logon(cli, mem_ctx, + name_user, name_domain, + global_myname, chal, + lm_resp, nt_resp, + &info3); + +done: + data_blob_free(&lm_resp); + data_blob_free(&nt_resp); - free_user_info(&user_info); + cli_shutdown(cli); - cli_shutdown(cli); - - done: + talloc_destroy(mem_ctx); + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } @@ -103,29 +124,31 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) fstring name_domain, name_user; unsigned char trust_passwd[16]; time_t last_change_time; - - auth_usersupplied_info *user_info; - uint32 smb_uid_low; NET_USER_INFO_3 info3; - NET_ID_INFO_CTR ctr; struct cli_state *cli; + TALLOC_CTX *mem_ctx; + + DATA_BLOB lm_resp, nt_resp; + + extern pstring global_myname; DEBUG(3, ("[%5d]: pam auth crap %s\n", state->pid, state->request.data.auth_crap.user)); - /* Parse domain and username */ + if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) { + DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n")); + return WINBINDD_ERROR; + } + /* Parse domain and username */ if (!parse_domain_user(state->request.data.auth_crap.user, name_domain, - name_user)) + name_user)) return WINBINDD_ERROR; - - make_user_info_winbind_crap( - &user_info, name_user, - name_domain, - (uchar *)state->request.data.auth_crap.lm_resp, - state->request.data.auth_crap.lm_resp_len, - (uchar *)state->request.data.auth_crap.nt_resp, - state->request.data.auth_crap.nt_resp_len); + + + + lm_resp = data_blob(state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); + nt_resp = data_blob(state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len); /* * Get the machine account password for our primary domain @@ -138,10 +161,6 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) return WINBINDD_ERROR; } - /* We really don't care what LUID we give the user. */ - - generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False); - ZERO_STRUCT(info3); result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); @@ -151,14 +170,17 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) goto done; } - result = cli_nt_login_network(cli, user_info, state->request.data.auth_crap.chal, - smb_uid_low, &ctr, &info3); - - free_user_info(&user_info); + result = cli_netlogon_sam_network_logon(cli, mem_ctx, + name_user, name_domain, + global_myname, state->request.data.auth_crap.chal, + lm_resp, nt_resp, + &info3); + +done: + talloc_destroy(mem_ctx); - cli_shutdown(cli); + cli_shutdown(cli); - done: return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } -- cgit