diff options
| author | Ralph Boehme <slow@samba.org> | 2017-11-29 10:55:25 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2018-01-13 12:55:08 +0100 |
| commit | 939592c660263b6f9969c30e4c6a1903fcc75831 (patch) | |
| tree | eea352e6a0e1571f22ad55655f4000a45d3bde3c /source3/winbindd/winbindd_pam_auth_crap.c | |
| parent | f4d27f2bf9a32fec02da01351fa5af3867f4b1f7 (diff) | |
| download | samba-939592c660263b6f9969c30e4c6a1903fcc75831.tar.gz | |
winbindd: use add_trusted_domain_from_auth
After a successfully authentication, ensure we have the users domain in our
domain list and the TDC.
Signed-off-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'source3/winbindd/winbindd_pam_auth_crap.c')
| -rw-r--r-- | source3/winbindd/winbindd_pam_auth_crap.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/source3/winbindd/winbindd_pam_auth_crap.c b/source3/winbindd/winbindd_pam_auth_crap.c index 695ee1d0864..eb4087b1c2c 100644 --- a/source3/winbindd/winbindd_pam_auth_crap.c +++ b/source3/winbindd/winbindd_pam_auth_crap.c @@ -20,6 +20,7 @@ #include "includes.h" #include "winbindd.h" #include "rpc_client/util_netlogon.h" +#include "libcli/security/dom_sid.h" struct winbindd_pam_auth_crap_state { struct winbindd_response *response; @@ -46,10 +47,11 @@ struct tevent_req *winbindd_pam_auth_crap_send( return NULL; } - if (request->flags & WBFLAG_PAM_AUTH_PAC) { + state->flags = request->flags; + + if (state->flags & WBFLAG_PAM_AUTH_PAC) { NTSTATUS status; - state->flags = request->flags; status = winbindd_pam_auth_pac_send(cli, &state->info3); if (NT_STATUS_IS_OK(status)) { /* Defer filling out response to recv */ @@ -132,7 +134,7 @@ NTSTATUS winbindd_pam_auth_crap_recv(struct tevent_req *req, return status; } - if (state->flags & WBFLAG_PAM_AUTH_PAC) { + if (state->flags & WBFLAG_PAM_AUTH_PAC) { uint16_t validation_level; union netr_Validation *validation = NULL; @@ -155,6 +157,22 @@ NTSTATUS winbindd_pam_auth_crap_recv(struct tevent_req *req, } + if (NT_STATUS_IS_OK(NT_STATUS(state->response->data.auth.nt_status)) && + (state->flags & WBFLAG_PAM_INFO3_TEXT)) + { + bool ok; + + ok = add_trusted_domain_from_auth( + state->response->data.auth.validation_level, + &state->response->data.auth.info3, + &state->response->data.auth.info6); + if (!ok) { + DBG_ERR("add_trusted_domain_from_auth failed\n"); + set_auth_errors(response, NT_STATUS_LOGON_FAILURE); + return NT_STATUS_LOGON_FAILURE; + } + } + *response = *state->response; response->result = WINBINDD_PENDING; state->response = talloc_move(response, &state->response); |