diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-03-16 15:45:32 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-04-10 01:11:20 +0200 |
| commit | 9ad3b43d03ce94cb03321612db8ccd86cddba9e1 (patch) | |
| tree | 0e366db8e1f913291b15e2deb8d0124969c79630 | |
| parent | 0ca09b0e10cdc7e6cef083289da85236d40082ef (diff) | |
| download | samba-9ad3b43d03ce94cb03321612db8ccd86cddba9e1.tar.gz | |
auth3: add "sam_netlogon3" which only reacts on lp_workgroup() as NT4 PDC/BDC
This will be used in the s3 netlogon server in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12710
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | source3/auth/auth_sam.c | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 5b53bca0e8e..634386f8d6d 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -125,9 +125,73 @@ static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *par return NT_STATUS_OK; } +static NTSTATUS auth_sam_netlogon3_auth(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) +{ + bool is_my_domain; + + if (!user_info || !auth_context) { + return NT_STATUS_LOGON_FAILURE; + } + + DBG_DEBUG("Check auth for: [%s]\\[%s]\n", + user_info->mapped.domain_name, + user_info->mapped.account_name); + + /* check whether or not we service this domain/workgroup name */ + + switch (lp_server_role()) { + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + break; + default: + DBG_ERR("Invalid server role\n"); + return NT_STATUS_INVALID_SERVER_STATE; + } + + is_my_domain = strequal(user_info->mapped.domain_name, lp_workgroup()); + if (!is_my_domain) { + DBG_INFO("%s is not our domain name (DC for %s)\n", + user_info->mapped.domain_name, lp_workgroup()); + return NT_STATUS_NOT_IMPLEMENTED; + } + + return check_sam_security(&auth_context->challenge, mem_ctx, + user_info, server_info); +} + +/* module initialisation */ +static NTSTATUS auth_init_sam_netlogon3(struct auth_context *auth_context, + const char *param, auth_methods **auth_method) +{ + struct auth_methods *result; + + if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC + && !lp_parm_bool(-1, "server role check", "inhibit", false)) { + DEBUG(0, ("server role = 'active directory domain controller' " + "not compatible with running the auth_sam module.\n")); + DEBUGADD(0, ("You should not set 'auth methods' when " + "running the AD DC.\n")); + exit(1); + } + + result = talloc_zero(auth_context, struct auth_methods); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + result->auth = auth_sam_netlogon3_auth; + result->name = "sam_netlogon3"; + *auth_method = result; + return NT_STATUS_OK; +} + NTSTATUS auth_sam_init(void) { smb_register_auth(AUTH_INTERFACE_VERSION, "sam", auth_init_sam); smb_register_auth(AUTH_INTERFACE_VERSION, "sam_ignoredomain", auth_init_sam_ignoredomain); + smb_register_auth(AUTH_INTERFACE_VERSION, "sam_netlogon3", auth_init_sam_netlogon3); return NT_STATUS_OK; } |