diff options
Diffstat (limited to 'nsswitch')
-rw-r--r-- | nsswitch/libwbclient/wbc_pam.c | 18 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbclient.h | 10 | ||||
-rw-r--r-- | nsswitch/wbinfo.c | 46 | ||||
-rw-r--r-- | nsswitch/winbind_struct_protocol.h | 9 |
4 files changed, 82 insertions, 1 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 1f76c0a143..087db2e6c6 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -1119,3 +1119,21 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, { return WBC_ERR_NOT_IMPLEMENTED; } + +/* Authenticate a user with cached credentials */ +wbcErr wbcCredentialSave(const char *user, const char *password) +{ + struct winbindd_request request; + struct winbindd_response response; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.ccache_save.user, user, + sizeof(request.data.ccache_save.user)-1); + strncpy(request.data.ccache_save.pass, password, + sizeof(request.data.ccache_save.pass)-1); + request.data.ccache_save.uid = getuid(); + + return wbcRequestResponse(WINBINDD_CCACHE_SAVE, &request, &response); +} diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index 33a4ace75c..06f0713c86 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -1164,6 +1164,16 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, struct wbcCredentialCacheInfo **info, struct wbcAuthErrorInfo **error); +/** + * @brief Save a password with winbind for doing wbcCredentialCache() later + * + * @param *user Username + * @param *password Password + * + * @return #wbcErr + **/ +wbcErr wbcCredentialSave(const char *user, const char *password); + /********************************************************** * Resolve functions **********************************************************/ diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 45d8684bad..a43ce8f4c9 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -1530,6 +1530,43 @@ static bool wbinfo_auth_crap(char *username, bool use_ntlmv2, bool use_lanman) return WBC_ERROR_IS_OK(wbc_status); } +/* Save creds with winbind */ + +static bool wbinfo_ccache_save(char *username) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *s = NULL; + char *p = NULL; + char *password = NULL; + char *name = NULL; + TALLOC_CTX *frame = talloc_stackframe(); + + s = talloc_strdup(frame, username); + if (s == NULL) { + return false; + } + + p = strchr(s, '%'); + if (p != NULL) { + *p = 0; + p++; + password = talloc_strdup(frame, p); + } else { + password = wbinfo_prompt_pass(frame, NULL, username); + } + + name = s; + + wbc_status = wbcCredentialSave(name, password); + + d_printf("saving creds %s\n", + WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); + + TALLOC_FREE(frame); + + return WBC_ERROR_IS_OK(wbc_status); +} + #ifdef WITH_FAKE_KASERVER /* Authenticate a user with a plaintext password and set a token */ @@ -1736,6 +1773,7 @@ enum { OPT_ONLINESTATUS, OPT_CHANGE_USER_PASSWORD, OPT_PING_DC, + OPT_CCACHE_SAVE, OPT_SID_TO_FULLNAME, OPT_NTLMV2, OPT_LANMAN @@ -1805,6 +1843,9 @@ int main(int argc, char **argv, char **envp) { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" }, { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" }, + { "ccache-save", 0, POPT_ARG_STRING, &string_arg, + OPT_CCACHE_SAVE, "Store user and password for ccache " + "operation", "user%password" }, { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME, "Get a DC name for a foreign domain", "domainname" }, { "dsgetdcname", 0, POPT_ARG_STRING, &string_arg, OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" }, @@ -2189,6 +2230,11 @@ int main(int argc, char **argv, char **envp) wbinfo_get_auth_user(); goto done; break; + case OPT_CCACHE_SAVE: + if (!wbinfo_ccache_save(string_arg)) { + goto done; + } + break; case OPT_GETDCNAME: if (!wbinfo_getdcname(string_arg)) { goto done; diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index 4d27d5283c..7790155f25 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -48,8 +48,9 @@ typedef char fstring[FSTRING_LEN]; * 21: added WINBINDD_GETPWSID * added WINBINDD_GETSIDALIASES * 22: added WINBINDD_PING_DC + * 23: added WINBINDD_CCACHE_SAVE */ -#define WINBIND_INTERFACE_VERSION 22 +#define WINBIND_INTERFACE_VERSION 23 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment. On a 64bit Linux box, we have to support a constant structure size @@ -177,6 +178,7 @@ enum winbindd_cmd { /* Complete the challenge phase of the NTLM authentication protocol using cached password. */ WINBINDD_CCACHE_NTLMAUTH, + WINBINDD_CCACHE_SAVE, WINBINDD_NUM_CMDS }; @@ -335,6 +337,11 @@ struct winbindd_request { uint32_t challenge_blob_len; } ccache_ntlm_auth; struct { + uid_t uid; + fstring user; + fstring pass; + } ccache_save; + struct { fstring domain_name; fstring domain_guid; fstring site_name; |