sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code

wbinfo: use wbcAuthenticateUserEx()

Browse Source 
metze
This commit is contained in:
Stefan Metzmacher 2008-01-29 16:21:14 +01:00
parent 72af96a320
commit 923cb37837
1 changed files with 43 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
source/nsswitch/wbinfo.c
View File

@ -904,19 +904,16 @@ static bool wbinfo_auth(char *username)
static bool wbinfo_auth_crap(char *username) static bool wbinfo_auth_crap(char *username)
{ {
struct winbindd_request request; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct winbindd_response response; struct wbcAuthUserParams params;
NSS_STATUS result; struct wbcAuthErrorInfo *err = NULL;
DATA_BLOB lm = data_blob_null;
DATA_BLOB nt = data_blob_null;
fstring name_user; fstring name_user;
fstring name_domain; fstring name_domain;
fstring pass; fstring pass;
char *p; char *p;
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
p = strchr(username, '%'); p = strchr(username, '%');
if (p) { if (p) {
@ -926,29 +923,30 @@ static bool wbinfo_auth_crap(char *username)
parse_wbinfo_domain_user(username, name_domain, name_user); parse_wbinfo_domain_user(username, name_domain, name_user);
request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; params.account_name = name_user;
params.domain_name = name_domain;
params.workstation_name = NULL;
fstrcpy(request.data.auth_crap.user, name_user); params.flags = 0;
params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
fstrcpy(request.data.auth_crap.domain, name_domain); params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
generate_random_buffer(request.data.auth_crap.chal, 8); generate_random_buffer(params.password.response.challenge, 8);
if (lp_client_ntlmv2_auth()) { if (lp_client_ntlmv2_auth()) {
DATA_BLOB server_chal; DATA_BLOB server_chal;
DATA_BLOB names_blob; DATA_BLOB names_blob;
DATA_BLOB lm_response; server_chal = data_blob(params.password.response.challenge, 8);
DATA_BLOB nt_response;
server_chal = data_blob(request.data.auth_crap.chal, 8);
/* Pretend this is a login to 'us', for blob purposes */ /* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup()); names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
&names_blob, &names_blob,
&lm_response, &nt_response, NULL)) { &lm, &nt, NULL)) {
data_blob_free(&names_blob); data_blob_free(&names_blob);
data_blob_free(&server_chal); data_blob_free(&server_chal);
return false; return false;
@ -956,47 +954,45 @@ static bool wbinfo_auth_crap(char *username)
data_blob_free(&names_blob); data_blob_free(&names_blob);
data_blob_free(&server_chal); data_blob_free(&server_chal);
memcpy(request.data.auth_crap.nt_resp, nt_response.data,
MIN(nt_response.length,
sizeof(request.data.auth_crap.nt_resp)));
request.data.auth_crap.nt_resp_len = nt_response.length;
memcpy(request.data.auth_crap.lm_resp, lm_response.data,
MIN(lm_response.length,
sizeof(request.data.auth_crap.lm_resp)));
request.data.auth_crap.lm_resp_len = lm_response.length;
data_blob_free(&nt_response);
data_blob_free(&lm_response);
} else { } else {
if (lp_client_lanman_auth() if (lp_client_lanman_auth()) {
&& SMBencrypt(pass, request.data.auth_crap.chal, bool ok;
(uchar *)request.data.auth_crap.lm_resp)) { lm = data_blob(NULL, 24);
request.data.auth_crap.lm_resp_len = 24; ok = SMBencrypt(pass, params.password.response.challenge,
} else { lm.data);
request.data.auth_crap.lm_resp_len = 0; if (!ok) {
data_blob_free(&lm);
}
} }
SMBNTencrypt(pass, request.data.auth_crap.chal, nt = data_blob(NULL, 24);
(uchar *)request.data.auth_crap.nt_resp); SMBNTencrypt(pass, params.password.response.challenge,
nt.data);
request.data.auth_crap.nt_resp_len = 24;
} }
result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); params.password.response.nt_length = nt.length;
params.password.response.nt_data = nt.data;
params.password.response.lm_length = lm.length;
params.password.response.lm_data = lm.data;
wbc_status = wbcAuthenticateUserEx(&params, NULL, &err);
/* Display response */ /* Display response */
d_printf("challenge/response password authentication %s\n", d_printf("challenge/response password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
if (response.data.auth.nt_status) if (wbc_status == WBC_ERR_AUTH_ERROR) {
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string, err->nt_string,
response.data.auth.nt_status, err->nt_status,
response.data.auth.error_string); err->display_string);
wbcFreeMemory(err);
}
return result == NSS_STATUS_SUCCESS; data_blob_free(&nt);
data_blob_free(&lm);
return WBC_ERROR_IS_OK(wbc_status);
} }
/* Authenticate a user with a plaintext password and set a token */ /* Authenticate a user with a plaintext password and set a token */