From: Stefan Metzmacher Date: Fri, 21 Mar 2025 17:49:16 +0000 (+0100) Subject: winbindd: pass for_netlogon to winbind_dual_SamLogon to avoid caching X-Git-Tag: tevent-0.17.0~366 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0788faae576906c8d179f822ddd2d44848a6a69;p=thirdparty%2Fsamba.git winbindd: pass for_netlogon to winbind_dual_SamLogon to avoid caching Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index 6c8074956c6..780923a4b6b 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -1062,6 +1062,7 @@ NTSTATUS _winbind_SamLogon(struct pipes_struct *p, uint16_t validation_level; union netr_Validation *validation = NULL; bool interactive = false; + bool for_netlogon = false; /* * Make sure we start with authoritative=true, @@ -1083,6 +1084,10 @@ NTSTATUS _winbind_SamLogon(struct pipes_struct *p, return NT_STATUS_REQUEST_NOT_ACCEPTED; } + if (r->in.internal_flags & WB_SAMLOGON_FOR_NETLOGON) { + for_netlogon = true; + } + switch (r->in.logon_level) { case NetlogonInteractiveInformation: case NetlogonServiceInformation: @@ -1140,6 +1145,7 @@ NTSTATUS _winbind_SamLogon(struct pipes_struct *p, } status = winbind_dual_SamLogon(domain, p->mem_ctx, + for_netlogon, interactive, identity_info->parameter_control, identity_info->account_name.string, diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index c7bb932230d..49e8e845c0f 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2624,6 +2624,7 @@ done: NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, + bool for_netlogon, bool interactive, uint32_t logon_parameters, const char *name_user, @@ -2723,6 +2724,13 @@ process_result: struct netr_SamBaseInfo *base_info = NULL; struct netr_SamInfo3 *info3 = NULL; + if (for_netlogon) { + /* + * For netlogon we don't call netsamlogon_cache_store() + */ + goto done; + } + switch (validation_level) { case 3: base_ctx = validation->sam3; @@ -2809,6 +2817,7 @@ NTSTATUS _wbint_PamAuthCrap(struct pipes_struct *p, struct wbint_PamAuthCrap *r) const struct tsocket_address *remote = NULL; const struct tsocket_address *local = NULL; struct netr_SamInfo3 *info3 = NULL; + bool for_netlogon = false; pid_t client_pid; if (domain == NULL) { @@ -2829,8 +2838,13 @@ NTSTATUS _wbint_PamAuthCrap(struct pipes_struct *p, struct wbint_PamAuthCrap *r) DBG_NOTICE("[%"PRIu32"]: pam auth crap domain: %s user: %s\n", client_pid, r->in.domain, r->in.user); + if (r->in.flags & WBFLAG_PAM_FOR_NETLOGON) { + for_netlogon = true; + } + result = winbind_dual_SamLogon(domain, p->mem_ctx, + for_netlogon, false, /* interactive */ r->in.logon_parameters, r->in.user, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 3d4a69acbcf..be5a0243e0d 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -479,6 +479,7 @@ NTSTATUS winbindd_pam_auth_pac_verify(struct winbindd_cli_state *state, NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, + bool for_netlogon, bool interactive, uint32_t logon_parameters, const char *name_user,