2 Unix SMB/CIFS implementation.
4 Winbind authentication mechnism
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Andrew Bartlett 2001 - 2002
8 Copyright (C) Stefan Metzmacher 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 2 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program; if not, write to the Free Software
22 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
26 #include "librpc/gen_ndr/ndr_netlogon.h"
27 #include "auth/auth.h"
28 #include "nsswitch/winbind_client.h"
30 static NTSTATUS
get_info3_from_ndr(TALLOC_CTX
*mem_ctx
, struct winbindd_response
*response
, struct netr_SamInfo3
*info3
)
32 size_t len
= response
->length
- sizeof(struct winbindd_response
);
36 blob
.length
= len
- 4;
37 blob
.data
= (uint8_t *)(((char *)response
->extra_data
) + 4);
39 status
= ndr_pull_struct_blob(&blob
, mem_ctx
, info3
,
40 (ndr_pull_flags_fn_t
)ndr_pull_netr_SamInfo3
);
44 DEBUG(2, ("get_info3_from_ndr: No info3 struct found!\n"));
45 return NT_STATUS_UNSUCCESSFUL
;
49 /* Authenticate a user with a challenge/response */
50 static NTSTATUS
winbind_check_password(struct auth_method_context
*ctx
,
52 const struct auth_usersupplied_info
*user_info
,
53 struct auth_serversupplied_info
**server_info
)
55 struct winbindd_request request
;
56 struct winbindd_response response
;
59 struct netr_SamInfo3 info3
;
61 /* Send off request */
64 ZERO_STRUCT(response
);
65 request
.flags
= WBFLAG_PAM_INFO3_NDR
;
66 fstrcpy(request
.data
.auth_crap
.user
,
67 user_info
->account_name
);
68 fstrcpy(request
.data
.auth_crap
.domain
,
69 user_info
->domain_name
);
70 fstrcpy(request
.data
.auth_crap
.workstation
,
71 user_info
->workstation_name
);
73 memcpy(request
.data
.auth_crap
.chal
, ctx
->auth_ctx
->challenge
.data
.data
, sizeof(request
.data
.auth_crap
.chal
));
75 request
.data
.auth_crap
.lm_resp_len
= MIN(user_info
->lm_resp
.length
,
76 sizeof(request
.data
.auth_crap
.lm_resp
));
77 request
.data
.auth_crap
.nt_resp_len
= MIN(user_info
->nt_resp
.length
,
78 sizeof(request
.data
.auth_crap
.nt_resp
));
80 memcpy(request
.data
.auth_crap
.lm_resp
, user_info
->lm_resp
.data
,
81 request
.data
.auth_crap
.lm_resp_len
);
82 memcpy(request
.data
.auth_crap
.nt_resp
, user_info
->nt_resp
.data
,
83 request
.data
.auth_crap
.nt_resp_len
);
85 result
= winbindd_request(WINBINDD_PAM_AUTH_CRAP
, &request
, &response
);
87 nt_status
= NT_STATUS(response
.data
.auth
.nt_status
);
88 NT_STATUS_NOT_OK_RETURN(nt_status
);
90 if (result
== NSS_STATUS_SUCCESS
&& response
.extra_data
) {
91 union netr_Validation validation
;
93 nt_status
= get_info3_from_ndr(mem_ctx
, &response
, &info3
);
94 SAFE_FREE(response
.extra_data
);
95 NT_STATUS_NOT_OK_RETURN(nt_status
);
97 validation
.sam3
= &info3
;
98 nt_status
= make_server_info_netlogon_validation(mem_ctx
,
99 user_info
->account_name
,
103 } else if (result
== NSS_STATUS_SUCCESS
&& !response
.extra_data
) {
104 DEBUG(0, ("Winbindd authenticated the user [%s]\\[%s], "
105 "but did not include the required info3 reply!\n",
106 user_info
->domain_name
, user_info
->account_name
));
107 return NT_STATUS_INSUFFICIENT_LOGON_INFO
;
108 } else if (NT_STATUS_IS_OK(nt_status
)) {
109 DEBUG(1, ("Winbindd authentication for [%s]\\[%s] failed, "
110 "but no error code is available!\n",
111 user_info
->domain_name
, user_info
->account_name
));
112 return NT_STATUS_NO_LOGON_SERVERS
;
118 static const struct auth_operations winbind_ops
= {
120 .get_challenge
= auth_get_challenge_not_implemented
,
121 .check_password
= winbind_check_password
124 NTSTATUS
auth_winbind_init(void)
128 ret
= auth_register(&winbind_ops
);
129 if (!NT_STATUS_IS_OK(ret
)) {
130 DEBUG(0,("Failed to register 'winbind' auth backend!\n"));