ldap_server: Move code into authenticate_ldap_simple_bind()

[sfrench/samba-autobuild/.git] / source4 / auth / ntlm / auth_simple.c

diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index be2ff5e1690389e23b1d3ac99539049c773a2068..31dc0e51b188041bbbea8fa4e330f678db3280f2 100644 (file)
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -23,20 +23,21 @@
 
 #include "includes.h"
 #include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
 
 /*
  It's allowed to pass NULL as session_info,
  when the caller doesn't need a session_info
 */
-_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
-                                          struct tevent_context *ev,
-                                          struct imessaging_context *msg,
-                                          struct loadparm_context *lp_ctx,
-                                          const char *nt4_domain,
-                                          const char *nt4_username,
-                                          const char *password,
-                                          const uint32_t logon_parameters,
-                                          struct auth_session_info **session_info) 
+_PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
+                                               struct tevent_context *ev,
+                                               struct imessaging_context *msg,
+                                               struct loadparm_context *lp_ctx,
+                                               struct tsocket_address *remote_address,
+                                               struct tsocket_address *local_address,
+                                               const char *dn,
+                                               const char *password,
+                                               struct auth_session_info **session_info)
 {
        struct auth4_context *auth_context;
        struct auth_usersupplied_info *user_info;
@@ -44,11 +45,21 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
        NTSTATUS nt_status;
        uint8_t authoritative = 0;
        TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+       const char *nt4_domain;
+       const char *nt4_username;
 
        if (!tmp_ctx) {
                return NT_STATUS_NO_MEMORY;
        }
 
+       nt_status = crack_auto_name_to_nt4_name(tmp_ctx, ev, lp_ctx, dn,
+                                               &nt4_domain, &nt4_username);
+
+       if (!NT_STATUS_IS_OK(nt_status)) {
+               talloc_free(tmp_ctx);
+               return nt_status;
+       }
+
        nt_status = auth_context_create(tmp_ctx, 
                                        ev, msg,
                                        lp_ctx,
@@ -65,14 +76,17 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
        }
 
        user_info->mapped_state = true;
-       user_info->client.account_name = nt4_username;
+       user_info->client.account_name = dn;
+       /* No client.domain_name, use account_name instead */
        user_info->mapped.account_name = nt4_username;
-       user_info->client.domain_name = nt4_domain;
        user_info->mapped.domain_name = nt4_domain;
 
        user_info->workstation_name = NULL;
 
-       user_info->remote_host = NULL;
+       user_info->remote_host = remote_address;
+       user_info->local_host = local_address;
+
+       user_info->service_description = "ldap simple bind";
 
        user_info->password_state = AUTH_PASSWORD_PLAIN;
        user_info->password.plaintext = talloc_strdup(user_info, password);
@@ -80,7 +94,9 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
        user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
                USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
 
-       user_info->logon_parameters = logon_parameters |
+       user_info->logon_parameters =
+               MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
+               MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
                MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
                MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;