Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:ElecCham
samba4
0001-s4-auth-Remove-partly-implemented-libwbcli...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-s4-auth-Remove-partly-implemented-libwbclient-module.patch of Package samba4
From da046ee5a912154f31f9fe40093872806ba4deb5 Mon Sep 17 00:00:00 2001 From: Kai Blin <kai@samba.org> Date: Thu, 10 Mar 2011 12:22:20 +0100 Subject: [PATCH] s4 auth: Remove partly implemented libwbclient module, it's introducing unwanted dependencies --- source4/auth/ntlm/auth_winbind.c | 175 -------------------------------------- source4/auth/ntlm/wscript_build | 2 +- 2 files changed, 1 insertions(+), 176 deletions(-) diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 30a2f01..62c9408 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -28,86 +28,8 @@ #include "librpc/gen_ndr/ndr_winbind_c.h" #include "lib/messaging/irpc.h" #include "param/param.h" -#include "nsswitch/libwbclient/wbclient.h" #include "libcli/security/security.h" -static NTSTATUS get_info3_from_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, - struct wbcAuthUserInfo *info, - struct netr_SamInfo3 *info3) -{ - int i, j; - struct samr_RidWithAttribute *rids = NULL; - struct dom_sid *user_sid; - struct dom_sid *group_sid; - - user_sid = (struct dom_sid *)(void *)&info->sids[0].sid; - group_sid = (struct dom_sid *)(void *)&info->sids[1].sid; - - info3->base.last_logon = info->logon_time; - info3->base.last_logoff = info->logoff_time; - info3->base.acct_expiry = info->kickoff_time; - info3->base.last_password_change = info->pass_last_set_time; - info3->base.allow_password_change = info->pass_can_change_time; - info3->base.force_password_change = info->pass_must_change_time; - - info3->base.account_name.string = talloc_strdup(mem_ctx, - info->account_name); - info3->base.full_name.string = talloc_strdup(mem_ctx, - info->full_name); - info3->base.logon_script.string = talloc_strdup(mem_ctx, - info->logon_script); - info3->base.profile_path.string = talloc_strdup(mem_ctx, - info->profile_path); - info3->base.home_directory.string = talloc_strdup(mem_ctx, - info->home_directory); - info3->base.home_drive.string = talloc_strdup(mem_ctx, - info->home_drive); - info3->base.logon_server.string = talloc_strdup(mem_ctx, - info->logon_server); - info3->base.domain.string = talloc_strdup(mem_ctx, - info->domain_name); - - info3->base.logon_count = info->logon_count; - info3->base.bad_password_count = info->bad_password_count; - info3->base.user_flags = info->user_flags; - memcpy(info3->base.key.key, info->user_session_key, - sizeof(info3->base.key.key)); - memcpy(info3->base.LMSessKey.key, info->lm_session_key, - sizeof(info3->base.LMSessKey.key)); - info3->base.acct_flags = info->acct_flags; - memset(info3->base.unknown, 0, sizeof(info3->base.unknown)); - - if (info->num_sids < 2) { - return NT_STATUS_INVALID_PARAMETER; - } - - dom_sid_split_rid(mem_ctx, user_sid, - &info3->base.domain_sid, - &info3->base.rid); - dom_sid_split_rid(mem_ctx, group_sid, NULL, - &info3->base.primary_gid); - - /* We already handled the first two, now take care of the rest */ - info3->base.groups.count = info->num_sids - 2; - - rids = talloc_array(mem_ctx, struct samr_RidWithAttribute, - info3->base.groups.count); - NT_STATUS_HAVE_NO_MEMORY(rids); - - for (i = 2, j = 0; i < info->num_sids; ++i, ++j) { - struct dom_sid *tmp_sid; - tmp_sid = (struct dom_sid *)(void *)&info->sids[1].sid; - - rids[j].attributes = info->sids[i].attributes; - dom_sid_split_rid(mem_ctx, tmp_sid, - NULL, &rids[j].rid); - } - info3->base.groups.rids = rids; - - return NT_STATUS_OK; -} - - static NTSTATUS winbind_want_check(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info) @@ -224,90 +146,6 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx, return NT_STATUS_OK; } -/* - Authenticate a user with a challenge/response - using the samba3 winbind protocol via libwbclient -*/ -static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, - TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, - struct auth_user_info_dc **user_info_dc) -{ - struct wbcAuthUserParams params; - struct wbcAuthUserInfo *info = NULL; - struct wbcAuthErrorInfo *err = NULL; - wbcErr wbc_status; - NTSTATUS nt_status; - struct netr_SamInfo3 info3; - union netr_Validation validation; - - - /* Send off request */ - const struct auth_usersupplied_info *user_info_temp; - nt_status = encrypt_user_info(mem_ctx, ctx->auth_ctx, - AUTH_PASSWORD_RESPONSE, - user_info, &user_info_temp); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - user_info = user_info_temp; - - ZERO_STRUCT(params); - ZERO_STRUCT(info3); - /*params.flags = WBFLAG_PAM_INFO3_NDR;*/ - - params.parameter_control = user_info->logon_parameters; - params.parameter_control |= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | - WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; - params.level = WBC_AUTH_USER_LEVEL_RESPONSE; - - params.account_name = user_info->client.account_name; - params.domain_name = user_info->client.domain_name; - params.workstation_name = user_info->workstation_name; - - d_fprintf(stderr, "looking up %s@%s logging in from %s\n", - params.account_name, params.domain_name, - params.workstation_name); - - memcpy(params.password.response.challenge, - ctx->auth_ctx->challenge.data.data, - sizeof(params.password.response.challenge)); - - params.password.response.lm_length = - user_info->password.response.lanman.length; - params.password.response.nt_length = - user_info->password.response.nt.length; - - params.password.response.lm_data = - user_info->password.response.lanman.data; - params.password.response.nt_data = - user_info->password.response.nt.data; - - wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err); - if (wbc_status == WBC_ERR_AUTH_ERROR) { - DEBUG(1, ("error was %s (0x%08x)\nerror message was '%s'\n", - err->nt_string, err->nt_status, err->display_string)); - - nt_status = NT_STATUS(err->nt_status); - wbcFreeMemory(err); - NT_STATUS_NOT_OK_RETURN(nt_status); - } else if (!WBC_ERROR_IS_OK(wbc_status)) { - DEBUG(1, ("wbcAuthenticateUserEx: failed with %u - %s\n", - wbc_status, wbcErrorString(wbc_status))); - return NT_STATUS_LOGON_FAILURE; - } - nt_status = get_info3_from_wbcAuthUserInfo(mem_ctx, info, &info3); - wbcFreeMemory(info); - NT_STATUS_NOT_OK_RETURN(nt_status); - - validation.sam3 = &info3; - nt_status = make_user_info_dc_netlogon_validation(mem_ctx, - user_info->client.account_name, - 3, &validation, user_info_dc); - return nt_status; - -} - static const struct auth_operations winbind_ops = { .name = "winbind", .get_challenge = auth_get_challenge_not_implemented, @@ -315,13 +153,6 @@ static const struct auth_operations winbind_ops = { .check_password = winbind_check_password }; -static const struct auth_operations winbind_wbclient_ops = { - .name = "winbind_wbclient", - .get_challenge = auth_get_challenge_not_implemented, - .want_check = winbind_want_check, - .check_password = winbind_check_password_wbclient -}; - _PUBLIC_ NTSTATUS auth_winbind_init(void) { NTSTATUS ret; @@ -332,11 +163,5 @@ _PUBLIC_ NTSTATUS auth_winbind_init(void) return ret; } - ret = auth_register(&winbind_wbclient_ops); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0,("Failed to register 'winbind_wbclient' auth backend!\n")); - return ret; - } - return NT_STATUS_OK; } diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build index 2ac2773..432a283 100644 --- a/source4/auth/ntlm/wscript_build +++ b/source4/auth/ntlm/wscript_build @@ -28,7 +28,7 @@ bld.SAMBA_MODULE('auth4_winbind', source='auth_winbind.c', subsystem='auth4', init_function='auth_winbind_init', - deps='RPC_NDR_WINBIND MESSAGING wbclient' + deps='RPC_NDR_WINBIND MESSAGING' ) -- 1.7.0.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor