From a36f9250e7c9446f3eece6d8db29fcbde99256fb Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 7 May 2001 04:32:40 +0000 Subject: Preliminary merge of winbind into HEAD. Note that this compiles and links but I haven't actually run it yet so it probably doesn't work. (-: (This used to be commit 59f95416b66db6df05289bde224de29c721978e5) --- source3/nsswitch/winbindd_pam.c | 88 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 79 insertions(+), 9 deletions(-) (limited to 'source3/nsswitch/winbindd_pam.c') diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index c74afd8e29..57b2394799 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -23,6 +23,28 @@ #include "winbindd.h" +/* Copy of parse_domain_user from winbindd_util.c. Parse a string of the + form DOMAIN/user into a domain and a user */ + +static void parse_domain_user(char *domuser, fstring domain, fstring user) +{ + char *p; + char *sep = lp_winbind_separator(); + if (!sep) sep = "\\"; + p = strchr(domuser,*sep); + if (!p) p = strchr(domuser,'\\'); + if (!p) { + fstrcpy(domain,""); + fstrcpy(user, domuser); + return; + } + + fstrcpy(user, p+1); + fstrcpy(domain, domuser); + domain[PTR_DIFF(p, domuser)] = 0; + strupper(domain); +} + /* Return a password structure from a username. Specify whether cached data can be returned. */ @@ -31,31 +53,37 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) NET_USER_INFO_3 info3; uchar ntpw[16]; uchar lmpw[16]; - uint8 trust_passwd[16]; + uchar trust_passwd[16]; uint32 status; fstring server; fstring name_domain, name_user; extern pstring global_myname; - DEBUG(1,("winbindd_pam_auth user=%s\n", - state->request.data.auth.user)); + DEBUG(3, ("[%5d]: pam auth %s\n", state->pid, + state->request.data.auth.user)); /* Parse domain and username */ - parse_domain_user(state->request.data.auth.user, name_domain, name_user); + parse_domain_user(state->request.data.auth.user, name_domain, + name_user); /* don't allow the null domain */ if (strcmp(name_domain,"") == 0) return WINBINDD_ERROR; ZERO_STRUCT(info3); - if (!secrets_fetch_trust_account_password(lp_workgroup(), - trust_passwd, NULL)) { - return WINBINDD_ERROR; - } + if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { + DEBUG(1, ("could not get trust password for domain %s\n", + name_domain)); + return WINBINDD_ERROR; + } nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw); - slprintf(server, sizeof(server)-1, "\\\\%s", server_state.controller); + slprintf(server, sizeof(server), "\\\\%s", server_state.controller); + +#if 0 + + /* XXX */ status = domain_client_validate_backend(server, name_user, name_domain, @@ -64,9 +92,51 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) NULL, lmpw, sizeof(lmpw), ntpw, sizeof(ntpw), &info3); +#else + status = NT_STATUS_UNSUCCESSFUL; +#endif + if (status != NT_STATUS_NOPROBLEMO) return WINBINDD_ERROR; return WINBINDD_OK; } +/* Change a user password */ + +enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state) +{ + char *oldpass, *newpass; + fstring domain, user; + uchar nt_oldhash[16]; + uchar lm_oldhash[16]; + + DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid, + state->request.data.chauthtok.user)); + + /* Setup crap */ + + if (state == NULL) return WINBINDD_ERROR; + + parse_domain_user(state->request.data.chauthtok.user, domain, user); + + oldpass = state->request.data.chauthtok.oldpass; + newpass = state->request.data.chauthtok.newpass; + + nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash); + + /* Change password */ + +#if 0 + + /* XXX */ + + if (!msrpc_sam_ntchange_pwd(server_state.controller, domain, user, + lm_oldhash, nt_oldhash, newpass)) { + DEBUG(0, ("password change failed for user %s/%s\n", domain, user)); + return WINBINDD_ERROR; + } +#endif + + return WINBINDD_OK; +} -- cgit