git.samba.org / kai / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4f613ac)
Merge of winbind auth cleanups from appliance.
authorTim Potter <tpot@samba.org>
Thu, 12 Sep 2002 04:30:23 +0000 (04:30 +0000)
committerTim Potter <tpot@samba.org>
Thu, 12 Sep 2002 04:30:23 +0000 (04:30 +0000)
(This used to be commit 26d486aa740e283f546efc1f2ca40af3452a4f52)

source3/nsswitch/wbinfo.c patch | blob | history
source3/nsswitch/winbindd_nss.h patch | blob | history
source3/nsswitch/winbindd_pam.c patch | blob | history

diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index a0fdd033d795acae3bf1769b38182a9b34ffbabc..7a1aee44cd9d7c7ea9b693fe14258dc50ca69e32 100644 (file)
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -422,6 +422,7 @@ static BOOL wbinfo_auth(char *username)
        struct winbindd_request request;
        struct winbindd_response response;
         NSS_STATUS result;
+       fstring name_user, name_domain;
         char *p;
 
        /* Send off request */
@@ -433,11 +434,16 @@ static BOOL wbinfo_auth(char *username)
 
         if (p) {
                 *p = 0;
-                fstrcpy(request.data.auth.user, username);
                 fstrcpy(request.data.auth.pass, p + 1);
-                *p = '%';
-        } else
-                fstrcpy(request.data.auth.user, username);
+        } 
+
+       parse_wbinfo_domain_user(username, name_domain, name_user);
+
+       if (p)
+               *p = '%';
+
+       fstrcpy(request.data.auth.user, name_user);
+       fstrcpy(request.data.auth.domain, name_domain);
 
        result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
 
@@ -446,9 +452,10 @@ static BOOL wbinfo_auth(char *username)
         d_printf("plaintext password authentication %s\n", 
                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
 
-       d_printf("error code was %s (0x%x)\n", 
-                response.data.auth.nt_status_string, 
-                response.data.auth.nt_status);
+       if (response.data.auth.nt_status)
+               d_printf("error code was %s (0x%x)\n", 
+                        response.data.auth.nt_status_string, 
+                        response.data.auth.nt_status);
 
         return result == NSS_STATUS_SUCCESS;
 }
@@ -479,8 +486,10 @@ static BOOL wbinfo_auth_crap(char *username)
                
        parse_wbinfo_domain_user(username, name_domain, name_user);
 
-       fstrcpy(request.data.auth_crap.user, name_user);
+       if (p)
+               *p = '%';
 
+       fstrcpy(request.data.auth_crap.user, name_user);
        fstrcpy(request.data.auth_crap.domain, name_domain);
 
        generate_random_buffer(request.data.auth_crap.chal, 8, False);
@@ -500,9 +509,10 @@ static BOOL wbinfo_auth_crap(char *username)
         d_printf("challenge/response password authentication %s\n", 
                (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
 
-       d_printf("error code was %s (0x%x)\n", 
-              response.data.auth.nt_status_string, 
-              response.data.auth.nt_status);
+       if (response.data.auth.nt_status)
+               d_printf("error code was %s (0x%x)\n", 
+                        response.data.auth.nt_status_string, 
+                        response.data.auth.nt_status);
 
         return result == NSS_STATUS_SUCCESS;
 }
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 9eea94e7c0d60cbeed27fe04eca6ad0d4c4a7c3d..21081cb09c79c3c1fa943a56a1073367d06d10fc 100644 (file)
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -128,6 +128,7 @@ struct winbindd_request {
                gid_t gid;           /* getgrgid, gid_to_sid */
                struct {
                        fstring user;
+                       fstring domain;
                        fstring pass;
                } auth;              /* pam_winbind auth module */
                 struct {
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 3e7a8ad97139fada6e6423df24b476a09e67846f..c3ab6615f61b46723a82f8799c604a9d814dc8ac 100644 (file)
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -57,7 +57,6 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
 enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) 
 {
        NTSTATUS result;
-       fstring name_domain, name_user;
        unsigned char trust_passwd[16];
        time_t last_change_time;
         uint32 smb_uid_low;
@@ -76,8 +75,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
        /* Ensure null termination */
        state->request.data.auth.pass[sizeof(state->request.data.auth.pass)-1]='\0';
 
-       DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
-                 state->request.data.auth.user));
+       DEBUG(3, ("[%5d]: pam auth domain: %s user: %s\n", state->pid,
+                 state->request.data.auth.domain, state->request.data.auth.user));
 
        if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
                DEBUG(0, ("winbindd_pam_auth: could not talloc_init()!\n"));
@@ -87,13 +86,6 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
 
        /* Parse domain and username */
        
-       if (!parse_domain_user(state->request.data.auth.user, name_domain, 
-                              name_user)) {
-               DEBUG(5,("no domain separator (%s) in username (%s) - failing auth\n", lp_winbind_separator(), state->request.data.auth.user));
-               result = NT_STATUS_INVALID_PARAMETER;
-               goto done;
-       }
-
        {
                unsigned char local_lm_response[24];
                unsigned char local_nt_response[24];
@@ -133,11 +125,10 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
                 goto done;
         }
 
-       result = cli_netlogon_sam_network_logon(cli, mem_ctx,
-                                               name_user, name_domain, 
-                                               global_myname, chal, 
-                                               lm_resp, nt_resp, 
-                                               &info3);
+       result = cli_netlogon_sam_network_logon(
+               cli, mem_ctx, state->request.data.auth.user,
+               state->request.data.auth.domain, 
+               global_myname, chal, lm_resp, nt_resp, &info3);
         
        uni_group_cache_store_netlogon(mem_ctx, &info3);
 done:
@@ -147,10 +138,12 @@ done:
        fstrcpy(state->response.data.auth.error_string, nt_errstr(result));
        state->response.data.auth.pam_error = nt_status_to_pam(result);
 
-       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, ("Plain-text authentication for user %s returned %s (PAM: %d)\n", 
-             state->request.data.auth.user, 
-             state->response.data.auth.nt_status_string,
-             state->response.data.auth.pam_error));          
+       DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, 
+             ("Plain-text authentication for user %s/%s returned %s (PAM: %d)\n", 
+              state->request.data.auth.domain, 
+              state->request.data.auth.user, 
+              state->response.data.auth.nt_status_string,
+              state->response.data.auth.pam_error));         
 
        if (mem_ctx) 
                talloc_destroy(mem_ctx);
Kai's WIP code