#include "rpc_client/cli_netlogon.h"
#include "smb_krb5.h"
#include "../lib/crypto/arcfour.h"
-#include "../libcli/security/dom_sid.h"
+#include "../libcli/security/security.h"
#include "ads.h"
#include "../librpc/gen_ndr/krb5pac.h"
}
static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
- struct winbindd_cli_state *state,
+ struct winbindd_response *resp,
struct netr_SamInfo3 *info3)
{
DATA_BLOB blob;
return ndr_map_error2ntstatus(ndr_err);
}
- state->response->extra_data.data = blob.data;
- state->response->length += blob.length;
+ resp->extra_data.data = blob.data;
+ resp->length += blob.length;
return NT_STATUS_OK;
}
static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx,
- struct winbindd_cli_state *state,
+ struct winbindd_response *resp,
const struct netr_SamInfo3 *info3,
const char *name_domain,
const char *name_user)
nt_username = name_user;
}
- fill_domain_username(state->response->data.auth.unix_username,
+ fill_domain_username(resp->data.auth.unix_username,
nt_domain, nt_username, true);
- DEBUG(5,("Setting unix username to [%s]\n",
- state->response->data.auth.unix_username));
+ DEBUG(5, ("Setting unix username to [%s]\n",
+ resp->data.auth.unix_username));
return NT_STATUS_OK;
}
*/
{
struct dom_sid *require_membership_of_sid;
- size_t num_require_membership_of_sid;
+ uint32_t num_require_membership_of_sid;
char *req_sid;
const char *p;
struct dom_sid sid;
size_t i;
- struct nt_user_token *token;
+ struct security_token *token;
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS status;
return NT_STATUS_OK;
}
- token = talloc_zero(talloc_tos(), struct nt_user_token);
+ token = talloc_zero(talloc_tos(), struct security_token);
if (token == NULL) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(frame);
return status;
}
- debug_nt_user_token(DBGC_CLASS, 10, token);
+ security_token_debug(DBGC_CLASS, 10, token);
for (i=0; i<num_require_membership_of_sid; i++) {
DEBUG(10, ("Checking SID %s\n", sid_string_dbg(
****************************************************************/
static NTSTATUS append_auth_data(struct winbindd_cli_state *state,
+ uint32_t request_flags,
struct netr_SamInfo3 *info3,
const char *name_domain,
const char *name_user)
{
NTSTATUS result;
- uint32_t flags = state->request->flags;
- if (flags & WBFLAG_PAM_USER_SESSION_KEY) {
+ if (request_flags & WBFLAG_PAM_USER_SESSION_KEY) {
memcpy(state->response->data.auth.user_session_key,
info3->base.key.key,
sizeof(state->response->data.auth.user_session_key)
/* 16 */);
}
- if (flags & WBFLAG_PAM_LMKEY) {
+ if (request_flags & WBFLAG_PAM_LMKEY) {
memcpy(state->response->data.auth.first_8_lm_hash,
info3->base.LMSessKey.key,
sizeof(state->response->data.auth.first_8_lm_hash)
/* 8 */);
}
- if (flags & WBFLAG_PAM_UNIX_NAME) {
- result = append_unix_username(state->mem_ctx, state, info3,
- name_domain, name_user);
+ if (request_flags & WBFLAG_PAM_UNIX_NAME) {
+ result = append_unix_username(state->mem_ctx, state->response,
+ info3, name_domain, name_user);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("Failed to append Unix Username: %s\n",
nt_errstr(result)));
/* currently, anything from here on potentially overwrites extra_data. */
- if (flags & WBFLAG_PAM_INFO3_NDR) {
- result = append_info3_as_ndr(state->mem_ctx, state, info3);
+ if (request_flags & WBFLAG_PAM_INFO3_NDR) {
+ result = append_info3_as_ndr(state->mem_ctx, state->response,
+ info3);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("Failed to append INFO3 (NDR): %s\n",
nt_errstr(result)));
}
}
- if (flags & WBFLAG_PAM_INFO3_TEXT) {
+ if (request_flags & WBFLAG_PAM_INFO3_TEXT) {
result = append_info3_as_txt(state->mem_ctx, state, info3);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(10,("Failed to append INFO3 (TXT): %s\n",
}
}
- if (flags & WBFLAG_PAM_AFS_TOKEN) {
+ if (request_flags & WBFLAG_PAM_AFS_TOKEN) {
result = append_afs_token(state->mem_ctx, state, info3,
name_domain, name_user);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
- result = append_auth_data(state, info3, name_domain,
- name_user);
+ result = append_auth_data(state, state->request->flags, info3,
+ name_domain, name_user);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
goto done;
}
- result = append_auth_data(state, info3, name_domain,
- name_user);
+ result = append_auth_data(state, state->request->flags, info3,
+ name_domain, name_user);
if (!NT_STATUS_IS_OK(result)) {
goto done;
}
done:
- if (NT_STATUS_IS_OK(result) && (state->request->flags & WBFLAG_PAM_CACHED_LOGIN)) {
- if (lp_winbind_offline_logon()) {
- result = winbindd_update_creds_by_name(contact_domain,
- user, newpass);
- /* Again, this happens when we login from gdm or xdm
- * and the password expires, *BUT* cached crendentials
- * doesn't exist. winbindd_update_creds_by_name()
- * returns NT_STATUS_NO_SUCH_USER.
- * This is not a failure.
- * --- BoYang
- * */
- if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER)) {
- result = NT_STATUS_OK;
- }
+ if (NT_STATUS_IS_OK(result)
+ && (state->request->flags & WBFLAG_PAM_CACHED_LOGIN)
+ && lp_winbind_offline_logon()) {
+ result = winbindd_update_creds_by_name(contact_domain, user,
+ newpass);
+ /* Again, this happens when we login from gdm or xdm
+ * and the password expires, *BUT* cached crendentials
+ * doesn't exist. winbindd_update_creds_by_name()
+ * returns NT_STATUS_NO_SUCH_USER.
+ * This is not a failure.
+ * --- BoYang
+ * */
+ if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER)) {
+ result = NT_STATUS_OK;
+ }
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("Failed to store creds: %s\n", nt_errstr(result)));
- goto process_result;
- }
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(10, ("Failed to store creds: %s\n",
+ nt_errstr(result)));
+ goto process_result;
}
}