2001-11-24 12:16:27 +00:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
2001-11-24 12:16:27 +00:00
Winbind authentication mechnism
Copyright ( C ) Tim Potter 2000
2002-09-25 15:19:00 +00:00
Copyright ( C ) Andrew Bartlett 2001 - 2002
2010-04-11 11:50:55 +02:00
2001-11-24 12:16:27 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2001-11-24 12:16:27 +00:00
( at your option ) any later version .
2010-04-11 11:50:55 +02:00
2001-11-24 12:16:27 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2010-04-11 11:50:55 +02:00
2001-11-24 12:16:27 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2001-11-24 12:16:27 +00:00
*/
# include "includes.h"
2011-03-25 02:28:05 +01:00
# include "auth.h"
2011-02-24 22:30:16 +01:00
# include "nsswitch/libwbclient/wbclient.h"
2001-11-24 12:16:27 +00:00
2002-07-15 10:35:28 +00:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_AUTH
2001-11-24 12:16:27 +00:00
/* Authenticate a user with a challenge/response */
2002-01-05 04:55:41 +00:00
static NTSTATUS check_winbind_security ( const struct auth_context * auth_context ,
void * my_private_data ,
2002-01-01 03:10:32 +00:00
TALLOC_CTX * mem_ctx ,
2010-01-10 14:16:04 +01:00
const struct auth_usersupplied_info * user_info ,
2010-01-10 14:24:22 +01:00
struct auth_serversupplied_info * * server_info )
2001-11-24 12:16:27 +00:00
{
NTSTATUS nt_status ;
2008-02-04 18:18:36 +01:00
wbcErr wbc_status ;
struct wbcAuthUserParams params ;
struct wbcAuthUserInfo * info = NULL ;
struct wbcAuthErrorInfo * err = NULL ;
2001-11-24 12:16:27 +00:00
2011-01-14 05:14:22 -07:00
ZERO_STRUCT ( params ) ;
2001-11-24 12:16:27 +00:00
if ( ! user_info ) {
2002-08-17 17:00:51 +00:00
return NT_STATUS_INVALID_PARAMETER ;
2001-11-24 12:16:27 +00:00
}
2010-06-16 12:31:11 +02:00
DEBUG ( 10 , ( " Check auth for: [%s] \n " , user_info - > mapped . account_name ) ) ;
2010-05-29 16:49:37 -04:00
2002-01-05 04:55:41 +00:00
if ( ! auth_context ) {
2001-11-26 04:05:28 +00:00
DEBUG ( 3 , ( " Password for user %s cannot be checked because we have no auth_info to get the challenge from. \n " ,
2010-06-01 20:30:56 +10:00
user_info - > mapped . account_name ) ) ;
2003-07-03 14:36:42 +00:00
return NT_STATUS_INVALID_PARAMETER ;
2001-11-24 12:16:27 +00:00
}
2010-06-01 21:11:14 +10:00
if ( strequal ( user_info - > mapped . domain_name , get_global_sam_name ( ) ) ) {
2003-12-19 00:33:09 +00:00
DEBUG ( 3 , ( " check_winbind_security: Not using winbind, requested domain [%s] was for this SAM. \n " ,
2010-06-01 21:11:14 +10:00
user_info - > mapped . domain_name ) ) ;
2003-07-03 14:36:42 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2001-11-24 12:16:27 +00:00
/* Send off request */
2010-06-01 20:27:03 +10:00
params . account_name = user_info - > client . account_name ;
2010-06-01 21:11:14 +10:00
params . domain_name = user_info - > mapped . domain_name ;
2010-06-01 11:23:50 +10:00
params . workstation_name = user_info - > workstation_name ;
2001-11-24 12:16:27 +00:00
2008-02-04 18:18:36 +01:00
params . flags = 0 ;
params . parameter_control = user_info - > logon_parameters ;
2001-11-24 12:16:27 +00:00
2008-02-04 18:18:36 +01:00
params . level = WBC_AUTH_USER_LEVEL_RESPONSE ;
2005-11-08 06:19:34 +00:00
2008-02-04 18:18:36 +01:00
memcpy ( params . password . response . challenge ,
auth_context - > challenge . data ,
sizeof ( params . password . response . challenge ) ) ;
2002-01-25 10:16:20 +00:00
2011-01-14 05:14:22 -07:00
if ( user_info - > password . response . nt . length ! = 0 ) {
params . password . response . nt_length =
user_info - > password . response . nt . length ;
params . password . response . nt_data =
user_info - > password . response . nt . data ;
}
if ( user_info - > password . response . lanman . length ! = 0 ) {
params . password . response . lm_length =
user_info - > password . response . lanman . length ;
params . password . response . lm_data =
user_info - > password . response . lanman . data ;
}
2003-07-03 14:36:42 +00:00
/* we are contacting the privileged pipe */
become_root ( ) ;
2008-02-04 18:18:36 +01:00
wbc_status = wbcAuthenticateUserEx ( & params , & info , & err ) ;
2003-07-03 14:36:42 +00:00
unbecome_root ( ) ;
2001-11-24 12:16:27 +00:00
2008-03-26 01:25:57 +01:00
if ( ! WBC_ERROR_IS_OK ( wbc_status ) ) {
DEBUG ( 10 , ( " check_winbind_security: wbcAuthenticateUserEx failed: %s \n " ,
wbcErrorString ( wbc_status ) ) ) ;
}
2008-02-04 18:18:36 +01:00
if ( wbc_status = = WBC_ERR_NO_MEMORY ) {
return NT_STATUS_NO_MEMORY ;
}
if ( wbc_status = = WBC_ERR_WINBIND_NOT_AVAILABLE ) {
2006-08-20 17:55:06 +00:00
struct auth_methods * auth_method =
( struct auth_methods * ) my_private_data ;
2003-05-27 16:46:51 +00:00
if ( auth_method )
return auth_method - > auth ( auth_context , auth_method - > private_data ,
mem_ctx , user_info , server_info ) ;
2010-11-09 20:29:17 +01:00
return NT_STATUS_LOGON_FAILURE ;
2003-04-24 11:56:09 +00:00
}
2008-02-04 18:18:36 +01:00
if ( wbc_status = = WBC_ERR_AUTH_ERROR ) {
nt_status = NT_STATUS ( err - > nt_status ) ;
wbcFreeMemory ( err ) ;
return nt_status ;
}
if ( ! WBC_ERROR_IS_OK ( wbc_status ) ) {
return NT_STATUS_LOGON_FAILURE ;
}
nt_status = make_server_info_wbcAuthUserInfo ( mem_ctx ,
2010-06-01 20:27:03 +10:00
user_info - > client . account_name ,
2010-06-01 21:11:14 +10:00
user_info - > mapped . domain_name ,
2008-02-04 18:18:36 +01:00
info , server_info ) ;
wbcFreeMemory ( info ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
return nt_status ;
}
2008-05-06 17:37:00 +02:00
( * server_info ) - > nss_token | = user_info - > was_mapped ;
2001-11-24 12:16:27 +00:00
return nt_status ;
}
2002-01-05 04:55:41 +00:00
/* module initialisation */
2003-06-04 16:40:50 +00:00
static NTSTATUS auth_init_winbind ( struct auth_context * auth_context , const char * param , auth_methods * * auth_method )
2001-11-24 12:16:27 +00:00
{
2010-04-11 12:37:48 +02:00
struct auth_methods * result ;
2011-06-07 11:44:43 +10:00
result = talloc_zero ( auth_context , struct auth_methods ) ;
2010-04-11 12:37:48 +02:00
if ( result = = NULL ) {
2003-05-26 16:38:35 +00:00
return NT_STATUS_NO_MEMORY ;
}
2010-04-11 12:37:48 +02:00
result - > name = " winbind " ;
result - > auth = check_winbind_security ;
2003-04-24 11:56:09 +00:00
if ( param & & * param ) {
/* we load the 'fallback' module - if winbind isn't here, call this
module */
2006-09-19 01:25:52 +00:00
auth_methods * priv ;
if ( ! load_auth_module ( auth_context , param , & priv ) ) {
2003-04-24 11:56:09 +00:00
return NT_STATUS_UNSUCCESSFUL ;
}
2010-04-11 12:37:48 +02:00
result - > private_data = ( void * ) priv ;
2003-04-24 11:56:09 +00:00
}
2010-04-11 12:37:48 +02:00
* auth_method = result ;
2002-07-15 10:35:28 +00:00
return NT_STATUS_OK ;
2001-11-24 12:16:27 +00:00
}
2003-04-16 12:13:07 +00:00
2003-04-28 17:48:48 +00:00
NTSTATUS auth_winbind_init ( void )
2003-04-16 12:13:07 +00:00
{
2003-04-28 17:48:48 +00:00
return smb_register_auth ( AUTH_INTERFACE_VERSION , " winbind " , auth_init_winbind ) ;
2003-04-16 12:13:07 +00:00
}
