sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code
samba-mirror/source4/winbind/wb_pam_auth.c

289 lines
8.8 KiB
C
Raw Normal View History

r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
/*
Unix SMB/CIFS implementation.
Authenticate a user
Copyright (C) Volker Lendecke 2005
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
the Free Software Foundation; either version 3 of the License, or
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 02:07:03 +00:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
*/
#include "includes.h"
#include "libcli/composite/composite.h"
#include "winbind/wb_server.h"
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
#include "smbd/service_task.h"
r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2006-11-07 00:48:36 +00:00
#include "auth/credentials/credentials.h"
r14380: Reduce the size of structs.h (This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2006-03-14 15:03:25 +00:00
#include "libcli/auth/libcli_auth.h"
r14464: Don't include ndr_BASENAME.h files unless strictly required, instead try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2006-03-16 00:23:11 +00:00
#include "librpc/gen_ndr/ndr_netlogon.h"
r25026: Move param/param.h out of includes.h (This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-09-08 12:42:09 +00:00
#include "param/param.h"
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
r11413: More comments, plus always check (and update) the credentials chain, regardless the authentication result on a particular user. Andrew Bartlett (This used to be commit 2ee7ed000ef099b2e38d540be75cbc8de386839a)
2005-10-31 06:01:55 +00:00
/* Oh, there is so much to keep an eye on when authenticating a user. Oh my! */
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
struct pam_auth_crap_state {
struct composite_context *ctx;
s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-29 20:24:57 +01:00
struct tevent_context *event_ctx;
r26295: Remove use of global_loadparm for net and wb_pam_auth. (This used to be commit 47696b42987ea67ae1c6c09a4bec5858e5db4542)
2007-12-04 19:33:00 +01:00
struct loadparm_context *lp_ctx;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
struct winbind_SamLogon *req;
r17306: fix compiler warning metze (This used to be commit cee012c5702da225c81f82d90193b500e3707613)
2006-07-29 07:56:03 +00:00
char *unix_username;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
struct netr_NetworkInfo ninfo;
struct netr_LogonSamLogon r;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
const char *user_name;
const char *domain_name;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
struct netr_UserSessionKey user_session_key;
struct netr_LMSessionKey lm_key;
DATA_BLOB info3;
};
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
/*
* NTLM authentication.
r11413: More comments, plus always check (and update) the credentials chain, regardless the authentication result on a particular user. Andrew Bartlett (This used to be commit 2ee7ed000ef099b2e38d540be75cbc8de386839a)
2005-10-31 06:01:55 +00:00
*/
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
static void pam_auth_crap_recv_logon(struct composite_context *ctx);
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
struct composite_context *wb_cmd_pam_auth_crap_send(TALLOC_CTX *mem_ctx,
struct wbsrv_service *service,
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett (This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)
2005-10-31 04:17:51 +00:00
uint32_t logon_parameters,
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker (This used to be commit 0c6c71ae3cd0a2f97eab2cc24a752976c32a39fc)
2005-10-14 21:05:45 +00:00
const char *domain,
const char *user,
const char *workstation,
DATA_BLOB chal,
DATA_BLOB nt_resp,
DATA_BLOB lm_resp)
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
{
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
struct composite_context *result, *ctx;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
struct pam_auth_crap_state *state;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
struct netr_NetworkInfo *ninfo;
DATA_BLOB tmp_nt_resp, tmp_lm_resp;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
r22612: Fix more cases where we have uninitialised values in the composite_context, because we don't use the creation function. Andrew Bartlett (This used to be commit e37064e356c17d0c87bb7fa7adf0c0d04d8daba2)
2007-04-30 16:52:30 +00:00
result = composite_create(mem_ctx, service->task->event_ctx);
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
if (result == NULL) goto failed;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
state = talloc(result, struct pam_auth_crap_state);
if (state == NULL) goto failed;
state->ctx = result;
r26295: Remove use of global_loadparm for net and wb_pam_auth. (This used to be commit 47696b42987ea67ae1c6c09a4bec5858e5db4542)
2007-12-04 19:33:00 +01:00
state->lp_ctx = service->task->lp_ctx;
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
result->private_data = state;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
state->req = talloc(state, struct winbind_SamLogon);
state->req->in.logon_level = 2;
state->req->in.validation_level = 3;
ninfo = state->req->in.logon.network = talloc(state, struct netr_NetworkInfo);
if (ninfo == NULL) goto failed;
ninfo->identity_info.account_name.string = talloc_strdup(state, user);
ninfo->identity_info.domain_name.string = talloc_strdup(state, domain);
ninfo->identity_info.parameter_control = logon_parameters;
ninfo->identity_info.logon_id_low = 0;
ninfo->identity_info.logon_id_high = 0;
ninfo->identity_info.workstation.string = talloc_strdup(state, workstation);
SMB_ASSERT(chal.length == sizeof(ninfo->challenge));
memcpy(ninfo->challenge, chal.data,
sizeof(ninfo->challenge));
tmp_nt_resp = data_blob_talloc(ninfo, nt_resp.data, nt_resp.length);
if ((nt_resp.data != NULL) &&
(tmp_nt_resp.data == NULL)) goto failed;
r11411: Add to Samba4 the Samba3 patch I just posted for machine account logins (changing the winbindd interface). Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing auth and other replies, such that all replies were having the auth error strings set. We now do a better job of filling in the right errors in the right places. Andrew Bartlett (This used to be commit 8ed975df52bcac9646672f6a39c51481b5c59226)
2005-10-31 04:17:51 +00:00
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
tmp_lm_resp = data_blob_talloc(ninfo, lm_resp.data, lm_resp.length);
if ((lm_resp.data != NULL) &&
(tmp_lm_resp.data == NULL)) goto failed;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
ninfo->nt.length = tmp_nt_resp.length;
ninfo->nt.data = tmp_nt_resp.data;
ninfo->lm.length = tmp_lm_resp.length;
ninfo->lm.data = tmp_lm_resp.data;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
r17290: don't do any stuff that can fail in the _recv function metze (This used to be commit 88bcb57e82c799197b1d87212466a9b21d61edf8)
2006-07-28 11:51:07 +00:00
state->unix_username = NULL;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
ctx = wb_sam_logon_send(mem_ctx, service, state->req);
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
if (ctx == NULL) goto failed;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
composite_continue(result, ctx, pam_auth_crap_recv_logon, state);
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
return result;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
failed:
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
talloc_free(result);
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
return NULL;
}
r11413: More comments, plus always check (and update) the credentials chain, regardless the authentication result on a particular user. Andrew Bartlett (This used to be commit 2ee7ed000ef099b2e38d540be75cbc8de386839a)
2005-10-31 06:01:55 +00:00
/*
NTLM Authentication
Send of a SamLogon request to authenticate a user.
*/
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
static void pam_auth_crap_recv_logon(struct composite_context *ctx)
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
{
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
DATA_BLOB tmp_blob;
r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers) lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-11-09 19:24:51 +01:00
enum ndr_err_code ndr_err;
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
struct netr_SamBaseInfo *base;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
struct pam_auth_crap_state *state =
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
talloc_get_type(ctx->async.private_data,
struct pam_auth_crap_state);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
state->ctx->status = wb_sam_logon_recv(ctx, state, state->req);
r23880: Don't crash when we run wbinfo -a against our own winbind when we are a DC. Next step is to make it work... Andrew Bartlett (This used to be commit a1b6c9ecb9a6f17bcbabf81a8128398df6447490)
2007-07-15 10:46:34 +00:00
if (!composite_is_ok(state->ctx)) return;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers) lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-11-09 19:24:51 +01:00
ndr_err = ndr_push_struct_blob(
Remove uses of global_loadparm. (This used to be commit a16c9a2129ce92e7e1a613b2badd168e42ead436)
2008-02-25 12:51:55 +01:00
&tmp_blob, state, lp_iconv_convenience(state->lp_ctx),
r26638: libndr: Require explicitly specifying iconv_convenience for ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2008-01-01 22:05:05 -06:00
state->req->out.validation.sam3,
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
(ndr_push_flags_fn_t)ndr_push_netr_SamInfo3);
r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers) lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-11-09 19:24:51 +01:00
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
state->ctx->status = ndr_map_error2ntstatus(ndr_err);
if (!composite_is_ok(state->ctx)) return;
}
r11413: More comments, plus always check (and update) the credentials chain, regardless the authentication result on a particular user. Andrew Bartlett (This used to be commit 2ee7ed000ef099b2e38d540be75cbc8de386839a)
2005-10-31 06:01:55 +00:00
/* The Samba3 protocol is a bit broken (due to non-IDL
* heritage, so for compatability we must add a non-zero 4
* bytes to the info3 */
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
state->info3 = data_blob_talloc(state, NULL, tmp_blob.length+4);
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
if (composite_nomem(state->info3.data, state->ctx)) return;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
SIVAL(state->info3.data, 0, 1);
memcpy(state->info3.data+4, tmp_blob.data, tmp_blob.length);
r23890: Allow wbinfo -a to work against Samba4's winbind. Add a test for wbinfo -a to test_member.sh Reimplement the server-side 'pam_auth' and 'pam_auth_crap' calls to use the same SamLogon code as auth_winbind uses. In my previous code, we did not bind to the LSA and SAMR pipes, before attempting operations. We now do this (how we passed any tests before is beyond me). This required some rework, particularly to make it easier to setup secondary connections. The new rpc_secondary_auth_connection() function also performs the bind. The dcerpc_connect.c file was getting to big, so things have been merged into dcerpc_secondary.c. Andrew Bartlett (This used to be commit 365778a993b7d76af6d53ba2a598b7e271741dc5)
2007-07-16 11:27:29 +00:00
base = &state->req->out.validation.sam3->base;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
state->user_session_key = base->key;
state->lm_key = base->LMSessKey;
r11413: More comments, plus always check (and update) the credentials chain, regardless the authentication result on a particular user. Andrew Bartlett (This used to be commit 2ee7ed000ef099b2e38d540be75cbc8de386839a)
2005-10-31 06:01:55 +00:00
/* Give the caller the most accurate username possible.
* Assists where case sensitive comparisons may be done by our
* ntlm_auth callers */
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
if (base->account_name.string) {
state->user_name = base->account_name.string;
talloc_steal(state, base->account_name.string);
}
if (base->domain.string) {
state->domain_name = base->domain.string;
talloc_steal(state, base->domain.string);
}
r17290: don't do any stuff that can fail in the _recv function metze (This used to be commit 88bcb57e82c799197b1d87212466a9b21d61edf8)
2006-07-28 11:51:07 +00:00
state->unix_username = talloc_asprintf(state, "%s%s%s",
state->domain_name,
r26295: Remove use of global_loadparm for net and wb_pam_auth. (This used to be commit 47696b42987ea67ae1c6c09a4bec5858e5db4542)
2007-12-04 19:33:00 +01:00
lp_winbind_separator(state->lp_ctx),
r17290: don't do any stuff that can fail in the _recv function metze (This used to be commit 88bcb57e82c799197b1d87212466a9b21d61edf8)
2006-07-28 11:51:07 +00:00
state->user_name);
if (composite_nomem(state->unix_username, state->ctx)) return;
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
composite_done(state->ctx);
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
}
r22582: Cleanups towards making winbind work again. We still have a long way to go, as this has bitrotted over the past months. This change in particular catches winbind up with the next composite_create() function. We also needed to remove an unused flags field, and fill in the lm response. Andrew Bartlett (This used to be commit bd26e4ffaf1c060fdc3aae28fd4393e83c5a83ea)
2007-04-29 21:40:48 +00:00
/* Having received a NTLM authentication reply, parse out the useful
* reply data for the caller */
r11068: Fix pam_auth_crap, remove the sync code. I don't know what it was when I tested it, but I can not reproduce the problem I had with abartlett's initial implementation anymore. Fix a bug found using valgrind. Volker (This used to be commit 0c6c71ae3cd0a2f97eab2cc24a752976c32a39fc)
2005-10-14 21:05:45 +00:00
NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c,
TALLOC_CTX *mem_ctx,
DATA_BLOB *info3,
struct netr_UserSessionKey *user_session_key,
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
struct netr_LMSessionKey *lm_key,
char **unix_username)
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
{
r11267: Fix a memleak and an uninitialized variable. Andrew Bartlett, this was the one I sent to you. Sorry for bothering you. Volker (This used to be commit 3a9f2291ae6e96a715f463899957c6c598fc7627)
2005-10-23 17:22:00 +00:00
struct pam_auth_crap_state *state =
talloc_get_type(c->private_data, struct pam_auth_crap_state);
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
NTSTATUS status = composite_wait(c);
if (NT_STATUS_IS_OK(status)) {
info3->length = state->info3.length;
info3->data = talloc_steal(mem_ctx, state->info3.data);
*user_session_key = state->user_session_key;
*lm_key = state->lm_key;
r17290: don't do any stuff that can fail in the _recv function metze (This used to be commit 88bcb57e82c799197b1d87212466a9b21d61edf8)
2006-07-28 11:51:07 +00:00
*unix_username = talloc_steal(mem_ctx, state->unix_username);
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
}
r11267: Fix a memleak and an uninitialized variable. Andrew Bartlett, this was the one I sent to you. Sorry for bothering you. Volker (This used to be commit 3a9f2291ae6e96a715f463899957c6c598fc7627)
2005-10-23 17:22:00 +00:00
talloc_free(state);
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
return status;
}
r22582: Cleanups towards making winbind work again. We still have a long way to go, as this has bitrotted over the past months. This change in particular catches winbind up with the next composite_create() function. We also needed to remove an unused flags field, and fill in the lm response. Andrew Bartlett (This used to be commit bd26e4ffaf1c060fdc3aae28fd4393e83c5a83ea)
2007-04-29 21:40:48 +00:00
/* Handle plaintext authentication, by encrypting the password and
* then sending via the NTLM calls */
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
struct wbsrv_service *service,
Fix winbind to check machine account. This enables 'wbinfo -t', by checking the machine account with a SamLogon call. Andrew Bartlett (This used to be commit abefa12029a17e9007f4884f3651d835a10ee9e3)
2008-04-15 16:29:13 +02:00
struct cli_credentials *credentials)
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
{
const char *workstation;
NTSTATUS status;
Fix winbind to check machine account. This enables 'wbinfo -t', by checking the machine account with a SamLogon call. Andrew Bartlett (This used to be commit abefa12029a17e9007f4884f3651d835a10ee9e3)
2008-04-15 16:29:13 +02:00
const char *user, *domain;
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
DATA_BLOB chal, nt_resp, lm_resp, names_blob;
int flags = CLI_CRED_NTLM_AUTH;
r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730)
2007-12-03 21:25:17 +01:00
if (lp_client_lanman_auth(service->task->lp_ctx)) {
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
flags |= CLI_CRED_LANMAN_AUTH;
}
r26268: Avoid more use of global_loadparm - put lp_ctx in smb_server and wbsrv_connection. (This used to be commit 7c008664238ed966cb82adf5b25b22157bb50730)
2007-12-03 21:25:17 +01:00
if (lp_client_ntlmv2_auth(service->task->lp_ctx)) {
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
flags |= CLI_CRED_NTLMv2_AUTH;
}
r11825: Fix a debug msg (This used to be commit fc6458d0d4d9059e00b19ad6c54e3fd5a4119341)
2005-11-21 10:28:54 +00:00
DEBUG(5, ("wbsrv_samba3_pam_auth called\n"));
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
chal = data_blob_talloc(mem_ctx, NULL, 8);
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
if (!chal.data) {
return NULL;
}
generate_random_buffer(chal.data, chal.length);
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
cli_credentials_get_ntlm_username_domain(credentials, mem_ctx,
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
&user, &domain);
/* for best compatability with multiple vitual netbios names
* on the host, this should be generated from the
* cli_credentials associated with the machine account */
workstation = cli_credentials_get_workstation(credentials);
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
names_blob = NTLMv2_generate_names_blob(
mem_ctx,
cli_credentials_get_workstation(credentials),
cli_credentials_get_domain(credentials));
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
status = cli_credentials_get_ntlm_response(
credentials, mem_ctx, &flags, chal, names_blob,
&lm_resp, &nt_resp, NULL, NULL);
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
return wb_cmd_pam_auth_crap_send(mem_ctx, service,
Fix winbind to check machine account. This enables 'wbinfo -t', by checking the machine account with a SamLogon call. Andrew Bartlett (This used to be commit abefa12029a17e9007f4884f3651d835a10ee9e3)
2008-04-15 16:29:13 +02:00
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT|MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT /* logon parameters */,
r11517: Cleanup time, this looks larger than it is. This mainly gets rid of wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2005-11-05 09:34:07 +00:00
domain, user, workstation,
chal, nt_resp, lm_resp);
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
}
s4-winbind: support the s3 response flags on krb5 auth too This fixes the samba4.blackbox.wbinfo test, which was failing on a wbinfo -K command
2009-10-02 22:17:42 +10:00
NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c,
TALLOC_CTX *mem_ctx,
DATA_BLOB *info3,
struct netr_UserSessionKey *user_session_key,
struct netr_LMSessionKey *lm_key,
char **unix_username)
r11374: On request from VL, put the plaintext auth patch in. I still have some gremlins that get in the my way in testing this. Andrew Bartlett (This used to be commit 3353e906adb3b3116551026e3ae18fd4d7ae1764)
2005-10-28 13:42:00 +00:00
{
s4-winbind: support the s3 response flags on krb5 auth too This fixes the samba4.blackbox.wbinfo test, which was failing on a wbinfo -K command
2009-10-02 22:17:42 +10:00
struct pam_auth_crap_state *state =
talloc_get_type(c->private_data, struct pam_auth_crap_state);
NTSTATUS status = composite_wait(c);
if (NT_STATUS_IS_OK(status)) {
if (info3) {
info3->length = state->info3.length;
info3->data = talloc_steal(mem_ctx, state->info3.data);
}
if (user_session_key) {
*user_session_key = state->user_session_key;
}
if (lm_key) {
*lm_key = state->lm_key;
}
if (unix_username) {
*unix_username = talloc_steal(mem_ctx, state->unix_username);
}
}
talloc_free(state);
return status;
r10936: Commit work in progress: wb_pam_auth_crap made async. This does not work yet, but the version before did not either, so we're not worse than before. One thing this does better is to call the domain init code if it's not there yet. Volker (This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
2005-10-12 20:22:45 +00:00
}
Copy Permalink