winbind: Extend wbcAuthenticateUserEx to provide PAC

[samba.git] / nsswitch / libwbclient / wbc_pam.c

diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index f7fb9f23f679461fb5d3b4b1d6564f373d60a8ed..f183cc61b1e41fb64505444b82f1d27be2985cc1 100644 (file)
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -364,7 +364,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
                BAIL_ON_WBC_ERROR(wbc_status);
        }
 
-       if (!params->account_name) {
+       if (params->level != WBC_AUTH_USER_LEVEL_PAC && !params->account_name) {
                wbc_status = WBC_ERR_INVALID_PARAM;
                BAIL_ON_WBC_ERROR(wbc_status);
        }
@@ -491,6 +491,20 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
                               request.data.auth_crap.nt_resp_len);
                }
                break;
+
+       case WBC_AUTH_USER_LEVEL_PAC:
+               cmd = WINBINDD_PAM_AUTH_CRAP;
+               request.flags = WBFLAG_PAM_AUTH_PAC | WBFLAG_PAM_INFO3_TEXT;
+               request.extra_data.data = malloc(params->password.pac.length);
+               if (request.extra_data.data == NULL) {
+                       wbc_status = WBC_ERR_NO_MEMORY;
+                       BAIL_ON_WBC_ERROR(wbc_status);
+               }
+               memcpy(request.extra_data.data, params->password.pac.data,
+                      params->password.pac.length);
+               request.extra_len = params->password.pac.length;
+               break;
+
        default:
                break;
        }