Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/mech-winbind.c @ 6182:593d2ab4df0d HEAD
Renamed auth_winbind_helper to auth_winbind_helper_path.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 06 Aug 2007 21:21:06 +0300 |
parents | 18f663e23c28 |
children | 657931e0af80 |
rev | line source |
---|---|
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 * NTLM and Negotiate authentication mechanisms, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 * using Samba winbind daemon |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 * |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 * Copyright (c) 2007 Dmitry Butskoy <dmitry@butskoy.name> |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 * |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 * This software is released under the MIT license. |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "common.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "mech.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "str.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "buffer.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "safe-memset.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "base64.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "istream.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include "ostream.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include <stdlib.h> |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 #include <unistd.h> |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
21 |
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
22 #define DEFAULT_WINBIND_HELPER_PATH "/usr/bin/ntlm_auth" |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 enum helper_result { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 HR_OK = 0, /* OK or continue */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 HR_FAIL = -1, /* authentication failed */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 HR_RESTART = -2 /* FAIL + try to restart helper */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 struct winbind_helper { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 const char *param; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 struct istream *in_pipe; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 struct ostream *out_pipe; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 struct winbind_auth_request { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 struct auth_request auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 struct winbind_helper *winbind; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 bool continued; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 static struct winbind_helper winbind_ntlm_context = { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 "--helper-protocol=squid-2.5-ntlmssp", NULL, NULL |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 static struct winbind_helper winbind_spnego_context = { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 "--helper-protocol=gss-spnego", NULL, NULL |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 static void winbind_helper_disconnect(struct winbind_helper *winbind) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 if (winbind->in_pipe != NULL) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 i_stream_destroy(&winbind->in_pipe); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 if (winbind->out_pipe != NULL) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 o_stream_destroy(&winbind->out_pipe); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 static void winbind_helper_connect(struct winbind_helper *winbind) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 int infd[2], outfd[2]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 pid_t pid; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 i_assert(winbind->in_pipe == NULL); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 if (pipe(infd) < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 i_error("pipe() failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 return; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 if (pipe(outfd) < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 (void)close(infd[0]); (void)close(infd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 return; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 pid = fork(); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 if (pid < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 i_error("fork() failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 (void)close(infd[0]); (void)close(infd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 (void)close(outfd[0]); (void)close(outfd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 return; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 if (pid == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 /* child */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 const char *helper_path, *args[3]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 (void)close(infd[0]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 (void)close(outfd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 if (dup2(outfd[0], STDIN_FILENO) < 0 || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 dup2(infd[1], STDOUT_FILENO) < 0) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 i_fatal("dup2() failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
92 |
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
93 helper_path = getenv("WINBIND_HELPER_PATH"); |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
94 if (helper_path == NULL) |
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
95 helper_path = DEFAULT_WINBIND_HELPER_PATH; |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 args[0] = helper_path; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 args[1] = winbind->param; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 args[2] = NULL; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 execv(args[0], (void *)args); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 i_fatal("execv(%s) failed: %m", args[0]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 /* parent */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 (void)close(infd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 (void)close(outfd[0]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 winbind->in_pipe = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 i_stream_create_fd(infd[0], AUTH_CLIENT_MAX_LINE_LENGTH, TRUE); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 winbind->out_pipe = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 o_stream_create_fd(outfd[1], (size_t)-1, TRUE); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 static enum helper_result |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 do_auth_continue(struct auth_request *auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 const unsigned char *data, size_t data_size) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 struct winbind_auth_request *request = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 (struct winbind_auth_request *)auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 struct istream *in_pipe = request->winbind->in_pipe; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 string_t *str; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 char *answer; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 const char **token; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 bool gss_spnego = request->winbind == &winbind_spnego_context; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 if (request->winbind->in_pipe == NULL) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 str = t_str_new(MAX_BASE64_ENCODED_SIZE(data_size + 1) + 4); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 str_printfa(str, "%s ", request->continued ? "KK" : "YR"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 base64_encode(data, data_size, str); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 str_append_c(str, '\n'); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 if (o_stream_send_str(request->winbind->out_pipe, str_c(str)) < 0 || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 o_stream_flush(request->winbind->out_pipe) < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 "write(out_pipe) failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 request->continued = FALSE; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 while ((answer = i_stream_read_next_line(in_pipe)) == NULL) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 if (in_pipe->stream_errno != 0) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 break; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 if (answer == NULL) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 "read(in_pipe) failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 token = t_strsplit_spaces(answer, " "); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 if (token[0] == NULL || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 (token[1] == NULL && strcmp(token[0], "BH") != 0) || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 (token[2] == NULL && gss_spnego)) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 "Invalid input from helper: %s", answer); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 /* |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 * NTLM: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 * The child's reply contains 2 parts: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 * - The code: TT, AF or NA |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 * - The argument: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 * For TT it's the blob to send to the client, coded in base64 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 * For AF it's user or DOMAIN\user |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 * For NA it's the NT error code |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 * |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 * GSS-SPNEGO: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 * The child's reply contains 3 parts: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 * - The code: TT, AF or NA |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 * - The blob to send to the client, coded in base64 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 * - The argument: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 * For TT it's a dummy '*' |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 * For AF it's DOMAIN\user |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 * For NA it's the NT error code |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 if (strcmp(token[0], "TT") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 buffer_t *buf; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 buf = t_base64_decode_str(token[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 auth_request->callback(auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 AUTH_CLIENT_RESULT_CONTINUE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 buf->data, buf->used); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 request->continued = TRUE; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 return HR_OK; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 } else if (strcmp(token[0], "NA") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 const char *error = gss_spnego ? token[2] : token[1]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 auth_request_log_info(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 "user not authenticated: %s", error); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 return HR_FAIL; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 } else if (strcmp(token[0], "AF") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 const char *user, *p, *error; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 user = gss_spnego ? token[2] : token[1]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 p = strchr(user, '\\'); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 if (p != NULL) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 /* change "DOMAIN\user" to uniform style |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 "user@DOMAIN" */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 user = t_strconcat(p+1, "@", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 t_strdup_until(user, p), NULL); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 if (!auth_request_set_username(auth_request, user, &error)) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 auth_request_log_info(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 "%s", error); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 return HR_FAIL; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 if (gss_spnego && strcmp(token[1], "*") != 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 buffer_t *buf; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 buf = t_base64_decode_str(token[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 auth_request_success(&request->auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 buf->data, buf->used); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 } else { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 auth_request_success(&request->auth_request, NULL, 0); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 return HR_OK; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 } else if (strcmp(token[0], "BH") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 auth_request_log_info(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 "ntlm_auth reports broken helper: %s", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 token[1] != NULL ? token[1] : ""); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 } else { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 "Invalid input from helper: %s", answer); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 static void |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 mech_winbind_auth_continue(struct auth_request *auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 const unsigned char *data, size_t data_size) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 struct winbind_auth_request *request = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 (struct winbind_auth_request *)auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 enum helper_result res; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 res = do_auth_continue(auth_request, data, data_size); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 if (res != HR_OK) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 if (res == HR_RESTART) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 winbind_helper_disconnect(request->winbind); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 auth_request_fail(auth_request); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 static struct auth_request *do_auth_new(struct winbind_helper *winbind) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 struct winbind_auth_request *request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 pool_t pool; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 pool = pool_alloconly_create("winbind_auth_request", 1024); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 request = p_new(pool, struct winbind_auth_request, 1); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 request->auth_request.pool = pool; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 request->winbind = winbind; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 winbind_helper_connect(request->winbind); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 return &request->auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
264 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 static struct auth_request *mech_winbind_ntlm_auth_new(void) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 return do_auth_new(&winbind_ntlm_context); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 static struct auth_request *mech_winbind_spnego_auth_new(void) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 return do_auth_new(&winbind_spnego_context); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 const struct mech_module mech_winbind_ntlm = { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 "NTLM", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 MEMBER(passdb_need_plain) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 MEMBER(passdb_need_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 MEMBER(passdb_need_set_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 mech_winbind_ntlm_auth_new, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 mech_generic_auth_initial, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 mech_winbind_auth_continue, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 mech_generic_auth_free |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
289 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
290 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
291 const struct mech_module mech_winbind_spnego = { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
292 "GSS-SPNEGO", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
293 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
294 MEMBER(flags) 0, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
295 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
296 MEMBER(passdb_need_plain) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 MEMBER(passdb_need_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
298 MEMBER(passdb_need_set_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
299 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 mech_winbind_spnego_auth_new, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 mech_generic_auth_initial, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
302 mech_winbind_auth_continue, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 mech_generic_auth_free |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
304 }; |