}
NTSTATUS _winbind_SamLogon(struct pipes_struct *p,
- struct winbind_SamLogon *r)
+ struct winbind_SamLogon *r)
{
- p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;
- return NT_STATUS_NOT_IMPLEMENTED;
+ struct winbindd_domain *domain;
+ NTSTATUS status;
+ DATA_BLOB lm_response, nt_response;
+ domain = wb_child_domain();
+ if (domain == NULL) {
+ return NT_STATUS_REQUEST_NOT_ACCEPTED;
+ }
+
+ /* TODO: Handle interactive logons here */
+ if (r->in.validation_level != 3 ||
+ r->in.logon.network == NULL ||
+ (r->in.logon_level != NetlogonNetworkInformation
+ && r->in.logon_level != NetlogonNetworkTransitiveInformation)) {
+ return NT_STATUS_REQUEST_NOT_ACCEPTED;
+ }
+
+
+ lm_response = data_blob_talloc(p->mem_ctx, r->in.logon.network->lm.data, r->in.logon.network->lm.length);
+ nt_response = data_blob_talloc(p->mem_ctx, r->in.logon.network->nt.data, r->in.logon.network->nt.length);
+
+ status = winbind_dual_SamLogon(domain, p->mem_ctx,
+ r->in.logon.network->identity_info.parameter_control,
+ r->in.logon.network->identity_info.account_name.string,
+ r->in.logon.network->identity_info.domain_name.string,
+ r->in.logon.network->identity_info.workstation.string,
+ r->in.logon.network->challenge,
+ lm_response, nt_response, &r->out.validation.sam3);
+ return status;
}
domain, IRPC_CALL_TIMEOUT);
}
+static NTSTATUS wb_irpc_SamLogon(struct irpc_message *msg,
+ struct winbind_SamLogon *req)
+{
+ struct winbindd_domain *domain;
+ const char *target_domain_name;
+ if (req->in.logon.network == NULL) {
+ return NT_STATUS_REQUEST_NOT_ACCEPTED;
+ }
+ target_domain_name = req->in.logon.network->identity_info.domain_name.string;
+
+ domain = find_auth_domain(0, target_domain_name);
+ if (domain == NULL) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ DEBUG(5, ("wb_irpc_SamLogon called\n"));
+
+ return wb_irpc_forward_rpc_call(msg, msg,
+ winbind_event_context(),
+ req, NDR_WINBIND_SAMLOGON,
+ "winbind_SamLogon",
+ domain, IRPC_CALL_TIMEOUT);
+}
+
NTSTATUS wb_irpc_register(void)
{
NTSTATUS status;
status = IRPC_REGISTER(winbind_imessaging_context(), winbind, WINBIND_DSRUPDATEREADONLYSERVERDNSRECORDS,
wb_irpc_DsrUpdateReadOnlyServerDnsRecords, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ status = IRPC_REGISTER(winbind_imessaging_context(), winbind, WINBIND_SAMLOGON,
+ wb_irpc_SamLogon, NULL);
return status;
}
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
+NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ uint32_t logon_parameters,
+ const char *name_user,
+ const char *name_domain,
+ const char *workstation,
+ const uint8_t chal[8],
+ DATA_BLOB lm_response,
+ DATA_BLOB nt_response,
+ struct netr_SamInfo3 **info3)
+{
+ NTSTATUS result;
+
+ if (strequal(name_domain, get_global_sam_name())) {
+ DATA_BLOB chal_blob = data_blob_const(
+ chal, 8);
+
+ result = winbindd_dual_auth_passdb(
+ mem_ctx,
+ logon_parameters,
+ name_domain, name_user,
+ &chal_blob, &lm_response, &nt_response, info3);
+ goto process_result;
+ }
+
+ result = winbind_samlogon_retry_loop(domain,
+ mem_ctx,
+ logon_parameters,
+ domain->dcname,
+ name_user,
+ name_domain,
+ /* Bug #3248 - found by Stefan Burkei. */
+ workstation, /* We carefully set this above so use it... */
+ chal,
+ lm_response,
+ nt_response,
+ info3);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+process_result:
+
+ if (NT_STATUS_IS_OK(result)) {
+ struct dom_sid user_sid;
+
+ sid_compose(&user_sid, (*info3)->base.domain_sid,
+ (*info3)->base.rid);
+ wcache_invalidate_samlogon(find_domain_from_name(name_domain),
+ &user_sid);
+ netsamlogon_cache_store(name_user, *info3);
+ }
+
+done:
+
+ /* give us a more useful (more correct?) error code */
+ if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ||
+ (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
+ result = NT_STATUS_NO_LOGON_SERVERS;
+ }
+
+ DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
+ ("NTLM CRAP authentication for user [%s]\\[%s] returned %s\n",
+ name_domain,
+ name_user,
+ nt_errstr(result)));
+
+ return result;
+}
+
enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
struct winbindd_cli_state *state)
{
state->request->data.auth_crap.nt_resp_len);
}
- if (strequal(name_domain, get_global_sam_name())) {
- DATA_BLOB chal_blob = data_blob_const(
- state->request->data.auth_crap.chal,
- sizeof(state->request->data.auth_crap.chal));
-
- result = winbindd_dual_auth_passdb(
- state->mem_ctx,
- state->request->data.auth_crap.logon_parameters,
- name_domain, name_user,
- &chal_blob, &lm_resp, &nt_resp, &info3);
- goto process_result;
- }
-
- result = winbind_samlogon_retry_loop(domain,
- state->mem_ctx,
- state->request->data.auth_crap.logon_parameters,
- domain->dcname,
- name_user,
- name_domain,
- /* Bug #3248 - found by Stefan Burkei. */
- workstation, /* We carefully set this above so use it... */
- state->request->data.auth_crap.chal,
- lm_resp,
- nt_resp,
- &info3);
+ result = winbind_dual_SamLogon(domain,
+ state->mem_ctx,
+ state->request->data.auth_crap.logon_parameters,
+ name_user,
+ name_domain,
+ /* Bug #3248 - found by Stefan Burkei. */
+ workstation, /* We carefully set this above so use it... */
+ state->request->data.auth_crap.chal,
+ lm_resp,
+ nt_resp,
+ &info3);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
-process_result:
-
if (NT_STATUS_IS_OK(result)) {
- struct dom_sid user_sid;
-
- sid_compose(&user_sid, info3->base.domain_sid,
- info3->base.rid);
- wcache_invalidate_samlogon(find_domain_from_name(name_domain),
- &user_sid);
- netsamlogon_cache_store(name_user, info3);
-
/* Check if the user is in the right group */
result = check_info3_in_group(
done:
- /* give us a more useful (more correct?) error code */
- if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) ||
- (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
- result = NT_STATUS_NO_LOGON_SERVERS;
- }
-
if (state->request->flags & WBFLAG_PAM_NT_STATUS_SQUASH) {
result = nt_status_squash(result);
}
set_auth_errors(state->response, result);
- DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
- ("NTLM CRAP authentication for user [%s]\\[%s] returned %s (PAM: %d)\n",
- name_domain,
- name_user,
- state->response->data.auth.nt_status_string,
- state->response->data.auth.pam_error));
-
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
git.samba.org / samba.git / commitdiff