summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/wbinfo.c62
-rw-r--r--source3/nsswitch/winbindd.c1
-rw-r--r--source3/nsswitch/winbindd_misc.c21
-rw-r--r--source3/nsswitch/winbindd_nss.h2
-rw-r--r--source3/nsswitch/winbindd_pam.c34
-rw-r--r--source3/nsswitch/winbindd_proto.h2
6 files changed, 84 insertions, 38 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 9c012eb85d..56cccee3b8 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -31,6 +31,23 @@ NSS_STATUS winbindd_request(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
+/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the
+ form DOMAIN/user into a domain and a user */
+
+static BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
+{
+ char *p = strchr(domuser,*lp_winbind_separator());
+
+ if (!p)
+ return False;
+
+ fstrcpy(user, p+1);
+ fstrcpy(domain, domuser);
+ domain[PTR_DIFF(p, domuser)] = 0;
+ strupper(domain);
+ return True;
+}
+
/* List groups a user is a member of */
static BOOL wbinfo_get_usergroups(char *user)
@@ -282,8 +299,10 @@ static BOOL wbinfo_auth(char *username)
* Don't do the lookup if the name has no separator.
*/
- if (!strchr(username, *lp_winbind_separator()))
+ if (!strchr(username, *lp_winbind_separator())) {
+ printf("no domain seperator (%s) in username - failing\n", lp_winbind_separator());
return False;
+ }
/* Send off request */
@@ -317,6 +336,8 @@ static BOOL wbinfo_auth_crap(char *username)
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
+ fstring name_user;
+ fstring name_domain;
fstring pass;
char *p;
@@ -324,8 +345,10 @@ static BOOL wbinfo_auth_crap(char *username)
* Don't do the lookup if the name has no separator.
*/
- if (!strchr(username, *lp_winbind_separator()))
+ if (!strchr(username, *lp_winbind_separator())) {
+ printf("no domain seperator (%s) in username - failing\n", lp_winbind_separator());
return False;
+ }
/* Send off request */
@@ -336,11 +359,14 @@ static BOOL wbinfo_auth_crap(char *username)
if (p) {
*p = 0;
- fstrcpy(request.data.auth_crap.user, username);
fstrcpy(pass, p + 1);
- *p = '%';
- } else
- fstrcpy(request.data.auth_crap.user, username);
+ }
+
+ parse_domain_user(username, name_domain, name_user);
+
+ fstrcpy(request.data.auth_crap.user, name_user);
+
+ fstrcpy(request.data.auth_crap.domain, name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8, False);
@@ -447,6 +473,20 @@ static BOOL wbinfo_set_auth_user(char *username)
return True;
}
+static BOOL wbinfo_ping(void)
+{
+ NSS_STATUS result;
+
+ result = winbindd_request(WINBINDD_PING, NULL, NULL);
+
+ /* Display response */
+
+ printf("'ping' to winbindd %s\n",
+ (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
+
+ return result == NSS_STATUS_SUCCESS;
+}
+
/* Print program usage */
static void usage(void)
@@ -465,6 +505,7 @@ static void usage(void)
printf("\t-m\t\t\tlist trusted domains\n");
printf("\t-r user\t\t\tget user groups\n");
printf("\t-a user%%password\tauthenticate user\n");
+ printf("\t-p 'ping' winbindd to see if it is alive\n");
}
/* Main program */
@@ -500,6 +541,7 @@ int main(int argc, char **argv)
{ "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r' },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a' },
{ "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER },
+ { "ping", 'p', POPT_ARG_NONE, 0, 'p' },
{ 0, 0, 0, 0 }
};
@@ -640,6 +682,14 @@ int main(int argc, char **argv)
return 1;
break;
}
+ case 'p': {
+
+ if (!wbinfo_ping()) {
+ printf("could not ping winbindd!\n");
+ return 1;
+ }
+ break;
+ }
case OPT_SET_AUTH_USER:
if (!(wbinfo_set_auth_user(string_arg))) {
return 1;
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 7da20d8b01..631b71961d 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -329,6 +329,7 @@ static struct dispatch_table dispatch_table[] = {
/* Miscellaneous */
{ WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" },
+ { WINBINDD_PING, winbindd_ping, "PING" },
/* End of list */
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index 2718a75385..2cfea9bbb6 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -31,18 +31,9 @@ extern pstring global_myname;
static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd,
time_t *pass_last_set_time)
{
- struct machine_acct_pass *pass;
- size_t size;
-
- if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
- size != sizeof(*pass))
+ if (!secrets_fetch_trust_account_password(domain, ret_pwd, pass_last_set_time)) {
return False;
-
- if (pass_last_set_time)
- *pass_last_set_time = pass->mod_time;
-
- memcpy(ret_pwd, pass->hash, 16);
- SAFE_FREE(pass);
+ }
return True;
}
@@ -150,3 +141,11 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
return WINBINDD_OK;
}
+
+enum winbindd_result winbindd_ping(struct winbindd_cli_state
+ *state)
+{
+ DEBUG(3, ("[%5d]: ping\n", state->pid));
+
+ return WINBINDD_OK;
+}
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 07c67dd558..4d836a21cf 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -83,6 +83,7 @@ enum winbindd_cmd {
/* Miscellaneous other stuff */
WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
+ WINBINDD_PING, /* Just tell me winbind is running */
/* Placeholder for end of cmd list */
@@ -107,6 +108,7 @@ struct winbindd_request {
struct {
unsigned char chal[8];
fstring user;
+ fstring domain;
fstring lm_resp;
uint16 lm_resp_len;
fstring nt_resp;
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index f168ce9e35..87086586ec 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -53,10 +53,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
}
/* Parse domain and username */
-
+
if (!parse_domain_user(state->request.data.auth.user, name_domain,
- name_user))
+ name_user)) {
+ DEBUG(5,("no domain seperator (%s) in username (%s) - failing fauth\n", lp_winbind_separator(), state->request.data.auth.user));
return WINBINDD_ERROR;
+ }
passlen = strlen(state->request.data.auth.pass);
@@ -71,8 +73,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
SMBNTencrypt((const uchar *)state->request.data.auth.pass, chal, local_nt_response);
- lm_resp = data_blob(local_lm_response, sizeof(local_lm_response));
- nt_resp = data_blob(local_nt_response, sizeof(local_nt_response));
+ lm_resp = data_blob_talloc(mem_ctx, local_lm_response, sizeof(local_lm_response));
+ nt_resp = data_blob_talloc(mem_ctx, local_nt_response, sizeof(local_nt_response));
}
/*
@@ -106,8 +108,6 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
&info3);
done:
- data_blob_free(&lm_resp);
- data_blob_free(&nt_resp);
cli_shutdown(cli);
@@ -115,13 +115,12 @@ done:
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
-
+
/* Challenge Response Authentication Protocol */
enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
{
NTSTATUS result;
- fstring name_domain, name_user;
unsigned char trust_passwd[16];
time_t last_change_time;
NET_USER_INFO_3 info3;
@@ -132,23 +131,16 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
extern pstring global_myname;
- DEBUG(3, ("[%5d]: pam auth crap %s\n", state->pid,
- state->request.data.auth_crap.user));
+ DEBUG(3, ("[%5d]: pam auth crap domain: %s user: %s\n", state->pid,
+ state->request.data.auth_crap.user, state->request.data.auth_crap.user));
- if (!(mem_ctx = talloc_init_named("winbind pam auth for %s", state->request.data.auth.user))) {
+ if (!(mem_ctx = talloc_init_named("winbind pam auth crap for %s", state->request.data.auth.user))) {
DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
return WINBINDD_ERROR;
}
- /* Parse domain and username */
- if (!parse_domain_user(state->request.data.auth_crap.user, name_domain,
- name_user))
- return WINBINDD_ERROR;
-
-
-
- lm_resp = data_blob(state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len);
- nt_resp = data_blob(state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len);
+ lm_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len);
+ nt_resp = data_blob_talloc(mem_ctx, state->request.data.auth_crap.nt_resp, state->request.data.auth_crap.nt_resp_len);
/*
* Get the machine account password for our primary domain
@@ -171,7 +163,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
}
result = cli_netlogon_sam_network_logon(cli, mem_ctx,
- name_user, name_domain,
+ state->request.data.auth_crap.user, state->request.data.auth_crap.domain,
global_myname, state->request.data.auth_crap.chal,
lm_resp, nt_resp,
&info3);
diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h
index ac72768ea4..bedd5a0352 100644
--- a/source3/nsswitch/winbindd_proto.h
+++ b/source3/nsswitch/winbindd_proto.h
@@ -68,6 +68,8 @@ void winbindd_idmap_status(void);
enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state);
enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
*state);
+enum winbindd_result winbindd_ping(struct winbindd_cli_state
+ *state);
/* The following definitions come from nsswitch/winbindd_pam.c */