svn commit: samba r11411 - in branches/SAMBA_4_0/source: nsswitch winbind

abartlet at samba.org abartlet at samba.org
Mon Oct 31 04:17:52 GMT 2005


Author: abartlet
Date: 2005-10-31 04:17:51 +0000 (Mon, 31 Oct 2005)
New Revision: 11411

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=11411

Log:
Add to Samba4 the Samba3 patch I just posted for machine account
logins (changing the winbindd interface).

Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing
auth and other replies, such that all replies were having the auth
error strings set.  We now do a better job of filling in the right
errors in the right places.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h
   branches/SAMBA_4_0/source/winbind/wb_pam_auth.c
   branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c


Changeset:
Modified: branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h
===================================================================
--- branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h	2005-10-31 03:44:29 UTC (rev 11410)
+++ branches/SAMBA_4_0/source/nsswitch/winbindd_nss.h	2005-10-31 04:17:51 UTC (rev 11411)
@@ -37,7 +37,7 @@
 
 /* Update this when you change the interface.  */
 
-#define WINBIND_INTERFACE_VERSION 11
+#define WINBIND_INTERFACE_VERSION 12
 
 /* Socket commands */
 
@@ -203,6 +203,7 @@
 		} auth;              /* pam_winbind auth module */
                 struct {
                         unsigned char chal[8];
+			uint32_t logon_parameters;
                         winbind_string user;
                         winbind_string domain;
                         winbind_string lm_resp;

Modified: branches/SAMBA_4_0/source/winbind/wb_pam_auth.c
===================================================================
--- branches/SAMBA_4_0/source/winbind/wb_pam_auth.c	2005-10-31 03:44:29 UTC (rev 11410)
+++ branches/SAMBA_4_0/source/winbind/wb_pam_auth.c	2005-10-31 04:17:51 UTC (rev 11411)
@@ -31,6 +31,7 @@
 struct pam_auth_crap_state {
 	struct composite_context *ctx;
 	struct event_context *event_ctx;
+	uint32_t logon_parameters;
 	const char *domain_name;
 	const char *user_name;
 	const char *workstation;
@@ -51,6 +52,7 @@
 static NTSTATUS crap_samlogon_recv_req(struct composite_context *ctx, void *p);
 
 struct composite_context *wb_cmd_pam_auth_crap_send(struct wbsrv_call *call,
+						    uint32_t logon_parameters,
 						    const char *domain,
 						    const char *user,
 						    const char *workstation,
@@ -66,6 +68,8 @@
 
 	state->event_ctx = call->event_ctx;
 
+	state->logon_parameters = logon_parameters;
+
 	state->domain_name = talloc_strdup(state, domain);
 	if (state->domain_name == NULL) goto failed;
 
@@ -112,7 +116,7 @@
 
 	state->ninfo.identity_info.account_name.string = state->user_name;
 	state->ninfo.identity_info.domain_name.string =  state->domain_name;
-	state->ninfo.identity_info.parameter_control = 0;
+	state->ninfo.identity_info.parameter_control = state->logon_parameters;
 	state->ninfo.identity_info.logon_id_low = 0;
 	state->ninfo.identity_info.logon_id_high = 0;
 	state->ninfo.identity_info.workstation.string = state->workstation;
@@ -242,6 +246,7 @@
 }
 
 NTSTATUS wb_cmd_pam_auth_crap(struct wbsrv_call *call,
+			      uint32_t logon_parameters,
 			      const char *domain, const char *user,
 			      const char *workstation,
 			      DATA_BLOB chal, DATA_BLOB nt_resp,
@@ -252,7 +257,8 @@
 			      char **unix_username)
 {
 	struct composite_context *c =
-		wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+		wb_cmd_pam_auth_crap_send(call, logon_parameters, 
+					  domain, user, workstation,
 					  chal, nt_resp, lm_resp);
 	return wb_cmd_pam_auth_crap_recv(c, mem_ctx, info3, user_session_key,
 					 lm_key, unix_username);
@@ -314,7 +320,8 @@
 	if (!NT_STATUS_IS_OK(status)) {
 		return NULL;
 	}
-	c = wb_cmd_pam_auth_crap_send(call, domain, user, workstation,
+	c = wb_cmd_pam_auth_crap_send(call, 0 /* logon parameters */, 
+				      domain, user, workstation,
 				      chal, nt_resp, lm_resp);
 	return c;
 }

Modified: branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c
===================================================================
--- branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c	2005-10-31 03:44:29 UTC (rev 11410)
+++ branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c	2005-10-31 04:17:51 UTC (rev 11411)
@@ -36,19 +36,23 @@
 #include "lib/events/events.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
 
-static void wbsrv_samba3_async_epilogue(NTSTATUS status,
-					struct wbsrv_samba3_call *s3call)
+static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status,
+					     struct wbsrv_samba3_call *s3call)
 {
+	struct winbindd_response *resp = &s3call->response;
 	if (!NT_STATUS_IS_OK(status)) {
-		struct winbindd_response *resp = &s3call->response;
 		resp->result = WINBINDD_ERROR;
 		WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
 					nt_errstr(status));
 		WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
-					nt_errstr(status));
-		resp->data.auth.pam_error = nt_status_to_pam(status);
+					get_friendly_nt_error_msg(status));
+	} else {
+		resp->result = WINBINDD_OK;
 	}
 
+	resp->data.auth.pam_error = nt_status_to_pam(status);
+	resp->data.auth.nt_status = NT_STATUS_V(status);
+
 	status = wbsrv_send_reply(s3call->call);
 	if (!NT_STATUS_IS_OK(status)) {
 		wbsrv_terminate_connection(s3call->call->wbconn,
@@ -56,6 +60,23 @@
 	}
 }
 
+static void wbsrv_samba3_async_epilogue(NTSTATUS status,
+					struct wbsrv_samba3_call *s3call)
+{
+	struct winbindd_response *resp = &s3call->response;
+	if (NT_STATUS_IS_OK(status)) {
+		resp->result = WINBINDD_OK;
+	} else {
+		resp->result = WINBINDD_ERROR;
+	}
+
+	status = wbsrv_send_reply(s3call->call);
+	if (!NT_STATUS_IS_OK(status)) {
+		wbsrv_terminate_connection(s3call->call->wbconn,
+					   "wbsrv_queue_reply() failed");
+	}
+}
+
 NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call)
 {
 	s3call->response.result			= WINBINDD_OK;
@@ -129,8 +150,7 @@
 
 	status = wb_cmd_checkmachacc_recv(ctx);
 
-	s3call->response.result = WINBINDD_OK;
-	wbsrv_samba3_async_epilogue(status, s3call);
+	wbsrv_samba3_async_auth_epilogue(status, s3call);
 }
 
 static void getdcname_recv_dc(struct composite_context *ctx);
@@ -404,20 +424,20 @@
 NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
 {
 	struct composite_context *ctx;
-
 	DATA_BLOB chal, nt_resp, lm_resp;
 
 	DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
 
-	chal.data      = s3call->request.data.auth_crap.chal;
-	chal.length    = sizeof(s3call->request.data.auth_crap.chal);
-	nt_resp.data   = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
-	nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
-	lm_resp.data   = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
-	lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
+	chal.data       = s3call->request.data.auth_crap.chal;
+	chal.length     = sizeof(s3call->request.data.auth_crap.chal);
+	nt_resp.data    = (uint8_t *)s3call->request.data.auth_crap.nt_resp;
+	nt_resp.length  = s3call->request.data.auth_crap.nt_resp_len;
+	lm_resp.data    = (uint8_t *)s3call->request.data.auth_crap.lm_resp;
+	lm_resp.length  = s3call->request.data.auth_crap.lm_resp_len;
 
 	ctx = wb_cmd_pam_auth_crap_send(
 		s3call->call, 
+		s3call->request.data.auth_crap.logon_parameters,
 		s3call->request.data.auth_crap.domain,
 		s3call->request.data.auth_crap.user,
 		s3call->request.data.auth_crap.workstation,
@@ -435,7 +455,6 @@
 	struct wbsrv_samba3_call *s3call =
 		talloc_get_type(ctx->async.private_data,
 				struct wbsrv_samba3_call);
-	struct winbindd_response *resp = &s3call->response;
 	NTSTATUS status;
 	DATA_BLOB info3;
 	struct netr_UserSessionKey user_session_key;
@@ -468,10 +487,8 @@
 		s3call->response.length += strlen(unix_username)+1;
 	}
 
-	resp->result = WINBINDD_OK;
-
  done:
-	wbsrv_samba3_async_epilogue(status, s3call);
+	wbsrv_samba3_async_auth_epilogue(status, s3call);
 }
 
 static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
@@ -520,17 +537,14 @@
 	struct wbsrv_samba3_call *s3call =
 		talloc_get_type(ctx->async.private_data,
 				struct wbsrv_samba3_call);
-	struct winbindd_response *resp = &s3call->response;
 	NTSTATUS status;
 
 	status = wb_cmd_pam_auth_recv(ctx);
 
 	if (!NT_STATUS_IS_OK(status)) goto done;
 
-	resp->result = WINBINDD_OK;
-
  done:
-	wbsrv_samba3_async_epilogue(status, s3call);
+	wbsrv_samba3_async_auth_epilogue(status, s3call);
 }
 
 static void list_trustdom_recv_doms(struct composite_context *ctx);



More information about the samba-cvs mailing list