diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-04-01 12:31:50 +0000 |
---|---|---|
committer | Volker Lendecke <vlendec@samba.org> | 2004-04-01 12:31:50 +0000 |
commit | 56e7c149babcf41e5c510104a8e0cdca56f227f0 (patch) | |
tree | 17e87dc5db42586bd072db1b47bc2ae11dcf1c30 /source3/nsswitch/wbinfo.c | |
parent | e2f355c7eae4f1fda705cc223575193535b91da5 (diff) | |
download | samba-56e7c149babcf41e5c510104a8e0cdca56f227f0.tar.gz samba-56e7c149babcf41e5c510104a8e0cdca56f227f0.tar.bz2 samba-56e7c149babcf41e5c510104a8e0cdca56f227f0.zip |
This restructures lib/afs.c so that the token data can be but into a
stream. This is to implement wbinfo -k that asks winbind for authentication
which then creates the AFS token for the authenticated user.
Volker
(This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)
Diffstat (limited to 'source3/nsswitch/wbinfo.c')
-rw-r--r-- | source3/nsswitch/wbinfo.c | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 81626998b3..2cea4130ad 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -594,6 +594,64 @@ static BOOL wbinfo_auth_crap(char *username) return result == NSS_STATUS_SUCCESS; } +/* Authenticate a user with a plaintext password and set a token */ + +static BOOL wbinfo_klog(char *username) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + char *p; + + /* Send off request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + p = strchr(username, '%'); + + if (p) { + *p = 0; + fstrcpy(request.data.auth.user, username); + fstrcpy(request.data.auth.pass, p + 1); + *p = '%'; + } else { + fstrcpy(request.data.auth.user, username); + fstrcpy(request.data.auth.pass, getpass("Password: ")); + } + + request.flags |= WBFLAG_PAM_AFS_TOKEN; + + result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response); + + /* Display response */ + + d_printf("plaintext password authentication %s\n", + (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); + + if (response.data.auth.nt_status) + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status, + response.data.auth.error_string); + + if (result != NSS_STATUS_SUCCESS) + return False; + + if (response.extra_data == NULL) { + d_printf("Did not get token data\n"); + return False; + } + + if (!afs_settoken_str((char *)response.extra_data)) { + d_printf("Could not set token\n"); + return False; + } + + d_printf("Successfully created AFS token\n"); + return True; +} + /****************************************************************** create a winbindd user ******************************************************************/ @@ -1001,6 +1059,9 @@ int main(int argc, char **argv) { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL }, { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" }, { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" }, +#ifdef WITH_FAKE_KASERVER + { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, +#endif POPT_COMMON_VERSION POPT_TABLEEND }; @@ -1160,6 +1221,12 @@ int main(int argc, char **argv) goto done; break; } + case 'k': + if (!wbinfo_klog(string_arg)) { + d_printf("Could not klog user\n"); + goto done; + } + break; case 'c': if ( !wbinfo_create_user(string_arg) ) { d_printf("Could not create user account\n"); |