static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info)
{
TALLOC_CTX *frame = talloc_stackframe();
struct netr_SamInfo3 *info3 = NULL;
NTSTATUS nt_status;
struct auth_user_info_dc *user_info_dc;
struct auth4_context *auth4_context;
struct loadparm_context *lp_ctx;
lp_ctx = loadparm_init_s3(frame, loadparm_s3_context());
if (lp_ctx == NULL) {
DEBUG(10, ("loadparm_init_s3 failed\n"));
talloc_free(frame);
return NT_STATUS_INVALID_SERVER_STATE;
}
/* We create a private tevent context here to avoid nested loops in
* the s3 one, as that may not be expected */
nt_status = auth_context_create(mem_ctx,
s4_event_context_init(frame), NULL,
lp_ctx,
&auth4_context);
NT_STATUS_NOT_OK_RETURN(nt_status);
nt_status = auth_context_set_challenge(auth4_context, auth_context->challenge.data, "auth_samba4");
NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth4_context);
nt_status = auth_check_password(auth4_context, auth4_context, user_info, &user_info_dc);
NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth4_context);
nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
user_info_dc,
&info3);
if (NT_STATUS_IS_OK(nt_status)) {
/* We need the strings from the server_info to be valid as long as the info3 is around */
talloc_steal(info3, user_info_dc);
}
talloc_free(auth4_context);
if (!NT_STATUS_IS_OK(nt_status)) {
goto done;
}
nt_status = make_server_info_info3(mem_ctx, user_info->client.account_name,
user_info->mapped.domain_name, server_info,
info3);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("make_server_info_info3 failed: %s\n",
nt_errstr(nt_status)));
TALLOC_FREE(frame);
return nt_status;
}
nt_status = NT_STATUS_OK;
done:
TALLOC_FREE(frame);
return nt_status;
}
static NTSTATUS check_samba4_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info)
{
TALLOC_CTX *frame = talloc_stackframe();
struct netr_SamInfo3 *info3 = NULL;
NTSTATUS nt_status;
struct auth_user_info_dc *user_info_dc;
struct auth4_context *auth4_context;
nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(frame);
goto done;
}
nt_status = auth_context_set_challenge(auth4_context, auth_context->challenge.data, "auth_samba4");
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(auth4_context);
TALLOC_FREE(frame);
return nt_status;
}
nt_status = auth_check_password(auth4_context, auth4_context, user_info, &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
TALLOC_FREE(auth4_context);
TALLOC_FREE(frame);
return nt_status;
}
nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
user_info_dc,
&info3);
if (NT_STATUS_IS_OK(nt_status)) {
/* We need the strings from the server_info to be valid as long as the info3 is around */
talloc_steal(info3, user_info_dc);
}
talloc_free(auth4_context);
if (!NT_STATUS_IS_OK(nt_status)) {
goto done;
}
if (user_info->flags & USER_INFO_INFO3_AND_NO_AUTHZ) {
*server_info = make_server_info(mem_ctx);
if (*server_info == NULL) {
nt_status = NT_STATUS_NO_MEMORY;
goto done;
}
(*server_info)->info3 = talloc_steal(*server_info, info3);
} else {
nt_status = make_server_info_info3(mem_ctx, user_info->client.account_name,
user_info->mapped.domain_name, server_info,
info3);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("make_server_info_info3 failed: %s\n",
nt_errstr(nt_status)));
goto done;
}
}
nt_status = NT_STATUS_OK;
done:
TALLOC_FREE(frame);
return nt_status;
}
