#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
#include "dsdb/samdb/samdb.h"
-
+#include "libcli/wbclient/wbclient.h"
+#include "lib/util/samba_modules.h"
/***************************************************************************
Set a fixed challenge
state->user_info = user_info;
if (!user_info->mapped_state) {
- nt_status = map_user_info(req, lpcfg_workgroup(auth_ctx->lp_ctx),
+ nt_status = map_user_info(auth_ctx->sam_ctx, req, lpcfg_workgroup(auth_ctx->lp_ctx),
user_info, &user_info_tmp);
if (tevent_req_nterror(req, nt_status)) {
return tevent_req_post(req, ev);
}
/* Wrapper because we don't want to expose all callers to needing to
- * know that session_info is generated from the main ldb */
+ * know that session_info is generated from the main ldb, and because
+ * we need to break a depenency loop between the DCE/RPC layer and the
+ * generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
- return auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
- auth_context->sam_ctx, user_info_dc,
- session_info_flags, session_info);
+ NTSTATUS status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
+ auth_context->sam_ctx, user_info_dc,
+ session_info_flags, session_info);
+
+ if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN)
+ && NT_STATUS_IS_OK(status)) {
+ struct wbc_context *wbc_ctx = wbc_init(auth_context,
+ auth_context->msg_ctx,
+ auth_context->event_ctx);
+ if (!wbc_ctx) {
+ TALLOC_FREE(*session_info);
+ DEBUG(1, ("Cannot contact winbind to provide unix token\n"));
+ return NT_STATUS_INVALID_SERVER_STATE;
+ }
+ status = auth_session_info_fill_unix(wbc_ctx, auth_context->lp_ctx,
+ *session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(*session_info);
+ }
+ TALLOC_FREE(wbc_ctx);
+ }
+ return status;
}
/***************************************************************************
const char **auth_methods_from_lp(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx)
{
- const char **auth_methods = NULL;
+ char **auth_methods = NULL;
+
switch (lpcfg_server_role(lp_ctx)) {
case ROLE_STANDALONE:
- auth_methods = lpcfg_parm_string_list(mem_ctx, lp_ctx, NULL, "auth methods", "standalone", NULL);
+ auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain", NULL);
break;
case ROLE_DOMAIN_MEMBER:
- auth_methods = lpcfg_parm_string_list(mem_ctx, lp_ctx, NULL, "auth methods", "member server", NULL);
+ auth_methods = str_list_make(mem_ctx, "anonymous sam winbind", NULL);
break;
- case ROLE_DOMAIN_CONTROLLER:
- auth_methods = lpcfg_parm_string_list(mem_ctx, lp_ctx, NULL, "auth methods", "domain controller", NULL);
+ case ROLE_DOMAIN_BDC:
+ case ROLE_DOMAIN_PDC:
+ auth_methods = str_list_make(mem_ctx, "anonymous sam_ignoredomain winbind", NULL);
break;
}
- return auth_methods;
+ return (const char **) auth_methods;
}
/***************************************************************************