NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **interim_info);
+ struct auth_user_info_dc **interim_info,
+ bool *authoritative);
+
/* Lookup a 'session info interim' return based only on the principal or DN */
NTSTATUS (*get_user_info_dc_principal)(TALLOC_CTX *mem_ctx,
tevent_req_data(req, struct auth_check_password_state);
NTSTATUS status;
struct auth_method_context *method;
+ bool authoritative = true;
status = NT_STATUS_OK;
for (method=state->auth_ctx->methods; method; method = method->next) {
+ authoritative = true;
/* we fill in state->method here so debug messages in
the callers know which method failed */
status = method->ops->check_password(method,
state,
state->user_info,
- &state->user_info_dc);
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+ &state->user_info_dc,
+ &authoritative);
+ if (!authoritative ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
DEBUG(11,("auth_check_password_send: "
"%s passes to the next method\n",
method->ops->name));
break;
}
- if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+ if (!authoritative ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
state->authoritative = 0;
status = NT_STATUS_NO_SUCH_USER;
}
static NTSTATUS anonymous_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **_user_info_dc)
+ struct auth_user_info_dc **_user_info_dc,
+ bool *authoritative)
{
return auth_anonymous_user_info_dc(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), _user_info_dc);
}
static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **_user_info_dc)
+ struct auth_user_info_dc **_user_info_dc,
+ bool *authoritative)
{
NTSTATUS nt_status;
struct auth_user_info_dc *user_info_dc;
uint16_t acct_flags,
const struct auth_usersupplied_info *user_info,
DATA_BLOB *user_sess_key,
- DATA_BLOB *lm_sess_key)
+ DATA_BLOB *lm_sess_key,
+ bool *authoritative)
{
NTSTATUS nt_status;
NTSTATUS auth_status;
struct ldb_dn *domain_dn,
struct ldb_message *msg,
const struct auth_usersupplied_info *user_info,
- DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key)
+ DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key,
+ bool *authoritative)
{
NTSTATUS nt_status;
bool interactive = (user_info->password_state == AUTH_PASSWORD_HASH);
nt_status = authsam_password_check_and_record(auth_context, tmp_ctx,
domain_dn, msg, acct_flags,
user_info,
- user_sess_key, lm_sess_key);
+ user_sess_key, lm_sess_key,
+ authoritative);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(tmp_ctx);
return nt_status;
static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **user_info_dc)
+ struct auth_user_info_dc **user_info_dc,
+ bool *authoritative)
{
NTSTATUS nt_status;
const char *account_name = user_info->mapped.account_name;
}
nt_status = authsam_authenticate(ctx->auth_ctx, tmp_ctx, ctx->auth_ctx->sam_ctx, domain_dn, msg, user_info,
- &user_sess_key, &lm_sess_key);
+ &user_sess_key, &lm_sess_key, authoritative);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
static NTSTATUS authsam_failtrusts_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **user_info_dc)
+ struct auth_user_info_dc **user_info_dc,
+ bool *authoritative)
{
/*
* This should a good error for now,
static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **user_info_dc)
+ struct auth_user_info_dc **user_info_dc,
+ bool *authoritative)
{
TALLOC_CTX *check_ctx;
NTSTATUS nt_status;
static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **user_info_dc)
+ struct auth_user_info_dc **user_info_dc,
+ bool *authoritative)
{
NTSTATUS status;
struct dcerpc_binding_handle *irpc_handle;
static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_user_info_dc **user_info_dc)
+ struct auth_user_info_dc **user_info_dc,
+ bool *authoritative)
{
struct wbcAuthUserParams params;
struct wbcAuthUserInfo *info = NULL;