summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/nsswitch/libwbclient/wbc_pam.c40
1 files changed, 36 insertions, 4 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c
index cf56a8b6d6..aac7e690ff 100644
--- a/source3/nsswitch/libwbclient/wbc_pam.c
+++ b/source3/nsswitch/libwbclient/wbc_pam.c
@@ -252,8 +252,8 @@ done:
/** @brief Authenticate with more detailed information
*
- * @param params Input parameters, only WBC_AUTH_USER_LEVEL_RESPONSE
- * is supported yet
+ * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
+ * is not supported yet
* @param info Output details on WBC_ERR_SUCCESS
* @param error Output details on WBC_ERR_AUTH_ERROR
*
@@ -290,8 +290,40 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
switch (params->level) {
case WBC_AUTH_USER_LEVEL_PLAIN:
- wbc_status = WBC_ERR_NOT_IMPLEMENTED;
- BAIL_ON_WBC_ERROR(wbc_status);
+ cmd = WINBINDD_PAM_AUTH;
+ request.flags = WBFLAG_PAM_INFO3_TEXT |
+ WBFLAG_PAM_USER_SESSION_KEY |
+ WBFLAG_PAM_LMKEY;
+
+ if (!params->password.plaintext) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if (params->domain_name && params->domain_name[0]) {
+ /* We need to get the winbind separator :-( */
+ struct winbindd_response sep_response;
+
+ ZERO_STRUCT(sep_response);
+
+ wbc_status = wbcRequestResponse(WINBINDD_INFO,
+ NULL, &sep_response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ snprintf(request.data.auth.user,
+ sizeof(request.data.auth.user)-1,
+ "%s%c%s",
+ params->domain_name,
+ sep_response.data.info.winbind_separator,
+ params->account_name);
+ } else {
+ strncpy(request.data.auth.user,
+ params->account_name,
+ sizeof(request.data.auth.user)-1);
+ }
+ strncpy(request.data.auth.pass,
+ params->password.plaintext,
+ sizeof(request.data.auth.user)-1);
break;
case WBC_AUTH_USER_LEVEL_HASH: