diff options
author | Volker Lendecke <vl@samba.org> | 2010-04-01 12:35:14 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-04-19 14:27:20 +0200 |
commit | 518a4f5423bb360cf886aa1ce951f5323f4b12f9 (patch) | |
tree | db4d60700e8354e8b532f145a0b23765e080dd12 | |
parent | d869e7a0d85a4719078437539267c4acdf97dece (diff) | |
download | samba-518a4f5423bb360cf886aa1ce951f5323f4b12f9.tar.gz samba-518a4f5423bb360cf886aa1ce951f5323f4b12f9.tar.bz2 samba-518a4f5423bb360cf886aa1ce951f5323f4b12f9.zip |
s3: Convert WINBINDD_PAM_CHAUTHTOK to the new async API
-rw-r--r-- | source3/Makefile.in | 1 | ||||
-rw-r--r-- | source3/winbindd/winbindd.c | 3 | ||||
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 57 | ||||
-rw-r--r-- | source3/winbindd/winbindd_pam_chauthtok.c | 121 | ||||
-rw-r--r-- | source3/winbindd/winbindd_proto.h | 9 |
5 files changed, 132 insertions, 59 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index e807e825bf..d05c57d52d 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1239,6 +1239,7 @@ WINBINDD_OBJ1 = \ winbindd/winbindd_set_hwm.o \ winbindd/winbindd_pam_auth.o \ winbindd/winbindd_pam_auth_crap.o \ + winbindd/winbindd_pam_chauthtok.o \ auth/token_util.o \ auth/check_samsec.o \ auth/server_info.o \ diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 8b1dee2a0e..cc273eb50e 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -444,7 +444,6 @@ static struct winbindd_dispatch_table { /* PAM auth functions */ - { WINBINDD_PAM_CHAUTHTOK, winbindd_pam_chauthtok, "CHAUTHTOK" }, { WINBINDD_PAM_LOGOFF, winbindd_pam_logoff, "PAM_LOGOFF" }, { WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP, winbindd_pam_chng_pswd_auth_crap, "CHNG_PSWD_AUTH_CRAP" }, @@ -552,6 +551,8 @@ static struct winbindd_async_dispatch_table async_nonpriv_table[] = { winbindd_ping_dc_send, winbindd_ping_dc_recv }, { WINBINDD_PAM_AUTH, "PAM_AUTH", winbindd_pam_auth_send, winbindd_pam_auth_recv }, + { WINBINDD_PAM_CHAUTHTOK, "PAM_CHAUTHTOK", + winbindd_pam_chauthtok_send, winbindd_pam_chauthtok_recv }, { 0, NULL, NULL, NULL } }; diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 140fa3c506..61c8c298f1 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1896,63 +1896,6 @@ done: return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } -/* Change a user password */ - -void winbindd_pam_chauthtok(struct winbindd_cli_state *state) -{ - fstring domain, user; - char *mapped_user; - struct winbindd_domain *contact_domain; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - /* Ensure null termination */ - state->request->data.chauthtok.user[ - sizeof(state->request->data.chauthtok.user)-1]='\0'; - - DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid, - state->request->data.chauthtok.user)); - - /* Setup crap */ - - nt_status = normalize_name_unmap(state->mem_ctx, - state->request->data.chauthtok.user, - &mapped_user); - - /* Update the chauthtok name if we did any mapping */ - - if (NT_STATUS_IS_OK(nt_status) || - NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_RENAMED)) - { - fstrcpy(state->request->data.chauthtok.user, mapped_user); - } - - /* Must pass in state->...chauthtok.user because - canonicalize_username() assumes an fstring(). Since - we have already copied it (if necessary), this is ok. */ - - if (!canonicalize_username(state->request->data.chauthtok.user, domain, user)) { - set_auth_errors(state->response, NT_STATUS_NO_SUCH_USER); - DEBUG(5, ("winbindd_pam_chauthtok: canonicalize_username %s failed with %s" - "(PAM: %d)\n", - state->request->data.chauthtok.user, - state->response->data.auth.nt_status_string, - state->response->data.auth.pam_error)); - request_error(state); - return; - } - - contact_domain = find_domain_from_name(domain); - if (!contact_domain) { - set_auth_errors(state->response, NT_STATUS_NO_SUCH_USER); - DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] as %s is not a trusted domain\n", - state->request->data.chauthtok.user, domain, user, domain)); - request_error(state); - return; - } - - sendto_domain(state, contact_domain); -} - enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain, struct winbindd_cli_state *state) { diff --git a/source3/winbindd/winbindd_pam_chauthtok.c b/source3/winbindd/winbindd_pam_chauthtok.c new file mode 100644 index 0000000000..9f231e00ce --- /dev/null +++ b/source3/winbindd/winbindd_pam_chauthtok.c @@ -0,0 +1,121 @@ +/* + Unix SMB/CIFS implementation. + async implementation of WINBINDD_PAM_CHAUTHTOK + Copyright (C) Volker Lendecke 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "winbindd.h" + +struct winbindd_pam_chauthtok_state { + struct winbindd_response *response; +}; + +static void winbindd_pam_chauthtok_done(struct tevent_req *subreq); + +struct tevent_req *winbindd_pam_chauthtok_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request) +{ + struct tevent_req *req, *subreq; + struct winbindd_pam_chauthtok_state *state; + struct winbindd_domain *contact_domain; + fstring domain, user; + char *mapped_user; + NTSTATUS status; + + req = tevent_req_create(mem_ctx, &state, + struct winbindd_pam_chauthtok_state); + if (req == NULL) { + return NULL; + } + + /* Ensure null termination */ + request->data.chauthtok.user[ + sizeof(request->data.chauthtok.user)-1]='\0'; + + DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)cli->pid, + request->data.chauthtok.user)); + + status = normalize_name_unmap(state, request->data.chauthtok.user, + &mapped_user); + + if (NT_STATUS_IS_OK(status) || + NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) { + fstrcpy(request->data.chauthtok.user, mapped_user); + } + + if (!canonicalize_username(request->data.chauthtok.user, domain, + user)) { + DEBUG(10, ("winbindd_pam_chauthtok: canonicalize_username %s " + "failed with\n", request->data.chauthtok.user)); + tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); + return tevent_req_post(req, ev); + } + + contact_domain = find_domain_from_name(domain); + if (contact_domain == NULL) { + DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] " + "as %s is not a trusted domain\n", + request->data.chauthtok.user, domain, user, domain)); + tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER); + return tevent_req_post(req, ev); + } + + subreq = wb_domain_request_send(state, winbind_event_context(), + contact_domain, request); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + tevent_req_set_callback(subreq, winbindd_pam_chauthtok_done, req); + return req; +} + +static void winbindd_pam_chauthtok_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct winbindd_pam_chauthtok_state *state = tevent_req_data( + req, struct winbindd_pam_chauthtok_state); + int res, err; + + res = wb_domain_request_recv(subreq, state, &state->response, &err); + TALLOC_FREE(subreq); + if (res == -1) { + tevent_req_nterror(req, map_nt_error_from_unix(err)); + return; + } + tevent_req_done(req); +} + +NTSTATUS winbindd_pam_chauthtok_recv(struct tevent_req *req, + struct winbindd_response *response) +{ + struct winbindd_pam_chauthtok_state *state = tevent_req_data( + req, struct winbindd_pam_chauthtok_state); + NTSTATUS status; + + if (tevent_req_is_nterror(req, &status)) { + set_auth_errors(response, status); + return status; + } + *response = *state->response; + response->result = WINBINDD_PENDING; + state->response = talloc_move(response, &state->response); + return NT_STATUS(response->data.auth.nt_status); +} diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 4e88d88404..c72a1fe81d 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -386,7 +386,6 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain, struct winbindd_cli_state *state) ; enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, struct winbindd_cli_state *state) ; -void winbindd_pam_chauthtok(struct winbindd_cli_state *state); enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain, struct winbindd_cli_state *state); void winbindd_pam_logoff(struct winbindd_cli_state *state); @@ -865,4 +864,12 @@ struct tevent_req *winbindd_pam_auth_crap_send( NTSTATUS winbindd_pam_auth_crap_recv(struct tevent_req *req, struct winbindd_response *response); +struct tevent_req *winbindd_pam_chauthtok_send( + TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct winbindd_cli_state *cli, + struct winbindd_request *request); +NTSTATUS winbindd_pam_chauthtok_recv(struct tevent_req *req, + struct winbindd_response *response); + #endif /* _WINBINDD_PROTO_H_ */ |