updated the 3.0 branch from the head branch - ready for alpha18
[samba.git] / source3 / auth / auth_winbind.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    Winbind authentication mechnism
5
6    Copyright (C) Tim Potter 2000
7    Copyright (C) Andrew Bartlett 2001
8    
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 2 of the License, or
12    (at your option) any later version.
13    
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18    
19    You should have received a copy of the GNU General Public License
20    along with this program; if not, write to the Free Software
21    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_AUTH
28
29 /* Prototypes from common.h */
30
31 NSS_STATUS winbindd_request(int req_type, 
32                             struct winbindd_request *request,
33                             struct winbindd_response *response);
34
35
36 /* Authenticate a user with a challenge/response */
37
38 static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
39                                        void *my_private_data, 
40                                        TALLOC_CTX *mem_ctx,
41                                        const auth_usersupplied_info *user_info, 
42                                        auth_serversupplied_info **server_info)
43 {
44         struct winbindd_request request;
45         struct winbindd_response response;
46         NSS_STATUS result;
47         struct passwd *pw;
48         NTSTATUS nt_status;
49
50         if (!user_info) {
51                 return NT_STATUS_UNSUCCESSFUL;
52         }
53
54         if (!auth_context) {
55                 DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n", 
56                          user_info->internal_username.str));            
57                 return NT_STATUS_UNSUCCESSFUL;
58         }               
59
60         /* Send off request */
61
62         ZERO_STRUCT(request);
63         ZERO_STRUCT(response);
64
65         snprintf(request.data.auth_crap.user, sizeof(request.data.auth_crap.user),
66                  "%s\\%s", user_info->domain.str, user_info->smb_name.str);
67
68         fstrcpy(request.data.auth_crap.user, user_info->smb_name.str);
69         fstrcpy(request.data.auth_crap.domain, user_info->domain.str);
70
71         memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal));
72         
73         request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length, 
74                                                  sizeof(request.data.auth_crap.lm_resp));
75         request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length, 
76                                                  sizeof(request.data.auth_crap.nt_resp));
77         
78         memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, 
79                sizeof(request.data.auth_crap.lm_resp_len));
80         memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, 
81                request.data.auth_crap.lm_resp_len);
82         
83         result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
84
85         if (result == NSS_STATUS_SUCCESS) {
86                 
87                 pw = Get_Pwnam(user_info->internal_username.str);
88                 
89                 if (pw) {                       
90                         if (make_server_info_pw(server_info, pw)) {
91                                 nt_status = NT_STATUS_OK;
92                         } else {
93                                 nt_status = NT_STATUS_NO_MEMORY;
94                         }
95                 } else {
96                         nt_status = NT_STATUS_NO_SUCH_USER;
97                 }
98         } else {
99                 nt_status = NT_STATUS_LOGON_FAILURE;
100         }
101
102         return nt_status;
103 }
104
105 /* module initialisation */
106 NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 
107 {
108         if (!make_auth_methods(auth_context, auth_method)) {
109                 return NT_STATUS_NO_MEMORY;
110         }
111
112         (*auth_method)->name = "winbind";
113         (*auth_method)->auth = check_winbind_security;
114         return NT_STATUS_OK;
115 }