diff options
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/wbinfo.c | 67 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_nss.h | 1 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 35 |
3 files changed, 103 insertions, 0 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 81626998b3..2cea4130ad 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -594,6 +594,64 @@ static BOOL wbinfo_auth_crap(char *username) return result == NSS_STATUS_SUCCESS; } +/* Authenticate a user with a plaintext password and set a token */ + +static BOOL wbinfo_klog(char *username) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + char *p; + + /* Send off request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + p = strchr(username, '%'); + + if (p) { + *p = 0; + fstrcpy(request.data.auth.user, username); + fstrcpy(request.data.auth.pass, p + 1); + *p = '%'; + } else { + fstrcpy(request.data.auth.user, username); + fstrcpy(request.data.auth.pass, getpass("Password: ")); + } + + request.flags |= WBFLAG_PAM_AFS_TOKEN; + + result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response); + + /* Display response */ + + d_printf("plaintext password authentication %s\n", + (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); + + if (response.data.auth.nt_status) + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", + response.data.auth.nt_status_string, + response.data.auth.nt_status, + response.data.auth.error_string); + + if (result != NSS_STATUS_SUCCESS) + return False; + + if (response.extra_data == NULL) { + d_printf("Did not get token data\n"); + return False; + } + + if (!afs_settoken_str((char *)response.extra_data)) { + d_printf("Could not set token\n"); + return False; + } + + d_printf("Successfully created AFS token\n"); + return True; +} + /****************************************************************** create a winbindd user ******************************************************************/ @@ -1001,6 +1059,9 @@ int main(int argc, char **argv) { "get-auth-user", 0, POPT_ARG_NONE, NULL, OPT_GET_AUTH_USER, "Retrieve user and password used by winbindd (root only)", NULL }, { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" }, { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" }, +#ifdef WITH_FAKE_KASERVER + { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, +#endif POPT_COMMON_VERSION POPT_TABLEEND }; @@ -1160,6 +1221,12 @@ int main(int argc, char **argv) goto done; break; } + case 'k': + if (!wbinfo_klog(string_arg)) { + d_printf("Could not klog user\n"); + goto done; + } + break; case 'c': if ( !wbinfo_create_user(string_arg) ) { d_printf("Could not create user account\n"); diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 0d110b8afa..c8fe5c826c 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -156,6 +156,7 @@ typedef struct winbindd_gr { #define WBFLAG_QUERY_ONLY 0x0020 #define WBFLAG_ALLOCATE_RID 0x0040 #define WBFLAG_PAM_UNIX_NAME 0x0080 +#define WBFLAG_PAM_AFS_TOKEN 0x0100 /* Winbind request structure */ diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 37b2a9f21b..1d232edfe3 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -211,6 +211,41 @@ done: state->response.data.auth.nt_status_string, state->response.data.auth.pam_error)); + if ( NT_STATUS_IS_OK(result) && + (state->request.flags & WBFLAG_PAM_AFS_TOKEN) ) { + + char *afsname = strdup(lp_afs_username_map()); + char *cell; + + if (afsname == NULL) goto no_token; + + afsname = realloc_string_sub(afsname, "%D", name_domain); + afsname = realloc_string_sub(afsname, "%u", name_user); + afsname = realloc_string_sub(afsname, "%U", name_user); + + if (afsname == NULL) goto no_token; + + strlower_m(afsname); + + cell = strchr(afsname, '@'); + + if (cell == NULL) goto no_token; + + *cell = '\0'; + cell += 1; + + /* Append an AFS token string */ + state->response.extra_data = + afs_createtoken_str(afsname, cell); + + if (state->response.extra_data != NULL) + state->response.length += + strlen(state->response.extra_data)+1; + + no_token: + SAFE_FREE(afsname); + } + if (mem_ctx) talloc_destroy(mem_ctx); |