2 Unix SMB/CIFS implementation.
3 Main winbindd samba3 server routines
5 Copyright (C) Stefan Metzmacher 2005
6 Copyright (C) Volker Lendecke 2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "smbd/service_stream.h"
25 #include "nsswitch/winbind_nss_config.h"
26 #include "nsswitch/winbindd_nss.h"
27 #include "winbind/wb_server.h"
28 #include "winbind/wb_samba3_protocol.h"
29 #include "winbind/wb_async_helpers.h"
30 #include "librpc/gen_ndr/nbt.h"
31 #include "libcli/raw/libcliraw.h"
32 #include "libcli/composite/composite.h"
33 #include "libcli/smb_composite/smb_composite.h"
34 #include "include/version.h"
35 #include "lib/events/events.h"
36 #include "librpc/gen_ndr/ndr_netlogon.h"
38 NTSTATUS wbsrv_samba3_interface_version(struct wbsrv_samba3_call *s3call)
40 s3call->response.result = WINBINDD_OK;
41 s3call->response.data.interface_version = WINBIND_INTERFACE_VERSION;
45 NTSTATUS wbsrv_samba3_info(struct wbsrv_samba3_call *s3call)
47 s3call->response.result = WINBINDD_OK;
48 s3call->response.data.info.winbind_separator = *lp_winbind_separator();
49 WBSRV_SAMBA3_SET_STRING(s3call->response.data.info.samba_version, SAMBA_VERSION_STRING);
53 NTSTATUS wbsrv_samba3_domain_name(struct wbsrv_samba3_call *s3call)
55 s3call->response.result = WINBINDD_OK;
56 WBSRV_SAMBA3_SET_STRING(s3call->response.data.domain_name, lp_workgroup());
60 NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call)
62 s3call->response.result = WINBINDD_OK;
63 WBSRV_SAMBA3_SET_STRING(s3call->response.data.netbios_name, lp_netbios_name());
67 NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
69 s3call->response.result = WINBINDD_OK;
70 s3call->response.extra_data = smbd_tmp_path(s3call,
71 WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
72 NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data);
76 NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call)
78 s3call->response.result = WINBINDD_OK;
82 static void checkmachacc_recv_creds(struct composite_context *ctx);
84 NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call)
86 struct composite_context *ctx;
88 DEBUG(5, ("wbsrv_samba3_check_machacc called\n"));
90 ctx = wb_cmd_checkmachacc_send(s3call->call);
91 NT_STATUS_HAVE_NO_MEMORY(ctx);
93 ctx->async.fn = checkmachacc_recv_creds;
94 ctx->async.private_data = s3call;
95 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
99 static void checkmachacc_recv_creds(struct composite_context *ctx)
101 struct wbsrv_samba3_call *s3call =
102 talloc_get_type(ctx->async.private_data,
103 struct wbsrv_samba3_call);
106 status = wb_cmd_checkmachacc_recv(ctx);
107 if (NT_STATUS_IS_OK(status)) {
108 s3call->response.result = WINBINDD_OK;
110 struct winbindd_response *resp = &s3call->response;
111 resp->result = WINBINDD_ERROR;
112 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
114 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
116 resp->data.auth.pam_error = nt_status_to_pam(status);
118 status = wbsrv_send_reply(s3call->call);
119 if (!NT_STATUS_IS_OK(status)) {
120 wbsrv_terminate_connection(s3call->call->wbconn,
121 "wbsrv_queue_reply() failed");
126 static void lookupname_recv_sid(struct composite_context *ctx);
128 NTSTATUS wbsrv_samba3_lookupname(struct wbsrv_samba3_call *s3call)
130 struct composite_context *ctx;
132 DEBUG(5, ("wbsrv_samba3_lookupname called\n"));
134 ctx = wb_cmd_lookupname_send(s3call->call,
135 s3call->request.data.name.name);
136 NT_STATUS_HAVE_NO_MEMORY(ctx);
138 /* setup the callbacks */
139 ctx->async.fn = lookupname_recv_sid;
140 ctx->async.private_data = s3call;
141 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
145 static void lookupname_recv_sid(struct composite_context *ctx)
147 struct wbsrv_samba3_call *s3call =
148 talloc_get_type(ctx->async.private_data,
149 struct wbsrv_samba3_call);
150 struct wb_sid_object *sid;
153 status = wb_cmd_lookupname_recv(ctx, s3call, &sid);
154 if (!NT_STATUS_IS_OK(status)) goto done;
156 s3call->response.result = WINBINDD_OK;
157 s3call->response.data.sid.type = sid->type;
158 WBSRV_SAMBA3_SET_STRING(s3call->response.data.sid.sid,
159 dom_sid_string(s3call, sid->sid));
162 if (!NT_STATUS_IS_OK(status)) {
163 struct winbindd_response *resp = &s3call->response;
164 resp->result = WINBINDD_ERROR;
165 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
167 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
169 resp->data.auth.pam_error = nt_status_to_pam(status);
172 status = wbsrv_send_reply(s3call->call);
173 if (!NT_STATUS_IS_OK(status)) {
174 wbsrv_terminate_connection(s3call->call->wbconn,
175 "wbsrv_queue_reply() failed");
180 NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
182 s3call->response.result = WINBINDD_ERROR;
186 static BOOL samba3_parse_domuser(TALLOC_CTX *mem_ctx, const char *domuser,
187 char **domain, char **user)
189 char *p = strchr(domuser, *lp_winbind_separator());
192 *domain = talloc_strdup(mem_ctx, lp_workgroup());
194 *domain = talloc_strndup(mem_ctx, domuser,
195 PTR_DIFF(p, domuser));
199 *user = talloc_strdup(mem_ctx, domuser);
201 return ((*domain != NULL) && (*user != NULL));
204 static void pam_auth_crap_recv(struct composite_context *ctx);
206 NTSTATUS wbsrv_samba3_pam_auth_crap(struct wbsrv_samba3_call *s3call)
208 struct composite_context *ctx;
210 DATA_BLOB chal, nt_resp, lm_resp;
213 DEBUG(5, ("wbsrv_samba3_pam_auth_crap called\n"));
215 chal.data = s3call->request.data.auth_crap.chal;
216 chal.length = sizeof(s3call->request.data.auth_crap.chal);
217 nt_resp.data = s3call->request.data.auth_crap.nt_resp;
218 nt_resp.length = s3call->request.data.auth_crap.nt_resp_len;
219 lm_resp.data = s3call->request.data.auth_crap.lm_resp;
220 lm_resp.length = s3call->request.data.auth_crap.lm_resp_len;
222 if (!samba3_parse_domuser(s3call, s3call->request.data.auth_crap.user,
224 return NT_STATUS_NO_MEMORY;
227 ctx = wb_cmd_pam_auth_crap_send(
228 s3call->call, domain, user,
229 s3call->request.data.auth_crap.workstation,
230 chal, nt_resp, lm_resp);
231 NT_STATUS_HAVE_NO_MEMORY(ctx);
233 ctx->async.fn = pam_auth_crap_recv;
234 ctx->async.private_data = s3call;
235 s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
239 static void pam_auth_crap_recv(struct composite_context *ctx)
241 struct wbsrv_samba3_call *s3call =
242 talloc_get_type(ctx->async.private_data,
243 struct wbsrv_samba3_call);
244 struct winbindd_response *resp = &s3call->response;
247 struct netr_UserSessionKey user_session_key;
248 struct netr_LMSessionKey lm_key;
250 status = wb_cmd_pam_auth_crap_recv(ctx, s3call, &info3,
251 &user_session_key, &lm_key);
252 if (!NT_STATUS_IS_OK(status)) goto done;
254 if (s3call->request.flags & WBFLAG_PAM_USER_SESSION_KEY) {
255 memcpy(s3call->response.data.auth.user_session_key,
256 &user_session_key.key,
257 sizeof(s3call->response.data.auth.user_session_key));
260 if (s3call->request.flags & WBFLAG_PAM_INFO3_NDR) {
261 s3call->response.extra_data = info3.data;
262 s3call->response.length += info3.length;
265 if (s3call->request.flags & WBFLAG_PAM_LMKEY) {
266 memcpy(s3call->response.data.auth.first_8_lm_hash,
268 sizeof(s3call->response.data.auth.first_8_lm_hash));
271 resp->result = WINBINDD_OK;
274 if (!NT_STATUS_IS_OK(status)) {
275 resp->result = WINBINDD_ERROR;
276 WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
278 WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
280 resp->data.auth.pam_error = nt_status_to_pam(status);
283 status = wbsrv_send_reply(s3call->call);
284 if (!NT_STATUS_IS_OK(status)) {
285 wbsrv_terminate_connection(s3call->call->wbconn,
286 "wbsrv_queue_reply() failed");