From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 23 Jan 2018 15:36:45 +0000 (+0100)
Subject: winbindd: separate plaintext given and interactive in winbind_samlogon_retry_loop()
X-Git-Tag: tevent-0.9.36~156
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d1c3676197032487505e9069c0655427b5fd385c;p=thirdparty%2Fsamba.git

winbindd: separate plaintext given and interactive in winbind_samlogon_retry_loop()

We need to handle 4 cases:

plaintext_given=true  interactive=true
plaintext_given=false interactive=true
plaintext_given=true  interactive=false
plaintext_given=false interactive=false

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13258

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a14b801cb94..c618b7a1a24 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1421,6 +1421,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 					    const char *password,
 					    const char *domainname,
 					    const char *workstation,
+					    bool plaintext_given,
 					    const uint8_t chal[8],
 					    DATA_BLOB lm_response,
 					    DATA_BLOB nt_response,
@@ -1524,7 +1525,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 			DBG_NOTICE("No security credentials available for "
 				  "domain [%s]\n", domainname);
 			result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
-		} else if (interactive) {
+		} else if (plaintext_given) {
 			result = rpccli_netlogon_password_logon(
 				domain->conn.netlogon_creds_ctx,
 				netlogon_pipe->binding_handle,
@@ -1539,6 +1540,22 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 				flags,
 				&validation_level,
 				&validation);
+		} else if (interactive) {
+			result = rpccli_netlogon_interactive_logon(
+				domain->conn.netlogon_creds_ctx,
+				netlogon_pipe->binding_handle,
+				mem_ctx,
+				logon_parameters,
+				username,
+				domainname,
+				workstation,
+				lm_response,
+				nt_response,
+				logon_type_i,
+				authoritative,
+				flags,
+				&validation_level,
+				&validation);
 		} else {
 			result = rpccli_netlogon_network_logon(
 				domain->conn.netlogon_creds_ctx,
@@ -1745,6 +1762,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
 					     pass,
 					     name_domain,
 					     lp_netbios_name(),
+					     true, /* plaintext_given */
 					     NULL,
 					     data_blob_null, data_blob_null,
 					     true, /* interactive */
@@ -2251,6 +2269,7 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
 					     name_domain,
 					     /* Bug #3248 - found by Stefan Burkei. */
 					     workstation, /* We carefully set this above so use it... */
+					     false, /* plaintext_given */
 					     chal,
 					     lm_response,
 					     nt_response,