git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
winbindd: Do not use group_list->out.resume_index after free
[samba.git] / source4 / winbind / wb_pam_auth.c
diff --git a/source4/winbind/wb_pam_auth.c b/source4/winbind/wb_pam_auth.c
index ee54bcd58f7818a1873b53c53e0f0aea007fc9e2..c84b51f4fe937c302b61f6f5e80cd7ff697722cb 100644 (file)
--- a/source4/winbind/wb_pam_auth.c
+++ b/source4/winbind/wb_pam_auth.c
@@ -27,14 +27,13 @@
 #include "auth/credentials/credentials.h"
 #include "libcli/auth/libcli_auth.h"
 #include "librpc/gen_ndr/ndr_netlogon.h"
-#include "librpc/gen_ndr/ndr_netlogon_c.h"
 #include "librpc/gen_ndr/winbind.h"
 #include "param/param.h"
 
 /* Oh, there is so much to keep an eye on when authenticating a user.  Oh my! */
 struct pam_auth_crap_state {
        struct composite_context *ctx;
-       struct event_context *event_ctx;
+       struct tevent_context *event_ctx;
        struct loadparm_context *lp_ctx;
 
        struct winbind_SamLogon *req;
@@ -55,7 +54,7 @@ struct pam_auth_crap_state {
  * NTLM authentication.
 */
 
-static void pam_auth_crap_recv_logon(struct composite_context *ctx);
+static void pam_auth_crap_recv_logon(struct tevent_req *subreq);
 
 struct composite_context *wb_cmd_pam_auth_crap_send(TALLOC_CTX *mem_ctx,
                                                    struct wbsrv_service *service,
@@ -67,10 +66,11 @@ struct composite_context *wb_cmd_pam_auth_crap_send(TALLOC_CTX *mem_ctx,
                                                    DATA_BLOB nt_resp,
                                                    DATA_BLOB lm_resp)
 {
-       struct composite_context *result, *ctx;
+       struct composite_context *result;
        struct pam_auth_crap_state *state;
        struct netr_NetworkInfo *ninfo;
        DATA_BLOB tmp_nt_resp, tmp_lm_resp;
+       struct tevent_req *subreq;
 
        result = composite_create(mem_ctx, service->task->event_ctx);
        if (result == NULL) goto failed;
@@ -114,10 +114,11 @@ struct composite_context *wb_cmd_pam_auth_crap_send(TALLOC_CTX *mem_ctx,
 
        state->unix_username = NULL;
 
-       ctx = wb_sam_logon_send(mem_ctx, service, state->req);
-       if (ctx == NULL) goto failed;
-
-       composite_continue(result, ctx, pam_auth_crap_recv_logon, state);
+       subreq = wb_sam_logon_send(state,
+                                  service->task->event_ctx,
+                                  service, state->req);
+       if (subreq == NULL) goto failed;
+       tevent_req_set_callback(subreq, pam_auth_crap_recv_logon, state);
        return result;
 
  failed:
@@ -130,21 +131,21 @@ struct composite_context *wb_cmd_pam_auth_crap_send(TALLOC_CTX *mem_ctx,
 
     Send of a SamLogon request to authenticate a user.
 */
-static void pam_auth_crap_recv_logon(struct composite_context *ctx)
+static void pam_auth_crap_recv_logon(struct tevent_req *subreq)
 {
        DATA_BLOB tmp_blob;
        enum ndr_err_code ndr_err;
        struct netr_SamBaseInfo *base;
        struct pam_auth_crap_state *state =
-               talloc_get_type(ctx->async.private_data,
+               tevent_req_callback_data(subreq,
                                struct pam_auth_crap_state);
 
-       state->ctx->status = wb_sam_logon_recv(ctx, state, state->req);
+       state->ctx->status = wb_sam_logon_recv(subreq, state, state->req);
+       TALLOC_FREE(subreq);
        if (!composite_is_ok(state->ctx)) return;
 
        ndr_err = ndr_push_struct_blob(
-               &tmp_blob, state, lp_iconv_convenience(state->lp_ctx), 
-               state->req->out.validation.sam3,
+               &tmp_blob, state, state->req->out.validation.sam3,
                (ndr_push_flags_fn_t)ndr_push_netr_SamInfo3);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                state->ctx->status = ndr_map_error2ntstatus(ndr_err);
@@ -172,14 +173,14 @@ static void pam_auth_crap_recv_logon(struct composite_context *ctx)
                state->user_name = base->account_name.string;
                talloc_steal(state, base->account_name.string);
        }
-       if (base->domain.string) {
-               state->domain_name = base->domain.string;
-               talloc_steal(state, base->domain.string);
+       if (base->logon_domain.string) {
+               state->domain_name = base->logon_domain.string;
+               talloc_steal(state, base->logon_domain.string);
        }
 
        state->unix_username = talloc_asprintf(state, "%s%s%s", 
                                               state->domain_name,
-                                              lp_winbind_separator(state->lp_ctx),
+                                              lpcfg_winbind_separator(state->lp_ctx),
                                               state->user_name);
        if (composite_nomem(state->unix_username, state->ctx)) return;
 
@@ -221,11 +222,11 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
        const char *user, *domain;
        DATA_BLOB chal, nt_resp, lm_resp, names_blob;
        int flags = CLI_CRED_NTLM_AUTH;
-       if (lp_client_lanman_auth(service->task->lp_ctx)) {
+       if (lpcfg_client_lanman_auth(service->task->lp_ctx)) {
                flags |= CLI_CRED_LANMAN_AUTH;
        }
 
-       if (lp_client_ntlmv2_auth(service->task->lp_ctx)) {
+       if (lpcfg_client_ntlmv2_auth(service->task->lp_ctx)) {
                flags |= CLI_CRED_NTLMv2_AUTH;
        }
 
@@ -245,7 +246,6 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
 
        names_blob = NTLMv2_generate_names_blob(
                mem_ctx,
-               lp_iconv_convenience(service->task->lp_ctx),
                cli_credentials_get_workstation(credentials), 
                cli_credentials_get_domain(credentials));
 
@@ -261,11 +261,31 @@ struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
                                         chal, nt_resp, lm_resp);
 }
 
-NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c)
+NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c,
+                             TALLOC_CTX *mem_ctx,
+                             DATA_BLOB *info3,
+                             struct netr_UserSessionKey *user_session_key,
+                             struct netr_LMSessionKey *lm_key,
+                             char **unix_username)
 {
-       struct pam_auth_crap_state *state =
-               talloc_get_type(c->private_data, struct pam_auth_crap_state);
-       NTSTATUS status = composite_wait(c);
-       talloc_free(state);
-       return status;
+       struct pam_auth_crap_state *state =
+               talloc_get_type(c->private_data, struct pam_auth_crap_state);
+       NTSTATUS status = composite_wait(c);
+       if (NT_STATUS_IS_OK(status)) {
+               if (info3) {
+                       info3->length = state->info3.length;
+                       info3->data = talloc_steal(mem_ctx, state->info3.data);
+               }
+               if (user_session_key) {
+                       *user_session_key = state->user_session_key;
+               }
+               if (lm_key) {
+                       *lm_key = state->lm_key;
+               }
+               if (unix_username) {
+                       *unix_username = talloc_steal(mem_ctx, state->unix_username);
+               }
+       }
+       talloc_free(state);
+       return status;
 }
Samba Shared Repository