sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
5a9c2f74ab
samba-mirror/source3/auth/auth_winbind.c

113 lines
3.1 KiB
C
Raw Normal View History

And add the winbind module I missed in the last run. (large change to modularise the auth subsystem) Andrew Bartlett (This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)
2001-11-24 15:16:27 +03:00
/*
Unix SMB/Netbios implementation.
Version 2.0
Winbind authentication mechnism
Copyright (C) Tim Potter 2000
Copyright (C) Andrew Bartlett 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
/* Prototypes from common.h */
NSS_STATUS winbindd_request(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
/* Authenticate a user with a challenge/response */
static NTSTATUS check_winbind_security(void *my_private_data,
A farily large commit: - Move rpc_client/cli_trust.c to smbd/change_trust_pw.c - It hasn't been used by anything else since smbpasswd lost its -j - Add a TALLOC_CTX to the auth subsytem. These are only valid for the length of the calls to the individual modules, if you want a longer context hide it in your private data. Similarly, all returns (like the server_info) should still be malloced. - Move the 'ntdomain' module (security=domain in oldspeak) over to use the new libsmb domain logon code. Also rework much of the code to use some better helper functions for the connection - getting us much better error returns (the new code is NTSTATUS). The only remaining thing to do is to figure out if tpot's 0xdead 0xbeef for the LUID feilds is sufficient, or if we should do random LUIDs as per the old code. Similarly, I'll move winbind over to this when I get a chance. This leaves the SPOOLSS code and some cli_pipe code as the only stuff still in rpc_client, at least as far as smbd is concerned. While I've given this a basic rundown, any testing is as always appriciated. Andrew Bartlett (This used to be commit d870edce76ecca259230fbdbdacd0c86793b4837)
2002-01-01 06:10:32 +03:00
TALLOC_CTX *mem_ctx,
const auth_usersupplied_info *user_info,
const auth_authsupplied_info *auth_info,
auth_serversupplied_info **server_info)
And add the winbind module I missed in the last run. (large change to modularise the auth subsystem) Andrew Bartlett (This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)
2001-11-24 15:16:27 +03:00
{
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
struct passwd *pw;
NTSTATUS nt_status;
if (!user_info) {
return NT_STATUS_LOGON_FAILURE;
}
if (!auth_info) {
challange -> challenge (This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-26 07:05:28 +03:00
DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n",
And add the winbind module I missed in the last run. (large change to modularise the auth subsystem) Andrew Bartlett (This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)
2001-11-24 15:16:27 +03:00
user_info->internal_username.str));
return NT_STATUS_LOGON_FAILURE;
}
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
snprintf(request.data.auth_crap.user, sizeof(request.data.auth_crap.user),
"%s\\%s", user_info->domain.str, user_info->smb_name.str);
challange -> challenge (This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)
2001-11-26 07:05:28 +03:00
memcpy(request.data.auth_crap.chal, auth_info->challenge.data, sizeof(request.data.auth_crap.chal));
And add the winbind module I missed in the last run. (large change to modularise the auth subsystem) Andrew Bartlett (This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)
2001-11-24 15:16:27 +03:00
request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length,
sizeof(request.data.auth_crap.lm_resp));
request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length,
sizeof(request.data.auth_crap.nt_resp));
memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data,
sizeof(request.data.auth_crap.lm_resp_len));
memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data,
request.data.auth_crap.lm_resp_len);
result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
if (result == NSS_STATUS_SUCCESS) {
pw = Get_Pwnam(user_info->internal_username.str);
if (pw) {
if (make_server_info_pw(server_info, pw)) {
nt_status = NT_STATUS_OK;
} else {
nt_status = NT_STATUS_NO_MEMORY;
}
} else {
nt_status = NT_STATUS_NO_SUCH_USER;
}
} else {
nt_status = NT_STATUS_LOGON_FAILURE;
}
return nt_status;
}
BOOL auth_init_winbind(auth_methods **auth_method)
{
if (!make_auth_methods(auth_method)) {
return False;
}
(*auth_method)->auth = check_winbind_security;
return True;
}
Copy Permalink