/*
Unix SMB/CIFS implementation.
Password and authentication handling
- Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2004
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2009
Copyright (C) Gerald Carter 2003
Copyright (C) Stefan Metzmacher 2005
#include "librpc/gen_ndr/ndr_netlogon.h"
#include "system/time.h"
#include "lib/ldb/include/ldb.h"
-#include "util/util_ldb.h"
+#include "../lib/util/util_ldb.h"
#include "auth/auth.h"
-#include "auth/ntlm/ntlm_check.h"
+#include "../libcli/auth/ntlm_check.h"
#include "auth/ntlm/auth_proto.h"
#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
*lm_sess_key = data_blob(NULL, 0);
*user_sess_key = data_blob(NULL, 0);
status = hash_password_check(mem_ctx,
- auth_context->lp_ctx,
+ lp_lanman_auth(auth_context->lp_ctx),
user_info->password.hash.lanman,
user_info->password.hash.nt,
user_info->mapped.account_name,
case AUTH_PASSWORD_RESPONSE:
status = ntlm_password_check(mem_ctx,
- auth_context->lp_ctx,
+ lp_lanman_auth(auth_context->lp_ctx),
+ lp_ntlm_auth(auth_context->lp_ctx),
user_info->logon_parameters,
&auth_context->challenge.data,
&user_info->password.response.lanman,
}
}
- nt_status = samdb_result_passwords(mem_ctx, msgs[0], &lm_pwd, &nt_pwd);
+ nt_status = samdb_result_passwords(mem_ctx, auth_context->lp_ctx, msgs[0], &lm_pwd, &nt_pwd);
NT_STATUS_NOT_OK_RETURN(nt_status);
nt_status = authsam_password_ok(auth_context, mem_ctx,
msgs[0],
msgs_domain_ref[0],
user_info->workstation_name,
- user_info->mapped.account_name);
+ user_info->mapped.account_name,
+ false);
return nt_status;
}
return authsam_check_password_internals(ctx, mem_ctx, domain, user_info, server_info);
}
+
+/* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available */
+NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
+ struct auth_context *auth_context,
+ const char *principal,
+ struct auth_serversupplied_info **server_info)
+{
+ NTSTATUS nt_status;
+ DATA_BLOB user_sess_key = data_blob(NULL, 0);
+ DATA_BLOB lm_sess_key = data_blob(NULL, 0);
+
+ struct ldb_message **msgs;
+ struct ldb_message **msgs_domain_ref;
+ struct ldb_context *sam_ctx;
+
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sam_ctx = samdb_connect(tmp_ctx, auth_context->event_ctx, auth_context->lp_ctx,
+ system_session(tmp_ctx, auth_context->lp_ctx));
+ if (sam_ctx == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INVALID_SYSTEM_SERVICE;
+ }
+
+ nt_status = sam_get_results_principal(sam_ctx, tmp_ctx, principal,
+ &msgs, &msgs_domain_ref);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ nt_status = authsam_make_server_info(tmp_ctx, sam_ctx,
+ lp_netbios_name(auth_context->lp_ctx),
+ msgs[0], msgs_domain_ref[0],
+ user_sess_key, lm_sess_key,
+ server_info);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ talloc_steal(mem_ctx, *server_info);
+ }
+ talloc_free(tmp_ctx);
+ return nt_status;
+}
+
static const struct auth_operations sam_ignoredomain_ops = {
- .name = "sam_ignoredomain",
- .get_challenge = auth_get_challenge_not_implemented,
- .want_check = authsam_ignoredomain_want_check,
- .check_password = authsam_ignoredomain_check_password
+ .name = "sam_ignoredomain",
+ .get_challenge = auth_get_challenge_not_implemented,
+ .want_check = authsam_ignoredomain_want_check,
+ .check_password = authsam_ignoredomain_check_password,
+ .get_server_info_principal = authsam_get_server_info_principal
};
static const struct auth_operations sam_ops = {
- .name = "sam",
- .get_challenge = auth_get_challenge_not_implemented,
- .want_check = authsam_want_check,
- .check_password = authsam_check_password
+ .name = "sam",
+ .get_challenge = auth_get_challenge_not_implemented,
+ .want_check = authsam_want_check,
+ .check_password = authsam_check_password,
+ .get_server_info_principal = authsam_get_server_info_principal
};
_PUBLIC_ NTSTATUS auth_sam_init(void)
git.samba.org / kai / samba.git / blobdiff