summaryrefslogtreecommitdiff
path: root/nsswitch
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-01-09 20:20:36 +0100
committerVolker Lendecke <vl@samba.org>2010-01-24 20:32:16 +0100
commit7d18d058a1203ab7079f9dbdf37962803064d699 (patch)
tree44b5e54adfe02dccd954570ad5993c3dceed9475 /nsswitch
parent185815a6472a7a09602b3c51198e20257241dfa7 (diff)
downloadsamba-7d18d058a1203ab7079f9dbdf37962803064d699.tar.gz
samba-7d18d058a1203ab7079f9dbdf37962803064d699.tar.bz2
samba-7d18d058a1203ab7079f9dbdf37962803064d699.zip
s3: Add wbinfo --ccache-save
With this command you can give winbind your password for later use by the automatic ntlm_auth
Diffstat (limited to 'nsswitch')
-rw-r--r--nsswitch/libwbclient/wbc_pam.c18
-rw-r--r--nsswitch/libwbclient/wbclient.h10
-rw-r--r--nsswitch/wbinfo.c46
-rw-r--r--nsswitch/winbind_struct_protocol.h9
4 files changed, 82 insertions, 1 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 1f76c0a143..087db2e6c6 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -1119,3 +1119,21 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
{
return WBC_ERR_NOT_IMPLEMENTED;
}
+
+/* Authenticate a user with cached credentials */
+wbcErr wbcCredentialSave(const char *user, const char *password)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.data.ccache_save.user, user,
+ sizeof(request.data.ccache_save.user)-1);
+ strncpy(request.data.ccache_save.pass, password,
+ sizeof(request.data.ccache_save.pass)-1);
+ request.data.ccache_save.uid = getuid();
+
+ return wbcRequestResponse(WINBINDD_CCACHE_SAVE, &request, &response);
+}
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index 33a4ace75c..06f0713c86 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -1164,6 +1164,16 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
struct wbcCredentialCacheInfo **info,
struct wbcAuthErrorInfo **error);
+/**
+ * @brief Save a password with winbind for doing wbcCredentialCache() later
+ *
+ * @param *user Username
+ * @param *password Password
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCredentialSave(const char *user, const char *password);
+
/**********************************************************
* Resolve functions
**********************************************************/
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 45d8684bad..a43ce8f4c9 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1530,6 +1530,43 @@ static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman)
return WBC_ERROR_IS_OK(wbc_status);
}
+/* Save creds with winbind */
+
+static bool wbinfo_ccache_save(char *username)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ char *s = NULL;
+ char *p = NULL;
+ char *password = NULL;
+ char *name = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ s = talloc_strdup(frame, username);
+ if (s == NULL) {
+ return false;
+ }
+
+ p = strchr(s, '%');
+ if (p != NULL) {
+ *p = 0;
+ p++;
+ password = talloc_strdup(frame, p);
+ } else {
+ password = wbinfo_prompt_pass(frame, NULL, username);
+ }
+
+ name = s;
+
+ wbc_status = wbcCredentialSave(name, password);
+
+ d_printf("saving creds %s\n",
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+ TALLOC_FREE(frame);
+
+ return WBC_ERROR_IS_OK(wbc_status);
+}
+
#ifdef WITH_FAKE_KASERVER
/* Authenticate a user with a plaintext password and set a token */
@@ -1736,6 +1773,7 @@ enum {
OPT_ONLINESTATUS,
OPT_CHANGE_USER_PASSWORD,
OPT_PING_DC,
+ OPT_CCACHE_SAVE,
OPT_SID_TO_FULLNAME,
OPT_NTLMV2,
OPT_LANMAN
@@ -1805,6 +1843,9 @@ int main(int argc, char **argv, char **envp)
{ "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" },
{ "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" },
+ { "ccache-save", 0, POPT_ARG_STRING, &string_arg,
+ OPT_CCACHE_SAVE, "Store user and password for ccache "
+ "operation", "user%password" },
{ "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
"Get a DC name for a foreign domain", "domainname" },
{ "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
@@ -2189,6 +2230,11 @@ int main(int argc, char **argv, char **envp)
wbinfo_get_auth_user();
goto done;
break;
+ case OPT_CCACHE_SAVE:
+ if (!wbinfo_ccache_save(string_arg)) {
+ goto done;
+ }
+ break;
case OPT_GETDCNAME:
if (!wbinfo_getdcname(string_arg)) {
goto done;
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index 4d27d5283c..7790155f25 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -48,8 +48,9 @@ typedef char fstring[FSTRING_LEN];
* 21: added WINBINDD_GETPWSID
* added WINBINDD_GETSIDALIASES
* 22: added WINBINDD_PING_DC
+ * 23: added WINBINDD_CCACHE_SAVE
*/
-#define WINBIND_INTERFACE_VERSION 22
+#define WINBIND_INTERFACE_VERSION 23
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
@@ -177,6 +178,7 @@ enum winbindd_cmd {
/* Complete the challenge phase of the NTLM authentication
protocol using cached password. */
WINBINDD_CCACHE_NTLMAUTH,
+ WINBINDD_CCACHE_SAVE,
WINBINDD_NUM_CMDS
};
@@ -335,6 +337,11 @@ struct winbindd_request {
uint32_t challenge_blob_len;
} ccache_ntlm_auth;
struct {
+ uid_t uid;
+ fstring user;
+ fstring pass;
+ } ccache_save;
+ struct {
fstring domain_name;
fstring domain_guid;
fstring site_name;