*/
#include "includes.h"
-#include "s3compat_authenticate.h"
+#include "s3compat/s3compat_authenticate.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
- void *my_private_data,
- TALLOC_CTX *mem_ctx,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+ void *my_private_data,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
TALLOC_CTX *frame = talloc_stackframe();
struct netr_SamInfo3 *info3 = NULL;
/*
Unix SMB/CIFS implementation.
Password and authentication handling
- Copyright (C) Jeremy Allison 1996-2002
- Copyright (C) Andrew Tridgell 2002
- Copyright (C) Gerald (Jerry) Carter 2000
- Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Andrew Bartlett 2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "includes.h"
-#include "auth/auth.h"
-#include "auth/auth_sam_reply.h"
-#include "s3compat.h"
-#include "smbd/service.h"
#include "libcli/security/dom_sid.h"
#include "dsdb/samdb/samdb.h"
#include "s3compat_globals.h"
-
-/* NOTE! the global_sam_sid is the SID of our local SAM. This is only
- equal to the domain SID when we are a DC, otherwise its our
- workstation SID */
+#include "s3compat_authenticate.h"
+#include "auth/session.h"
/****************************************************************************
- Read a SID from a file. This is for compatibility with the old MACHINE.SID
- style of SID storage
+ Return the SID of the local machine's own domain. Equal to the domain SID if we are a DC.
****************************************************************************/
+static struct dom_sid *global_sam_sid;
/* return our global_sam_sid */
-_PUBLIC_ const struct dom_sid *get_global_sam_sid(void)
+struct dom_sid *get_global_sam_sid(void)
{
-
- struct ldb_context *samdb = samdb_connect(NULL, s3compat_get_tevent_ctx(),
- s3compat_get_lp_ctx(),
- system_session(s3compat_get_lp_ctx()));
-
- return samdb_domain_sid(samdb);
+ const struct dom_sid *tmp_dom_sid;
+ struct ldb_context *samdb;
+ if (global_sam_sid) {
+ return global_sam_sid;
+ }
+ samdb = samdb_connect(NULL, s3compat_get_tevent_ctx(),
+ s3compat_get_lp_ctx(),
+ system_session(s3compat_get_lp_ctx()));
+ if (!samdb) {
+ DEBUG(0, ("Failed to open samdb to return global_sam_sid\n"));
+ return NULL;
+ }
+ tmp_dom_sid = samdb_domain_sid(samdb);
+ if (!tmp_dom_sid) {
+ DEBUG(0, ("Failed to obtain domain sid from samdb to return global_sam_sid\n"));
+ return NULL;
+ }
+ global_sam_sid = dom_sid_dup(talloc_autofree_context(), tmp_dom_sid);
+ talloc_free(samdb);
+ if (!global_sam_sid) {
+ DEBUG(0, ("Failed to duplicate domain sid to return global_sam_sid\n"));
+ return NULL;
+ }
+
+ return global_sam_sid;
}
/**
* Force get_global_sam_sid to requery the backends
*/
-_PUBLIC_ void reset_global_sam_sid(void)
+void reset_global_sam_sid(void)
{
-
+ talloc_free(global_sam_sid);
+ global_sam_sid = NULL;
+ return;
}
/*****************************************************************
Check if the SID is our domain SID (S-1-5-21-x-y-z).
*****************************************************************/
-_PUBLIC_ bool sid_check_is_domain(const struct dom_sid *sid)
+bool sid_check_is_domain(const struct dom_sid *sid)
{
return dom_sid_equal(sid, get_global_sam_sid());
}
Check if the SID is our domain SID (S-1-5-21-x-y-z).
*****************************************************************/
-_PUBLIC_ bool sid_check_is_in_our_domain(const struct dom_sid *sid)
+bool sid_check_is_in_our_domain(const struct dom_sid *sid)
{
return dom_sid_in_domain(get_global_sam_sid(), sid);
}
- time_offset
- use_replay_cache
*/
-_PUBLIC_ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
- const char *realm,
- time_t time_offset,
- const DATA_BLOB *ticket,
- char **principal,
- struct PAC_LOGON_INFO **logon_info,
- DATA_BLOB *ap_rep,
- DATA_BLOB *session_key,
- bool use_replay_cache)
+NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
+ const char *realm,
+ time_t time_offset,
+ const DATA_BLOB *ticket,
+ char **principal,
+ struct PAC_LOGON_INFO **logon_info,
+ DATA_BLOB *ap_rep,
+ DATA_BLOB *session_key,
+ bool use_replay_cache)
{
struct cli_credentials *server_credentials;
struct auth_session_info *session_info;
information such as groups).
****************************************************************/
-_PUBLIC_ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- const char *name,
- const char *pass,
- time_t time_offset,
- time_t *expire_time,
- time_t *renew_till_time,
- const char *cache_name,
- bool request_pac,
- bool add_netbios_addr,
- time_t renewable_time,
- const char *impersonate_princ_s,
- struct PAC_LOGON_INFO **logon_info)
+NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ const char *name,
+ const char *pass,
+ time_t time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ struct PAC_LOGON_INFO **logon_info)
{
DATA_BLOB server_to_client, ticket, ap_rep, session_key;
struct cli_credentials *server_credentials, *client_credentials;