summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2004-04-01 12:31:50 +0000
committerVolker Lendecke <vlendec@samba.org>2004-04-01 12:31:50 +0000
commit56e7c149babcf41e5c510104a8e0cdca56f227f0 (patch)
tree17e87dc5db42586bd072db1b47bc2ae11dcf1c30 /source3/nsswitch
parente2f355c7eae4f1fda705cc223575193535b91da5 (diff)
downloadsamba-56e7c149babcf41e5c510104a8e0cdca56f227f0.tar.gz
samba-56e7c149babcf41e5c510104a8e0cdca56f227f0.tar.bz2
samba-56e7c149babcf41e5c510104a8e0cdca56f227f0.zip
This restructures lib/afs.c so that the token data can be but into a
stream. This is to implement wbinfo -k that asks winbind for authentication which then creates the AFS token for the authenticated user. Volker (This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/wbinfo.c67
-rw-r--r--source3/nsswitch/winbindd_nss.h1
-rw-r--r--source3/nsswitch/winbindd_pam.c35
3 files changed, 103 insertions, 0 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 81626998b3..2cea4130ad 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -594,6 +594,64 @@ static BOOL wbinfo_auth_crap(char *username)
return result == NSS_STATUS_SUCCESS;
}
+/* Authenticate a user with a plaintext password and set a token */
+
+static BOOL wbinfo_klog(char *username)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ NSS_STATUS result;
+ char *p;
+
+ /* Send off request */
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ p = strchr(username, '%');
+
+ if (p) {
+ *p = 0;
+ fstrcpy(request.data.auth.user, username);
+ fstrcpy(request.data.auth.pass, p + 1);
+ *p = '%';
+ } else {
+ fstrcpy(request.data.auth.user, username);
+ fstrcpy(request.data.auth.pass, getpass("Password: "));
+ }
+
+ request.flags |= WBFLAG_PAM_AFS_TOKEN;
+
+ result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
+
+ /* Display response */
+
+ d_printf("plaintext password authentication %s\n",
+ (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
+
+ if (response.data.auth.nt_status)
+ d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
+ response.data.auth.nt_status_string,
+ response.data.auth.nt_status,
+ response.data.auth.error_string);
+
+ if (result != NSS_STATUS_SUCCESS)
+ return False;
+
+ if (response.extra_data == NULL) {
+ d_printf("Did not get token data\n");
+ return False;
+ }
+
+ if (!afs_settoken_str((char *)response.extra_data)) {
+ d_printf("Could not set token\n");
+ return False;
+ }
+
+ d_printf("Successfully created AFS token\n");
+ return True;
+}
+
/******************************************************************
create a winbindd user
******************************************************************/
@@ -1001,6 +1059,9 @@ int main(int argc, char **argv)
{ "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL },
{ "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" },
{ "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" },
+#ifdef WITH_FAKE_KASERVER
+ { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" },
+#endif
POPT_COMMON_VERSION
POPT_TABLEEND
};
@@ -1160,6 +1221,12 @@ int main(int argc, char **argv)
goto done;
break;
}
+ case 'k':
+ if (!wbinfo_klog(string_arg)) {
+ d_printf("Could not klog user\n");
+ goto done;
+ }
+ break;
case 'c':
if ( !wbinfo_create_user(string_arg) ) {
d_printf("Could not create user account\n");
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 0d110b8afa..c8fe5c826c 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -156,6 +156,7 @@ typedef struct winbindd_gr {
#define WBFLAG_QUERY_ONLY 0x0020
#define WBFLAG_ALLOCATE_RID 0x0040
#define WBFLAG_PAM_UNIX_NAME 0x0080
+#define WBFLAG_PAM_AFS_TOKEN 0x0100
/* Winbind request structure */
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 37b2a9f21b..1d232edfe3 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -211,6 +211,41 @@ done:
state->response.data.auth.nt_status_string,
state->response.data.auth.pam_error));
+ if ( NT_STATUS_IS_OK(result) &&
+ (state->request.flags & WBFLAG_PAM_AFS_TOKEN) ) {
+
+ char *afsname = strdup(lp_afs_username_map());
+ char *cell;
+
+ if (afsname == NULL) goto no_token;
+
+ afsname = realloc_string_sub(afsname, "%D", name_domain);
+ afsname = realloc_string_sub(afsname, "%u", name_user);
+ afsname = realloc_string_sub(afsname, "%U", name_user);
+
+ if (afsname == NULL) goto no_token;
+
+ strlower_m(afsname);
+
+ cell = strchr(afsname, '@');
+
+ if (cell == NULL) goto no_token;
+
+ *cell = '\0';
+ cell += 1;
+
+ /* Append an AFS token string */
+ state->response.extra_data =
+ afs_createtoken_str(afsname, cell);
+
+ if (state->response.extra_data != NULL)
+ state->response.length +=
+ strlen(state->response.extra_data)+1;
+
+ no_token:
+ SAFE_FREE(afsname);
+ }
+
if (mem_ctx)
talloc_destroy(mem_ctx);