s3-auth: add helper to get server_info out of kerberos info

Signed-off-by: Günther Deschner <gd@samba.org>

diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 2cdcdcc1c38a5bd0895694db77dfca36f01eeb46..580e71af86d8637e5d6dd59cbdb4db45e988e607 100644 (file)
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -155,6 +155,93 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
 
        return NT_STATUS_OK;
 }
+
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+                               char *ntuser,
+                               char *ntdomain,
+                               char *username,
+                               struct passwd *pw,
+                               struct PAC_LOGON_INFO *logon_info,
+                               bool mapped_to_guest,
+                               struct auth_serversupplied_info **server_info)
+{
+       NTSTATUS status;
+
+       if (mapped_to_guest) {
+               status = make_server_info_guest(mem_ctx, server_info);
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(1, ("make_server_info_guest failed: %s!\n",
+                                 nt_errstr(status)));
+                       return status;
+               }
+
+       } else if (logon_info) {
+               /* pass the unmapped username here since map_username()
+                  will be called again in make_server_info_info3() */
+
+               status = make_server_info_info3(mem_ctx,
+                                               ntuser, ntdomain,
+                                               server_info,
+                                               &logon_info->info3);
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(1, ("make_server_info_info3 failed: %s!\n",
+                                 nt_errstr(status)));
+                       return status;
+               }
+
+       } else {
+               /*
+                * We didn't get a PAC, we have to make up the user
+                * ourselves. Try to ask the pdb backend to provide
+                * SID consistency with ntlmssp session setup
+                */
+               struct samu *sampass;
+               /* The stupid make_server_info_XX functions here
+                  don't take a talloc context. */
+               struct auth_serversupplied_info *tmp = NULL;
+
+               sampass = samu_new(talloc_tos());
+               if (sampass == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               if (pdb_getsampwnam(sampass, username)) {
+                       DEBUG(10, ("found user %s in passdb, calling "
+                                  "make_server_info_sam\n", username));
+                       status = make_server_info_sam(&tmp, sampass);
+               } else {
+                       /*
+                        * User not in passdb, make it up artificially
+                        */
+                       DEBUG(10, ("didn't find user %s in passdb, calling "
+                                  "make_server_info_pw\n", username));
+                       status = make_server_info_pw(&tmp, username, pw);
+               }
+               TALLOC_FREE(sampass);
+
+               if (!NT_STATUS_IS_OK(status)) {
+                       DEBUG(1, ("make_server_info_[sam|pw] failed: %s!\n",
+                                 nt_errstr(status)));
+                       return status;
+                }
+
+               /* Steal tmp server info into the server_info pointer. */
+               *server_info = talloc_move(mem_ctx, &tmp);
+
+               /* make_server_info_pw does not set the domain. Without this
+                * we end up with the local netbios name in substitutions for
+                * %D. */
+
+               if ((*server_info)->info3 != NULL) {
+                       (*server_info)->info3->base.domain.string =
+                               talloc_strdup((*server_info)->info3, ntdomain);
+               }
+
+       }
+
+       return NT_STATUS_OK;
+}
+
 #else /* HAVE_KRB5 */
 NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
                                     const char *cli_name,
@@ -169,4 +256,17 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
 {
        return NT_STATUS_NOT_IMPLEMENTED;
 }
+
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+                               char *ntuser,
+                               char *ntdomain,
+                               char *username,
+                               struct passwd *pw,
+                               struct PAC_LOGON_INFO *logon_info,
+                               bool mapped_to_guest,
+                               struct auth_serversupplied_info **server_info)
+{
+       return NT_STATUS_NOT_IMPLEMENTED;
+}
+
 #endif /* HAVE_KRB5 */

diff --git a/source3/include/proto.h b/source3/include/proto.h
index db311270654347b981336d383ee011b46dc14a45..7af0d080114a171ee0558a1f64ad4a478bd45506 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4867,6 +4867,14 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
                                     char **ntdomain,
                                     char **username,
                                     struct passwd **_pw);
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+                               char *ntuser,
+                               char *ntdomain,
+                               char *username,
+                               struct passwd *pw,
+                               struct PAC_LOGON_INFO *logon_info,
+                               bool mapped_to_guest,
+                               struct auth_serversupplied_info **server_info);
 
 /* The following definitions come from smbd/message.c  */