[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-2267-g432a77e
Stefan Metzmacher
metze at samba.org
Fri Feb 15 10:56:40 GMT 2008
The branch, v3-2-test has been updated
via 432a77e0d7dbd52fd230e4ee9641b6ab4f4d3b73 (commit)
via 237c2e9738ae29ca7046d6f886d6f777a6206045 (commit)
via 423f139fd37496db2e690f20399357496367ed7c (commit)
via 491ba9c0c9d479bc686c75242a3749f14d103fcd (commit)
from 92cc5d88bbc63edac3e7c4b483c1a75f91263827 (commit)
http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 432a77e0d7dbd52fd230e4ee9641b6ab4f4d3b73
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 15 10:40:43 2008 +0100
wbinfo: ask wbcAuthenticateUserEx() for user info to test the more complex code path
metze
commit 237c2e9738ae29ca7046d6f886d6f777a6206045
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 15 10:46:19 2008 +0100
libwbclient: let wbcAuthenticateUser() use wbcAuthenticateUserEx()
metze
commit 423f139fd37496db2e690f20399357496367ed7c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 15 10:34:46 2008 +0100
libwbclient: implement WBC_AUTH_USER_LEVEL_PLAIN in wbcAuthenticateUserEx()
metze
commit 491ba9c0c9d479bc686c75242a3749f14d103fcd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 15 10:30:15 2008 +0100
libwbclient: wbcAuthenticateUserEx() be more strict regarding invalid parameters
metze
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/libwbclient/wbc_pam.c | 128 +++++++++++++++++++++++----------
source/nsswitch/wbinfo.c | 5 +-
2 files changed, 95 insertions(+), 38 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c
index e7bcdfe..de49a6b 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -34,30 +34,16 @@
wbcErr wbcAuthenticateUser(const char *username,
const char *password)
{
- wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
- struct winbindd_request request;
- struct winbindd_response response;
-
- if (!username) {
- wbc_status = WBC_ERR_INVALID_PARAM;
- BAIL_ON_WBC_ERROR(wbc_status);
- }
-
- /* Initialize request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
+ wbcErr wbc_status = WBC_ERR_SUCCESS;
+ struct wbcAuthUserParams params;
- /* dst is already null terminated from the memset above */
+ ZERO_STRUCT(params);
- strncpy(request.data.auth.user, username,
- sizeof(request.data.auth.user)-1);
- strncpy(request.data.auth.pass, password,
- sizeof(request.data.auth.user)-1);
+ params.account_name = username;
+ params.level = WBC_AUTH_USER_LEVEL_PLAIN;
+ params.password.plaintext = password;
- wbc_status = wbcRequestResponse(WINBINDD_PAM_AUTH,
- &request,
- &response);
+ wbc_status = wbcAuthenticateUserEx(¶ms, NULL, NULL);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -252,8 +238,8 @@ done:
/** @brief Authenticate with more detailed information
*
- * @param params Input parameters, only WBC_AUTH_USER_LEVEL_RESPONSE
- * is supported yet
+ * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
+ * is not supported yet
* @param info Output details on WBC_ERR_SUCCESS
* @param error Output details on WBC_ERR_AUTH_ERROR
*
@@ -265,11 +251,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
struct wbcAuthErrorInfo **error)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
- int cmd;
+ int cmd = 0;
struct winbindd_request request;
struct winbindd_response response;
-
ZERO_STRUCT(request);
ZERO_STRUCT(response);
@@ -282,12 +267,49 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
BAIL_ON_WBC_ERROR(wbc_status);
}
+ if (!params->account_name) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
/* Initialize request */
switch (params->level) {
case WBC_AUTH_USER_LEVEL_PLAIN:
- wbc_status = WBC_ERR_NOT_IMPLEMENTED;
- BAIL_ON_WBC_ERROR(wbc_status);
+ cmd = WINBINDD_PAM_AUTH;
+ request.flags = WBFLAG_PAM_INFO3_TEXT |
+ WBFLAG_PAM_USER_SESSION_KEY |
+ WBFLAG_PAM_LMKEY;
+
+ if (!params->password.plaintext) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if (params->domain_name && params->domain_name[0]) {
+ /* We need to get the winbind separator :-( */
+ struct winbindd_response sep_response;
+
+ ZERO_STRUCT(sep_response);
+
+ wbc_status = wbcRequestResponse(WINBINDD_INFO,
+ NULL, &sep_response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ snprintf(request.data.auth.user,
+ sizeof(request.data.auth.user)-1,
+ "%s%c%s",
+ params->domain_name,
+ sep_response.data.info.winbind_separator,
+ params->account_name);
+ } else {
+ strncpy(request.data.auth.user,
+ params->account_name,
+ sizeof(request.data.auth.user)-1);
+ }
+ strncpy(request.data.auth.pass,
+ params->password.plaintext,
+ sizeof(request.data.auth.user)-1);
break;
case WBC_AUTH_USER_LEVEL_HASH:
@@ -301,12 +323,36 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
WBFLAG_PAM_USER_SESSION_KEY |
WBFLAG_PAM_LMKEY;
+ if (params->password.response.lm_length &&
+ params->password.response.lm_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ if (params->password.response.lm_length == 0 &&
+ params->password.response.lm_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if (params->password.response.nt_length &&
+ !params->password.response.nt_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ if (params->password.response.nt_length == 0&&
+ params->password.response.nt_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
strncpy(request.data.auth_crap.user,
params->account_name,
sizeof(request.data.auth_crap.user)-1);
- strncpy(request.data.auth_crap.domain,
- params->domain_name,
- sizeof(request.data.auth_crap.domain)-1);
+ if (params->domain_name) {
+ strncpy(request.data.auth_crap.domain,
+ params->domain_name,
+ sizeof(request.data.auth_crap.domain)-1);
+ }
if (params->workstation_name) {
strncpy(request.data.auth_crap.workstation,
params->workstation_name,
@@ -326,16 +372,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
request.data.auth_crap.nt_resp_len =
MIN(params->password.response.nt_length,
sizeof(request.data.auth_crap.nt_resp));
- memcpy(request.data.auth_crap.lm_resp,
- params->password.response.lm_data,
- request.data.auth_crap.lm_resp_len);
- memcpy(request.data.auth_crap.nt_resp,
- params->password.response.nt_data,
- request.data.auth_crap.nt_resp_len);
-
+ if (params->password.response.lm_data) {
+ memcpy(request.data.auth_crap.lm_resp,
+ params->password.response.lm_data,
+ request.data.auth_crap.lm_resp_len);
+ }
+ if (params->password.response.nt_data) {
+ memcpy(request.data.auth_crap.nt_resp,
+ params->password.response.nt_data,
+ request.data.auth_crap.nt_resp_len);
+ }
break;
}
+ if (cmd == 0) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
wbc_status = wbcRequestResponse(cmd,
&request,
&response);
diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c
index 689dc5e..ee51cce 100644
--- a/source/nsswitch/wbinfo.c
+++ b/source/nsswitch/wbinfo.c
@@ -906,6 +906,7 @@ static bool wbinfo_auth_crap(char *username)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct wbcAuthUserParams params;
+ struct wbcAuthUserInfo *info = NULL;
struct wbcAuthErrorInfo *err = NULL;
DATA_BLOB lm = data_blob_null;
DATA_BLOB nt = data_blob_null;
@@ -974,7 +975,7 @@ static bool wbinfo_auth_crap(char *username)
params.password.response.lm_length = lm.length;
params.password.response.lm_data = lm.data;
- wbc_status = wbcAuthenticateUserEx(¶ms, NULL, &err);
+ wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err);
/* Display response */
@@ -987,6 +988,8 @@ static bool wbinfo_auth_crap(char *username)
err->nt_status,
err->display_string);
wbcFreeMemory(err);
+ } else if (WBC_ERROR_IS_OK(wbc_status)) {
+ wbcFreeMemory(info);
}
data_blob_free(&nt);
--
Samba Shared Repository
More information about the samba-cvs
mailing list