[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha7-2403-ge7e98ba
Günther Deschner
gd at samba.org
Thu Jun 18 14:38:23 GMT 2009
The branch, master has been updated
via e7e98ba4807f3c4e0538b24ae0092f69383ae2d7 (commit)
via 6037c200a1ff37fce91a5559aa87cdee0e310a8d (commit)
from c92505817d6453c100ed52c9c3ab289f5589ce25 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e7e98ba4807f3c4e0538b24ae0092f69383ae2d7
Author: Günther Deschner <gd at samba.org>
Date: Thu Jun 18 16:17:26 2009 +0200
libwbclient: fix returned LogonInfo in wbc_LogonUser().
That function could return emtpy blobs for username and ccache for e.g. cached
logins.
Guenther
commit 6037c200a1ff37fce91a5559aa87cdee0e310a8d
Author: Günther Deschner <gd at samba.org>
Date: Thu Jun 18 16:33:46 2009 +0200
wbinfo: use wbcLogonUser for wbinfo -K.
Guenther
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_pam.c | 6 ++-
nsswitch/wbinfo.c | 111 +++++++++++++++++++++++++++-------------
2 files changed, 80 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index a245d8a..d3bf616 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -268,7 +268,8 @@ static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx,
wbc_status = wbc_create_auth_info(i, resp, &i->info);
BAIL_ON_WBC_ERROR(wbc_status);
- if (resp->data.auth.krb5ccname) {
+ if (resp->data.auth.krb5ccname &&
+ strlen(resp->data.auth.krb5ccname)) {
wbc_status = wbcAddNamedBlob(&i->num_blobs,
&i->blobs,
"krb5ccname",
@@ -278,7 +279,8 @@ static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx,
BAIL_ON_WBC_ERROR(wbc_status);
}
- if (resp->data.auth.unix_username) {
+ if (resp->data.auth.unix_username &&
+ strlen(resp->data.auth.unix_username)) {
wbc_status = wbcAddNamedBlob(&i->num_blobs,
&i->blobs,
"unix_username",
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 04addda..5dd96f9 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1178,66 +1178,107 @@ static char *wbinfo_prompt_pass(const char *prefix,
static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
{
- struct winbindd_request request;
- struct winbindd_response response;
- NSS_STATUS result;
- char *p;
- char *password;
-
- /* Send off request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ char *s = NULL;
+ char *p = NULL;
+ char *password = NULL;
+ char *name = NULL;
+ uid_t uid;
+ struct wbcLogonUserParams params;
+ struct wbcLogonUserInfo *info;
+ struct wbcAuthErrorInfo *error;
+ struct wbcUserPasswordPolicyInfo *policy;
- p = strchr(username, '%');
+ if ((s = SMB_STRDUP(username)) == NULL) {
+ return false;
+ }
- if (p) {
+ if ((p = strchr(s, '%')) != NULL) {
*p = 0;
- fstrcpy(request.data.auth.user, username);
- fstrcpy(request.data.auth.pass, p + 1);
- *p = '%';
+ p++;
+ password = SMB_STRDUP(p);
} else {
- fstrcpy(request.data.auth.user, username);
password = wbinfo_prompt_pass(NULL, username);
- fstrcpy(request.data.auth.pass, password);
- SAFE_FREE(password);
}
- request.flags = flags;
+ name = s;
- fstrcpy(request.data.auth.krb5_cc_type, cctype);
+ uid = geteuid();
- request.data.auth.uid = geteuid();
+ params.username = name;
+ params.password = password;
+ params.num_blobs = 0;
+ params.blobs = NULL;
- result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
+ wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
+ ¶ms.blobs,
+ "flags",
+ 0,
+ (uint8_t *)&flags,
+ sizeof(flags));
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
- /* Display response */
+ wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
+ ¶ms.blobs,
+ "user_uid",
+ 0,
+ (uint8_t *)&uid,
+ sizeof(uid));
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
+
+ wbc_status = wbcAddNamedBlob(¶ms.num_blobs,
+ ¶ms.blobs,
+ "krb5_cc_type",
+ 0,
+ (uint8_t *)cctype,
+ strlen(cctype)+1);
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto done;
+ }
+
+ wbc_status = wbcLogonUser(¶ms, &info, &error, &policy);
d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n",
- username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype);
+ username, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed", cctype);
- if (response.data.auth.nt_status)
+ if (error) {
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
- response.data.auth.nt_status_string,
- response.data.auth.nt_status,
- response.data.auth.error_string);
-
- if (result == NSS_STATUS_SUCCESS) {
+ error->nt_string,
+ error->nt_status,
+ error->display_string);
+ }
- if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
- if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
+ if (WBC_ERROR_IS_OK(wbc_status)) {
+ if (flags & WBFLAG_PAM_INFO3_TEXT) {
+ if (info && info->info && info->info->user_flags & NETLOGON_CACHED_ACCOUNT) {
d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
}
}
- if (response.data.auth.krb5ccname[0] != '\0') {
- d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname);
+ if (info) {
+ int i;
+ for (i=0; i < info->num_blobs; i++) {
+ if (strequal(info->blobs[i].name, "krb5ccname")) {
+ d_printf("credentials were put in: %s\n",
+ (const char *)info->blobs[i].blob.data);
+ break;
+ }
+ }
} else {
d_printf("no credentials cached\n");
}
}
+ done:
+
+ SAFE_FREE(s);
+ SAFE_FREE(password);
+ wbcFreeMemory(params.blobs);
- return result == NSS_STATUS_SUCCESS;
+ return WBC_ERROR_IS_OK(wbc_status);
}
/* Authenticate a user with a plaintext password */
--
Samba Shared Repository
More information about the samba-cvs
mailing list