s3:auth Change winbindd -> auth interface to more standard structures

This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index df5dc31b9c97cc6317bad7b6e72b9da362db2f68..46e05aa0c2df39e3e6787caf50c8a4970d11b744 100644 (file)
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -509,3 +509,40 @@ done:
        data_blob_free(&lm_sess_key);
        return nt_status;
 }
+
+/* This helper function for winbindd returns a very similar value to
+ * what a NETLOGON call would give, without the indirection */
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+                                 TALLOC_CTX *mem_ctx,
+                                 const struct auth_usersupplied_info *user_info,
+                                 struct netr_SamInfo3 **pinfo3)
+{
+       struct auth_serversupplied_info *server_info = NULL;
+       struct netr_SamInfo3 *info3;
+       NTSTATUS status;
+       TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+       if (!tmp_ctx) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       status = check_sam_security(challenge, tmp_ctx, user_info, &server_info);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(10, ("check_sam_security failed: %s\n",
+                          nt_errstr(status)));
+               return status;
+       }
+
+       info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
+       if (info3 == NULL) {
+               talloc_free(tmp_ctx);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
+                          nt_errstr(status)));
+               return status;
+       }
+       *pinfo3 = info3;
+       return NT_STATUS_OK;
+}

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 02faf880ecbf1719514e1269c1088dc49270fc4f..0a417ab04379232569aacad7875f465ceafdd054 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -66,6 +66,10 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
                            TALLOC_CTX *mem_ctx,
                            const struct auth_usersupplied_info *user_info,
                            struct auth_serversupplied_info **server_info);
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+                                 TALLOC_CTX *mem_ctx,
+                                 const struct auth_usersupplied_info *user_info,
+                                 struct netr_SamInfo3 **pinfo3);
 NTSTATUS auth_sam_init(void);
 
 /* The following definitions come from auth/auth_server.c  */

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index e2c1d0d1b985a381c445d59a671981681394d923..be3b2a5c775e7f32ceecc16364374c3abd112e4d 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1133,8 +1133,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
                                          struct netr_SamInfo3 **pinfo3)
 {
        struct auth_usersupplied_info *user_info = NULL;
-       struct auth_serversupplied_info *server_info = NULL;
-       struct netr_SamInfo3 *info3;
        NTSTATUS status;
 
        status = make_user_info(&user_info, user, user, domain, domain,
@@ -1145,30 +1143,13 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
                return status;
        }
 
-       status = check_sam_security(challenge, talloc_tos(), user_info,
-                                   &server_info);
-       free_user_info(&user_info);
-
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(10, ("check_ntlm_password failed: %s\n",
-                          nt_errstr(status)));
-               return status;
-       }
-
-       info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
-       if (info3 == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
-                          nt_errstr(status)));
-               return status;
-       }
+       /* We don't want any more mapping of the username */
+       user_info->mapped_state = True;
 
+       status = check_sam_security_info3(challenge, talloc_tos(), user_info,
+                                         pinfo3);
+       free_user_info(&user_info);
        DEBUG(10, ("Authenticated user %s\\%s successfully\n", domain, user));
-       *pinfo3 = info3;
        return NT_STATUS_OK;
 }