search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add another registry rpc (opnum 0x14). Have no idea what it's real name
[Samba.git] / source / auth / auth_winbind.c
blob671e198bf59beaf1845f8baaac47527405195392
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind authentication mechnism
5
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Bartlett 2001
8
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 */
23
24 #include "includes.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_AUTH
28
29 /* Prototypes from common.h */
30
31 NSS_STATUS winbindd_request(int req_type,
32 struct winbindd_request *request,
33 struct winbindd_response *response);
34
35
36 /* Authenticate a user with a challenge/response */
37
38 static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
39 void *my_private_data,
40 TALLOC_CTX *mem_ctx,
41 const auth_usersupplied_info *user_info,
42 auth_serversupplied_info **server_info)
43 {
44 struct winbindd_request request;
45 struct winbindd_response response;
46 NSS_STATUS result;
47 struct passwd *pw;
48 NTSTATUS nt_status;
49
50 if (!user_info) {
51 return NT_STATUS_UNSUCCESSFUL;
52 }
53
54 if (!auth_context) {
55 DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n",
56 user_info->internal_username.str));
57 return NT_STATUS_UNSUCCESSFUL;
58 }
59
60 /* Send off request */
61
62 ZERO_STRUCT(request);
63 ZERO_STRUCT(response);
64
65 snprintf(request.data.auth_crap.user, sizeof(request.data.auth_crap.user),
66 "%s\\%s", user_info->domain.str, user_info->smb_name.str);
67
68 fstrcpy(request.data.auth_crap.user, user_info->smb_name.str);
69 fstrcpy(request.data.auth_crap.domain, user_info->domain.str);
70
71 memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal));
72
73 request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length,
74 sizeof(request.data.auth_crap.lm_resp));
75 request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length,
76 sizeof(request.data.auth_crap.nt_resp));
77
78 memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data,
79 sizeof(request.data.auth_crap.lm_resp_len));
80 memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data,
81 request.data.auth_crap.lm_resp_len);
82
83 result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
84
85 if (result == NSS_STATUS_SUCCESS) {
86
87 pw = Get_Pwnam(user_info->internal_username.str);
88
89 if (pw) {
90 if (make_server_info_pw(server_info, pw)) {
91 nt_status = NT_STATUS_OK;
92 } else {
93 nt_status = NT_STATUS_NO_MEMORY;
94 }
95 } else {
96 nt_status = NT_STATUS_NO_SUCH_USER;
97 }
98 } else {
99 nt_status = NT_STATUS_LOGON_FAILURE;
100 }
101
102 return nt_status;
103 }
104
105 /* module initialisation */
106 NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
107 {
108 if (!make_auth_methods(auth_context, auth_method)) {
109 return NT_STATUS_NO_MEMORY;
110 }
111
112 (*auth_method)->name = "winbind";
113 (*auth_method)->auth = check_winbind_security;
114 return NT_STATUS_OK;
115 }
Samba GIT mirror