diff options
-rw-r--r-- | nsswitch/wbinfo.c | 111 |
1 files changed, 76 insertions, 35 deletions
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 04adddaf48..5dd96f9ac0 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -1178,66 +1178,107 @@ static char *wbinfo_prompt_pass(const char *prefix, static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags) { - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - char *p; - char *password; - - /* Send off request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *s = NULL; + char *p = NULL; + char *password = NULL; + char *name = NULL; + uid_t uid; + struct wbcLogonUserParams params; + struct wbcLogonUserInfo *info; + struct wbcAuthErrorInfo *error; + struct wbcUserPasswordPolicyInfo *policy; - p = strchr(username, '%'); + if ((s = SMB_STRDUP(username)) == NULL) { + return false; + } - if (p) { + if ((p = strchr(s, '%')) != NULL) { *p = 0; - fstrcpy(request.data.auth.user, username); - fstrcpy(request.data.auth.pass, p + 1); - *p = '%'; + p++; + password = SMB_STRDUP(p); } else { - fstrcpy(request.data.auth.user, username); password = wbinfo_prompt_pass(NULL, username); - fstrcpy(request.data.auth.pass, password); - SAFE_FREE(password); } - request.flags = flags; + name = s; - fstrcpy(request.data.auth.krb5_cc_type, cctype); + uid = geteuid(); - request.data.auth.uid = geteuid(); + params.username = name; + params.password = password; + params.num_blobs = 0; + params.blobs = NULL; - result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response); + wbc_status = wbcAddNamedBlob(¶ms.num_blobs, + ¶ms.blobs, + "flags", + 0, + (uint8_t *)&flags, + sizeof(flags)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } - /* Display response */ + wbc_status = wbcAddNamedBlob(¶ms.num_blobs, + ¶ms.blobs, + "user_uid", + 0, + (uint8_t *)&uid, + sizeof(uid)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + wbc_status = wbcAddNamedBlob(¶ms.num_blobs, + ¶ms.blobs, + "krb5_cc_type", + 0, + (uint8_t *)cctype, + strlen(cctype)+1); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + wbc_status = wbcLogonUser(¶ms, &info, &error, &policy); d_printf("plaintext kerberos password authentication for [%s] %s (requesting cctype: %s)\n", - username, (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", cctype); + username, WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed", cctype); - if (response.data.auth.nt_status) + if (error) { d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status, - response.data.auth.error_string); - - if (result == NSS_STATUS_SUCCESS) { + error->nt_string, + error->nt_status, + error->display_string); + } - if (request.flags & WBFLAG_PAM_INFO3_TEXT) { - if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) { + if (WBC_ERROR_IS_OK(wbc_status)) { + if (flags & WBFLAG_PAM_INFO3_TEXT) { + if (info && info->info && info->info->user_flags & NETLOGON_CACHED_ACCOUNT) { d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n"); } } - if (response.data.auth.krb5ccname[0] != '\0') { - d_printf("credentials were put in: %s\n", response.data.auth.krb5ccname); + if (info) { + int i; + for (i=0; i < info->num_blobs; i++) { + if (strequal(info->blobs[i].name, "krb5ccname")) { + d_printf("credentials were put in: %s\n", + (const char *)info->blobs[i].blob.data); + break; + } + } } else { d_printf("no credentials cached\n"); } } + done: + + SAFE_FREE(s); + SAFE_FREE(password); + wbcFreeMemory(params.blobs); - return result == NSS_STATUS_SUCCESS; + return WBC_ERROR_IS_OK(wbc_status); } /* Authenticate a user with a plaintext password */ |