summaryrefslogtreecommitdiff
path: root/nsswitch
diff options
context:
space:
mode:
Diffstat (limited to 'nsswitch')
-rw-r--r--nsswitch/libwbclient/wbc_pam.c16
-rw-r--r--nsswitch/libwbclient/wbclient.h42
-rw-r--r--nsswitch/winbind_struct_protocol.h1
3 files changed, 38 insertions, 21 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index f7fb9f23f6..f183cc61b1 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -364,7 +364,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
BAIL_ON_WBC_ERROR(wbc_status);
}
- if (!params->account_name) {
+ if (params->level != WBC_AUTH_USER_LEVEL_PAC && !params->account_name) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
@@ -491,6 +491,20 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
request.data.auth_crap.nt_resp_len);
}
break;
+
+ case WBC_AUTH_USER_LEVEL_PAC:
+ cmd = WINBINDD_PAM_AUTH_CRAP;
+ request.flags = WBFLAG_PAM_AUTH_PAC | WBFLAG_PAM_INFO3_TEXT;
+ request.extra_data.data = malloc(params->password.pac.length);
+ if (request.extra_data.data == NULL) {
+ wbc_status = WBC_ERR_NO_MEMORY;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ memcpy(request.extra_data.data, params->password.pac.data,
+ params->password.pac.length);
+ request.extra_len = params->password.pac.length;
+ break;
+
default:
break;
}
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index cb70cbd513..473c9019d6 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -197,6 +197,25 @@ struct wbcDomainInfo {
#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
/**
+ * @brief Generic Blob
+ **/
+
+struct wbcBlob {
+ uint8_t *data;
+ size_t length;
+};
+
+/**
+ * @brief Named Blob
+ **/
+
+struct wbcNamedBlob {
+ const char *name;
+ uint32_t flags;
+ struct wbcBlob blob;
+};
+
+/**
* @brief Auth User Parameters
**/
@@ -212,7 +231,8 @@ struct wbcAuthUserParams {
enum wbcAuthUserLevel {
WBC_AUTH_USER_LEVEL_PLAIN = 1,
WBC_AUTH_USER_LEVEL_HASH = 2,
- WBC_AUTH_USER_LEVEL_RESPONSE = 3
+ WBC_AUTH_USER_LEVEL_RESPONSE = 3,
+ WBC_AUTH_USER_LEVEL_PAC = 4
} level;
union {
const char *plaintext;
@@ -227,29 +247,11 @@ struct wbcAuthUserParams {
uint32_t lm_length;
uint8_t *lm_data;
} response;
+ struct wbcBlob pac;
} password;
};
/**
- * @brief Generic Blob
- **/
-
-struct wbcBlob {
- uint8_t *data;
- size_t length;
-};
-
-/**
- * @brief Named Blob
- **/
-
-struct wbcNamedBlob {
- const char *name;
- uint32_t flags;
- struct wbcBlob blob;
-};
-
-/**
* @brief Logon User Parameters
**/
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index e5ed8e1b3a..c1704c8e0b 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -218,6 +218,7 @@ typedef struct winbindd_gr {
#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
+#define WBFLAG_PAM_AUTH_PAC 0x00010000
/* generic request flags */
#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
generated by cgit (git 2.34.1) at 2024-06-01 19:40:17 +0000