diff options
author | Tim Potter <tpot@samba.org> | 2001-05-07 04:32:40 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2001-05-07 04:32:40 +0000 |
commit | a36f9250e7c9446f3eece6d8db29fcbde99256fb (patch) | |
tree | 5b981dc1171e92f4a28232c3cc7b6d619054ea75 /source3/nsswitch/winbindd_pam.c | |
parent | c2887d57b5ff6da52aefac4657c23c142977ee2e (diff) | |
download | samba-a36f9250e7c9446f3eece6d8db29fcbde99256fb.tar.gz samba-a36f9250e7c9446f3eece6d8db29fcbde99256fb.tar.bz2 samba-a36f9250e7c9446f3eece6d8db29fcbde99256fb.zip |
Preliminary merge of winbind into HEAD. Note that this compiles and links
but I haven't actually run it yet so it probably doesn't work. (-:
(This used to be commit 59f95416b66db6df05289bde224de29c721978e5)
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 88 |
1 files changed, 79 insertions, 9 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index c74afd8e29..57b2394799 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -23,6 +23,28 @@ #include "winbindd.h" +/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the + form DOMAIN/user into a domain and a user */ + +static void parse_domain_user(char *domuser, fstring domain, fstring user) +{ + char *p; + char *sep = lp_winbind_separator(); + if (!sep) sep = "\\"; + p = strchr(domuser,*sep); + if (!p) p = strchr(domuser,'\\'); + if (!p) { + fstrcpy(domain,""); + fstrcpy(user, domuser); + return; + } + + fstrcpy(user, p+1); + fstrcpy(domain, domuser); + domain[PTR_DIFF(p, domuser)] = 0; + strupper(domain); +} + /* Return a password structure from a username. Specify whether cached data can be returned. */ @@ -31,31 +53,37 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) NET_USER_INFO_3 info3; uchar ntpw[16]; uchar lmpw[16]; - uint8 trust_passwd[16]; + uchar trust_passwd[16]; uint32 status; fstring server; fstring name_domain, name_user; extern pstring global_myname; - DEBUG(1,("winbindd_pam_auth user=%s\n", - state->request.data.auth.user)); + DEBUG(3, ("[%5d]: pam auth %s\n", state->pid, + state->request.data.auth.user)); /* Parse domain and username */ - parse_domain_user(state->request.data.auth.user, name_domain, name_user); + parse_domain_user(state->request.data.auth.user, name_domain, + name_user); /* don't allow the null domain */ if (strcmp(name_domain,"") == 0) return WINBINDD_ERROR; ZERO_STRUCT(info3); - if (!secrets_fetch_trust_account_password(lp_workgroup(), - trust_passwd, NULL)) { - return WINBINDD_ERROR; - } + if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { + DEBUG(1, ("could not get trust password for domain %s\n", + name_domain)); + return WINBINDD_ERROR; + } nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw); - slprintf(server, sizeof(server)-1, "\\\\%s", server_state.controller); + slprintf(server, sizeof(server), "\\\\%s", server_state.controller); + +#if 0 + + /* XXX */ status = domain_client_validate_backend(server, name_user, name_domain, @@ -64,9 +92,51 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) NULL, lmpw, sizeof(lmpw), ntpw, sizeof(ntpw), &info3); +#else + status = NT_STATUS_UNSUCCESSFUL; +#endif + if (status != NT_STATUS_NOPROBLEMO) return WINBINDD_ERROR; return WINBINDD_OK; } +/* Change a user password */ + +enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state) +{ + char *oldpass, *newpass; + fstring domain, user; + uchar nt_oldhash[16]; + uchar lm_oldhash[16]; + + DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid, + state->request.data.chauthtok.user)); + + /* Setup crap */ + + if (state == NULL) return WINBINDD_ERROR; + + parse_domain_user(state->request.data.chauthtok.user, domain, user); + + oldpass = state->request.data.chauthtok.oldpass; + newpass = state->request.data.chauthtok.newpass; + + nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash); + + /* Change password */ + +#if 0 + + /* XXX */ + + if (!msrpc_sam_ntchange_pwd(server_state.controller, domain, user, + lm_oldhash, nt_oldhash, newpass)) { + DEBUG(0, ("password change failed for user %s/%s\n", domain, user)); + return WINBINDD_ERROR; + } +#endif + + return WINBINDD_OK; +} |