From: Andrew Bartlett Date: Wed, 5 May 2010 12:59:42 +0000 (+1000) Subject: s4:s3compat Add an auth module that forwards authentication to Samba4 X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=18a76cde2bda6c163739bc81ea4bcd6a9e4807de;hp=9f0cc14b5b0386cacc4876f99637de8ed85073d7;p=abartlet%2Fsamba.git%2F.git s4:s3compat Add an auth module that forwards authentication to Samba4 To use, set 'auth methods = samba4' in the smb.conf file, and ensure you have aready added the user you wish to use to /etc/passwd. (Winbind does not yet work with s3compat). Andrew Bartlett --- diff --git a/source4/s3compat/auth_samba4.c b/source4/s3compat/auth_samba4.c new file mode 100644 index 00000000000..208fa08e0f8 --- /dev/null +++ b/source4/s3compat/auth_samba4.c @@ -0,0 +1,84 @@ +/* + Unix SMB/CIFS implementation. + Authenticate against Samba4's auth subsystem + Copyright (C) Volker Lendecke 2008 + Copyright (C) Andrew Bartlett 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "s3compat_authenticate.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + +static NTSTATUS check_samba4_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct netr_SamInfo3 *info3 = NULL; + NTSTATUS status; + + status = s3compat_authenticate(talloc_tos(), auth_context->challenge.data, user_info, &info3); + + DEBUG(10, ("s3compat_authenticate returned %s\n", nt_errstr(status))); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = make_server_info_info3(mem_ctx, user_info->client.account_name, + user_info->mapped.domain_name, server_info, + info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("make_server_info_info3 failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(frame); + return status; + } + + status = NT_STATUS_OK; + + done: + TALLOC_FREE(frame); + return status; +} + +/* module initialisation */ +static NTSTATUS auth_init_samba4(struct auth_context *auth_context, + const char *param, + auth_methods **auth_method) +{ + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + result->name = "samba4"; + result->auth = check_samba4_security; + + *auth_method = result; + return NT_STATUS_OK; +} + +NTSTATUS auth_samba4_init(void) +{ + smb_register_auth(AUTH_INTERFACE_VERSION, "samba4", + auth_init_samba4); + return NT_STATUS_OK; +} diff --git a/source4/s3compat/s3_smbd.c b/source4/s3compat/s3_smbd.c index 356f458bdd0..49013341127 100644 --- a/source4/s3compat/s3_smbd.c +++ b/source4/s3compat/s3_smbd.c @@ -34,6 +34,13 @@ #include "s3compat.h" #include "s3replace.h" #include "s3replace_public.h" +#include "s3_smbd_proto.h" +static struct stream_connection *samba3_conn; + +struct stream_connection *s3compat_get_conn(void) +{ + return samba3_conn; +} /* initialise a server_context from a open socket and register a event handler @@ -48,6 +55,8 @@ static void s3compat_smb_accept(struct stream_connection *conn) sleep(2); } DEBUG(0,(__location__ ": new s3compat smbd connection\n")); + samba3_conn = conn; + s3replace_set_lp_ctx(conn->lp_ctx); s3compat_set_server_fd(fd); diff --git a/source4/s3compat/s3compat.c b/source4/s3compat/s3compat.c index 91c131d98f1..7307cc90ba2 100644 --- a/source4/s3compat/s3compat.c +++ b/source4/s3compat/s3compat.c @@ -21,7 +21,7 @@ #include "includes.h" #include "source3/smbd/globals.h" - +#include "s3compat.h" _PUBLIC_ const char *s3compat_samba_version_string(void) { @@ -60,6 +60,9 @@ void s3compat_initialise(const char *config_file, bool interactive) init_guest_info(); share_info_db_init(); + /* Register our 'imposter' auth module, which redirects to samba4 */ + auth_samba4_init(); + DEBUG(0,("s3compat: initialised samba3 version: %s\n", s3compat_samba_version_string())); } @@ -78,6 +81,13 @@ void s3compat_set_event_ctx(struct tevent_context *ctx) smbd_event_ctx = ctx; } +_PUBLIC_ +struct tevent_context *s3compat_get_event_ctx(void) +{ + extern struct tevent_context *smbd_event_ctx; + return smbd_event_ctx; +} + _PUBLIC_ void s3compat_smbd_process(void) { diff --git a/source4/s3compat/s3compat_authenticate.c b/source4/s3compat/s3compat_authenticate.c new file mode 100644 index 00000000000..feba4b93ac1 --- /dev/null +++ b/source4/s3compat/s3compat_authenticate.c @@ -0,0 +1,55 @@ +/* + Unix SMB/CIFS implementation. + + Implement a hook into the Samba4 auth subsystem + + Copyright (C) Andrew Bartlett 2004-2010 + Copyright (C) Stefan Metzmacher 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "auth/auth.h" +#include "auth/auth_sam_reply.h" +#include "s3_smbd_proto.h" +#include "s3compat_authenticate.h" +#include "smbd/service.h" + +NTSTATUS s3compat_authenticate(TALLOC_CTX *mem_ctx, uint8_t chall[8], const struct auth_usersupplied_info *user_info, struct netr_SamInfo3 **info3) +{ + struct stream_connection *samba3_conn; + struct auth_context *auth_context; + struct auth_serversupplied_info *server_info; + NTSTATUS nt_status; + samba3_conn = s3compat_get_conn(); + + nt_status = auth_context_create(mem_ctx, + samba3_conn->event.ctx, samba3_conn->msg_ctx, samba3_conn->lp_ctx, + &auth_context); + NT_STATUS_NOT_OK_RETURN(nt_status); + + nt_status = auth_context_set_challenge(auth_context, chall, "s3compat"); + NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth_context); + + nt_status = auth_check_password(auth_context, auth_context, user_info, &server_info); + NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth_context); + + nt_status = auth_convert_server_info_saminfo3(mem_ctx, + server_info, + info3); + talloc_free(auth_context); + return nt_status; +} + diff --git a/source4/s3compat/wscript_build b/source4/s3compat/wscript_build index 75100a23a41..5de23ff2f6d 100644 --- a/source4/s3compat/wscript_build +++ b/source4/s3compat/wscript_build @@ -868,7 +868,7 @@ bld.SAMBA_SUBSYSTEM('s3_smbd', bld.SAMBA_SUBSYSTEM('s3compat_wrapper', includes=SAMBA3_INCLUDES, autoproto='s3compat.h', - source='s3compat.c', + source='s3compat.c auth_samba4.c', deps='tdb tevent', hide_symbols=True) @@ -884,7 +884,13 @@ bld.SAMBA_LIBRARY('s3compatcore', deps='s3replace s3compat_wrapper LIBSECURITY_COMMON LIBCRYPTO LIBSAMBA-UTIL s3_smbd HEIMDAL_GSSAPI HEIMDAL_COM_ERR lber ldap tdb tevent talloc', hide_symbols=True) +bld.SAMBA_SUBSYSTEM('s3compat_authenticate', + source='s3compat_authenticate.c', + autoproto='s3compat_authenticate.h', + deps='auth') + bld.SAMBA_SUBSYSTEM('s3compat', source='s3_smbd.c', - deps='s3compatcore', + deps='s3compatcore s3compat_authenticate', + autoproto='s3_smbd_proto.h', hide_symbols=True)