2 Unix SMB/CIFS implementation.
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Tridgell 2005
8 Copyright (C) Andrew Bartlett 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "lib/util/tevent_ntstatus.h"
27 #include "auth/auth.h"
28 #include "dsdb/samdb/samdb.h"
31 #define DBGC_CLASS DBGC_AUTH
33 struct authenticate_ldap_simple_bind_state {
35 struct auth4_context *auth_context;
36 struct auth_usersupplied_info *user_info;
37 struct auth_session_info *session_info;
40 static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq);
42 _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
43 struct tevent_context *ev,
44 struct imessaging_context *msg,
45 struct loadparm_context *lp_ctx,
46 struct tsocket_address *remote_address,
47 struct tsocket_address *local_address,
52 struct tevent_req *req = NULL;
53 struct authenticate_ldap_simple_bind_state *state = NULL;
54 struct auth_usersupplied_info *user_info = NULL;
55 const char *nt4_domain = NULL;
56 const char *nt4_username = NULL;
57 struct tevent_req *subreq = NULL;
60 req = tevent_req_create(mem_ctx, &state,
61 struct authenticate_ldap_simple_bind_state);
65 state->using_tls = using_tls;
67 status = auth_context_create(state, ev, msg, lp_ctx,
68 &state->auth_context);
69 if (tevent_req_nterror(req, status)) {
70 return tevent_req_post(req, ev);
73 user_info = talloc_zero(state, struct auth_usersupplied_info);
74 if (tevent_req_nomem(user_info, req)) {
75 return tevent_req_post(req, ev);
77 state->user_info = user_info;
79 user_info->client.account_name = dn;
80 /* No client.domain_name, use account_name instead */
81 /* user_info->mapped.* will be filled below */
83 user_info->workstation_name = NULL;
85 user_info->remote_host = remote_address;
86 user_info->local_host = local_address;
88 user_info->service_description = "LDAP";
91 user_info->auth_description = "simple bind";
93 user_info->auth_description = "simple bind/TLS";
96 user_info->password_state = AUTH_PASSWORD_PLAIN;
97 user_info->password.plaintext = talloc_strdup(user_info, password);
98 if (tevent_req_nomem(user_info->password.plaintext, req)) {
99 return tevent_req_post(req, ev);
102 user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
103 USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
105 user_info->logon_parameters =
106 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
107 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
108 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
109 MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
111 status = crack_auto_name_to_nt4_name(state, state->auth_context->sam_ctx,
112 dn, &nt4_domain, &nt4_username);
113 if (!NT_STATUS_IS_OK(status)) {
114 log_authentication_event(msg, lp_ctx,
115 &state->auth_context->start_time,
117 NULL, NULL, NULL, NULL);
119 if (tevent_req_nterror(req, status)) {
120 return tevent_req_post(req, ev);
123 user_info->mapped.account_name = nt4_username;
124 user_info->mapped.domain_name = nt4_domain;
125 user_info->mapped_state = true;
127 subreq = auth_check_password_send(state, ev,
130 if (tevent_req_nomem(subreq, req)) {
131 return tevent_req_post(req, ev);
133 tevent_req_set_callback(subreq, authenticate_ldap_simple_bind_done, req);
138 static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
140 struct tevent_req *req =
141 tevent_req_callback_data(subreq,
143 struct authenticate_ldap_simple_bind_state *state =
145 struct authenticate_ldap_simple_bind_state);
146 struct auth4_context *auth_context = state->auth_context;
147 struct auth_usersupplied_info *user_info = state->user_info;
148 const char *nt4_username = user_info->mapped.account_name;
149 const struct tsocket_address *remote_address = user_info->remote_host;
150 const struct tsocket_address *local_address = user_info->local_host;
151 const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
152 struct auth_user_info_dc *user_info_dc = NULL;
153 uint8_t authoritative = 0;
157 if (state->using_tls) {
158 transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
161 nt_status = auth_check_password_recv(subreq, state,
165 if (tevent_req_nterror(req, nt_status)) {
169 flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
170 if (user_info_dc->info->authenticated) {
171 flags |= AUTH_SESSION_INFO_AUTHENTICATED;
174 nt_status = auth_context->generate_session_info(auth_context,
179 &state->session_info);
180 if (tevent_req_nterror(req, nt_status)) {
184 log_successful_authz_event(auth_context->msg_ctx,
185 auth_context->lp_ctx,
190 transport_protection,
191 state->session_info);
193 tevent_req_done(req);
196 _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,
198 struct auth_session_info **session_info)
200 struct authenticate_ldap_simple_bind_state *state =
202 struct authenticate_ldap_simple_bind_state);
205 *session_info = NULL;
207 if (tevent_req_is_nterror(req, &status)) {
208 tevent_req_received(req);
212 *session_info = talloc_move(mem_ctx, &state->session_info);
213 tevent_req_received(req);