diff options
-rw-r--r-- | source4/auth/auth_domain.c | 157 | ||||
-rw-r--r-- | source4/auth/config.mk | 12 |
2 files changed, 0 insertions, 169 deletions
diff --git a/source4/auth/auth_domain.c b/source4/auth/auth_domain.c deleted file mode 100644 index 2570149902..0000000000 --- a/source4/auth/auth_domain.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Authenticate a user to a domain controller - - Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 - Copyright (C) Andrew Tridgell 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "librpc/gen_ndr/ndr_netlogon.h" -#include "include/secrets.h" -#include "lib/ldb/include/ldb.h" -#include "auth/auth.h" - -/* Authenticate a user with a challenge/response */ -static NTSTATUS domain_check_password(struct auth_method_context *ctx, - TALLOC_CTX *mem_ctx, - const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) -{ - NTSTATUS status; - - struct dcerpc_pipe *p; - struct dcerpc_binding *b; - struct netr_LogonSamLogon r; - struct netr_Authenticator auth, auth2; - struct netr_NetworkInfo ninfo; - - struct creds_CredentialState *creds; - struct cli_credentials *credentials; - - const char **bindings = lp_passwordserver(); - const char *binding; - - if (bindings && bindings[0]) { - binding = bindings[0]; - } else { - return NT_STATUS_INVALID_PARAMETER; - } - - if (!user_info->workstation_name) { - return NT_STATUS_INVALID_PARAMETER; - } - - credentials = cli_credentials_init(mem_ctx); - cli_credentials_set_conf(credentials); - status = cli_credentials_set_machine_account(credentials); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* Connect to DC (take a binding string for now) */ - - status = dcerpc_parse_binding(mem_ctx, binding, &b); - if (!NT_STATUS_IS_OK(status)) { - printf("Bad binding string %s\n", binding); - return NT_STATUS_INVALID_PARAMETER; - } - - /* We like schannel */ - b->flags &= ~DCERPC_AUTH_OPTIONS; - b->flags |= DCERPC_SCHANNEL | DCERPC_SEAL | DCERPC_SCHANNEL_128; - - /* Setup schannel */ - status = dcerpc_pipe_connect_b(mem_ctx, &p, b, - DCERPC_NETLOGON_UUID, - DCERPC_NETLOGON_VERSION, - credentials, ctx->auth_ctx->event_ctx); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - /* call domain logon */ - - status = dcerpc_schannel_creds(p->conn->security_state.generic_state, mem_ctx, &creds); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - ninfo.identity_info.domain_name.string = user_info->client.domain_name; - ninfo.identity_info.parameter_control = 0; - ninfo.identity_info.logon_id_low = 0; - ninfo.identity_info.logon_id_high = 0; - ninfo.identity_info.account_name.string = user_info->client.account_name; - ninfo.identity_info.workstation.string = user_info->workstation_name; - memcpy(ninfo.challenge, ctx->auth_ctx->challenge.data.data, sizeof(ninfo.challenge)); - - ninfo.nt.length = user_info->password.response.nt.length; - ninfo.nt.data = user_info->password.response.nt.data; - ninfo.lm.length = user_info->password.response.lanman.length; - ninfo.lm.data = user_info->password.response.lanman.data; - - r.in.server_name = talloc_asprintf(mem_ctx, "\\\\%s", dcerpc_server_name(p)); - r.in.workstation = cli_credentials_get_workstation(credentials); - r.in.credential = &auth; - r.in.return_authenticator = &auth2; - r.in.logon_level = 2; - r.in.logon.network = &ninfo; - r.in.validation_level = 3; - - ZERO_STRUCT(auth2); - creds_client_authenticator(creds, &auth); - - status = dcerpc_netr_LogonSamLogon(p, mem_ctx, &r); - - if (!creds_client_check(creds, &r.out.return_authenticator->cred)) { - DEBUG(1, ("Credential chaining failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - - /* make server info */ - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - status = make_server_info_netlogon_validation(mem_ctx, - user_info->client.account_name, - r.in.validation_level, &r.out.validation, - server_info); - return status; -} - -static const struct auth_operations domain_ops = { - .name = "domain", - .get_challenge = auth_get_challenge_not_implemented, - .check_password = domain_check_password -}; - -NTSTATUS auth_domain_init(void) -{ - NTSTATUS ret; - - ret = auth_register(&domain_ops); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0,("Failed to register 'domain' auth backend!\n")); - return ret; - } - return ret; -} diff --git a/source4/auth/config.mk b/source4/auth/config.mk index c09e484231..876d43a6ef 100644 --- a/source4/auth/config.mk +++ b/source4/auth/config.mk @@ -40,18 +40,6 @@ REQUIRED_SUBSYSTEMS = \ ####################### ####################### -# Start MODULE auth_domain -[MODULE::auth_domain] -INIT_FUNCTION = auth_domain_init -SUBSYSTEM = AUTH -INIT_OBJ_FILES = \ - auth_domain.o -REQUIRED_SUBSYSTEMS = \ - NDR_NETLOGON LIBNDR -# End MODULE auth_winbind -####################### - -####################### # Start MODULE auth_developer [MODULE::auth_developer] INIT_FUNCTION = auth_developer_init |