Ensure that only parse_prs.c access internal members of the prs_struct.
[samba.git] / source3 / auth / auth_winbind.c
index bc19b36b541a27724406bd719491c27a9269c735..5e1567d3c1975dc3adbe1cdceaa679948e5f1328 100644 (file)
@@ -4,7 +4,7 @@
    Winbind authentication mechnism
 
    Copyright (C) Tim Potter 2000
-   Copyright (C) Andrew Bartlett 2001
+   Copyright (C) Andrew Bartlett 2001 - 2002
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
 
 #include "includes.h"
 
-/* Prototypes from common.h */
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
 
-NSS_STATUS winbindd_request(int req_type, 
-                           struct winbindd_request *request,
-                           struct winbindd_response *response);
+static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3)
+{
+       uint8 *info3_ndr;
+       size_t len = response->length - sizeof(response);
+       prs_struct ps;
+       if (len > 0) {
+               info3_ndr = response->extra_data;
+               if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+               prs_copy_data_in(&ps, info3_ndr, len);
+               prs_set_offset(&ps,0);
+               if (!net_io_user_info3("", info3, &ps, 1, 3)) {
+                       DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n"));
+                       return NT_STATUS_UNSUCCESSFUL;
+               }
+               prs_mem_free(&ps);
 
+               return NT_STATUS_OK;
+       } else {
+               DEBUG(2, ("get_info3_from_ndr: No info3 struct found!\n"));
+               return NT_STATUS_UNSUCCESSFUL;
+       }
+}
 
 /* Authenticate a user with a challenge/response */
 
@@ -41,11 +62,11 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
        struct winbindd_request request;
        struct winbindd_response response;
         NSS_STATUS result;
-        struct passwd *pw;
        NTSTATUS nt_status;
+        NET_USER_INFO_3 info3;
 
        if (!user_info) {
-               return NT_STATUS_UNSUCCESSFUL;
+               return NT_STATUS_INVALID_PARAMETER;
        }
 
        if (!auth_context) {
@@ -59,11 +80,14 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
        ZERO_STRUCT(request);
        ZERO_STRUCT(response);
 
-       snprintf(request.data.auth_crap.user, sizeof(request.data.auth_crap.user),
-                "%s\\%s", user_info->domain.str, user_info->smb_name.str);
+       request.data.auth_crap.flags = WINBIND_PAM_INFO3_NDR;
 
-       fstrcpy(request.data.auth_crap.user, user_info->smb_name.str);
-       fstrcpy(request.data.auth_crap.domain, user_info->domain.str);
+       push_utf8_fstring(request.data.auth_crap.user, 
+                         user_info->smb_name.str);
+       push_utf8_fstring(request.data.auth_crap.domain, 
+                         user_info->domain.str);
+       push_utf8_fstring(request.data.auth_crap.workstation, 
+                         user_info->wksta_name.str);
 
        memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal));
        
@@ -73,39 +97,40 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
                                                 sizeof(request.data.auth_crap.nt_resp));
        
        memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, 
-              sizeof(request.data.auth_crap.lm_resp_len));
-       memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, 
               request.data.auth_crap.lm_resp_len);
+       memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, 
+              request.data.auth_crap.nt_resp_len);
        
        result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
 
-       if (result == NSS_STATUS_SUCCESS) {
-               
-               pw = Get_Pwnam(user_info->internal_username.str);
-               
-               if (pw) {                       
-                       if (make_server_info_pw(server_info, pw)) {
-                               nt_status = NT_STATUS_OK;
-                       } else {
-                               nt_status = NT_STATUS_NO_MEMORY;
+       nt_status = NT_STATUS(response.data.auth.nt_status);
+
+       if (result == NSS_STATUS_SUCCESS && response.extra_data) {
+               if (NT_STATUS_IS_OK(nt_status)) {
+                       if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) { 
+                               nt_status = 
+                                       make_server_info_info3(mem_ctx, 
+                                                              user_info->internal_username.str, 
+                                                              user_info->smb_name.str, 
+                                                              user_info->domain.str, 
+                                                              server_info, 
+                                                              &info3); 
                        }
-               } else {
-                       nt_status = NT_STATUS_NO_SUCH_USER;
                }
-       } else {
-               nt_status = NT_STATUS_LOGON_FAILURE;
+       } else if (NT_STATUS_IS_OK(nt_status)) {
+               nt_status = NT_STATUS_UNSUCCESSFUL;
        }
 
         return nt_status;
 }
 
 /* module initialisation */
-BOOL auth_init_winbind(struct auth_context *auth_context, auth_methods **auth_method) 
+NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 
 {
-       if (!make_auth_methods(auth_context, auth_method)) {
-               return False;
-       }
+       if (!make_auth_methods(auth_context, auth_method))
+               return NT_STATUS_NO_MEMORY;
 
+       (*auth_method)->name = "winbind";
        (*auth_method)->auth = check_winbind_security;
-       return True;
+       return NT_STATUS_OK;
 }