diff options
author | Stefan Metzmacher <metze@samba.org> | 2008-01-29 16:21:14 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2008-02-13 13:30:16 +0100 |
commit | 5fb87ff3efc56de954ea08d286c90fbaaf99ea0a (patch) | |
tree | af6410e7c81b97762db9328bbb19de331b801674 /source3 | |
parent | 9d27ded946daaa7d484f8b93921bac961ea2e071 (diff) | |
download | samba-5fb87ff3efc56de954ea08d286c90fbaaf99ea0a.tar.gz samba-5fb87ff3efc56de954ea08d286c90fbaaf99ea0a.tar.bz2 samba-5fb87ff3efc56de954ea08d286c90fbaaf99ea0a.zip |
wbinfo: use wbcAuthenticateUserEx()
metze
(This used to be commit 923cb37837d508d5355038e95ed1ac09c5869a89)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/nsswitch/wbinfo.c | 90 |
1 files changed, 43 insertions, 47 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 9d1a56536b..689dc5e9e1 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -904,19 +904,16 @@ static bool wbinfo_auth(char *username) static bool wbinfo_auth_crap(char *username) { - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcAuthUserParams params; + struct wbcAuthErrorInfo *err = NULL; + DATA_BLOB lm = data_blob_null; + DATA_BLOB nt = data_blob_null; fstring name_user; fstring name_domain; fstring pass; char *p; - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - p = strchr(username, '%'); if (p) { @@ -926,29 +923,30 @@ static bool wbinfo_auth_crap(char *username) parse_wbinfo_domain_user(username, name_domain, name_user); - request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; + params.account_name = name_user; + params.domain_name = name_domain; + params.workstation_name = NULL; - fstrcpy(request.data.auth_crap.user, name_user); + params.flags = 0; + params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | + WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; - fstrcpy(request.data.auth_crap.domain, name_domain); + params.level = WBC_AUTH_USER_LEVEL_RESPONSE; - generate_random_buffer(request.data.auth_crap.chal, 8); + generate_random_buffer(params.password.response.challenge, 8); if (lp_client_ntlmv2_auth()) { DATA_BLOB server_chal; DATA_BLOB names_blob; - DATA_BLOB lm_response; - DATA_BLOB nt_response; - - server_chal = data_blob(request.data.auth_crap.chal, 8); + server_chal = data_blob(params.password.response.challenge, 8); /* Pretend this is a login to 'us', for blob purposes */ names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup()); if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, &names_blob, - &lm_response, &nt_response, NULL)) { + &lm, &nt, NULL)) { data_blob_free(&names_blob); data_blob_free(&server_chal); return false; @@ -956,47 +954,45 @@ static bool wbinfo_auth_crap(char *username) data_blob_free(&names_blob); data_blob_free(&server_chal); - memcpy(request.data.auth_crap.nt_resp, nt_response.data, - MIN(nt_response.length, - sizeof(request.data.auth_crap.nt_resp))); - request.data.auth_crap.nt_resp_len = nt_response.length; - - memcpy(request.data.auth_crap.lm_resp, lm_response.data, - MIN(lm_response.length, - sizeof(request.data.auth_crap.lm_resp))); - request.data.auth_crap.lm_resp_len = lm_response.length; - - data_blob_free(&nt_response); - data_blob_free(&lm_response); - } else { - if (lp_client_lanman_auth() - && SMBencrypt(pass, request.data.auth_crap.chal, - (uchar *)request.data.auth_crap.lm_resp)) { - request.data.auth_crap.lm_resp_len = 24; - } else { - request.data.auth_crap.lm_resp_len = 0; + if (lp_client_lanman_auth()) { + bool ok; + lm = data_blob(NULL, 24); + ok = SMBencrypt(pass, params.password.response.challenge, + lm.data); + if (!ok) { + data_blob_free(&lm); + } } - SMBNTencrypt(pass, request.data.auth_crap.chal, - (uchar *)request.data.auth_crap.nt_resp); - - request.data.auth_crap.nt_resp_len = 24; + nt = data_blob(NULL, 24); + SMBNTencrypt(pass, params.password.response.challenge, + nt.data); } - result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); + params.password.response.nt_length = nt.length; + params.password.response.nt_data = nt.data; + params.password.response.lm_length = lm.length; + params.password.response.lm_data = lm.data; + + wbc_status = wbcAuthenticateUserEx(¶ms, NULL, &err); /* Display response */ d_printf("challenge/response password authentication %s\n", - (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); + WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); - if (response.data.auth.nt_status) + if (wbc_status == WBC_ERR_AUTH_ERROR) { d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status, - response.data.auth.error_string); + err->nt_string, + err->nt_status, + err->display_string); + wbcFreeMemory(err); + } - return result == NSS_STATUS_SUCCESS; + data_blob_free(&nt); + data_blob_free(&lm); + + return WBC_ERROR_IS_OK(wbc_status); } /* Authenticate a user with a plaintext password and set a token */ |