NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx, struct auth_context **auth_context) { char **auth_method_list = NULL; NTSTATUS nt_status; if (lp_auth_methods() && !(auth_method_list = str_list_copy(talloc_tos(), lp_auth_methods()))) { return NT_STATUS_NO_MEMORY; } if (auth_method_list == NULL) { switch (lp_security()) { case SEC_DOMAIN: DEBUG(5,("Making default auth method list for security=domain\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; case SEC_SERVER: DEBUG(5,("Making default auth method list for security=server\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest sam smbserver", NULL); break; case SEC_USER: if (lp_encrypted_passwords()) { if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) { DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:trustdomain", NULL); } else { DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest sam", NULL); } } else { DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest unix", NULL); } break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; default: DEBUG(5,("Unknown auth method!\n")); return NT_STATUS_UNSUCCESSFUL; } } else { DEBUG(5,("Using specified auth order\n")); } nt_status = make_auth_context_text_list(mem_ctx, auth_context, auth_method_list); TALLOC_FREE(auth_method_list); return nt_status; }
_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, struct event_context *ev, struct messaging_context *msg, const char *nt4_domain, const char *nt4_username, const char *password, struct auth_session_info **session_info) { struct auth_context *auth_context; struct auth_usersupplied_info *user_info; struct auth_serversupplied_info *server_info; NTSTATUS nt_status; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { return NT_STATUS_NO_MEMORY; } nt_status = auth_context_create(tmp_ctx, lp_auth_methods(), ev, msg, &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; } user_info = talloc(tmp_ctx, struct auth_usersupplied_info); if (!user_info) { talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; } user_info->mapped_state = True; user_info->client.account_name = nt4_username; user_info->mapped.account_name = nt4_username; user_info->client.domain_name = nt4_domain; user_info->mapped.domain_name = nt4_domain; user_info->workstation_name = NULL; user_info->remote_host = NULL; user_info->password_state = AUTH_PASSWORD_PLAIN; user_info->password.plaintext = talloc_strdup(user_info, password); user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME | USER_INFO_DONT_CHECK_UNIX_ACCOUNT; user_info->logon_parameters = 0; nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(tmp_ctx); return nt_status; } nt_status = auth_generate_session_info(tmp_ctx, server_info, session_info); if (NT_STATUS_IS_OK(nt_status)) { talloc_steal(mem_ctx, *session_info); } return nt_status; }