s4:auth: make authenticate_ldap_simple_bind*() use auth_check_password_send/recv
[sfrench/samba-autobuild/.git] / source4 / auth / ntlm / auth_simple.c
1 /* 
2    Unix SMB/CIFS implementation.
3
4    auth functions
5
6    Copyright (C) Simo Sorce 2005
7    Copyright (C) Andrew Tridgell 2005
8    Copyright (C) Andrew Bartlett 2005
9    
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation; either version 3 of the License, or
13    (at your option) any later version.
14    
15    This program is distributed in the hope that it will be useful,
16    but WITHOUT ANY WARRANTY; without even the implied warranty of
17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18    GNU General Public License for more details.
19    
20    You should have received a copy of the GNU General Public License
21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include <tevent.h>
26 #include "lib/util/tevent_ntstatus.h"
27 #include "auth/auth.h"
28 #include "dsdb/samdb/samdb.h"
29
30 struct authenticate_ldap_simple_bind_state {
31         bool using_tls;
32         struct auth4_context *auth_context;
33         struct auth_usersupplied_info *user_info;
34         struct auth_session_info *session_info;
35 };
36
37 static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq);
38
39 _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
40                                         struct tevent_context *ev,
41                                         struct imessaging_context *msg,
42                                         struct loadparm_context *lp_ctx,
43                                         struct tsocket_address *remote_address,
44                                         struct tsocket_address *local_address,
45                                         bool using_tls,
46                                         const char *dn,
47                                         const char *password)
48 {
49         struct tevent_req *req = NULL;
50         struct authenticate_ldap_simple_bind_state *state = NULL;
51         struct auth_usersupplied_info *user_info = NULL;
52         const char *nt4_domain = NULL;
53         const char *nt4_username = NULL;
54         struct tevent_req *subreq = NULL;
55         NTSTATUS status;
56
57         req = tevent_req_create(mem_ctx, &state,
58                                 struct authenticate_ldap_simple_bind_state);
59         if (req == NULL) {
60                 return NULL;
61         }
62         state->using_tls = using_tls;
63
64         status = auth_context_create(state, ev, msg, lp_ctx,
65                                      &state->auth_context);
66         if (tevent_req_nterror(req, status)) {
67                 return tevent_req_post(req, ev);
68         }
69
70         user_info = talloc_zero(state, struct auth_usersupplied_info);
71         if (tevent_req_nomem(user_info, req)) {
72                 return tevent_req_post(req, ev);
73         }
74         state->user_info = user_info;
75
76         user_info->client.account_name = dn;
77         /* No client.domain_name, use account_name instead */
78         /* user_info->mapped.* will be filled below */
79
80         user_info->workstation_name = NULL;
81
82         user_info->remote_host = remote_address;
83         user_info->local_host = local_address;
84
85         user_info->service_description = "LDAP";
86
87         if (using_tls) {
88                 user_info->auth_description = "simple bind";
89         } else {
90                 user_info->auth_description = "simple bind/TLS";
91         }
92
93         user_info->password_state = AUTH_PASSWORD_PLAIN;
94         user_info->password.plaintext = talloc_strdup(user_info, password);
95         if (tevent_req_nomem(user_info->password.plaintext, req)) {
96                 return tevent_req_post(req, ev);
97         }
98
99         user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
100                 USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
101
102         user_info->logon_parameters =
103                 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
104                 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
105                 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
106                 MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
107
108         status = crack_auto_name_to_nt4_name(state, ev, lp_ctx, dn,
109                                              &nt4_domain, &nt4_username);
110         if (!NT_STATUS_IS_OK(status)) {
111                 log_authentication_event(msg, lp_ctx,
112                                          user_info, status,
113                                          NULL, NULL, NULL, NULL);
114         }
115         if (tevent_req_nterror(req, status)) {
116                 return tevent_req_post(req, ev);
117         }
118
119         user_info->mapped.account_name = nt4_username;
120         user_info->mapped.domain_name = nt4_domain;
121         user_info->mapped_state = true;
122
123         subreq = auth_check_password_send(state, ev,
124                                           state->auth_context,
125                                           state->user_info);
126         if (tevent_req_nomem(subreq, req)) {
127                 return tevent_req_post(req, ev);
128         }
129         tevent_req_set_callback(subreq, authenticate_ldap_simple_bind_done, req);
130
131         return req;
132 }
133
134 static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
135 {
136         struct tevent_req *req =
137                 tevent_req_callback_data(subreq,
138                 struct tevent_req);
139         struct authenticate_ldap_simple_bind_state *state =
140                 tevent_req_data(req,
141                 struct authenticate_ldap_simple_bind_state);
142         struct auth4_context *auth_context = state->auth_context;
143         struct auth_usersupplied_info *user_info = state->user_info;
144         const char *nt4_username = user_info->mapped.account_name;
145         const struct tsocket_address *remote_address = user_info->remote_host;
146         const struct tsocket_address *local_address = user_info->local_host;
147         const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
148         struct auth_user_info_dc *user_info_dc = NULL;
149         uint8_t authoritative = 0;
150         uint32_t flags = 0;
151         NTSTATUS nt_status;
152
153         if (state->using_tls) {
154                 transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
155         }
156
157         nt_status = auth_check_password_recv(subreq, state,
158                                              &user_info_dc,
159                                              &authoritative);
160         TALLOC_FREE(subreq);
161         if (tevent_req_nterror(req, nt_status)) {
162                 return;
163         }
164
165         flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
166         if (user_info_dc->info->authenticated) {
167                 flags |= AUTH_SESSION_INFO_AUTHENTICATED;
168         }
169
170         nt_status = auth_context->generate_session_info(auth_context,
171                                                         state,
172                                                         user_info_dc,
173                                                         nt4_username,
174                                                         flags,
175                                                         &state->session_info);
176         if (tevent_req_nterror(req, nt_status)) {
177                 return;
178         }
179
180         log_successful_authz_event(auth_context->msg_ctx,
181                                    auth_context->lp_ctx,
182                                    remote_address,
183                                    local_address,
184                                    "LDAP",
185                                    "simple bind",
186                                    transport_protection,
187                                    state->session_info);
188
189         tevent_req_done(req);
190 }
191
192 _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,
193                                         TALLOC_CTX *mem_ctx,
194                                         struct auth_session_info **session_info)
195 {
196         struct authenticate_ldap_simple_bind_state *state =
197                 tevent_req_data(req,
198                 struct authenticate_ldap_simple_bind_state);
199         NTSTATUS status;
200
201         *session_info = NULL;
202
203         if (tevent_req_is_nterror(req, &status)) {
204                 tevent_req_received(req);
205                 return status;
206         }
207
208         *session_info = talloc_move(mem_ctx, &state->session_info);
209         tevent_req_received(req);
210         return NT_STATUS_OK;
211 }