summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-04-18 14:10:35 +0200
committerVolker Lendecke <vl@samba.org>2010-04-19 14:27:24 +0200
commitc04ce964e970b6f08fc768e93f5df2c5cbd09746 (patch)
tree04de815cb74662773e36e505a4768b5e05e2835d
parente0d7a8424264bb9a240409b67d4c363e154097dc (diff)
downloadsamba-c04ce964e970b6f08fc768e93f5df2c5cbd09746.tar.gz
samba-c04ce964e970b6f08fc768e93f5df2c5cbd09746.tar.bz2
samba-c04ce964e970b6f08fc768e93f5df2c5cbd09746.zip
nsswitch: Add wbinfo --pam-logon
This does a wbcLogonUser with credential caching
-rw-r--r--nsswitch/wbinfo.c78
1 files changed, 78 insertions, 0 deletions
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index afecc86f1e..ca1fefb606 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1532,6 +1532,75 @@ static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
return WBC_ERROR_IS_OK(wbc_status);
}
+/* Authenticate a user with a plaintext password */
+
+static bool wbinfo_pam_logon(char *username)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcLogonUserParams params;
+ struct wbcAuthErrorInfo *error;
+ char *s = NULL;
+ char *p = NULL;
+ TALLOC_CTX *frame = talloc_tos();
+ uint32_t flags;
+ uint32_t uid;
+
+ ZERO_STRUCT(params);
+
+ if ((s = talloc_strdup(frame, username)) == NULL) {
+ return false;
+ }
+
+ if ((p = strchr(s, '%')) != NULL) {
+ *p = 0;
+ p++;
+ params.password = talloc_strdup(frame, p);
+ } else {
+ params.password = wbinfo_prompt_pass(frame, NULL, username);
+ }
+ params.username = s;
+
+ flags = WBFLAG_PAM_CACHED_LOGIN;
+
+ wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
+ "flags", 0,
+ (uint8_t *)&flags, sizeof(flags));
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ d_printf("wbcAddNamedBlob failed: %s\n",
+ wbcErrorString(wbc_status));
+ return false;
+ }
+
+ uid = getuid();
+
+ wbc_status = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
+ "user_uid", 0,
+ (uint8_t *)&uid, sizeof(uid));
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ d_printf("wbcAddNamedBlob failed: %s\n",
+ wbcErrorString(wbc_status));
+ return false;
+ }
+
+ wbc_status = wbcLogonUser(&params, NULL, &error, NULL);
+
+ wbcFreeMemory(params.blobs);
+
+ d_printf("plaintext password authentication %s\n",
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ d_fprintf(stderr,
+ "error code was %s (0x%x)\nerror messsage was: %s\n",
+ error->nt_string,
+ (int)error->nt_status,
+ error->display_string);
+ wbcFreeMemory(error);
+ return false;
+ }
+ return true;
+}
+
/* Save creds with winbind */
static bool wbinfo_ccache_save(char *username)
@@ -1778,6 +1847,7 @@ enum {
OPT_CCACHE_SAVE,
OPT_SID_TO_FULLNAME,
OPT_NTLMV2,
+ OPT_PAM_LOGON,
OPT_LOGOFF,
OPT_LOGOFF_USER,
OPT_LOGOFF_UID,
@@ -1849,6 +1919,8 @@ int main(int argc, char **argv, char **envp)
{ "sid-aliases", 0, POPT_ARG_STRING, &string_arg, OPT_SIDALIASES, "Get sid aliases", "SID" },
{ "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
+ { "pam-logon", 0, POPT_ARG_STRING, string_arg, OPT_PAM_LOGON,
+ "do a pam logon equivalent", "user%password" },
{ "logoff", 0, POPT_ARG_NONE, NULL, OPT_LOGOFF,
"log off user", "uid" },
{ "logoff-user", 0, POPT_ARG_STRING, &logoff_user,
@@ -2204,6 +2276,12 @@ int main(int argc, char **argv, char **envp)
goto done;
break;
}
+ case OPT_PAM_LOGON:
+ if (!wbinfo_pam_logon(string_arg)) {
+ d_fprintf(stderr, "pam_logon failed for %s\n",
+ string_arg);
+ goto done;
+ }
case OPT_LOGOFF:
{
wbcErr wbc_status;