static NTSTATUS check_samba4_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { TALLOC_CTX *frame = talloc_stackframe(); struct netr_SamInfo3 *info3 = NULL; NTSTATUS nt_status; struct auth_user_info_dc *user_info_dc; struct auth4_context *auth4_context; struct loadparm_context *lp_ctx; lp_ctx = loadparm_init_s3(frame, loadparm_s3_context()); if (lp_ctx == NULL) { DEBUG(10, ("loadparm_init_s3 failed\n")); talloc_free(frame); return NT_STATUS_INVALID_SERVER_STATE; } /* We create a private tevent context here to avoid nested loops in * the s3 one, as that may not be expected */ nt_status = auth_context_create(mem_ctx, s4_event_context_init(frame), NULL, lp_ctx, &auth4_context); NT_STATUS_NOT_OK_RETURN(nt_status); nt_status = auth_context_set_challenge(auth4_context, auth_context->challenge.data, "auth_samba4"); NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth4_context); nt_status = auth_check_password(auth4_context, auth4_context, user_info, &user_info_dc); NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth4_context); nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx, user_info_dc, &info3); if (NT_STATUS_IS_OK(nt_status)) { /* We need the strings from the server_info to be valid as long as the info3 is around */ talloc_steal(info3, user_info_dc); } talloc_free(auth4_context); if (!NT_STATUS_IS_OK(nt_status)) { goto done; } nt_status = make_server_info_info3(mem_ctx, user_info->client.account_name, user_info->mapped.domain_name, server_info, info3); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("make_server_info_info3 failed: %s\n", nt_errstr(nt_status))); TALLOC_FREE(frame); return nt_status; } nt_status = NT_STATUS_OK; done: TALLOC_FREE(frame); return nt_status; }
static NTSTATUS check_samba4_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { TALLOC_CTX *frame = talloc_stackframe(); struct netr_SamInfo3 *info3 = NULL; NTSTATUS nt_status; struct auth_user_info_dc *user_info_dc; struct auth4_context *auth4_context; nt_status = make_auth4_context_s4(auth_context, mem_ctx, &auth4_context); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(frame); goto done; } nt_status = auth_context_set_challenge(auth4_context, auth_context->challenge.data, "auth_samba4"); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(auth4_context); TALLOC_FREE(frame); return nt_status; } nt_status = auth_check_password(auth4_context, auth4_context, user_info, &user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(auth4_context); TALLOC_FREE(frame); return nt_status; } nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx, user_info_dc, &info3); if (NT_STATUS_IS_OK(nt_status)) { /* We need the strings from the server_info to be valid as long as the info3 is around */ talloc_steal(info3, user_info_dc); } talloc_free(auth4_context); if (!NT_STATUS_IS_OK(nt_status)) { goto done; } if (user_info->flags & USER_INFO_INFO3_AND_NO_AUTHZ) { *server_info = make_server_info(mem_ctx); if (*server_info == NULL) { nt_status = NT_STATUS_NO_MEMORY; goto done; } (*server_info)->info3 = talloc_steal(*server_info, info3); } else { nt_status = make_server_info_info3(mem_ctx, user_info->client.account_name, user_info->mapped.domain_name, server_info, info3); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("make_server_info_info3 failed: %s\n", nt_errstr(nt_status))); goto done; } } nt_status = NT_STATUS_OK; done: TALLOC_FREE(frame); return nt_status; }