summaryrefslogtreecommitdiff
path: root/source4/winbind/wb_samba3_cmd.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/winbind/wb_samba3_cmd.c')
-rw-r--r--source4/winbind/wb_samba3_cmd.c92
1 files changed, 67 insertions, 25 deletions
diff --git a/source4/winbind/wb_samba3_cmd.c b/source4/winbind/wb_samba3_cmd.c
index 24074700fc..5ef0339ecb 100644
--- a/source4/winbind/wb_samba3_cmd.c
+++ b/source4/winbind/wb_samba3_cmd.c
@@ -29,7 +29,9 @@
#include "version.h"
#include "librpc/gen_ndr/netlogon.h"
#include "libcli/security/security.h"
-#include "auth/pam_errors.h"
+#include "auth/ntlm/pam_errors.h"
+#include "auth/credentials/credentials.h"
+#include "smbd/service_task.h"
/*
Send off the reply to an async Samba3 query, handling filling in the PAM, NTSTATUS and string errors.
@@ -41,13 +43,14 @@ static void wbsrv_samba3_async_auth_epilogue(NTSTATUS status,
struct winbindd_response *resp = &s3call->response;
if (!NT_STATUS_IS_OK(status)) {
resp->result = WINBINDD_ERROR;
- WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
- nt_errstr(status));
- WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
- get_friendly_nt_error_msg(status));
} else {
resp->result = WINBINDD_OK;
}
+
+ WBSRV_SAMBA3_SET_STRING(resp->data.auth.nt_status_string,
+ nt_errstr(status));
+ WBSRV_SAMBA3_SET_STRING(resp->data.auth.error_string,
+ get_friendly_nt_error_msg(status));
resp->data.auth.pam_error = nt_status_to_pam(status);
resp->data.auth.nt_status = NT_STATUS_V(status);
@@ -110,10 +113,12 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call)
NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
{
- s3call->response.result = WINBINDD_OK;
- s3call->response.extra_data.data =
- smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
- NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data);
+ char *path = smbd_tmp_path(s3call, s3call->wbconn->lp_ctx, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
+ NT_STATUS_HAVE_NO_MEMORY(path);
+ s3call->response.result = WINBINDD_OK;
+ s3call->response.extra_data.data = path;
+
+ s3call->response.length += strlen(path) + 1;
return NT_STATUS_OK;
}
@@ -123,41 +128,65 @@ NTSTATUS wbsrv_samba3_ping(struct wbsrv_samba3_call *s3call)
return NT_STATUS_OK;
}
-#if 0
-/*
- Validate that we have a working pipe to the domain controller.
- Return any NT error found in the process
+/* Plaintext authentication
+
+ This interface is used by ntlm_auth in it's 'basic' authentication
+ mode, as well as by pam_winbind to authenticate users where we are
+ given a plaintext password.
*/
-static void checkmachacc_recv_creds(struct composite_context *ctx);
+static void check_machacc_recv(struct composite_context *ctx);
NTSTATUS wbsrv_samba3_check_machacc(struct wbsrv_samba3_call *s3call)
{
+ NTSTATUS status;
+ struct cli_credentials *creds;
struct composite_context *ctx;
+ struct wbsrv_service *service =
+ s3call->wbconn->listen_socket->service;
+
+ /* Create a credentials structure */
+ creds = cli_credentials_init(s3call);
+ if (creds == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- DEBUG(5, ("wbsrv_samba3_check_machacc called\n"));
+ cli_credentials_set_conf(creds, service->task->lp_ctx);
- ctx = wb_cmd_checkmachacc_send(s3call->call);
- NT_STATUS_HAVE_NO_MEMORY(ctx);
+ /* Connect the machine account to the credentials */
+ status = cli_credentials_set_machine_account(creds, service->task->lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(creds);
+ return status;
+ }
- ctx->async.fn = checkmachacc_recv_creds;
+ ctx = wb_cmd_pam_auth_send(s3call, service, creds);
+
+ if (!ctx) {
+ talloc_free(creds);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ctx->async.fn = check_machacc_recv;
ctx->async.private_data = s3call;
- s3call->call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
+ s3call->flags |= WBSRV_CALL_FLAGS_REPLY_ASYNC;
return NT_STATUS_OK;
}
-
-static void checkmachacc_recv_creds(struct composite_context *ctx)
+
+static void check_machacc_recv(struct composite_context *ctx)
{
struct wbsrv_samba3_call *s3call =
talloc_get_type(ctx->async.private_data,
struct wbsrv_samba3_call);
NTSTATUS status;
- status = wb_cmd_checkmachacc_recv(ctx);
+ status = wb_cmd_pam_auth_recv(ctx);
+
+ if (!NT_STATUS_IS_OK(status)) goto done;
+ done:
wbsrv_samba3_async_auth_epilogue(status, s3call);
}
-#endif
/*
Find the name of a suitable domain controller, by query on the
@@ -543,6 +572,7 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
struct composite_context *ctx;
struct wbsrv_service *service =
s3call->wbconn->listen_socket->service;
+ struct cli_credentials *credentials;
char *user, *domain;
if (!wb_samba3_split_username(s3call, s3call->wbconn->lp_ctx,
@@ -551,8 +581,17 @@ NTSTATUS wbsrv_samba3_pam_auth(struct wbsrv_samba3_call *s3call)
return NT_STATUS_NO_SUCH_USER;
}
- ctx = wb_cmd_pam_auth_send(s3call, service, domain, user,
- s3call->request.data.auth.pass);
+ credentials = cli_credentials_init(s3call);
+ if (!credentials) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ cli_credentials_set_conf(credentials, service->task->lp_ctx);
+ cli_credentials_set_domain(credentials, domain, CRED_SPECIFIED);
+ cli_credentials_set_username(credentials, user, CRED_SPECIFIED);
+
+ cli_credentials_set_password(credentials, s3call->request.data.auth.pass, CRED_SPECIFIED);
+
+ ctx = wb_cmd_pam_auth_send(s3call, service, credentials);
NT_STATUS_HAVE_NO_MEMORY(ctx);
ctx->async.fn = pam_auth_recv;
@@ -681,6 +720,9 @@ static void list_users_recv(struct composite_context *ctx)
if (NT_STATUS_IS_OK(status)) {
s3call->response.extra_data.data = extra_data;
s3call->response.length += extra_data_len;
+ if (extra_data) {
+ s3call->response.length += 1;
+ }
}
wbsrv_samba3_async_epilogue(status, s3call);
generated by cgit (git 2.34.1) at 2025-01-31 08:08:13 +0000