diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-04-13 12:00:06 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-04-14 10:30:51 +1000 |
| commit | 589a42e2da7d7cd382deb94c57b0c6dbca269e55 (patch) | |
| tree | 843f90acec386e763b37a3dda77d986cb4ead6de /source4/auth/ntlm | |
| parent | 4e2384e2426745023553afb21270165872c61b02 (diff) | |
| download | samba-589a42e2da7d7cd382deb94c57b0c6dbca269e55.tar.gz | |
s4:auth Change auth_generate_session_info to take an auth context
The auth context was in the past only for NTLM authentication, but we
need a SAM, an event context and and loadparm context for calculating
the local groups too, so re-use that infrustructure we already have in
place.
However, to avoid problems where we may not have an auth_context (in
torture tests, for example), allow a simpler 'session_info' to be
generated, by passing this via an indirection in gensec and an
generate_session_info() function pointer in the struct auth_context.
In the smb_server (for old-style session setups) we need to change the
async context to a new 'struct sesssetup_context'. This allows us to
use the auth_context in processing the authentication reply .
Andrew Bartlett
Diffstat (limited to 'source4/auth/ntlm')
| -rw-r--r-- | source4/auth/ntlm/auth.c | 5 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_sam.c | 24 | ||||
| -rw-r--r-- | source4/auth/ntlm/auth_simple.c | 3 |
3 files changed, 18 insertions, 14 deletions
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c index d5df387d806..e9e72fa2a5d 100644 --- a/source4/auth/ntlm/auth.c +++ b/source4/auth/ntlm/auth.c @@ -25,6 +25,8 @@ #include "auth/auth.h" #include "auth/ntlm/auth_proto.h" #include "param/param.h" +#include "dsdb/samdb/samdb.h" + /*************************************************************************** Set a fixed challenge @@ -435,6 +437,8 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char ** ctx->msg_ctx = msg; ctx->lp_ctx = lp_ctx; + ctx->sam_ctx = samdb_connect(ctx, ctx->event_ctx, ctx->lp_ctx, system_session(ctx->lp_ctx)); + for (i=0; methods[i] ; i++) { struct auth_method_context *method; @@ -461,6 +465,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char ** ctx->set_challenge = auth_context_set_challenge; ctx->challenge_may_be_modified = auth_challenge_may_be_modified; ctx->get_server_info_principal = auth_get_server_info_principal; + ctx->generate_session_info = auth_generate_session_info; *auth_ctx = ctx; diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index f476e1c3b2c..e4e56e1219a 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -144,7 +144,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, struct samr_Password *lm_pwd, *nt_pwd; NTSTATUS nt_status; - uint16_t acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, domain_dn); + uint16_t acct_flags = samdb_result_acct_flags(auth_context->sam_ctx, mem_ctx, msg, domain_dn); /* Quit if the account was locked out. */ if (acct_flags & ACB_AUTOLOCK) { @@ -168,7 +168,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context, user_info, user_sess_key, lm_sess_key); NT_STATUS_NOT_OK_RETURN(nt_status); - nt_status = authsam_account_ok(mem_ctx, sam_ctx, + nt_status = authsam_account_ok(mem_ctx, auth_context->sam_ctx, user_info->logon_parameters, domain_dn, msg, @@ -189,11 +189,15 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx NTSTATUS nt_status; const char *account_name = user_info->mapped.account_name; struct ldb_message *msg; - struct ldb_context *sam_ctx; struct ldb_dn *domain_dn; DATA_BLOB user_sess_key, lm_sess_key; TALLOC_CTX *tmp_ctx; + if (ctx->auth_ctx->sam_ctx == NULL) { + DEBUG(0, ("No SAM available, cannot log in users\n")); + return NT_STATUS_INVALID_SYSTEM_SERVICE; + } + if (!account_name || !*account_name) { /* 'not for me' */ return NT_STATUS_NOT_IMPLEMENTED; @@ -204,32 +208,26 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx return NT_STATUS_NO_MEMORY; } - sam_ctx = samdb_connect(tmp_ctx, ctx->auth_ctx->event_ctx, ctx->auth_ctx->lp_ctx, system_session(ctx->auth_ctx->lp_ctx)); - if (sam_ctx == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_INVALID_SYSTEM_SERVICE; - } - - domain_dn = ldb_get_default_basedn(sam_ctx); + domain_dn = ldb_get_default_basedn(ctx->auth_ctx->sam_ctx); if (domain_dn == NULL) { talloc_free(tmp_ctx); return NT_STATUS_NO_SUCH_DOMAIN; } - nt_status = authsam_search_account(tmp_ctx, sam_ctx, account_name, domain_dn, &msg); + nt_status = authsam_search_account(tmp_ctx, ctx->auth_ctx->sam_ctx, account_name, domain_dn, &msg); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; } - nt_status = authsam_authenticate(ctx->auth_ctx, tmp_ctx, sam_ctx, domain_dn, msg, user_info, + nt_status = authsam_authenticate(ctx->auth_ctx, tmp_ctx, ctx->auth_ctx->sam_ctx, domain_dn, msg, user_info, &user_sess_key, &lm_sess_key); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; } - nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, lp_netbios_name(ctx->auth_ctx->lp_ctx), + nt_status = authsam_make_server_info(tmp_ctx, ctx->auth_ctx->sam_ctx, lp_netbios_name(ctx->auth_ctx->lp_ctx), lp_sam_name(ctx->auth_ctx->lp_ctx), domain_dn, msg, diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c index 1de74ec2e29..7f972ac2969 100644 --- a/source4/auth/ntlm/auth_simple.c +++ b/source4/auth/ntlm/auth_simple.c @@ -87,7 +87,8 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, } if (session_info) { - nt_status = auth_generate_session_info(tmp_ctx, ev, lp_ctx, server_info, session_info); + nt_status = auth_context->generate_session_info(tmp_ctx, auth_context, + server_info, session_info); if (NT_STATUS_IS_OK(nt_status)) { talloc_steal(mem_ctx, *session_info); |