s3:auth Change winbindd -> auth interface to more standard structures

This removes conversions to and from the source3 varient of the
server_info structure when replaced in s3compat, and presents a tidier
interface to winbindd in any case.

Andrew Bartlett

diff --git a/auth/common_auth.h b/auth/common_auth.h
index 13ac6ee66d3e7a6418a7ab40c7d9567cde796b8d..3932b1b378e2d650890dc60c8d712807714913e3 100644 (file)
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -95,7 +95,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
                             const char *impersonate_princ_s,
                             struct PAC_LOGON_INFO **logon_info);
 NTSTATUS auth_samba4_init(void);
-NTSTATUS check_sam_security(const DATA_BLOB *challenge,
-                           TALLOC_CTX *mem_ctx,
-                           const struct auth_usersupplied_info *user_info,
-                           struct auth_serversupplied_info **server_info);
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+                                 TALLOC_CTX *mem_ctx,
+                                 const struct auth_usersupplied_info *user_info,
+                                 struct netr_SamInfo3 **pinfo3);

diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index df5dc31b9c97cc6317bad7b6e72b9da362db2f68..46e05aa0c2df39e3e6787caf50c8a4970d11b744 100644 (file)
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -509,3 +509,40 @@ done:
        data_blob_free(&lm_sess_key);
        return nt_status;
 }
+
+/* This helper function for winbindd returns a very similar value to
+ * what a NETLOGON call would give, without the indirection */
+NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
+                                 TALLOC_CTX *mem_ctx,
+                                 const struct auth_usersupplied_info *user_info,
+                                 struct netr_SamInfo3 **pinfo3)
+{
+       struct auth_serversupplied_info *server_info = NULL;
+       struct netr_SamInfo3 *info3;
+       NTSTATUS status;
+       TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+       if (!tmp_ctx) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       status = check_sam_security(challenge, tmp_ctx, user_info, &server_info);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(10, ("check_sam_security failed: %s\n",
+                          nt_errstr(status)));
+               return status;
+       }
+
+       info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
+       if (info3 == NULL) {
+               talloc_free(tmp_ctx);
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
+                          nt_errstr(status)));
+               return status;
+       }
+       *pinfo3 = info3;
+       return NT_STATUS_OK;
+}

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index e2c1d0d1b985a381c445d59a671981681394d923..be3b2a5c775e7f32ceecc16364374c3abd112e4d 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1133,8 +1133,6 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
                                          struct netr_SamInfo3 **pinfo3)
 {
        struct auth_usersupplied_info *user_info = NULL;
-       struct auth_serversupplied_info *server_info = NULL;
-       struct netr_SamInfo3 *info3;
        NTSTATUS status;
 
        status = make_user_info(&user_info, user, user, domain, domain,
@@ -1145,30 +1143,13 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx,
                return status;
        }
 
-       status = check_sam_security(challenge, talloc_tos(), user_info,
-                                   &server_info);
-       free_user_info(&user_info);
-
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(10, ("check_ntlm_password failed: %s\n",
-                          nt_errstr(status)));
-               return status;
-       }
-
-       info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
-       if (info3 == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
-                          nt_errstr(status)));
-               return status;
-       }
+       /* We don't want any more mapping of the username */
+       user_info->mapped_state = True;
 
+       status = check_sam_security_info3(challenge, talloc_tos(), user_info,
+                                         pinfo3);
+       free_user_info(&user_info);
        DEBUG(10, ("Authenticated user %s\\%s successfully\n", domain, user));
-       *pinfo3 = info3;
        return NT_STATUS_OK;
 }