sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-29 02:50:28 +03:00
Code

This changes the winbind protcol a bit:

Browse Source 
It adds a 'ping' request, just to check winbind is in fact alive

It also changes winbindd_pam_auth_crap to take usernames and domain seperatly.

(backward incompatible change, needs merge to 2.2, but this is not yet released
code, so no workarounds)

Finally, it adds some debugs and fixes a few memory leaks (uses talloc to do
it).

Andrew Bartlett
(This used to be commit 6df29bfe335144a968f5367f624ef2b4cf9e69b0)
This commit is contained in:
Andrew Bartlett 2002-01-10 10:23:54 +00:00
parent 692215e485
commit cf00e41421
6 changed files with 84 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
source3/nsswitch/wbinfo.c
View File

@ -31,6 +31,23 @@ NSS_STATUS winbindd_request(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
form DOMAIN/user into a domain and a user */
static BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
{
char *p = strchr(domuser,*lp_winbind_separator());
if (!p)
return False;
fstrcpy(user, p+1);
fstrcpy(domain, domuser);
domain[PTR_DIFF(p, domuser)] = 0;
strupper(domain);
return True;
}
/* List groups a user is a member of */
static BOOL wbinfo_get_usergroups(char *user)
@ -282,8 +299,10 @@ static BOOL wbinfo_auth(char *username)
* Don't do the lookup if the name has no separator.
*/
if (!strchr(username, *lp_winbind_separator()))
if (!strchr(username, *lp_winbind_separator())) {
printf("no domain seperator (%s) in username - failing\n", lp_winbind_separator());
return False;
}
/* Send off request */
@ -317,6 +336,8 @@ static BOOL wbinfo_auth_crap(char *username)
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
fstring name_user;
fstring name_domain;
fstring pass;
char *p;
@ -324,8 +345,10 @@ static BOOL wbinfo_auth_crap(char *username)
* Don't do the lookup if the name has no separator.
*/
if (!strchr(username, *lp_winbind_separator()))
if (!strchr(username, *lp_winbind_separator())) {
printf("no domain seperator (%s) in username - failing\n", lp_winbind_separator());
return False;
}
/* Send off request */
@ -336,11 +359,14 @@ static BOOL wbinfo_auth_crap(char *username)
if (p) {
*p = 0;
fstrcpy(request.data.auth_crap.user, username);
fstrcpy(pass, p + 1);
*p = '%';
} else
fstrcpy(request.data.auth_crap.user, username);
}
parse_domain_user(username, name_domain, name_user);
fstrcpy(request.data.auth_crap.user, name_user);
fstrcpy(request.data.auth_crap.domain, name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8, False);
@ -447,6 +473,20 @@ static BOOL wbinfo_set_auth_user(char *username)
return True;
}
static BOOL wbinfo_ping(void)
{
NSS_STATUS result;
result = winbindd_request(WINBINDD_PING, NULL, NULL);
/* Display response */
printf("'ping' to winbindd %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
return result == NSS_STATUS_SUCCESS;
}
/* Print program usage */
static void usage(void)
@ -465,6 +505,7 @@ static void usage(void)
printf("\t-m\t\t\tlist trusted domains\n");
printf("\t-r user\t\t\tget user groups\n");
printf("\t-a user%%password\tauthenticate user\n");
printf("\t-p 'ping' winbindd to see if it is alive\n");
}
/* Main program */
@ -500,6 +541,7 @@ int main(int argc, char **argv)
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' },
{ "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p' },
{ 0, 0, 0, 0 }
};
@ -640,6 +682,14 @@ int main(int argc, char **argv)
return 1;
break;
}
case 'p': {
if (!wbinfo_ping()) {
printf("could not ping winbindd!\n");
return 1;
}
break;
}
case OPT_SET_AUTH_USER:
if (!(wbinfo_set_auth_user(string_arg))) {
return 1;

1
source3/nsswitch/winbindd.c
View File

@ -329,6 +329,7 @@ static struct dispatch_table dispatch_table[] = {
/* Miscellaneous */
{ WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" },
{ WINBINDD_PING, winbindd_ping, "PING" },
/* End of list */

21
source3/nsswitch/winbindd_misc.c
View File

@ -31,18 +31,9 @@ extern pstring global_myname;
static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd,
time_t *pass_last_set_time)
{
struct machine_acct_pass *pass;
size_t size;
if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
size != sizeof(*pass))
if (!secrets_fetch_trust_account_password(domain, ret_pwd, pass_last_set_time)) {
return False;
if (pass_last_set_time)
*pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
SAFE_FREE(pass);
}
return True;
}
@ -150,3 +141,11 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
return WINBINDD_OK;
}
enum winbindd_result winbindd_ping(struct winbindd_cli_state
*state)
{
DEBUG(3, ("[%5d]: ping\n", state->pid));
return WINBINDD_OK;
}

2
source3/nsswitch/winbindd_nss.h
View File

@ -83,6 +83,7 @@ enum winbindd_cmd {
/* Miscellaneous other stuff */
WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
WINBINDD_PING, /* Just tell me winbind is running */
/* Placeholder for end of cmd list */
@ -107,6 +108,7 @@ struct winbindd_request {
struct {
unsigned char chal[8];
fstring user;
fstring domain;
fstring lm_resp;
uint16 lm_resp_len;
fstring nt_resp;

34
source3/nsswitch/winbindd_pam.c
View File

@ -53,10 +53,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
}
/* Parse domain and username */
if (!parse_domain_user(state->request.data.auth.user, name_domain,
name_user))
name_user)) {
DEBUG(5,("no domain seperator (%s) in username (%s) - failing fauth\n", lp_winbind_separator(), state->request.data.auth.user));
return WINBINDD_ERROR;
}
passlen = strlen(state->request.data.auth.pass);
@ -71,8 +73,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
SMBNTencrypt((const uchar *)state->request.data.auth.pass, chal, local_nt_response);
lm_resp = data_blob(local_lm_response, sizeof(local_lm_response));
nt_resp = data_blob(local_nt_response, sizeof(local_nt_response));
lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response));
nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response));
}
/*
@ -106,8 +108,6 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
&info3);
done:
data_blob_free(&lm_resp);
data_blob_free(&nt_resp);
cli_shutdown(cli);
@ -115,13 +115,12 @@ done:
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
/* Challenge Response Authentication Protocol */
enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
{
NTSTATUS result;
fstring name_domain, name_user;
unsigned char trust_passwd[16];
time_t last_change_time;
NET_USER_INFO_3 info3;
@ -132,23 +131,16 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
extern pstring global_myname;
DEBUG(3, ("[%5d]: pam auth crap %s\n", state->pid,
state->request.data.auth_crap.user));
DEBUG(3, ("[%5d]: pam auth crap domain: %s user: %s\n", state->pid,
state->request.data.auth_crap.user, state->request.data.auth_crap.user));
if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
if (!(mem_ctx = talloc_init_named("winbind pam auth crap for %s", state->request.data.auth.user))) {
DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
return WINBINDD_ERROR;
}
/* Parse domain and username */
if (!parse_domain_user(state->request.data.auth_crap.user, name_domain,
name_user))
return WINBINDD_ERROR;
lm_resp = data_blob(state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len);
nt_resp = data_blob(state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len);
lm_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len);
nt_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len);
/*
* Get the machine account password for our primary domain
@ -171,7 +163,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
}
result = cli_netlogon_sam_network_logon(cli, mem_ctx,
name_user, name_domain,
state->request.data.auth_crap.user, state->request.data.auth_crap.domain,
global_myname, state->request.data.auth_crap.chal,
lm_resp, nt_resp,
&info3);

2
source3/nsswitch/winbindd_proto.h
View File

@ -68,6 +68,8 @@ void winbindd_idmap_status(void);
enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state);
enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
*state);
enum winbindd_result winbindd_ping(struct winbindd_cli_state
*state);
/* The following definitions come from nsswitch/winbindd_pam.c */