sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

s3:auth: Re-format auth3_generate_session_info_pac()

Browse Source 
This is in preparation to split up the function into several functions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2024-04-12 14:36:32 +02:00 committed by Andrew Bartlett
parent cdb31d7e45
commit 20c546f928
1 changed files with 53 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
source3/auth/auth_generic.c
View File

@ -38,14 +38,15 @@
#include "librpc/gen_ndr/dcerpc.h" #include "librpc/gen_ndr/dcerpc.h"
#include "source3/lib/substitute.h" #include "source3/lib/substitute.h"
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx, static NTSTATUS auth3_generate_session_info_pac(
TALLOC_CTX *mem_ctx, struct auth4_context *auth_ctx,
struct smb_krb5_context *smb_krb5_context, TALLOC_CTX *mem_ctx,
DATA_BLOB *pac_blob, struct smb_krb5_context *smb_krb5_context,
const char *princ_name, DATA_BLOB *pac_blob,
const struct tsocket_address *remote_address, const char *princ_name,
uint32_t session_info_flags, const struct tsocket_address *remote_address,
struct auth_session_info **session_info) uint32_t session_info_flags,
struct auth_session_info **session_info)
{ {
enum server_role server_role = lp_server_role(); enum server_role server_role = lp_server_role();
TALLOC_CTX *tmp_ctx; TALLOC_CTX *tmp_ctx;
@ -64,8 +65,8 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
} }
if (tsocket_address_is_inet(remote_address, "ip")) { if (tsocket_address_is_inet(remote_address, "ip")) {
rhost = tsocket_address_inet_addr_string( rhost = tsocket_address_inet_addr_string(remote_address,
remote_address, tmp_ctx); tmp_ctx);
if (rhost == NULL) { if (rhost == NULL) {
status = NT_STATUS_NO_MEMORY; status = NT_STATUS_NO_MEMORY;
goto done; goto done;
@ -75,7 +76,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
} }
if (server_role != ROLE_STANDALONE) { if (server_role != ROLE_STANDALONE) {
struct wbcAuthUserParams params = { 0 }; struct wbcAuthUserParams params = {0};
struct wbcAuthUserInfo *info = NULL; struct wbcAuthUserInfo *info = NULL;
struct wbcAuthErrorInfo *err = NULL; struct wbcAuthErrorInfo *err = NULL;
struct auth_serversupplied_info *server_info = NULL; struct auth_serversupplied_info *server_info = NULL;
@ -119,30 +120,31 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
*/ */
switch (wbc_err) { switch (wbc_err) {
case WBC_ERR_SUCCESS: case WBC_ERR_SUCCESS:
break; break;
case WBC_ERR_WINBIND_NOT_AVAILABLE: case WBC_ERR_WINBIND_NOT_AVAILABLE:
status = NT_STATUS_NO_LOGON_SERVERS; status = NT_STATUS_NO_LOGON_SERVERS;
DBG_ERR("winbindd not running - " DBG_ERR("winbindd not running - "
"but required as domain member: %s\n", "but required as domain member: %s\n",
nt_errstr(status)); nt_errstr(status));
goto done; goto done;
case WBC_ERR_AUTH_ERROR: case WBC_ERR_AUTH_ERROR:
status = NT_STATUS(err->nt_status); status = NT_STATUS(err->nt_status);
wbcFreeMemory(err); wbcFreeMemory(err);
goto done; goto done;
case WBC_ERR_NO_MEMORY: case WBC_ERR_NO_MEMORY:
status = NT_STATUS_NO_MEMORY; status = NT_STATUS_NO_MEMORY;
goto done; goto done;
default: default:
status = NT_STATUS_LOGON_FAILURE; status = NT_STATUS_LOGON_FAILURE;
goto done; goto done;
} }
status = make_server_info_wbcAuthUserInfo(tmp_ctx, status = make_server_info_wbcAuthUserInfo(tmp_ctx,
info->account_name, info->account_name,
info->domain_name, info->domain_name,
info, &server_info); info,
&server_info);
wbcFreeMemory(info); wbcFreeMemory(info);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("make_server_info_wbcAuthUserInfo failed: %s\n", DEBUG(10, ("make_server_info_wbcAuthUserInfo failed: %s\n",
@ -180,7 +182,9 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
goto done; goto done;
} }
original_user_name = talloc_strndup(tmp_ctx, princ_name, p - princ_name); original_user_name = talloc_strndup(tmp_ctx,
princ_name,
p - princ_name);
if (original_user_name == NULL) { if (original_user_name == NULL) {
status = NT_STATUS_NO_MEMORY; status = NT_STATUS_NO_MEMORY;
goto done; goto done;
@ -209,27 +213,37 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
*/ */
status = NT_STATUS_BAD_TOKEN_TYPE; status = NT_STATUS_BAD_TOKEN_TYPE;
DBG_WARNING("Unexpected PAC for [%s] in standalone mode - %s\n", DBG_WARNING("Unexpected PAC for [%s] in standalone mode - %s\n",
princ_name, nt_errstr(status)); princ_name,
nt_errstr(status));
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
goto done; goto done;
} }
} }
status = get_user_from_kerberos_info(tmp_ctx, rhost, status = get_user_from_kerberos_info(tmp_ctx,
rhost,
princ_name, princ_name,
&is_mapped, &is_guest, &is_mapped,
&ntuser, &ntdomain, &is_guest,
&username, &pw); &ntuser,
&ntdomain,
&username,
&pw);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
DBG_NOTICE("Failed to map kerberos principal to system user " DBG_NOTICE("Failed to map kerberos principal to system user "
"(%s)\n", nt_errstr(status)); "(%s)\n",
nt_errstr(status));
status = NT_STATUS_ACCESS_DENIED; status = NT_STATUS_ACCESS_DENIED;
goto done; goto done;
} }
status = make_session_info_krb5(mem_ctx, status = make_session_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw, ntuser,
is_guest, is_mapped, ntdomain,
username,
pw,
is_guest,
is_mapped,
session_info); session_info);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n", DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",