Copyright (C) Stefan Metzmacher 2005
Copyright (C) Volker Lendecke 2005
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
+ Copyright (C) Kai Blin 2009
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
*/
#include "includes.h"
-#include "nsswitch/winbind_nss_config.h"
-#include "nsswitch/winbindd_nss.h"
#include "winbind/wb_server.h"
#include "winbind/wb_async_helpers.h"
+#include "param/param.h"
#include "winbind/wb_helper.h"
#include "libcli/composite/composite.h"
#include "version.h"
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/security/security.h"
-#include "auth/pam_errors.h"
-#include "param/param.h"
+#include "auth/ntlm/pam_errors.h"
+#include "auth/credentials/credentials.h"
+#include "smbd/service_task.h"
/*
Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors.
struct winbindd_response *resp = &s3call->response;
if (!NT_STATUS_IS_OK(status)) {
resp->result = WINBINDD_ERROR;
- WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
- nt_errstr(status));
- WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
- get_friendly_nt_error_msg(status));
} else {
resp->result = WINBINDD_OK;
}
+
+ WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
+ nt_errstr(status));
+ WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
+ get_friendly_nt_error_msg(status));
resp->data.auth.pam_error = nt_status_to_pam(status);
resp->data.auth.nt_status = NT_STATUS_V(status);
NTSTATUS wbsrv_samba3_info(struct wbsrv_samba3_call *s3call)
{
s3call->response.result = WINBINDD_OK;
- s3call->response.data.info.winbind_separator = *lp_winbind_separator();
+ s3call->response.data.info.winbind_separator = *lp_winbind_separator(s3call->wbconn->lp_ctx);
WBSRV_SAMBA3_SET_STRING(s3call->response.data.info.samba_version,
SAMBA_VERSION_STRING);
return NT_STATUS_OK;
{
s3call->response.result = WINBINDD_OK;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.domain_name,
- lp_workgroup());
+ lp_workgroup(s3call->wbconn->lp_ctx));
return NT_STATUS_OK;
}
{
s3call->response.result = WINBINDD_OK;
WBSRV_SAMBA3_SET_STRING(s3call->response.data.netbios_name,
- lp_netbios_name());
+ lp_netbios_name(s3call->wbconn->lp_ctx));
return NT_STATUS_OK;
}
NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
{
- s3call->response.result = WINBINDD_OK;
- s3call->response.extra_data.data =
- smbd_tmp_path(s3call, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
- NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data);
+ const char *path = s3call->wbconn->listen_socket->service->priv_socket_path;
+ s3call->response.result = WINBINDD_OK;
+ s3call->response.extra_data.data = discard_const(path);
+
+ s3call->response.length += strlen(path) + 1;
return NT_STATUS_OK;
}
return NT_STATUS_OK;
}
-#if 0
-/*
- Validate that we have a working pipe to the domain controller.
- Return any NT error found in the process
+/* Plaintext authentication
+
+ This interface is used by ntlm_auth in it's 'basic' authentication
+ mode, as well as by pam_winbind to authenticate users where we are
+ given a plaintext password.
*/
-static void checkmachacc_recv_creds(struct composite_context *ctx);
+static void check_machacc_recv(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call)
{
+ NTSTATUS status;
+ struct cli_credentials *creds;
struct composite_context *ctx;
+ struct wbsrv_service *service =
+ s3call->wbconn->listen_socket->service;
- DEBUG(5, ("wbsrv_samba3_check_machacc called\n"));
+ /* Create a credentials structure */
+ creds = cli_credentials_init(s3call);
+ if (creds == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- ctx = wb_cmd_checkmachacc_send(s3call->call);
- NT_STATUS_HAVE_NO_MEMORY(ctx);
+ cli_credentials_set_conf(creds, service->task->lp_ctx);
+
+ /* Connect the machine account to the credentials */
+ status = cli_credentials_set_machine_account(creds, service->task->lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return status;
+ }
+
+ ctx = wb_cmd_pam_auth_send(s3call, service, creds);
- ctx->async.fn = checkmachacc_recv_creds;
+ if (!ctx) {
+ talloc_free(creds);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ctx->async.fn = check_machacc_recv;
ctx->async.private_data = s3call;
- s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
+ s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
return NT_STATUS_OK;
}
-
-static void checkmachacc_recv_creds(struct composite_context *ctx)
+
+static void check_machacc_recv(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
NTSTATUS status;
- status = wb_cmd_checkmachacc_recv(ctx);
+ status = wb_cmd_pam_auth_recv(ctx);
+
+ if (!NT_STATUS_IS_OK(status)) goto done;
+ done:
wbsrv_samba3_async_auth_epilogue(status, s3call);
}
-#endif
/*
Find the name of a suitable domain controller, by query on the
}
for (i=0; i<num_sids; i++) {
- sids_string = talloc_asprintf_append(
+ sids_string = talloc_asprintf_append_buffer(
sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
}
}
for (i=0; i<num_sids; i++) {
- sids_string = talloc_asprintf_append(
+ sids_string = talloc_asprintf_append_buffer(
sids_string, "%s\n", dom_sid_string(s3call, sids[i]));
if (sids_string == NULL) {
status = NT_STATUS_NO_MEMORY;
struct composite_context *ctx;
struct wbsrv_service *service =
s3call->wbconn->listen_socket->service;
+ struct cli_credentials *credentials;
char *user, *domain;
- if (!wb_samba3_split_username(s3call,
+ if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx,
s3call->request.data.auth.user,
&domain, &user)) {
return NT_STATUS_NO_SUCH_USER;
}
- ctx = wb_cmd_pam_auth_send(s3call, service, domain, user,
- s3call->request.data.auth.pass);
+ credentials = cli_credentials_init(s3call);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials, service->task->lp_ctx);
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+
+ cli_credentials_set_password(credentials, s3call->request.data.auth.pass, CRED_SPECIFIED);
+
+ ctx = wb_cmd_pam_auth_send(s3call, service, credentials);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = pam_auth_recv;
}
for (i=0; i<num_domains; i++) {
- result = talloc_asprintf_append(
+ result = talloc_asprintf_append_buffer(
result, "%s\\%s\\%s",
domains[i]->name, domains[i]->name,
dom_sid_string(s3call, domains[i]->sid));
wbsrv_samba3_async_epilogue(status, s3call);
}
+/* list groups */
+static void list_groups_recv(struct composite_context *ctx);
+
+NTSTATUS wbsrv_samba3_list_groups(struct wbsrv_samba3_call *s3call)
+{
+ struct composite_context *ctx;
+ struct wbsrv_service *service = s3call->wbconn->listen_socket->service;
+
+ DEBUG(5, ("wbsrv_samba4_list_groups called\n"));
+
+ ctx = wb_cmd_list_groups_send(s3call, service,
+ s3call->request.domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ ctx->async.fn = list_groups_recv;
+ ctx->async.private_data = s3call;
+ s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
+ return NT_STATUS_OK;
+}
+
+static void list_groups_recv(struct composite_context *ctx)
+{
+ struct wbsrv_samba3_call *s3call = talloc_get_type_abort(
+ ctx->async.private_data,
+ struct wbsrv_samba3_call);
+ uint32_t extra_data_len;
+ char *extra_data;
+ NTSTATUS status;
+
+ DEBUG(5, ("list_groups_recv called\n"));
+
+ status = wb_cmd_list_groups_recv(ctx, s3call, &extra_data_len,
+ &extra_data);
+
+ if (NT_STATUS_IS_OK(status)) {
+ s3call->response.extra_data.data = extra_data;
+ s3call->response.length += extra_data_len;
+ if (extra_data) {
+ s3call->response.length += 1;
+ }
+ }
+
+ wbsrv_samba3_async_epilogue(status, s3call);
+}
/* List users */
if (NT_STATUS_IS_OK(status)) {
s3call->response.extra_data.data = extra_data;
s3call->response.length += extra_data_len;
+ if (extra_data) {
+ s3call->response.length += 1;
+ }
}
wbsrv_samba3_async_epilogue(status, s3call);
return NT_STATUS_OK;
}
+
+static void getgrnam_recv(struct composite_context *ctx);
+
NTSTATUS wbsrv_samba3_getgrnam(struct wbsrv_samba3_call *s3call)
{
+ struct composite_context *ctx;
+ struct wbsrv_service *service =
+ s3call->wbconn->listen_socket->service;
+
DEBUG(5, ("wbsrv_samba3_getgrnam called\n"));
- s3call->response.result = WINBINDD_ERROR;
+
+ ctx = wb_cmd_getgrnam_send(s3call, service,
+ s3call->request.data.groupname);
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ ctx->async.fn = getgrnam_recv;
+ ctx->async.private_data = s3call;
+ s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
return NT_STATUS_OK;
}
+static void getgrnam_recv(struct composite_context *ctx)
+{
+ struct wbsrv_samba3_call *s3call =
+ talloc_get_type(ctx->async.private_data,
+ struct wbsrv_samba3_call);
+ NTSTATUS status;
+ struct winbindd_gr *gr;
+
+ DEBUG(5, ("getgrnam_recv called\n"));
+
+ status = wb_cmd_getgrnam_recv(ctx, s3call, &gr);
+ if(NT_STATUS_IS_OK(status))
+ s3call->response.data.gr = *gr;
+
+ wbsrv_samba3_async_epilogue(status, s3call);
+}
+
+static void getgrgid_recv(struct composite_context *ctx);
+
NTSTATUS wbsrv_samba3_getgrgid(struct wbsrv_samba3_call *s3call)
{
+ struct composite_context *ctx;
+ struct wbsrv_service *service = s3call->wbconn->listen_socket->service;
+
DEBUG(5, ("wbsrv_samba3_getgrgid called\n"));
- s3call->response.result = WINBINDD_ERROR;
+
+ ctx = wb_cmd_getgrgid_send(s3call, service,
+ s3call->request.data.gid);
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ ctx->async.fn = getgrgid_recv;
+ ctx->async.private_data = s3call;
+ s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
return NT_STATUS_OK;
}
+static void getgrgid_recv(struct composite_context *ctx)
+{
+ struct wbsrv_samba3_call *s3call =
+ talloc_get_type(ctx->async.private_data,
+ struct wbsrv_samba3_call);
+ NTSTATUS status;
+ struct winbindd_gr *gr;
+
+ DEBUG(5, ("getgrgid_recv called\n"));
+
+ status = wb_cmd_getgrgid_recv(ctx, s3call, &gr);
+ if (NT_STATUS_IS_OK(status))
+ s3call->response.data.gr = *gr;
+
+ wbsrv_samba3_async_epilogue(status, s3call);
+}
+
NTSTATUS wbsrv_samba3_getgroups(struct wbsrv_samba3_call *s3call)
{
DEBUG(5, ("wbsrv_samba3_getgroups called\n"));