s4-auth Move conversion of security_token to unix_token to auth
[amitay/samba.git] / source4 / auth / ntlm / auth.c
index d2464c3cbf6dd4a2dbeb05cd7e0bd000702da0c4..7006125d1629ced441f4d4b3816adaa65a16f1bb 100644 (file)
@@ -26,7 +26,7 @@
 #include "auth/ntlm/auth_proto.h"
 #include "param/param.h"
 #include "dsdb/samdb/samdb.h"
-
+#include "libcli/wbclient/wbclient.h"
 
 /***************************************************************************
  Set a fixed challenge
@@ -407,16 +407,35 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
 }
 
 /* Wrapper because we don't want to expose all callers to needing to
- * know that session_info is generated from the main ldb */
+ * know that session_info is generated from the main ldb, and because we need to break a depenency loop between the DCE/RPC layer and the generation of unix tokens via IRPC */
 static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
                                                   struct auth4_context *auth_context,
                                                   struct auth_user_info_dc *user_info_dc,
                                                   uint32_t session_info_flags,
                                                   struct auth_session_info **session_info)
 {
-       return auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
-                                         auth_context->sam_ctx, user_info_dc,
-                                         session_info_flags, session_info);
+       NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
+                                                    auth_context->sam_ctx, user_info_dc,
+                                                    session_info_flags, session_info);
+       if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN)
+           && NT_STATUS_IS_OK(status)) {
+               struct wbc_context *wbc_ctx = wbc_init(auth_context,
+                                                      auth_context->msg_ctx,
+                                                      auth_context->event_ctx);
+               if (!wbc_ctx) {
+                       TALLOC_FREE(*session_info);
+                       DEBUG(1, ("Cannot contact winbind to provide unix token"));
+                       return NT_STATUS_INVALID_SERVER_STATE;
+               }
+               status = security_token_to_unix_token(*session_info, wbc_ctx,
+                                                     (*session_info)->security_token,
+                                                     &(*session_info)->unix_token);
+               if (!NT_STATUS_IS_OK(status)) {
+                       TALLOC_FREE(*session_info);
+               }
+               TALLOC_FREE(wbc_ctx);
+       }
+       return status;
 }
 
 /***************************************************************************