#include "dsdb/samdb/samdb.h"
struct authenticate_ldap_simple_bind_state {
+ bool using_tls;
+ struct auth4_context *auth_context;
+ struct auth_usersupplied_info *user_info;
struct auth_session_info *session_info;
};
+static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq);
+
_PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct imessaging_context *msg,
{
struct tevent_req *req = NULL;
struct authenticate_ldap_simple_bind_state *state = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
+ const char *nt4_domain = NULL;
+ const char *nt4_username = NULL;
+ struct tevent_req *subreq = NULL;
NTSTATUS status;
req = tevent_req_create(mem_ctx, &state,
if (req == NULL) {
return NULL;
}
+ state->using_tls = using_tls;
- status = authenticate_ldap_simple_bind(state, ev, msg, lp_ctx,
- remote_address,
- local_address,
- using_tls,
- dn, password,
- &state->session_info);
+ status = auth_context_create(state, ev, msg, lp_ctx,
+ &state->auth_context);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
}
- tevent_req_done(req);
- return tevent_req_post(req, ev);
-}
-
-_PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct imessaging_context *msg,
- struct loadparm_context *lp_ctx,
- struct tsocket_address *remote_address,
- struct tsocket_address *local_address,
- bool using_tls,
- const char *dn,
- const char *password,
- struct auth_session_info **session_info)
-{
- struct auth4_context *auth_context;
- struct auth_usersupplied_info *user_info;
- struct auth_user_info_dc *user_info_dc;
- NTSTATUS nt_status;
- uint8_t authoritative = 0;
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- const char *nt4_domain = NULL;
- const char *nt4_username = NULL;
- uint32_t flags = 0;
- const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
- if (using_tls) {
- transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
- }
-
- if (!tmp_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- nt_status = auth_context_create(tmp_ctx,
- ev, msg,
- lp_ctx,
- &auth_context);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
- }
-
- /*
- * We check the error after building the user_info so we can
- * log a failure to find the user correctly
- */
- nt_status = crack_auto_name_to_nt4_name(tmp_ctx, ev, lp_ctx, dn,
- &nt4_domain, &nt4_username);
-
- user_info = talloc_zero(tmp_ctx, struct auth_usersupplied_info);
- if (!user_info) {
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
+ user_info = talloc_zero(state, struct auth_usersupplied_info);
+ if (tevent_req_nomem(user_info, req)) {
+ return tevent_req_post(req, ev);
}
+ state->user_info = user_info;
user_info->client.account_name = dn;
/* No client.domain_name, use account_name instead */
- user_info->mapped.account_name = nt4_username;
- user_info->mapped.domain_name = nt4_domain;
+ /* user_info->mapped.* will be filled below */
user_info->workstation_name = NULL;
user_info->password_state = AUTH_PASSWORD_PLAIN;
user_info->password.plaintext = talloc_strdup(user_info, password);
+ if (tevent_req_nomem(user_info->password.plaintext, req)) {
+ return tevent_req_post(req, ev);
+ }
user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
- /* This is a check for the crack names call above */
- if (!NT_STATUS_IS_OK(nt_status)) {
- log_authentication_event(auth_context->msg_ctx,
- auth_context->lp_ctx,
- user_info, nt_status,
+ status = crack_auto_name_to_nt4_name(state, ev, lp_ctx, dn,
+ &nt4_domain, &nt4_username);
+ if (!NT_STATUS_IS_OK(status)) {
+ log_authentication_event(msg, lp_ctx,
+ user_info, status,
NULL, NULL, NULL, NULL);
- talloc_free(tmp_ctx);
- return nt_status;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
}
- /* Now that we have checked if the crack names worked, set mapped_state */
+ user_info->mapped.account_name = nt4_username;
+ user_info->mapped.domain_name = nt4_domain;
user_info->mapped_state = true;
- nt_status = auth_check_password(auth_context, tmp_ctx, user_info,
- &user_info_dc, &authoritative);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
+ subreq = auth_check_password_send(state, ev,
+ state->auth_context,
+ state->user_info);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, authenticate_ldap_simple_bind_done, req);
+
+ return req;
+}
+
+static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct authenticate_ldap_simple_bind_state *state =
+ tevent_req_data(req,
+ struct authenticate_ldap_simple_bind_state);
+ struct auth4_context *auth_context = state->auth_context;
+ struct auth_usersupplied_info *user_info = state->user_info;
+ const char *nt4_username = user_info->mapped.account_name;
+ const struct tsocket_address *remote_address = user_info->remote_host;
+ const struct tsocket_address *local_address = user_info->local_host;
+ const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
+ struct auth_user_info_dc *user_info_dc = NULL;
+ uint8_t authoritative = 0;
+ uint32_t flags = 0;
+ NTSTATUS nt_status;
+
+ if (state->using_tls) {
+ transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
+ }
+
+ nt_status = auth_check_password_recv(subreq, state,
+ &user_info_dc,
+ &authoritative);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, nt_status)) {
+ return;
}
flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
if (user_info_dc->info->authenticated) {
flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
+
nt_status = auth_context->generate_session_info(auth_context,
- tmp_ctx,
+ state,
user_info_dc,
nt4_username,
flags,
- session_info);
-
- if (NT_STATUS_IS_OK(nt_status)) {
- talloc_steal(mem_ctx, *session_info);
+ &state->session_info);
+ if (tevent_req_nterror(req, nt_status)) {
+ return;
}
log_successful_authz_event(auth_context->msg_ctx,
"LDAP",
"simple bind",
transport_protection,
- *session_info);
+ state->session_info);
- talloc_free(tmp_ctx);
- return nt_status;
+ tevent_req_done(req);
}
_PUBLIC_ NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,