diff options
| -rw-r--r-- | source3/nsswitch/wbinfo.c | 62 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd.c | 1 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_misc.c | 21 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_nss.h | 2 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_pam.c | 34 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_proto.h | 2 |
6 files changed, 84 insertions, 38 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 9c012eb85d..56cccee3b8 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -31,6 +31,23 @@ NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response); +/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the + form DOMAIN/user into a domain and a user */ + +static BOOL parse_domain_user(const char *domuser, fstring domain, fstring user) +{ + char *p = strchr(domuser,*lp_winbind_separator()); + + if (!p) + return False; + + fstrcpy(user, p+1); + fstrcpy(domain, domuser); + domain[PTR_DIFF(p, domuser)] = 0; + strupper(domain); + return True; +} + /* List groups a user is a member of */ static BOOL wbinfo_get_usergroups(char *user) @@ -282,8 +299,10 @@ static BOOL wbinfo_auth(char *username) * Don't do the lookup if the name has no separator. */ - if (!strchr(username, *lp_winbind_separator())) + if (!strchr(username, *lp_winbind_separator())) { + printf("no domain seperator (%s) in username - failing\n", lp_winbind_separator()); return False; + } /* Send off request */ @@ -317,6 +336,8 @@ static BOOL wbinfo_auth_crap(char *username) struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; + fstring name_user; + fstring name_domain; fstring pass; char *p; @@ -324,8 +345,10 @@ static BOOL wbinfo_auth_crap(char *username) * Don't do the lookup if the name has no separator. */ - if (!strchr(username, *lp_winbind_separator())) + if (!strchr(username, *lp_winbind_separator())) { + printf("no domain seperator (%s) in username - failing\n", lp_winbind_separator()); return False; + } /* Send off request */ @@ -336,11 +359,14 @@ static BOOL wbinfo_auth_crap(char *username) if (p) { *p = 0; - fstrcpy(request.data.auth_crap.user, username); fstrcpy(pass, p + 1); - *p = '%'; - } else - fstrcpy(request.data.auth_crap.user, username); + } + + parse_domain_user(username, name_domain, name_user); + + fstrcpy(request.data.auth_crap.user, name_user); + + fstrcpy(request.data.auth_crap.domain, name_domain); generate_random_buffer(request.data.auth_crap.chal, 8, False); @@ -447,6 +473,20 @@ static BOOL wbinfo_set_auth_user(char *username) return True; } +static BOOL wbinfo_ping(void) +{ + NSS_STATUS result; + + result = winbindd_request(WINBINDD_PING, NULL, NULL); + + /* Display response */ + + printf("'ping' to winbindd %s\n", + (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); + + return result == NSS_STATUS_SUCCESS; +} + /* Print program usage */ static void usage(void) @@ -465,6 +505,7 @@ static void usage(void) printf("\t-m\t\t\tlist trusted domains\n"); printf("\t-r user\t\t\tget user groups\n"); printf("\t-a user%%password\tauthenticate user\n"); + printf("\t-p 'ping' winbindd to see if it is alive\n"); } /* Main program */ @@ -500,6 +541,7 @@ int main(int argc, char **argv) { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' }, { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' }, { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER }, + { "ping", 'p', POPT_ARG_NONE, 0, 'p' }, { 0, 0, 0, 0 } }; @@ -640,6 +682,14 @@ int main(int argc, char **argv) return 1; break; } + case 'p': { + + if (!wbinfo_ping()) { + printf("could not ping winbindd!\n"); + return 1; + } + break; + } case OPT_SET_AUTH_USER: if (!(wbinfo_set_auth_user(string_arg))) { return 1; diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 7da20d8b01..631b71961d 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -329,6 +329,7 @@ static struct dispatch_table dispatch_table[] = { /* Miscellaneous */ { WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" }, + { WINBINDD_PING, winbindd_ping, "PING" }, /* End of list */ diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index 2718a75385..2cfea9bbb6 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -31,18 +31,9 @@ extern pstring global_myname; static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, time_t *pass_last_set_time) { - struct machine_acct_pass *pass; - size_t size; - - if (!(pass = secrets_fetch(trust_keystr(domain), &size)) || - size != sizeof(*pass)) + if (!secrets_fetch_trust_account_password(domain, ret_pwd, pass_last_set_time)) { return False; - - if (pass_last_set_time) - *pass_last_set_time = pass->mod_time; - - memcpy(ret_pwd, pass->hash, 16); - SAFE_FREE(pass); + } return True; } @@ -150,3 +141,11 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state return WINBINDD_OK; } + +enum winbindd_result winbindd_ping(struct winbindd_cli_state + *state) +{ + DEBUG(3, ("[%5d]: ping\n", state->pid)); + + return WINBINDD_OK; +} diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 07c67dd558..4d836a21cf 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -83,6 +83,7 @@ enum winbindd_cmd { /* Miscellaneous other stuff */ WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ + WINBINDD_PING, /* Just tell me winbind is running */ /* Placeholder for end of cmd list */ @@ -107,6 +108,7 @@ struct winbindd_request { struct { unsigned char chal[8]; fstring user; + fstring domain; fstring lm_resp; uint16 lm_resp_len; fstring nt_resp; diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index f168ce9e35..87086586ec 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -53,10 +53,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) } /* Parse domain and username */ - + if (!parse_domain_user(state->request.data.auth.user, name_domain, - name_user)) + name_user)) { + DEBUG(5,("no domain seperator (%s) in username (%s) - failing fauth\n", lp_winbind_separator(), state->request.data.auth.user)); return WINBINDD_ERROR; + } passlen = strlen(state->request.data.auth.pass); @@ -71,8 +73,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) SMBNTencrypt((const uchar *)state->request.data.auth.pass, chal, local_nt_response); - lm_resp = data_blob(local_lm_response, sizeof(local_lm_response)); - nt_resp = data_blob(local_nt_response, sizeof(local_nt_response)); + lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response)); + nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response)); } /* @@ -106,8 +108,6 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) &info3); done: - data_blob_free(&lm_resp); - data_blob_free(&nt_resp); cli_shutdown(cli); @@ -115,13 +115,12 @@ done: return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } - + /* Challenge Response Authentication Protocol */ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) { NTSTATUS result; - fstring name_domain, name_user; unsigned char trust_passwd[16]; time_t last_change_time; NET_USER_INFO_3 info3; @@ -132,23 +131,16 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) extern pstring global_myname; - DEBUG(3, ("[%5d]: pam auth crap %s\n", state->pid, - state->request.data.auth_crap.user)); + DEBUG(3, ("[%5d]: pam auth crap domain: %s user: %s\n", state->pid, + state->request.data.auth_crap.user, state->request.data.auth_crap.user)); - if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) { + if (!(mem_ctx = talloc_init_named("winbind pam auth crap for %s", state->request.data.auth.user))) { DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n")); return WINBINDD_ERROR; } - /* Parse domain and username */ - if (!parse_domain_user(state->request.data.auth_crap.user, name_domain, - name_user)) - return WINBINDD_ERROR; - - - - lm_resp = data_blob(state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); - nt_resp = data_blob(state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len); + lm_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); + nt_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len); /* * Get the machine account password for our primary domain @@ -171,7 +163,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) } result = cli_netlogon_sam_network_logon(cli, mem_ctx, - name_user, name_domain, + state->request.data.auth_crap.user, state->request.data.auth_crap.domain, global_myname, state->request.data.auth_crap.chal, lm_resp, nt_resp, &info3); diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index ac72768ea4..bedd5a0352 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -68,6 +68,8 @@ void winbindd_idmap_status(void); enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state); enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state *state); +enum winbindd_result winbindd_ping(struct winbindd_cli_state + *state); /* The following definitions come from nsswitch/winbindd_pam.c */ |