From: Ralph Boehme <slow@samba.org>
Date: Mon, 11 Dec 2017 22:26:38 +0000 (+0100)
Subject: winbindd: let winbind_samlogon_retry_loop return validation info
X-Git-Tag: samba-4.8.0rc1~76
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cc3ee55ae7f9dd3d16a7f580048295559c3c58f1;p=thirdparty%2Fsamba.git

winbindd: let winbind_samlogon_retry_loop return validation info

Return the validation info instead of the already mapped info3. Higher
layers need info6 if available, this is the first step in passing the
unmapped info up to callers.

Signed-off-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index bb5bab21209..80a612479cf 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1373,7 +1373,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 					    bool interactive,
 					    uint8_t *authoritative,
 					    uint32_t *flags,
-					    struct netr_SamInfo3 **info3)
+					    uint16_t *_validation_level,
+					    union netr_Validation **_validation)
 {
 	int attempts = 0;
 	int netr_attempts = 0;
@@ -1385,7 +1386,6 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 	do {
 		struct rpc_pipe_client *netlogon_pipe;
 
-		ZERO_STRUCTP(info3);
 		retry = false;
 
 		result = cm_connect_netlogon(domain, &netlogon_pipe);
@@ -1547,15 +1547,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 		return result;
 	}
 
-	result = map_validation_to_info3(mem_ctx,
-					 validation_level,
-					 validation,
-					 info3);
-	TALLOC_FREE(validation);
-	if (!NT_STATUS_IS_OK(result)) {
-		return result;
-	}
-
+	*_validation_level = validation_level;
+	*_validation = validation;
 	return NT_STATUS_OK;
 }
 
@@ -1577,6 +1570,8 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
 	struct netr_SamInfo3 *my_info3 = NULL;
 	uint8_t authoritative = 0;
 	uint32_t flags = 0;
+	uint16_t validation_level;
+	union netr_Validation *validation = NULL;
 
 	*info3 = NULL;
 
@@ -1663,11 +1658,21 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
 					     true, /* interactive */
 					     &authoritative,
 					     &flags,
-					     &my_info3);
+					     &validation_level,
+					     &validation);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
+	result = map_validation_to_info3(mem_ctx,
+                                        validation_level,
+                                        validation,
+                                        &my_info3);
+	TALLOC_FREE(validation);
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
+	}
+
 	/* handle the case where a NT4 DC does not fill in the acct_flags in
 	 * the samlogon reply info3. When accurate info3 is required by the
 	 * caller, we look up the account flags ourselves - gd */
@@ -2031,6 +2036,8 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
 			       uint32_t *flags,
 			       struct netr_SamInfo3 **info3)
 {
+	uint16_t validation_level;
+	union netr_Validation *validation = NULL;
 	NTSTATUS result;
 
 	/*
@@ -2079,11 +2086,21 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
 					     false, /* interactive */
 					     authoritative,
 					     flags,
-					     info3);
+					     &validation_level,
+					     &validation);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
+	result = map_validation_to_info3(mem_ctx,
+					 validation_level,
+					 validation,
+					 info3);
+	TALLOC_FREE(validation);
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
+	}
+
 process_result:
 
 	if (NT_STATUS_IS_OK(result)) {