This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "libcli/composite/composite.h"
-#include "winbind/wb_async_helpers.h"
#include "winbind/wb_server.h"
-#include "smbd/service_stream.h"
#include "smbd/service_task.h"
-#include "libcli/auth/credentials.h"
+#include "auth/credentials/credentials.h"
+#include "libcli/auth/libcli_auth.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_netlogon_c.h"
/* Oh, there is so much to keep an eye on when authenticating a user. Oh my! */
struct pam_auth_crap_state {
uint32_t logon_parameters;
const char *domain_name;
const char *user_name;
+ char *unix_username;
const char *workstation;
DATA_BLOB chal, nt_resp, lm_resp;
struct composite_context *result, *ctx;
struct pam_auth_crap_state *state;
- result = talloc(mem_ctx, struct composite_context);
+ result = composite_create(mem_ctx, service->task->event_ctx);
if (result == NULL) goto failed;
- result->state = COMPOSITE_STATE_IN_PROGRESS;
- result->async.fn = NULL;
- result->event_ctx = service->task->event_ctx;
state = talloc(result, struct pam_auth_crap_state);
if (state == NULL) goto failed;
state->user_name = talloc_strdup(state, user);
if (state->user_name == NULL) goto failed;
+ state->unix_username = NULL;
+
state->workstation = talloc_strdup(state, workstation);
if (state->workstation == NULL) goto failed;
ZERO_STRUCT(state->auth2);
- state->r.in.workstation =
+ state->r.in.computer_name =
cli_credentials_get_workstation(domain->schannel_creds);
state->r.in.credential = &state->auth;
state->r.in.return_authenticator = &state->auth2;
static void pam_auth_crap_recv_samlogon(struct rpc_request *req)
{
struct pam_auth_crap_state *state =
- talloc_get_type(req->async.private,
+ talloc_get_type(req->async.private_data,
struct pam_auth_crap_state);
struct netr_SamBaseInfo *base;
DATA_BLOB tmp_blob;
talloc_steal(state, base->domain.string);
}
+ state->unix_username = talloc_asprintf(state, "%s%s%s",
+ state->domain_name,
+ lp_winbind_separator(),
+ state->user_name);
+ if (composite_nomem(state->unix_username, state->ctx)) return;
+
composite_done(state->ctx);
}
+/* Having received a NTLM authentication reply, parse out the useful
+ * reply data for the caller */
NTSTATUS wb_cmd_pam_auth_crap_recv(struct composite_context *c,
TALLOC_CTX *mem_ctx,
DATA_BLOB *info3,
info3->data = talloc_steal(mem_ctx, state->info3.data);
*user_session_key = state->user_session_key;
*lm_key = state->lm_key;
- *unix_username = talloc_asprintf(mem_ctx, "%s%s%s",
- state->domain_name,
- lp_winbind_separator(),
- state->user_name);
- if (!*unix_username) {
- status = NT_STATUS_NO_MEMORY;
- }
+ *unix_username = talloc_steal(mem_ctx, state->unix_username);
}
talloc_free(state);
return status;
}
-NTSTATUS wb_cmd_pam_auth_crap(TALLOC_CTX *mem_ctx,
- struct wbsrv_service *service,
- uint32_t logon_parameters,
- const char *domain, const char *user,
- const char *workstation,
- DATA_BLOB chal, DATA_BLOB nt_resp,
- DATA_BLOB lm_resp,
- DATA_BLOB *info3,
- struct netr_UserSessionKey *user_session_key,
- struct netr_LMSessionKey *lm_key,
- char **unix_username)
-{
- struct composite_context *c =
- wb_cmd_pam_auth_crap_send(mem_ctx, service, logon_parameters,
- domain, user, workstation,
- chal, nt_resp, lm_resp);
- return wb_cmd_pam_auth_crap_recv(c, mem_ctx, info3, user_session_key,
- lm_key, unix_username);
-}
+/* Handle plaintext authentication, by encrypting the password and
+ * then sending via the NTLM calls */
struct composite_context *wb_cmd_pam_auth_send(TALLOC_CTX *mem_ctx,
struct wbsrv_service *service,
flags |= CLI_CRED_NTLMv2_AUTH;
}
- DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
+ DEBUG(5, ("wbsrv_samba3_pam_auth called\n"));
credentials = cli_credentials_init(mem_ctx);
if (!credentials) {
NTSTATUS wb_cmd_pam_auth_recv(struct composite_context *c)
{
- struct pam_auth_crap_state *state =
- talloc_get_type(c->private_data, struct pam_auth_crap_state);
- NTSTATUS status = composite_wait(c);
- talloc_free(state);
- return status;
-}
-
-NTSTATUS wb_cmd_pam_auth(TALLOC_CTX *mem_ctx, struct wbsrv_service *service,
- const char *domain, const char *user,
- const char *password)
-{
- struct composite_context *c =
- wb_cmd_pam_auth_send(mem_ctx, service, domain, user, password);
- return wb_cmd_pam_auth_recv(c);
+ struct pam_auth_crap_state *state =
+ talloc_get_type(c->private_data, struct pam_auth_crap_state);
+ NTSTATUS status = composite_wait(c);
+ talloc_free(state);
+ return status;
}