if (state->request.flags & WBFLAG_PAM_INFO3_NDR) {
result = append_info3_as_ndr(mem_ctx, state, &info3);
+ } else if (state->request.flags & WBFLAG_PAM_UNIX_NAME) {
+ /* ntlm_auth should return the unix username, per
+ 'winbind use default domain' settings and the like */
+
+ fstring username_out;
+ const char *nt_username, *nt_domain;
+ if (!(nt_username = unistr2_tdup(mem_ctx, &(info3.uni_user_name)))) {
+ /* If the server didn't give us one, just use the one we sent them */
+ nt_username = user;
+ }
+
+ if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3.uni_logon_dom)))) {
+ /* If the server didn't give us one, just use the one we sent them */
+ nt_domain = domain;
+ }
+
+ fill_domain_username(username_out, nt_username, nt_domain);
+
+ DEBUG(5, ("Setting unix username to [%s]\n", username_out));
+
+ state->response.extra_data = strdup(username_out);
+ if (!state->response.extra_data) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ state->response.length += strlen(state->response.extra_data)+1;
}
if (state->request.flags & WBFLAG_PAM_NTKEY) {
uint32 flags,
uint8 lm_key[8],
uint8 nt_key[16],
- char **error_string)
+ char **error_string,
+ char **unix_name)
{
NTSTATUS nt_status;
NSS_STATUS result;
memcpy(nt_key, response.data.auth.nt_session_key,
sizeof(response.data.auth.nt_session_key));
}
+
+ if (flags & WBFLAG_PAM_UNIX_NAME) {
+ *unix_name = response.extra_data;
+ }
+
return nt_status;
}
char *error_string;
uint8 lm_key[8];
uint8 nt_key[16];
-
+ char *unix_name;
+
nt_status = contact_winbind_auth_crap(ntlmssp_state->user, ntlmssp_state->domain,
ntlmssp_state->workstation,
&ntlmssp_state->chal,
&ntlmssp_state->lm_resp,
&ntlmssp_state->nt_resp,
- WBFLAG_PAM_LMKEY | WBFLAG_PAM_NTKEY,
+ WBFLAG_PAM_LMKEY | WBFLAG_PAM_NTKEY | WBFLAG_PAM_UNIX_NAME,
lm_key, nt_key,
- &error_string);
+ &error_string, &unix_name);
if (NT_STATUS_IS_OK(nt_status)) {
if (memcmp(lm_key, zeros, 8) != 0) {
if (memcmp(nt_key, zeros, 16) != 0) {
*nt_session_key = data_blob(nt_key, 16);
}
+ ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state->mem_ctx, unix_name);
+ SAFE_FREE(unix_name);
} else {
DEBUG(NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED) ? 0 : 3,
("Login for user [%s]\\[%s]@[%s] failed due to [%s]\n",
ntlmssp_state->domain, ntlmssp_state->user, ntlmssp_state->workstation, error_string ? error_string : "unknown error (NULL)"));
+ ntlmssp_state->auth_context = NULL;
}
return nt_status;
}
if (memcmp(nt_key, zeros, 16) != 0) {
*nt_session_key = data_blob(nt_key, 16);
}
+ ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state->mem_ctx, "%s%c%s", ntlmssp_state->domain, *lp_winbind_separator(), ntlmssp_state->user);
} else {
DEBUG(3, ("Login for user [%s]\\[%s]@[%s] failed due to [%s]\n",
ntlmssp_state->domain, ntlmssp_state->user, ntlmssp_state->workstation,
nt_errstr(nt_status)));
+ ntlmssp_state->auth_context = NULL;
}
return nt_status;
}
x_fprintf(x_stdout, "NA %s\n", nt_errstr(nt_status));
DEBUG(10, ("NTLMSSP %s\n", nt_errstr(nt_status)));
} else {
- x_fprintf(x_stdout, "AF %s\\%s\n", ntlmssp_state->domain, ntlmssp_state->user);
+ x_fprintf(x_stdout, "AF %s\n", (char *)ntlmssp_state->auth_context);
DEBUG(10, ("NTLMSSP OK!\n"));
}
flags,
(unsigned char *)lm_key,
(unsigned char *)nt_key,
- &error_string);
+ &error_string, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
x_fprintf(x_stdout, "%s (0x%x)\n",
flags,
lm_key,
nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&lm_response);
flags,
lm_key,
nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&nt_response);
flags,
(unsigned char *)lm_key,
(unsigned char *)nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&nt_response);
flags,
NULL,
nt_key,
- &error_string);
+ &error_string, NULL);
data_blob_free(&lmv2_response);
data_blob_free(&ntlmv2_response);
flags,
lm_key,
nt_key,
- &error_string);
+ &error_string, NULL);
SAFE_FREE(nt_response.data);
SAFE_FREE(lm_response.data);
git.samba.org / ira / wip.git / commitdiff