695ee1d0864a09cb7a9e221bd03bb78d53038739
[bbaumbach/samba-autobuild/.git] / source3 / winbindd / winbindd_pam_auth_crap.c
1 /*
2    Unix SMB/CIFS implementation.
3    async implementation of WINBINDD_PAM_AUTH_CRAP
4    Copyright (C) Volker Lendecke 2010
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "rpc_client/util_netlogon.h"
23
24 struct winbindd_pam_auth_crap_state {
25         struct winbindd_response *response;
26         struct netr_SamInfo3 *info3;
27         uint32_t flags;
28 };
29
30 static void winbindd_pam_auth_crap_done(struct tevent_req *subreq);
31
32 struct tevent_req *winbindd_pam_auth_crap_send(
33         TALLOC_CTX *mem_ctx,
34         struct tevent_context *ev,
35         struct winbindd_cli_state *cli,
36         struct winbindd_request *request)
37 {
38         struct tevent_req *req, *subreq;
39         struct winbindd_pam_auth_crap_state *state;
40         struct winbindd_domain *domain;
41         const char *auth_domain = NULL;
42
43         req = tevent_req_create(mem_ctx, &state,
44                                 struct winbindd_pam_auth_crap_state);
45         if (req == NULL) {
46                 return NULL;
47         }
48
49         if (request->flags & WBFLAG_PAM_AUTH_PAC) {
50                 NTSTATUS status;
51
52                 state->flags = request->flags;
53                 status = winbindd_pam_auth_pac_send(cli, &state->info3);
54                 if (NT_STATUS_IS_OK(status)) {
55                         /* Defer filling out response to recv */
56                         tevent_req_done(req);
57                 } else {
58                         tevent_req_nterror(req, status);
59                 }
60
61                 return tevent_req_post(req, ev);
62         }
63
64         /* Ensure null termination */
65         request->data.auth_crap.user[
66                 sizeof(request->data.auth_crap.user)-1] = '\0';
67         request->data.auth_crap.domain[
68                 sizeof(request->data.auth_crap.domain)-1] = '\0';
69         request->data.auth_crap.workstation[
70                 sizeof(request->data.auth_crap.workstation)-1] = '\0';
71
72         DEBUG(3, ("[%5lu]: pam auth crap domain: [%s] user: %s\n",
73                   (unsigned long)cli->pid,
74                   request->data.auth_crap.domain,
75                   request->data.auth_crap.user));
76
77         if (!check_request_flags(request->flags)) {
78                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
79                 return tevent_req_post(req, ev);
80         }
81
82         auth_domain = request->data.auth_crap.domain;
83         if (auth_domain[0] == '\0') {
84                 auth_domain = lp_workgroup();
85         }
86
87         domain = find_auth_domain(request->flags, auth_domain);
88         if (domain == NULL) {
89                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
90                 return tevent_req_post(req, ev);
91         }
92
93         if (request->data.auth_crap.workstation[0] == '\0') {
94                 fstrcpy(request->data.auth_crap.workstation, lp_netbios_name());
95         }
96
97         subreq = wb_domain_request_send(state, server_event_context(), domain,
98                                         request);
99         if (tevent_req_nomem(subreq, req)) {
100                 return tevent_req_post(req, ev);
101         }
102         tevent_req_set_callback(subreq, winbindd_pam_auth_crap_done, req);
103         return req;
104 }
105
106 static void winbindd_pam_auth_crap_done(struct tevent_req *subreq)
107 {
108         struct tevent_req *req = tevent_req_callback_data(
109                 subreq, struct tevent_req);
110         struct winbindd_pam_auth_crap_state *state = tevent_req_data(
111                 req, struct winbindd_pam_auth_crap_state);
112         int res, err;
113
114         res = wb_domain_request_recv(subreq, state, &state->response, &err);
115         TALLOC_FREE(subreq);
116         if (res == -1) {
117                 tevent_req_nterror(req, map_nt_error_from_unix(err));
118                 return;
119         }
120         tevent_req_done(req);
121 }
122
123 NTSTATUS winbindd_pam_auth_crap_recv(struct tevent_req *req,
124                                      struct winbindd_response *response)
125 {
126         struct winbindd_pam_auth_crap_state *state = tevent_req_data(
127                 req, struct winbindd_pam_auth_crap_state);
128         NTSTATUS status;
129
130         if (tevent_req_is_nterror(req, &status)) {
131                 set_auth_errors(response, status);
132                 return status;
133         }
134
135         if (state->flags & WBFLAG_PAM_AUTH_PAC) {
136                 uint16_t validation_level;
137                 union netr_Validation *validation = NULL;
138
139                 status = map_info3_to_validation(talloc_tos(),
140                                                  state->info3,
141                                                  &validation_level,
142                                                  &validation);
143                 if (!NT_STATUS_IS_OK(status)) {
144                         return status;
145                 }
146
147                 status = append_auth_data(response,
148                                         response,
149                                         state->flags,
150                                         validation_level,
151                                         validation,
152                                         NULL, NULL);
153                 TALLOC_FREE(validation);
154                 return status;
155
156         }
157
158         *response = *state->response;
159         response->result = WINBINDD_PENDING;
160         state->response = talloc_move(response, &state->response);
161         return NT_STATUS(response->data.auth.nt_status);
162 }