winbindd: use add_trusted_domain_from_auth
[bbaumbach/samba-autobuild/.git] / source3 / winbindd / winbindd_pam_auth_crap.c
1 /*
2    Unix SMB/CIFS implementation.
3    async implementation of WINBINDD_PAM_AUTH_CRAP
4    Copyright (C) Volker Lendecke 2010
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "winbindd.h"
22 #include "rpc_client/util_netlogon.h"
23 #include "libcli/security/dom_sid.h"
24
25 struct winbindd_pam_auth_crap_state {
26         struct winbindd_response *response;
27         struct netr_SamInfo3 *info3;
28         uint32_t flags;
29 };
30
31 static void winbindd_pam_auth_crap_done(struct tevent_req *subreq);
32
33 struct tevent_req *winbindd_pam_auth_crap_send(
34         TALLOC_CTX *mem_ctx,
35         struct tevent_context *ev,
36         struct winbindd_cli_state *cli,
37         struct winbindd_request *request)
38 {
39         struct tevent_req *req, *subreq;
40         struct winbindd_pam_auth_crap_state *state;
41         struct winbindd_domain *domain;
42         const char *auth_domain = NULL;
43
44         req = tevent_req_create(mem_ctx, &state,
45                                 struct winbindd_pam_auth_crap_state);
46         if (req == NULL) {
47                 return NULL;
48         }
49
50         state->flags = request->flags;
51
52         if (state->flags & WBFLAG_PAM_AUTH_PAC) {
53                 NTSTATUS status;
54
55                 status = winbindd_pam_auth_pac_send(cli, &state->info3);
56                 if (NT_STATUS_IS_OK(status)) {
57                         /* Defer filling out response to recv */
58                         tevent_req_done(req);
59                 } else {
60                         tevent_req_nterror(req, status);
61                 }
62
63                 return tevent_req_post(req, ev);
64         }
65
66         /* Ensure null termination */
67         request->data.auth_crap.user[
68                 sizeof(request->data.auth_crap.user)-1] = '\0';
69         request->data.auth_crap.domain[
70                 sizeof(request->data.auth_crap.domain)-1] = '\0';
71         request->data.auth_crap.workstation[
72                 sizeof(request->data.auth_crap.workstation)-1] = '\0';
73
74         DEBUG(3, ("[%5lu]: pam auth crap domain: [%s] user: %s\n",
75                   (unsigned long)cli->pid,
76                   request->data.auth_crap.domain,
77                   request->data.auth_crap.user));
78
79         if (!check_request_flags(request->flags)) {
80                 tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
81                 return tevent_req_post(req, ev);
82         }
83
84         auth_domain = request->data.auth_crap.domain;
85         if (auth_domain[0] == '\0') {
86                 auth_domain = lp_workgroup();
87         }
88
89         domain = find_auth_domain(request->flags, auth_domain);
90         if (domain == NULL) {
91                 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
92                 return tevent_req_post(req, ev);
93         }
94
95         if (request->data.auth_crap.workstation[0] == '\0') {
96                 fstrcpy(request->data.auth_crap.workstation, lp_netbios_name());
97         }
98
99         subreq = wb_domain_request_send(state, server_event_context(), domain,
100                                         request);
101         if (tevent_req_nomem(subreq, req)) {
102                 return tevent_req_post(req, ev);
103         }
104         tevent_req_set_callback(subreq, winbindd_pam_auth_crap_done, req);
105         return req;
106 }
107
108 static void winbindd_pam_auth_crap_done(struct tevent_req *subreq)
109 {
110         struct tevent_req *req = tevent_req_callback_data(
111                 subreq, struct tevent_req);
112         struct winbindd_pam_auth_crap_state *state = tevent_req_data(
113                 req, struct winbindd_pam_auth_crap_state);
114         int res, err;
115
116         res = wb_domain_request_recv(subreq, state, &state->response, &err);
117         TALLOC_FREE(subreq);
118         if (res == -1) {
119                 tevent_req_nterror(req, map_nt_error_from_unix(err));
120                 return;
121         }
122         tevent_req_done(req);
123 }
124
125 NTSTATUS winbindd_pam_auth_crap_recv(struct tevent_req *req,
126                                      struct winbindd_response *response)
127 {
128         struct winbindd_pam_auth_crap_state *state = tevent_req_data(
129                 req, struct winbindd_pam_auth_crap_state);
130         NTSTATUS status;
131
132         if (tevent_req_is_nterror(req, &status)) {
133                 set_auth_errors(response, status);
134                 return status;
135         }
136
137         if (state->flags & WBFLAG_PAM_AUTH_PAC) {
138                 uint16_t validation_level;
139                 union netr_Validation *validation = NULL;
140
141                 status = map_info3_to_validation(talloc_tos(),
142                                                  state->info3,
143                                                  &validation_level,
144                                                  &validation);
145                 if (!NT_STATUS_IS_OK(status)) {
146                         return status;
147                 }
148
149                 status = append_auth_data(response,
150                                         response,
151                                         state->flags,
152                                         validation_level,
153                                         validation,
154                                         NULL, NULL);
155                 TALLOC_FREE(validation);
156                 return status;
157
158         }
159
160         if (NT_STATUS_IS_OK(NT_STATUS(state->response->data.auth.nt_status)) &&
161             (state->flags & WBFLAG_PAM_INFO3_TEXT))
162         {
163                 bool ok;
164
165                 ok = add_trusted_domain_from_auth(
166                         state->response->data.auth.validation_level,
167                         &state->response->data.auth.info3,
168                         &state->response->data.auth.info6);
169                 if (!ok) {
170                         DBG_ERR("add_trusted_domain_from_auth failed\n");
171                         set_auth_errors(response, NT_STATUS_LOGON_FAILURE);
172                         return NT_STATUS_LOGON_FAILURE;
173                 }
174         }
175
176         *response = *state->response;
177         response->result = WINBINDD_PENDING;
178         state->response = talloc_move(response, &state->response);
179         return NT_STATUS(response->data.auth.nt_status);
180 }