search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r15837: starting sync up for 3.0.23rc1 (in sync with SAMBA_3_0 r15822)
[Samba.git] / source / nsswitch / winbind_nss_aix.c
blob5b3aaeb8d7731c7e1f820577b76bb4da893676b3
1 /*
2 Unix SMB/CIFS implementation.
3
4 AIX loadable authentication module, providing identification and
5 authentication routines against Samba winbind/Windows NT Domain
6
7 Copyright (C) Tim Potter 2003
8 Copyright (C) Steve Roylance 2003
9 Copyright (C) Andrew Tridgell 2003-2004
10
11 This library is free software; you can redistribute it and/or
12 modify it under the terms of the GNU Library General Public
13 License as published by the Free Software Foundation; either
14 version 2 of the License, or (at your option) any later version.
15
16 This library is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Library General Public License for more details.
20
21 You should have received a copy of the GNU Library General Public
22 License along with this library; if not, write to the
23 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
24 Boston, MA 02111-1307, USA.
25 */
26
27 /*
28
29 To install this module copy nsswitch/WINBIND to /usr/lib/security and add
30 "WINBIND" in /usr/lib/security/methods.cfg and /etc/security/user
31
32 Note that this module also provides authentication and password
33 changing routines, so you do not need to install the winbind PAM
34 module.
35
36 see
37 http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/kernextc/sec_load_mod.htm
38 for some information in the interface that this module implements
39
40 Many thanks to Julianne Haugh for explaining some of the finer
41 details of this interface.
42
43 To debug this module use uess_test.c (which you can get from tridge)
44 or set "options=debug" in /usr/lib/security/methods.cfg
45
46 */
47
48 #include <stdlib.h>
49 #include <string.h>
50 #include <usersec.h>
51 #include <errno.h>
52 #include <stdarg.h>
53
54 #include "winbind_client.h"
55
56 #define WB_AIX_ENCODED '_'
57
58 static int debug_enabled;
59
60
61 static void logit(const char *format, ...)
62 {
63 va_list ap;
64 FILE *f;
65 if (!debug_enabled) {
66 return;
67 }
68 f = fopen("/tmp/WINBIND_DEBUG.log", "a");
69 if (!f) return;
70 va_start(ap, format);
71 vfprintf(f, format, ap);
72 va_end(ap);
73 fclose(f);
74 }
75
76
77 #define HANDLE_ERRORS(ret) do { \
78 if ((ret) == NSS_STATUS_NOTFOUND) { \
79 errno = ENOENT; \
80 return NULL; \
81 } else if ((ret) != NSS_STATUS_SUCCESS) { \
82 errno = EIO; \
83 return NULL; \
84 } \
85 } while (0)
86
87 #define STRCPY_RET(dest, src) \
88 do { \
89 if (strlen(src)+1 > sizeof(dest)) { errno = EINVAL; return -1; } \
90 strcpy(dest, src); \
91 } while (0)
92
93 #define STRCPY_RETNULL(dest, src) \
94 do { \
95 if (strlen(src)+1 > sizeof(dest)) { errno = EINVAL; return NULL; } \
96 strcpy(dest, src); \
97 } while (0)
98
99
100 /* free a passwd structure */
101 static void free_pwd(struct passwd *pwd)
102 {
103 free(pwd->pw_name);
104 free(pwd->pw_passwd);
105 free(pwd->pw_gecos);
106 free(pwd->pw_dir);
107 free(pwd->pw_shell);
108 free(pwd);
109 }
110
111 /* free a group structure */
112 static void free_grp(struct group *grp)
113 {
114 int i;
115
116 free(grp->gr_name);
117 free(grp->gr_passwd);
118
119 if (!grp->gr_mem) {
120 free(grp);
121 return;
122 }
123
124 for (i=0; grp->gr_mem[i]; i++) {
125 free(grp->gr_mem[i]);
126 }
127
128 free(grp->gr_mem);
129 free(grp);
130 }
131
132
133 /* replace commas with nulls, and null terminate */
134 static void replace_commas(char *s)
135 {
136 char *p, *p0=s;
137 for (p=strchr(s, ','); p; p = strchr(p+1, ',')) {
138 *p=0;
139 p0 = p+1;
140 }
141
142 p0[strlen(p0)+1] = 0;
143 }
144
145
146 /* the decode_*() routines are used to cope with the fact that AIX 5.2
147 and below cannot handle user or group names longer than 8
148 characters in some interfaces. We use the normalize method to
149 provide a mapping to a username that fits, by using the form '_UID'
150 or '_GID'.
151
152 this only works if you can guarantee that the WB_AIX_ENCODED char
153 is not used as the first char of any other username
154 */
155 static unsigned decode_id(const char *name)
156 {
157 unsigned id;
158 sscanf(name+1, "%u", &id);
159 return id;
160 }
161
162 static struct passwd *wb_aix_getpwuid(uid_t uid);
163
164 static char *decode_user(const char *name)
165 {
166 struct passwd *pwd;
167 unsigned id;
168 char *ret;
169
170 sscanf(name+1, "%u", &id);
171 pwd = wb_aix_getpwuid(id);
172 if (!pwd) {
173 return NULL;
174 }
175 ret = strdup(pwd->pw_name);
176
177 free_pwd(pwd);
178
179 logit("decoded '%s' -> '%s'\n", name, ret);
180
181 return ret;
182 }
183
184
185 /*
186 fill a struct passwd from a winbindd_pw struct, allocating as a single block
187 */
188 static struct passwd *fill_pwent(struct winbindd_pw *pw)
189 {
190 struct passwd *result;
191
192 result = calloc(1, sizeof(struct passwd));
193 if (!result) {
194 errno = ENOMEM;
195 return NULL;
196 }
197
198 result->pw_uid = pw->pw_uid;
199 result->pw_gid = pw->pw_gid;
200 result->pw_name = strdup(pw->pw_name);
201 result->pw_passwd = strdup(pw->pw_passwd);
202 result->pw_gecos = strdup(pw->pw_gecos);
203 result->pw_dir = strdup(pw->pw_dir);
204 result->pw_shell = strdup(pw->pw_shell);
205
206 return result;
207 }
208
209
210 /*
211 fill a struct group from a winbindd_pw struct, allocating as a single block
212 */
213 static struct group *fill_grent(struct winbindd_gr *gr, char *gr_mem)
214 {
215 int i;
216 struct group *result;
217 char *p, *name;
218
219 result = calloc(1, sizeof(struct group));
220 if (!result) {
221 errno = ENOMEM;
222 return NULL;
223 }
224
225 result->gr_gid = gr->gr_gid;
226
227 result->gr_name = strdup(gr->gr_name);
228 result->gr_passwd = strdup(gr->gr_passwd);
229
230 /* Group membership */
231 if ((gr->num_gr_mem < 0) || !gr_mem) {
232 gr->num_gr_mem = 0;
233 }
234
235 if (gr->num_gr_mem == 0) {
236 /* Group is empty */
237 return result;
238 }
239
240 result->gr_mem = (char **)malloc(sizeof(char *) * (gr->num_gr_mem+1));
241 if (!result->gr_mem) {
242 errno = ENOMEM;
243 return NULL;
244 }
245
246 /* Start looking at extra data */
247 i=0;
248 for (name = strtok_r(gr_mem, ",", &p);
249 name;
250 name = strtok_r(NULL, ",", &p)) {
251 if (i == gr->num_gr_mem) {
252 break;
253 }
254 result->gr_mem[i] = strdup(name);
255 i++;
256 }
257
258 /* Terminate list */
259 result->gr_mem[i] = NULL;
260
261 return result;
262 }
263
264
265
266 /* take a group id and return a filled struct group */
267 static struct group *wb_aix_getgrgid(gid_t gid)
268 {
269 struct winbindd_response response;
270 struct winbindd_request request;
271 struct group *grp;
272 NSS_STATUS ret;
273
274 logit("getgrgid %d\n", gid);
275
276 ZERO_STRUCT(response);
277 ZERO_STRUCT(request);
278
279 request.data.gid = gid;
280
281 ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
282
283 logit("getgrgid ret=%d\n", ret);
284
285 HANDLE_ERRORS(ret);
286
287 grp = fill_grent(&response.data.gr, response.extra_data.data);
288
289 free_response(&response);
290
291 return grp;
292 }
293
294 /* take a group name and return a filled struct group */
295 static struct group *wb_aix_getgrnam(const char *name)
296 {
297 struct winbindd_response response;
298 struct winbindd_request request;
299 NSS_STATUS ret;
300 struct group *grp;
301
302 if (*name == WB_AIX_ENCODED) {
303 return wb_aix_getgrgid(decode_id(name));
304 }
305
306 logit("getgrnam '%s'\n", name);
307
308 ZERO_STRUCT(response);
309 ZERO_STRUCT(request);
310
311 STRCPY_RETNULL(request.data.groupname, name);
312
313 ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
314
315 HANDLE_ERRORS(ret);
316
317 grp = fill_grent(&response.data.gr, response.extra_data.data);
318
319 free_response(&response);
320
321 return grp;
322 }
323
324
325 /* this call doesn't have to fill in the gr_mem, but we do anyway
326 for simplicity */
327 static struct group *wb_aix_getgracct(void *id, int type)
328 {
329 if (type == 1) {
330 return wb_aix_getgrnam((char *)id);
331 }
332 if (type == 0) {
333 return wb_aix_getgrgid(*(int *)id);
334 }
335 errno = EINVAL;
336 return NULL;
337 }
338
339
340 /* take a username and return a string containing a comma-separated
341 list of group id numbers to which the user belongs */
342 static char *wb_aix_getgrset(char *user)
343 {
344 struct winbindd_response response;
345 struct winbindd_request request;
346 NSS_STATUS ret;
347 int i, idx;
348 char *tmpbuf;
349 int num_gids;
350 gid_t *gid_list;
351 char *r_user = user;
352
353 if (*user == WB_AIX_ENCODED) {
354 r_user = decode_user(r_user);
355 if (!r_user) {
356 errno = ENOENT;
357 return NULL;
358 }
359 }
360
361 logit("getgrset '%s'\n", r_user);
362
363 ZERO_STRUCT(response);
364 ZERO_STRUCT(request);
365
366 STRCPY_RETNULL(request.data.username, r_user);
367
368 if (*user == WB_AIX_ENCODED) {
369 free(r_user);
370 }
371
372 ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
373
374 HANDLE_ERRORS(ret);
375
376 num_gids = response.data.num_entries;
377 gid_list = (gid_t *)response.extra_data.data;
378
379 /* allocate a space large enough to contruct the string */
380 tmpbuf = malloc(num_gids*12);
381 if (!tmpbuf) {
382 return NULL;
383 }
384
385 for (idx=i=0; i < num_gids-1; i++) {
386 idx += sprintf(tmpbuf+idx, "%u,", gid_list[i]);
387 }
388 idx += sprintf(tmpbuf+idx, "%u", gid_list[i]);
389
390 free_response(&response);
391
392 return tmpbuf;
393 }
394
395
396 /* take a uid and return a filled struct passwd */
397 static struct passwd *wb_aix_getpwuid(uid_t uid)
398 {
399 struct winbindd_response response;
400 struct winbindd_request request;
401 NSS_STATUS ret;
402 struct passwd *pwd;
403
404 logit("getpwuid '%d'\n", uid);
405
406 ZERO_STRUCT(response);
407 ZERO_STRUCT(request);
408
409 request.data.uid = uid;
410
411 ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
412
413 HANDLE_ERRORS(ret);
414
415 pwd = fill_pwent(&response.data.pw);
416
417 free_response(&response);
418
419 logit("getpwuid gave ptr %p\n", pwd);
420
421 return pwd;
422 }
423
424
425 /* take a username and return a filled struct passwd */
426 static struct passwd *wb_aix_getpwnam(const char *name)
427 {
428 struct winbindd_response response;
429 struct winbindd_request request;
430 NSS_STATUS ret;
431 struct passwd *pwd;
432
433 if (*name == WB_AIX_ENCODED) {
434 return wb_aix_getpwuid(decode_id(name));
435 }
436
437 logit("getpwnam '%s'\n", name);
438
439 ZERO_STRUCT(response);
440 ZERO_STRUCT(request);
441
442 STRCPY_RETNULL(request.data.username, name);
443
444 ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
445
446 HANDLE_ERRORS(ret);
447
448 pwd = fill_pwent(&response.data.pw);
449
450 free_response(&response);
451
452 logit("getpwnam gave ptr %p\n", pwd);
453
454 return pwd;
455 }
456
457 /*
458 list users
459 */
460 static int wb_aix_lsuser(char *attributes[], attrval_t results[], int size)
461 {
462 NSS_STATUS ret;
463 struct winbindd_request request;
464 struct winbindd_response response;
465 int len;
466 char *s;
467
468 if (size != 1 || strcmp(attributes[0], S_USERS) != 0) {
469 logit("invalid lsuser op\n");
470 errno = EINVAL;
471 return -1;
472 }
473
474 ZERO_STRUCT(request);
475 ZERO_STRUCT(response);
476
477 ret = winbindd_request_response(WINBINDD_LIST_USERS, &request, &response);
478 if (ret != 0) {
479 errno = EINVAL;
480 return -1;
481 }
482
483 len = strlen(response.extra_data.data);
484
485 s = malloc(len+2);
486 if (!s) {
487 free_response(&response);
488 errno = ENOMEM;
489 return -1;
490 }
491
492 memcpy(s, response.extra_data.data, len+1);
493
494 replace_commas(s);
495
496 results[0].attr_un.au_char = s;
497 results[0].attr_flag = 0;
498
499 free_response(&response);
500
501 return 0;
502 }
503
504
505 /*
506 list groups
507 */
508 static int wb_aix_lsgroup(char *attributes[], attrval_t results[], int size)
509 {
510 NSS_STATUS ret;
511 struct winbindd_request request;
512 struct winbindd_response response;
513 int len;
514 char *s;
515
516 if (size != 1 || strcmp(attributes[0], S_GROUPS) != 0) {
517 logit("invalid lsgroup op\n");
518 errno = EINVAL;
519 return -1;
520 }
521
522 ZERO_STRUCT(request);
523 ZERO_STRUCT(response);
524
525 ret = winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response);
526 if (ret != 0) {
527 errno = EINVAL;
528 return -1;
529 }
530
531 len = strlen(response.extra_data.data);
532
533 s = malloc(len+2);
534 if (!s) {
535 free_response(&response);
536 errno = ENOMEM;
537 return -1;
538 }
539
540 memcpy(s, response.extra_data.data, len+1);
541
542 replace_commas(s);
543
544 results[0].attr_un.au_char = s;
545 results[0].attr_flag = 0;
546
547 free_response(&response);
548
549 return 0;
550 }
551
552
553 static attrval_t pwd_to_group(struct passwd *pwd)
554 {
555 attrval_t r;
556 struct group *grp = wb_aix_getgrgid(pwd->pw_gid);
557
558 if (!grp) {
559 r.attr_flag = EINVAL;
560 } else {
561 r.attr_flag = 0;
562 r.attr_un.au_char = strdup(grp->gr_name);
563 free_grp(grp);
564 }
565
566 return r;
567 }
568
569 static attrval_t pwd_to_groupsids(struct passwd *pwd)
570 {
571 attrval_t r;
572 char *s, *p;
573
574 s = wb_aix_getgrset(pwd->pw_name);
575 if (!s) {
576 r.attr_flag = EINVAL;
577 return r;
578 }
579
580 p = malloc(strlen(s)+2);
581 if (!p) {
582 r.attr_flag = ENOMEM;
583 return r;
584 }
585
586 strcpy(p, s);
587 replace_commas(p);
588 free(s);
589
590 r.attr_un.au_char = p;
591
592 return r;
593 }
594
595 static attrval_t pwd_to_sid(struct passwd *pwd)
596 {
597 struct winbindd_request request;
598 struct winbindd_response response;
599 attrval_t r;
600
601 ZERO_STRUCT(request);
602 ZERO_STRUCT(response);
603
604 request.data.uid = pwd->pw_uid;
605
606 if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
607 NSS_STATUS_SUCCESS) {
608 r.attr_flag = ENOENT;
609 } else {
610 r.attr_flag = 0;
611 r.attr_un.au_char = strdup(response.data.sid.sid);
612 }
613
614 return r;
615 }
616
617 static int wb_aix_user_attrib(const char *key, char *attributes[],
618 attrval_t results[], int size)
619 {
620 struct passwd *pwd;
621 int i;
622
623 pwd = wb_aix_getpwnam(key);
624 if (!pwd) {
625 errno = ENOENT;
626 return -1;
627 }
628
629 for (i=0;i<size;i++) {
630 results[i].attr_flag = 0;
631
632 if (strcmp(attributes[i], S_ID) == 0) {
633 results[i].attr_un.au_int = pwd->pw_uid;
634 } else if (strcmp(attributes[i], S_PWD) == 0) {
635 results[i].attr_un.au_char = strdup(pwd->pw_passwd);
636 } else if (strcmp(attributes[i], S_HOME) == 0) {
637 results[i].attr_un.au_char = strdup(pwd->pw_dir);
638 } else if (strcmp(attributes[i], S_SHELL) == 0) {
639 results[i].attr_un.au_char = strdup(pwd->pw_shell);
640 } else if (strcmp(attributes[i], S_REGISTRY) == 0) {
641 results[i].attr_un.au_char = strdup("WINBIND");
642 } else if (strcmp(attributes[i], S_GECOS) == 0) {
643 results[i].attr_un.au_char = strdup(pwd->pw_gecos);
644 } else if (strcmp(attributes[i], S_PGRP) == 0) {
645 results[i] = pwd_to_group(pwd);
646 } else if (strcmp(attributes[i], S_GROUPS) == 0) {
647 results[i] = pwd_to_groupsids(pwd);
648 } else if (strcmp(attributes[i], "SID") == 0) {
649 results[i] = pwd_to_sid(pwd);
650 } else {
651 logit("Unknown user attribute '%s'\n", attributes[i]);
652 results[i].attr_flag = EINVAL;
653 }
654 }
655
656 free_pwd(pwd);
657
658 return 0;
659 }
660
661 static int wb_aix_group_attrib(const char *key, char *attributes[],
662 attrval_t results[], int size)
663 {
664 struct group *grp;
665 int i;
666
667 grp = wb_aix_getgrnam(key);
668 if (!grp) {
669 errno = ENOENT;
670 return -1;
671 }
672
673 for (i=0;i<size;i++) {
674 results[i].attr_flag = 0;
675
676 if (strcmp(attributes[i], S_PWD) == 0) {
677 results[i].attr_un.au_char = strdup(grp->gr_passwd);
678 } else if (strcmp(attributes[i], S_ID) == 0) {
679 results[i].attr_un.au_int = grp->gr_gid;
680 } else {
681 logit("Unknown group attribute '%s'\n", attributes[i]);
682 results[i].attr_flag = EINVAL;
683 }
684 }
685
686 free_grp(grp);
687
688 return 0;
689 }
690
691
692 /*
693 called for user/group enumerations
694 */
695 static int wb_aix_getentry(char *key, char *table, char *attributes[],
696 attrval_t results[], int size)
697 {
698 logit("Got getentry with key='%s' table='%s' size=%d attributes[0]='%s'\n",
699 key, table, size, attributes[0]);
700
701 if (strcmp(key, "ALL") == 0 &&
702 strcmp(table, "user") == 0) {
703 return wb_aix_lsuser(attributes, results, size);
704 }
705
706 if (strcmp(key, "ALL") == 0 &&
707 strcmp(table, "group") == 0) {
708 return wb_aix_lsgroup(attributes, results, size);
709 }
710
711 if (strcmp(table, "user") == 0) {
712 return wb_aix_user_attrib(key, attributes, results, size);
713 }
714
715 if (strcmp(table, "group") == 0) {
716 return wb_aix_group_attrib(key, attributes, results, size);
717 }
718
719 logit("Unknown getentry operation key='%s' table='%s'\n", key, table);
720
721 errno = ENOSYS;
722 return -1;
723 }
724
725
726
727 /*
728 called to start the backend
729 */
730 static void *wb_aix_open(const char *name, const char *domain, int mode, char *options)
731 {
732 if (strstr(options, "debug")) {
733 debug_enabled = 1;
734 }
735 logit("open name='%s' mode=%d domain='%s' options='%s'\n", name, domain,
736 mode, options);
737 return NULL;
738 }
739
740 static void wb_aix_close(void *token)
741 {
742 logit("close\n");
743 return;
744 }
745
746 #ifdef HAVE_STRUCT_SECMETHOD_TABLE_METHOD_ATTRLIST
747 /*
748 return a list of additional attributes supported by the backend
749 */
750 static attrlist_t **wb_aix_attrlist(void)
751 {
752 attrlist_t **ret;
753 logit("method attrlist called\n");
754 ret = malloc(2*sizeof(attrlist_t *) + sizeof(attrlist_t));
755 if (!ret) {
756 errno = ENOMEM;
757 return NULL;
758 }
759
760 ret[0] = (attrlist_t *)(ret+2);
761
762 /* just one extra attribute - the windows SID */
763 ret[0]->al_name = strdup("SID");
764 ret[0]->al_flags = AL_USERATTR;
765 ret[0]->al_type = SEC_CHAR;
766 ret[1] = NULL;
767
768 return ret;
769 }
770 #endif
771
772
773 /*
774 turn a long username into a short one. Needed to cope with the 8 char
775 username limit in AIX 5.2 and below
776 */
777 static int wb_aix_normalize(char *longname, char *shortname)
778 {
779 struct passwd *pwd;
780
781 logit("normalize '%s'\n", longname);
782
783 /* automatically cope with AIX 5.3 with longer usernames
784 when it comes out */
785 if (S_NAMELEN > strlen(longname)) {
786 strcpy(shortname, longname);
787 return 1;
788 }
789
790 pwd = wb_aix_getpwnam(longname);
791 if (!pwd) {
792 errno = ENOENT;
793 return 0;
794 }
795
796 sprintf(shortname, "%c%07u", WB_AIX_ENCODED, pwd->pw_uid);
797
798 free_pwd(pwd);
799
800 return 1;
801 }
802
803
804 /*
805 authenticate a user
806 */
807 static int wb_aix_authenticate(char *user, char *pass,
808 int *reenter, char **message)
809 {
810 struct winbindd_request request;
811 struct winbindd_response response;
812 NSS_STATUS result;
813 char *r_user = user;
814
815 logit("authenticate '%s' response='%s'\n", user, pass);
816
817 *reenter = 0;
818 *message = NULL;
819
820 /* Send off request */
821 ZERO_STRUCT(request);
822 ZERO_STRUCT(response);
823
824 if (*user == WB_AIX_ENCODED) {
825 r_user = decode_user(r_user);
826 if (!r_user) {
827 return AUTH_NOTFOUND;
828 }
829 }
830
831 STRCPY_RET(request.data.auth.user, r_user);
832 STRCPY_RET(request.data.auth.pass, pass);
833
834 if (*user == WB_AIX_ENCODED) {
835 free(r_user);
836 }
837
838 result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
839
840 free_response(&response);
841
842 logit("auth result %d for '%s'\n", result, user);
843
844 if (result == NSS_STATUS_SUCCESS) {
845 errno = 0;
846 return AUTH_SUCCESS;
847 }
848
849 return AUTH_FAILURE;
850 }
851
852
853 /*
854 change a user password
855 */
856 static int wb_aix_chpass(char *user, char *oldpass, char *newpass, char **message)
857 {
858 struct winbindd_request request;
859 struct winbindd_response response;
860 NSS_STATUS result;
861 char *r_user = user;
862
863 if (*user == WB_AIX_ENCODED) {
864 r_user = decode_user(r_user);
865 if (!r_user) {
866 errno = ENOENT;
867 return -1;
868 }
869 }
870
871 logit("chpass '%s' old='%s' new='%s'\n", r_user, oldpass, newpass);
872
873 *message = NULL;
874
875 /* Send off request */
876 ZERO_STRUCT(request);
877 ZERO_STRUCT(response);
878
879 STRCPY_RET(request.data.chauthtok.user, r_user);
880 STRCPY_RET(request.data.chauthtok.oldpass, oldpass);
881 STRCPY_RET(request.data.chauthtok.newpass, newpass);
882
883 if (*user == WB_AIX_ENCODED) {
884 free(r_user);
885 }
886
887 result = winbindd_request_response(WINBINDD_PAM_CHAUTHTOK, &request, &response);
888
889 free_response(&response);
890
891 if (result == NSS_STATUS_SUCCESS) {
892 errno = 0;
893 return 0;
894 }
895
896 errno = EINVAL;
897 return -1;
898 }
899
900 /*
901 don't do any password strength testing for now
902 */
903 static int wb_aix_passwdrestrictions(char *user, char *newpass, char *oldpass,
904 char **message)
905 {
906 logit("passwdresrictions called for '%s'\n", user);
907 return 0;
908 }
909
910
911 static int wb_aix_passwdexpired(char *user, char **message)
912 {
913 logit("passwdexpired '%s'\n", user);
914 /* we should check the account bits here */
915 return 0;
916 }
917
918
919 /*
920 we can't return a crypt() password
921 */
922 static char *wb_aix_getpasswd(char *user)
923 {
924 logit("getpasswd '%s'\n", user);
925 errno = ENOSYS;
926 return NULL;
927 }
928
929 /*
930 this is called to update things like the last login time. We don't
931 currently pass this onto the DC
932 */
933 static int wb_aix_putentry(char *key, char *table, char *attributes[],
934 attrval_t values[], int size)
935 {
936 logit("putentry key='%s' table='%s' attrib='%s'\n",
937 key, table, size>=1?attributes[0]:"<null>");
938 errno = ENOSYS;
939 return -1;
940 }
941
942 static int wb_aix_commit(char *key, char *table)
943 {
944 logit("commit key='%s' table='%s'\n");
945 errno = ENOSYS;
946 return -1;
947 }
948
949 static int wb_aix_getgrusers(char *group, void *result, int type, int *size)
950 {
951 logit("getgrusers group='%s'\n", group);
952 errno = ENOSYS;
953 return -1;
954 }
955
956
957 #define DECL_METHOD(x) \
958 int method_ ## x(void) \
959 { \
960 logit("UNIMPLEMENTED METHOD '%s'\n", #x); \
961 errno = EINVAL; \
962 return -1; \
963 }
964
965 #if LOG_UNIMPLEMENTED_CALLS
966 DECL_METHOD(delgroup);
967 DECL_METHOD(deluser);
968 DECL_METHOD(newgroup);
969 DECL_METHOD(newuser);
970 DECL_METHOD(putgrent);
971 DECL_METHOD(putgrusers);
972 DECL_METHOD(putpwent);
973 DECL_METHOD(lock);
974 DECL_METHOD(unlock);
975 DECL_METHOD(getcred);
976 DECL_METHOD(setcred);
977 DECL_METHOD(deletecred);
978 #endif
979
980 int wb_aix_init(struct secmethod_table *methods)
981 {
982 ZERO_STRUCTP(methods);
983
984 #ifdef HAVE_STRUCT_SECMETHOD_TABLE_METHOD_VERSION
985 methods->method_version = SECMETHOD_VERSION_520;
986 #endif
987
988 methods->method_getgrgid = wb_aix_getgrgid;
989 methods->method_getgrnam = wb_aix_getgrnam;
990 methods->method_getgrset = wb_aix_getgrset;
991 methods->method_getpwnam = wb_aix_getpwnam;
992 methods->method_getpwuid = wb_aix_getpwuid;
993 methods->method_getentry = wb_aix_getentry;
994 methods->method_open = wb_aix_open;
995 methods->method_close = wb_aix_close;
996 methods->method_normalize = wb_aix_normalize;
997 methods->method_passwdexpired = wb_aix_passwdexpired;
998 methods->method_putentry = wb_aix_putentry;
999 methods->method_getpasswd = wb_aix_getpasswd;
1000 methods->method_authenticate = wb_aix_authenticate;
1001 methods->method_commit = wb_aix_commit;
1002 methods->method_chpass = wb_aix_chpass;
1003 methods->method_passwdrestrictions = wb_aix_passwdrestrictions;
1004 methods->method_getgracct = wb_aix_getgracct;
1005 methods->method_getgrusers = wb_aix_getgrusers;
1006 #ifdef HAVE_STRUCT_SECMETHOD_TABLE_METHOD_ATTRLIST
1007 methods->method_attrlist = wb_aix_attrlist;
1008 #endif
1009
1010 #if LOG_UNIMPLEMENTED_CALLS
1011 methods->method_delgroup = method_delgroup;
1012 methods->method_deluser = method_deluser;
1013 methods->method_newgroup = method_newgroup;
1014 methods->method_newuser = method_newuser;
1015 methods->method_putgrent = method_putgrent;
1016 methods->method_putgrusers = method_putgrusers;
1017 methods->method_putpwent = method_putpwent;
1018 methods->method_lock = method_lock;
1019 methods->method_unlock = method_unlock;
1020 methods->method_getcred = method_getcred;
1021 methods->method_setcred = method_setcred;
1022 methods->method_deletecred = method_deletecred;
1023 #endif
1024
1025 return AUTH_SUCCESS;
1026 }
1027
Samba GIT mirror