svn commit: samba r11411 - in branches/SAMBA_4_0/source: nsswitch
winbind
abartlet at samba.org
abartlet at samba.org
Mon Oct 31 04:17:52 GMT 2005
Author: abartlet
Date: 2005-10-31 04:17:51 +0000 (Mon, 31 Oct 2005)
New Revision: 11411
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11411
Log:
Add to Samba4 the Samba3 patch I just posted for machine account
logins (changing the winbindd interface).
Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing
auth and other replies, such that all replies were having the auth
error strings set. We now do a better job of filling in the right
errors in the right places.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h
branches/SAMBA_4_0/source/winbind/wb_pam_auth.c
branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c
Changeset:
Modified: branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h
===================================================================
--- branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h 2005-10-31 03:44:29 UTC (rev 11410)
+++ branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h 2005-10-31 04:17:51 UTC (rev 11411)
@@ -37,7 +37,7 @@
/* Update this when you change the interface. */
-#define WINBIND_INTERFACE_VERSION 11
+#define WINBIND_INTERFACE_VERSION 12
/* Socket commands */
@@ -203,6 +203,7 @@
} auth; /* pam_winbind auth module */
struct {
unsigned char chal[8];
+ uint32_t logon_parameters;
winbind_string user;
winbind_string domain;
winbind_string lm_resp;
Modified: branches/SAMBA_4_0/source/winbind/wb_pam_auth.c
===================================================================
--- branches/SAMBA_4_0/source/winbind/wb_pam_auth.c 2005-10-31 03:44:29 UTC (rev 11410)
+++ branches/SAMBA_4_0/source/winbind/wb_pam_auth.c 2005-10-31 04:17:51 UTC (rev 11411)
@@ -31,6 +31,7 @@
struct pam_auth_crap_state {
struct composite_context *ctx;
struct event_context *event_ctx;
+ uint32_t logon_parameters;
const char *domain_name;
const char *user_name;
const char *workstation;
@@ -51,6 +52,7 @@
static NTSTATUS crap_samlogon_recv_req(struct composite_context *ctx, void *p);
struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call,
+ uint32_t logon_parameters,
const char *domain,
const char *user,
const char *workstation,
@@ -66,6 +68,8 @@
state->event_ctx = call->event_ctx;
+ state->logon_parameters = logon_parameters;
+
state->domain_name = talloc_strdup(state, domain);
if (state->domain_name == NULL) goto failed;
@@ -112,7 +116,7 @@
state->ninfo.identity_info.account_name.string = state->user_name;
state->ninfo.identity_info.domain_name.string = state->domain_name;
- state->ninfo.identity_info.parameter_control = 0;
+ state->ninfo.identity_info.parameter_control = state->logon_parameters;
state->ninfo.identity_info.logon_id_low = 0;
state->ninfo.identity_info.logon_id_high = 0;
state->ninfo.identity_info.workstation.string = state->workstation;
@@ -242,6 +246,7 @@
}
NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call,
+ uint32_t logon_parameters,
const char *domain, const char *user,
const char *workstation,
DATA_BLOB chal, DATA_BLOB nt_resp,
@@ -252,7 +257,8 @@
char **unix_username)
{
struct composite_context *c =
- wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+ wb_cmd_pam_auth_crap_send(call, logon_parameters,
+ domain, user, workstation,
chal, nt_resp, lm_resp);
return wb_cmd_pam_auth_crap_recv(c, mem_ctx, info3, user_session_key,
lm_key, unix_username);
@@ -314,7 +320,8 @@
if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
- c = wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+ c = wb_cmd_pam_auth_crap_send(call, 0 /* logon parameters */,
+ domain, user, workstation,
chal, nt_resp, lm_resp);
return c;
}
Modified: branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c
===================================================================
--- branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2005-10-31 03:44:29 UTC (rev 11410)
+++ branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c 2005-10-31 04:17:51 UTC (rev 11411)
@@ -36,19 +36,23 @@
#include "lib/events/events.h"
#include "librpc/gen_ndr/ndr_netlogon.h"
-static void wbsrv_samba3_async_epilogue(NTSTATUS status,
- struct wbsrv_samba3_call *s3call)
+static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status,
+ struct wbsrv_samba3_call *s3call)
{
+ struct winbindd_response *resp = &s3call->response;
if (!NT_STATUS_IS_OK(status)) {
- struct winbindd_response *resp = &s3call->response;
resp->result = WINBINDD_ERROR;
WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
nt_errstr(status));
WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
- nt_errstr(status));
- resp->data.auth.pam_error = nt_status_to_pam(status);
+ get_friendly_nt_error_msg(status));
+ } else {
+ resp->result = WINBINDD_OK;
}
+ resp->data.auth.pam_error = nt_status_to_pam(status);
+ resp->data.auth.nt_status = NT_STATUS_V(status);
+
status = wbsrv_send_reply(s3call->call);
if (!NT_STATUS_IS_OK(status)) {
wbsrv_terminate_connection(s3call->call->wbconn,
@@ -56,6 +60,23 @@
}
}
+static void wbsrv_samba3_async_epilogue(NTSTATUS status,
+ struct wbsrv_samba3_call *s3call)
+{
+ struct winbindd_response *resp = &s3call->response;
+ if (NT_STATUS_IS_OK(status)) {
+ resp->result = WINBINDD_OK;
+ } else {
+ resp->result = WINBINDD_ERROR;
+ }
+
+ status = wbsrv_send_reply(s3call->call);
+ if (!NT_STATUS_IS_OK(status)) {
+ wbsrv_terminate_connection(s3call->call->wbconn,
+ "wbsrv_queue_reply() failed");
+ }
+}
+
NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
@@ -129,8 +150,7 @@
status = wb_cmd_checkmachacc_recv(ctx);
- s3call->response.result = WINBINDD_OK;
- wbsrv_samba3_async_epilogue(status, s3call);
+ wbsrv_samba3_async_auth_epilogue(status, s3call);
}
static void getdcname_recv_dc(struct composite_context *ctx);
@@ -404,20 +424,20 @@
NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
{
struct composite_context *ctx;
-
DATA_BLOB chal, nt_resp, lm_resp;
DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
- chal.data = s3call->request.data.auth_crap.chal;
- chal.length = sizeof(s3call->request.data.auth_crap.chal);
- nt_resp.data = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
- nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
- lm_resp.data = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
- lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
+ chal.data = s3call->request.data.auth_crap.chal;
+ chal.length = sizeof(s3call->request.data.auth_crap.chal);
+ nt_resp.data = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
+ nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
+ lm_resp.data = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
+ lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
ctx = wb_cmd_pam_auth_crap_send(
s3call->call,
+ s3call->request.data.auth_crap.logon_parameters,
s3call->request.data.auth_crap.domain,
s3call->request.data.auth_crap.user,
s3call->request.data.auth_crap.workstation,
@@ -435,7 +455,6 @@
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
- struct winbindd_response *resp = &s3call->response;
NTSTATUS status;
DATA_BLOB info3;
struct netr_UserSessionKey user_session_key;
@@ -468,10 +487,8 @@
s3call->response.length += strlen(unix_username)+1;
}
- resp->result = WINBINDD_OK;
-
done:
- wbsrv_samba3_async_epilogue(status, s3call);
+ wbsrv_samba3_async_auth_epilogue(status, s3call);
}
static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
@@ -520,17 +537,14 @@
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
- struct winbindd_response *resp = &s3call->response;
NTSTATUS status;
status = wb_cmd_pam_auth_recv(ctx);
if (!NT_STATUS_IS_OK(status)) goto done;
- resp->result = WINBINDD_OK;
-
done:
- wbsrv_samba3_async_epilogue(status, s3call);
+ wbsrv_samba3_async_auth_epilogue(status, s3call);
}
static void list_trustdom_recv_doms(struct composite_context *ctx);
More information about the samba-cvs
mailing list