diff options
-rw-r--r-- | nsswitch/libwbclient/wbc_async.h | 10 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbc_pam.c | 270 |
2 files changed, 280 insertions, 0 deletions
diff --git a/nsswitch/libwbclient/wbc_async.h b/nsswitch/libwbclient/wbc_async.h index 21a45741b7..6ee0b37c95 100644 --- a/nsswitch/libwbclient/wbc_async.h +++ b/nsswitch/libwbclient/wbc_async.h @@ -118,6 +118,16 @@ struct tevent_req *wbcGidToSid_send(TALLOC_CTX *mem_ctx, gid_t gid); wbcErr wbcGidToSid_recv(struct tevent_req *req, struct wbcDomainSid *psid); +/* Async functions from wbc_pam.c */ +struct tevent_req *wbcAuthenticateUserEx_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct wb_context *wb_ctx, + const struct wbcAuthUserParams *params); +wbcErr wbcAuthenticateUserEx_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error); + /* Async functions from wbc_sid.c */ struct tevent_req *wbcLookupSid_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index fdb297fae3..ef85f2b7fd 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -300,6 +300,276 @@ done: return wbc_status; } +struct wbc_authenticate_user_ex_state { + struct winbindd_request req; + struct tevent_context *ev; + struct wb_context *wb_ctx; + const struct wbcAuthUserParams *params; + struct wbcAuthUserInfo *info; + struct wbcAuthErrorInfo *error; +}; + +static void wbcAuthenticateUserEx_got_info(struct tevent_req *subreq); +static void wbcAuthenticateUserEx_done(struct tevent_req *subreq); + +struct tevent_req *wbcAuthenticateUserEx_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct wb_context *wb_ctx, + const struct wbcAuthUserParams *params) +{ + struct tevent_req *req, *subreq; + struct wbc_authenticate_user_ex_state *state; + + req = tevent_req_create(mem_ctx, &state, + struct wbc_authenticate_user_ex_state); + if (req == NULL) { + return NULL; + } + + state->ev = ev; + state->wb_ctx = wb_ctx; + state->params = params; + + if (!params) { + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + + if (!params->account_name) { + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + + ZERO_STRUCT(state->req); + + if (params->flags) { + state->req.flags = params->flags; + } + + switch (params->level) { + case WBC_AUTH_USER_LEVEL_PLAIN: + state->req.cmd = WINBINDD_PAM_AUTH; + state->req.flags |= WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (!params->password.plaintext) { + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + + strncpy(state->req.data.auth.pass, + params->password.plaintext, + sizeof(state->req.data.auth.pass)-1); + + if (params->domain_name && params->domain_name[0]) { + /* We need to get the winbind separator :-( */ + subreq = wbcInfo_send(state, ev, wb_ctx); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + + tevent_req_set_callback(subreq, + wbcAuthenticateUserEx_got_info, + req); + return req; + } else { + strncpy(state->req.data.auth.user, + params->account_name, + sizeof(state->req.data.auth.user)-1); + } + + break; + + case WBC_AUTH_USER_LEVEL_HASH: + tevent_req_error(req, WBC_ERR_NOT_IMPLEMENTED); + return tevent_req_post(req, ev); + /* Make some static code checkers happy */ + break; + + case WBC_AUTH_USER_LEVEL_RESPONSE: + state->req.cmd = WINBINDD_PAM_AUTH_CRAP; + state->req.flags |= WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (params->password.response.lm_length && + !params->password.response.lm_data) { + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + if (params->password.response.lm_length == 0 && + params->password.response.lm_data) { + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + + if (params->password.response.nt_length && + !params->password.response.nt_data) { + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + if (params->password.response.nt_length == 0&& + params->password.response.nt_data) { + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + } + + strncpy(state->req.data.auth_crap.user, + params->account_name, + sizeof(state->req.data.auth_crap.user)-1); + if (params->domain_name) { + strncpy(state->req.data.auth_crap.domain, + params->domain_name, + sizeof(state->req.data.auth_crap.domain)-1); + } + if (params->workstation_name) { + strncpy(state->req.data.auth_crap.workstation, + params->workstation_name, + sizeof(state->req.data.auth_crap.workstation)-1); + } + + state->req.data.auth_crap.logon_parameters = + params->parameter_control; + + memcpy(state->req.data.auth_crap.chal, + params->password.response.challenge, + sizeof(state->req.data.auth_crap.chal)); + + state->req.data.auth_crap.lm_resp_len = + MIN(params->password.response.lm_length, + sizeof(state->req.data.auth_crap.lm_resp)); + state->req.data.auth_crap.nt_resp_len = + MIN(params->password.response.nt_length, + sizeof(state->req.data.auth_crap.nt_resp)); + if (params->password.response.lm_data) { + memcpy(state->req.data.auth_crap.lm_resp, + params->password.response.lm_data, + state->req.data.auth_crap.lm_resp_len); + } + if (params->password.response.nt_data) { + memcpy(state->req.data.auth_crap.nt_resp, + params->password.response.nt_data, + state->req.data.auth_crap.nt_resp_len); + } + break; + default: + tevent_req_error(req, WBC_ERR_INVALID_PARAM); + return tevent_req_post(req, ev); + break; + } + + subreq = wb_trans_send(state, ev, wb_ctx, false, &state->req); + if (tevent_req_nomem(subreq, req)) { + return tevent_req_post(req, ev); + } + + tevent_req_set_callback(subreq, wbcAuthenticateUserEx_done, req); + return req; +} + +static void wbcAuthenticateUserEx_got_info(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct wbc_authenticate_user_ex_state *state = tevent_req_data( + req, struct wbc_authenticate_user_ex_state); + char *version_string; + char separator; + wbcErr wbc_status; + + wbc_status = wbcInfo_recv(subreq, state, &separator, &version_string); + TALLOC_FREE(subreq); + if (!WBC_ERROR_IS_OK(wbc_status)) { + tevent_req_error(req, wbc_status); + return; + } + + snprintf(state->req.data.auth.user, + sizeof(state->req.data.auth.user)-1, + "%s%c%s", + state->params->domain_name, + separator, + state->params->account_name); + + subreq = wb_trans_send(state, state->ev, state->wb_ctx, false, + &state->req); + if (tevent_req_nomem(subreq, req)) { + return; + } + + tevent_req_set_callback(subreq, wbcAuthenticateUserEx_done, req); + return; +} + +static void wbcAuthenticateUserEx_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data( + subreq, struct tevent_req); + struct wbc_authenticate_user_ex_state *state = tevent_req_data( + req, struct wbc_authenticate_user_ex_state); + struct winbindd_response *resp; + wbcErr wbc_status; + + ZERO_STRUCT(resp); + + wbc_status = wb_trans_recv(subreq, state, &resp); + TALLOC_FREE(subreq); + if (!WBC_ERROR_IS_OK(wbc_status)) { + tevent_req_error(req, wbc_status); + goto done; + } + + if (resp->data.auth.nt_status != 0) { + wbc_status = wbc_create_error_info(resp, &state->error); + if (!WBC_ERROR_IS_OK(wbc_status)) { + tevent_req_error(req, wbc_status); + goto done; + } + + tevent_req_error(req, WBC_ERR_AUTH_ERROR); + goto done; + } + + wbc_status = wbc_create_auth_info(state, resp, &state->info); + if (!WBC_ERROR_IS_OK(wbc_status)) { + tevent_req_error(req, wbc_status); + goto done; + } + +done: + TALLOC_FREE(resp); +} + +wbcErr wbcAuthenticateUserEx_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct wbcAuthUserInfo **info, + struct wbcAuthErrorInfo **error) +{ + struct wbc_authenticate_user_ex_state *state = tevent_req_data( + req, struct wbc_authenticate_user_ex_state); + wbcErr wbc_status; + + if (error) { + *error = NULL; + } + + if (tevent_req_is_wbcerr(req, &wbc_status)) { + tevent_req_received(req); + if (error) { + *error = talloc_steal(mem_ctx, state->error); + } + return wbc_status; + } + + if (info) { + *info = talloc_steal(mem_ctx, state->info); + } + + tevent_req_received(req); + return wbc_status; +} + /* Authenticate with more detailed information */ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, |