[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4468-g8002532
Günther Deschner
gd at samba.org
Fri Nov 21 01:03:22 GMT 2008
The branch, v3-3-test has been updated
via 80025324a944d74df4df883e7e9987533c8f1356 (commit)
via 9a24e73f5112cfb0a9378dee0d82340f3de8e363 (commit)
via 095fe83f9d3115cefc876a62b012d3b12f9f68c3 (commit)
via d56cb98cd3a17f2847d088ed6187969fe51db740 (commit)
from b2b5946c2419482eaf7064b69a569cb3cfc1a8d7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 80025324a944d74df4df883e7e9987533c8f1356
Author: Günther Deschner <gd at samba.org>
Date: Fri Oct 10 15:18:02 2008 +0200
libwbclient: add wbcLogonUser().
Guenther
commit 9a24e73f5112cfb0a9378dee0d82340f3de8e363
Author: Günther Deschner <gd at samba.org>
Date: Fri Aug 15 13:53:23 2008 +0200
libwbclient: add wbcLogoffUserEx().
Guenther
commit 095fe83f9d3115cefc876a62b012d3b12f9f68c3
Author: Günther Deschner <gd at samba.org>
Date: Thu Sep 25 01:31:12 2008 +0200
libwbclient: add wbcAddNamedBlob.
Guenther
commit d56cb98cd3a17f2847d088ed6187969fe51db740
Author: Günther Deschner <gd at samba.org>
Date: Fri Oct 10 10:54:06 2008 +0200
libwbclient: add wbcBlob and wbcNamedBlob.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/nsswitch/libwbclient/wbc_pam.c | 295 ++++++++++++++++++++++++++++++++
source/nsswitch/libwbclient/wbc_util.c | 45 +++++
source/nsswitch/libwbclient/wbclient.h | 70 ++++++++-
3 files changed, 409 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c
index 91ea72f..713ba2e 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -261,6 +261,50 @@ done:
return wbc_status;
}
+static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx,
+ const struct winbindd_response *resp,
+ struct wbcLogonUserInfo **_i)
+{
+ wbcErr wbc_status = WBC_ERR_SUCCESS;
+ struct wbcLogonUserInfo *i;
+
+ i = talloc_zero(mem_ctx, struct wbcLogonUserInfo);
+ BAIL_ON_PTR_ERROR(i, wbc_status);
+
+ wbc_status = wbc_create_auth_info(i, resp, &i->info);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ if (resp->data.auth.krb5ccname) {
+ wbc_status = wbcAddNamedBlob(&i->num_blobs,
+ &i->blobs,
+ "krb5ccname",
+ 0,
+ (uint8_t *)resp->data.auth.krb5ccname,
+ strlen(resp->data.auth.krb5ccname)+1);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if (resp->data.auth.unix_username) {
+ wbc_status = wbcAddNamedBlob(&i->num_blobs,
+ &i->blobs,
+ "unix_username",
+ 0,
+ (uint8_t *)resp->data.auth.unix_username,
+ strlen(resp->data.auth.unix_username)+1);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ *_i = i;
+ i = NULL;
+done:
+ if (!WBC_ERROR_IS_OK(wbc_status) && i) {
+ wbcFreeMemory(i->blobs);
+ }
+
+ talloc_free(i);
+ return wbc_status;
+}
+
/** @brief Authenticate with more detailed information
*
* @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
@@ -503,6 +547,101 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
return wbc_status;
}
+/** @brief Trigger an extended logoff notification to Winbind for a specific user
+ *
+ * @param params A wbcLogoffUserParams structure
+ * @param error User output details on error
+ *
+ * @return #wbcErr
+ *
+ **/
+
+wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
+ struct wbcAuthErrorInfo **error)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ int i;
+
+ /* validate input */
+
+ if (!params || !params->username) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if ((params->num_blobs > 0) && (params->blobs == NULL)) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ if ((params->num_blobs == 0) && (params->blobs != NULL)) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.data.logoff.user, params->username,
+ sizeof(request.data.logoff.user)-1);
+
+ for (i=0; i<params->num_blobs; i++) {
+
+ if (strcasecmp(params->blobs[i].name, "ccfilename") == 0) {
+ if (params->blobs[i].blob.data) {
+ strncpy(request.data.logoff.krb5ccname,
+ (const char *)params->blobs[i].blob.data,
+ sizeof(request.data.logoff.krb5ccname) - 1);
+ }
+ continue;
+ }
+
+ if (strcasecmp(params->blobs[i].name, "user_uid") == 0) {
+ if (params->blobs[i].blob.data) {
+ memcpy(&request.data.logoff.uid,
+ params->blobs[i].blob.data,
+ MIN(params->blobs[i].blob.length,
+ sizeof(request.data.logoff.uid)));
+ }
+ continue;
+ }
+
+ if (strcasecmp(params->blobs[i].name, "flags") == 0) {
+ if (params->blobs[i].blob.data) {
+ memcpy(&request.flags,
+ params->blobs[i].blob.data,
+ MIN(params->blobs[i].blob.length,
+ sizeof(request.flags)));
+ }
+ continue;
+ }
+ }
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF,
+ &request,
+ &response);
+
+ /* Take the response above and return it to the caller */
+ if (response.data.auth.nt_status != 0) {
+ if (error) {
+ wbc_status = wbc_create_error_info(NULL,
+ &response,
+ error);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = WBC_ERR_AUTH_ERROR;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+ return wbc_status;
+}
+
/** @brief Trigger a logoff notification to Winbind for a specific user
*
* @param username Name of user to remove from Winbind's list of
@@ -800,3 +939,159 @@ wbcErr wbcChangeUserPassword(const char *username,
done:
return wbc_status;
}
+
+/** @brief Logon a User
+ *
+ * @param[in] params Pointer to a wbcLogonUserParams structure
+ * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure
+ * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure
+ * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
+ *
+ * @return #wbcErr
+ *
+ **/
+
+wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
+ struct wbcLogonUserInfo **info,
+ struct wbcAuthErrorInfo **error,
+ struct wbcUserPasswordPolicyInfo **policy)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ int cmd = 0;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ uint32_t i;
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ if (info) {
+ *info = NULL;
+ }
+ if (error) {
+ *error = NULL;
+ }
+ if (policy) {
+ *policy = NULL;
+ }
+
+ if (!params) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if (!params->username) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if ((params->num_blobs > 0) && (params->blobs == NULL)) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ if ((params->num_blobs == 0) && (params->blobs != NULL)) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ /* Initialize request */
+
+ cmd = WINBINDD_PAM_AUTH;
+ request.flags = WBFLAG_PAM_INFO3_TEXT |
+ WBFLAG_PAM_USER_SESSION_KEY |
+ WBFLAG_PAM_LMKEY;
+
+ if (!params->password) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ strncpy(request.data.auth.user,
+ params->username,
+ sizeof(request.data.auth.user)-1);
+
+ strncpy(request.data.auth.pass,
+ params->password,
+ sizeof(request.data.auth.pass)-1);
+
+ for (i=0; i<params->num_blobs; i++) {
+
+ if (strcasecmp(params->blobs[i].name, "krb5_cc_type") == 0) {
+ if (params->blobs[i].blob.data) {
+ strncpy(request.data.auth.krb5_cc_type,
+ (const char *)params->blobs[i].blob.data,
+ sizeof(request.data.auth.krb5_cc_type) - 1);
+ }
+ continue;
+ }
+
+ if (strcasecmp(params->blobs[i].name, "user_uid") == 0) {
+ if (params->blobs[i].blob.data) {
+ memcpy(&request.data.auth.uid,
+ params->blobs[i].blob.data,
+ MIN(sizeof(request.data.auth.uid),
+ params->blobs[i].blob.length));
+ }
+ continue;
+ }
+
+ if (strcasecmp(params->blobs[i].name, "flags") == 0) {
+ if (params->blobs[i].blob.data) {
+ uint32_t flags;
+ memcpy(&flags,
+ params->blobs[i].blob.data,
+ MIN(sizeof(flags),
+ params->blobs[i].blob.length));
+ request.flags |= flags;
+ }
+ continue;
+ }
+
+ if (strcasecmp(params->blobs[i].name, "membership_of") == 0) {
+ if (params->blobs[i].blob.data &&
+ params->blobs[i].blob.data[0] > 0) {
+ strncpy(request.data.auth.require_membership_of_sid,
+ (const char *)params->blobs[i].blob.data,
+ sizeof(request.data.auth.require_membership_of_sid) - 1);
+ }
+ continue;
+ }
+ }
+
+ wbc_status = wbcRequestResponse(cmd,
+ &request,
+ &response);
+
+ if (response.data.auth.nt_status != 0) {
+ if (error) {
+ wbc_status = wbc_create_error_info(NULL,
+ &response,
+ error);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = WBC_ERR_AUTH_ERROR;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ if (info) {
+ wbc_status = wbc_create_logon_info(NULL,
+ &response,
+ info);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if (policy) {
+ wbc_status = wbc_create_password_policy_info(NULL,
+ &response,
+ policy);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+done:
+ if (response.extra_data.data)
+ free(response.extra_data.data);
+
+ return wbc_status;
+}
diff --git a/source/nsswitch/libwbclient/wbc_util.c b/source/nsswitch/libwbclient/wbc_util.c
index 5aea884..b486874 100644
--- a/source/nsswitch/libwbclient/wbc_util.c
+++ b/source/nsswitch/libwbclient/wbc_util.c
@@ -689,3 +689,48 @@ wbcErr wbcLookupDomainControllerEx(const char *domain,
done:
return wbc_status;
}
+
+/** @brief Initialize a named blob and add to list of blobs
+ *
+ * @param[in,out] num_blobs Pointer to the number of blobs
+ * @param[in,out] blobs Pointer to an array of blobs
+ * @param[in] name Name of the new named blob
+ * @param[in] flags Flags of the new named blob
+ * @param[in] data Blob data of new blob
+ * @param[in] length Blob data length of new blob
+ *
+ * @return #wbcErr
+ *
+ **/
+
+wbcErr wbcAddNamedBlob(size_t *num_blobs,
+ struct wbcNamedBlob **blobs,
+ const char *name,
+ uint32_t flags,
+ uint8_t *data,
+ size_t length)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcNamedBlob blob;
+
+ *blobs = talloc_realloc(NULL, *blobs, struct wbcNamedBlob,
+ *(num_blobs)+1);
+ BAIL_ON_PTR_ERROR(*blobs, wbc_status);
+
+ blob.name = talloc_strdup(*blobs, name);
+ BAIL_ON_PTR_ERROR(blob.name, wbc_status);
+ blob.flags = flags;
+ blob.blob.length = length;
+ blob.blob.data = (uint8_t *)talloc_memdup(*blobs, data, length);
+ BAIL_ON_PTR_ERROR(blob.blob.data, wbc_status);
+
+ (*(blobs))[*num_blobs] = blob;
+ *(num_blobs) += 1;
+
+ wbc_status = WBC_ERR_SUCCESS;
+done:
+ if (!WBC_ERROR_IS_OK(wbc_status) && blobs) {
+ wbcFreeMemory(*blobs);
+ }
+ return wbc_status;
+}
diff --git a/source/nsswitch/libwbclient/wbclient.h b/source/nsswitch/libwbclient/wbclient.h
index b444914..639f7f3 100644
--- a/source/nsswitch/libwbclient/wbclient.h
+++ b/source/nsswitch/libwbclient/wbclient.h
@@ -222,6 +222,36 @@ struct wbcAuthUserParams {
};
/**
+ * @brief Generic Blob
+ **/
+
+struct wbcBlob {
+ uint8_t *data;
+ size_t length;
+};
+
+/**
+ * @brief Named Blob
+ **/
+
+struct wbcNamedBlob {
+ const char *name;
+ uint32_t flags;
+ struct wbcBlob blob;
+};
+
+/**
+ * @brief Logon User Parameters
+ **/
+
+struct wbcLogonUserParams {
+ const char *username;
+ const char *password;
+ size_t num_blobs;
+ struct wbcNamedBlob *blobs;
+};
+
+/**
* @brief ChangePassword Parameters
**/
@@ -313,6 +343,18 @@ struct wbcAuthUserInfo {
struct wbcSidWithAttr *sids;
};
+/**
+ * @brief Logon User Information
+ *
+ * Some of the strings are maybe NULL
+ **/
+
+struct wbcLogonUserInfo {
+ struct wbcAuthUserInfo *info;
+ size_t num_blobs;
+ struct wbcNamedBlob *blobs;
+};
+
/* wbcAuthUserInfo->user_flags */
#define WBC_AUTH_USER_INFO_GUEST 0x00000001
@@ -388,6 +430,16 @@ enum wbcPasswordChangeRejectReason {
WBC_PWD_CHANGE_REJECT_COMPLEXITY=5
};
+/**
+ * @brief Logoff User Parameters
+ **/
+
+struct wbcLogoffUserParams {
+ const char *username;
+ size_t num_blobs;
+ struct wbcNamedBlob *blobs;
+};
+
/*
* DomainControllerInfo struct
*/
@@ -596,10 +648,18 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
struct wbcAuthUserInfo **info,
struct wbcAuthErrorInfo **error);
+wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
+ struct wbcLogonUserInfo **info,
+ struct wbcAuthErrorInfo **error,
+ struct wbcUserPasswordPolicyInfo **policy);
+
wbcErr wbcLogoffUser(const char *username,
uid_t uid,
const char *ccfilename);
+wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
+ struct wbcAuthErrorInfo **error);
+
wbcErr wbcChangeUserPassword(const char *username,
const char *old_password,
const char *new_password);
@@ -620,6 +680,14 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name);
*/
wbcErr wbcCheckTrustCredentials(const char *domain,
struct wbcAuthErrorInfo **error);
-
+/*
+ * Helper functions
+ */
+wbcErr wbcAddNamedBlob(size_t *num_blobs,
+ struct wbcNamedBlob **blobs,
+ const char *name,
+ uint32_t flags,
+ uint8_t *data,
+ size_t length);
#endif /* _WBCLIENT_H */
--
Samba Shared Repository
More information about the samba-cvs
mailing list