Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/mech-winbind.c @ 6234:616872f3710c HEAD
One more pid fix.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 07 Aug 2007 15:33:10 +0300 |
parents | 5cf1c1ae7dd8 |
children | 6a64e64fa3a3 |
rev | line source |
---|---|
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 * NTLM and Negotiate authentication mechanisms, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 * using Samba winbind daemon |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 * |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 * Copyright (c) 2007 Dmitry Butskoy <dmitry@butskoy.name> |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 * |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 * This software is released under the MIT license. |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "common.h" |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
11 #include "lib-signals.h" |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "mech.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "str.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "buffer.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "base64.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "istream.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 #include "ostream.h" |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include <stdlib.h> |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 #include <unistd.h> |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
21 #include <sys/wait.h> |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 |
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
23 #define DEFAULT_WINBIND_HELPER_PATH "/usr/bin/ntlm_auth" |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 enum helper_result { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 HR_OK = 0, /* OK or continue */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 HR_FAIL = -1, /* authentication failed */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 HR_RESTART = -2 /* FAIL + try to restart helper */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 struct winbind_helper { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 const char *param; |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
33 pid_t pid; |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
34 |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 struct istream *in_pipe; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 struct ostream *out_pipe; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 struct winbind_auth_request { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 struct auth_request auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 struct winbind_helper *winbind; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 bool continued; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 static struct winbind_helper winbind_ntlm_context = { |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
47 "--helper-protocol=squid-2.5-ntlmssp", -1, NULL, NULL |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 static struct winbind_helper winbind_spnego_context = { |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
50 "--helper-protocol=gss-spnego", -1, NULL, NULL |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
53 static bool sigchld_handler_set = FALSE; |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
54 |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 static void winbind_helper_disconnect(struct winbind_helper *winbind) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 if (winbind->in_pipe != NULL) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 i_stream_destroy(&winbind->in_pipe); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 if (winbind->out_pipe != NULL) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 o_stream_destroy(&winbind->out_pipe); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
63 static void winbind_wait_pid(struct winbind_helper *winbind) |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
64 { |
6230 | 65 int status, ret; |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
66 |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
67 if (winbind->pid == -1) |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
68 return; |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
69 |
6230 | 70 if ((ret = waitpid(winbind->pid, &status, WNOHANG)) <= 0) { |
71 if (ret < 0 && errno != ECHILD && errno != EINTR) | |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
72 i_error("waitpid() failed: %m"); |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
73 return; |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
74 } |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
75 |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
76 if (WIFSIGNALED(status)) { |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
77 i_error("winbind: ntlm_auth died with signal %d", |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
78 WTERMSIG(status)); |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
79 } else if (WIFEXITED(status)) { |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
80 i_error("winbind: ntlm_auth exited with exit code %d", |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
81 WEXITSTATUS(status)); |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
82 } else { |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
83 /* shouldn't happen */ |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
84 i_error("winbind: ntlm_auth exited with status %d", |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
85 status); |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
86 } |
6227
b1cfce4263a2
And mark pid=-1 so restarting really works.
Timo Sirainen <tss@iki.fi>
parents:
6226
diff
changeset
|
87 winbind->pid = -1; |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
88 } |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
89 |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
90 static void sigchld_handler(int signo __attr_unused__, |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
91 void *context __attr_unused__) |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
92 { |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
93 winbind_wait_pid(&winbind_ntlm_context); |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
94 winbind_wait_pid(&winbind_spnego_context); |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
95 } |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
96 |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 static void winbind_helper_connect(struct winbind_helper *winbind) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 int infd[2], outfd[2]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 pid_t pid; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
102 if (winbind->in_pipe != NULL || winbind->pid != -1) |
6225 | 103 return; |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 if (pipe(infd) < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 i_error("pipe() failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 return; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 if (pipe(outfd) < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 (void)close(infd[0]); (void)close(infd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 return; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 pid = fork(); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 if (pid < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 i_error("fork() failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 (void)close(infd[0]); (void)close(infd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 (void)close(outfd[0]); (void)close(outfd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 return; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 if (pid == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 /* child */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 const char *helper_path, *args[3]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 (void)close(infd[0]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 (void)close(outfd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 if (dup2(outfd[0], STDIN_FILENO) < 0 || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 dup2(infd[1], STDOUT_FILENO) < 0) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 i_fatal("dup2() failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 |
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
133 helper_path = getenv("WINBIND_HELPER_PATH"); |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 if (helper_path == NULL) |
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
135 helper_path = DEFAULT_WINBIND_HELPER_PATH; |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 args[0] = helper_path; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 args[1] = winbind->param; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 args[2] = NULL; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 execv(args[0], (void *)args); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 i_fatal("execv(%s) failed: %m", args[0]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 /* parent */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 (void)close(infd[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 (void)close(outfd[0]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 |
6234 | 148 winbind->pid = pid; |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 winbind->in_pipe = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 i_stream_create_fd(infd[0], AUTH_CLIENT_MAX_LINE_LENGTH, TRUE); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 winbind->out_pipe = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 o_stream_create_fd(outfd[1], (size_t)-1, TRUE); |
6226
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
153 |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
154 if (!sigchld_handler_set) { |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
155 sigchld_handler_set = TRUE; |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
156 lib_signals_set_handler(SIGCHLD, TRUE, sigchld_handler, NULL); |
315b954801f7
waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents:
6225
diff
changeset
|
157 } |
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 static enum helper_result |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 do_auth_continue(struct auth_request *auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 const unsigned char *data, size_t data_size) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 struct winbind_auth_request *request = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 (struct winbind_auth_request *)auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 struct istream *in_pipe = request->winbind->in_pipe; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 string_t *str; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 char *answer; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 const char **token; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 bool gss_spnego = request->winbind == &winbind_spnego_context; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 if (request->winbind->in_pipe == NULL) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 str = t_str_new(MAX_BASE64_ENCODED_SIZE(data_size + 1) + 4); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 str_printfa(str, "%s ", request->continued ? "KK" : "YR"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 base64_encode(data, data_size, str); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 str_append_c(str, '\n'); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 if (o_stream_send_str(request->winbind->out_pipe, str_c(str)) < 0 || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 o_stream_flush(request->winbind->out_pipe) < 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 "write(out_pipe) failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 request->continued = FALSE; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 while ((answer = i_stream_read_next_line(in_pipe)) == NULL) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 if (in_pipe->stream_errno != 0) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 break; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 if (answer == NULL) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 "read(in_pipe) failed: %m"); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 token = t_strsplit_spaces(answer, " "); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 if (token[0] == NULL || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 (token[1] == NULL && strcmp(token[0], "BH") != 0) || |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 (token[2] == NULL && gss_spnego)) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 "Invalid input from helper: %s", answer); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 /* |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 * NTLM: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 * The child's reply contains 2 parts: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 * - The code: TT, AF or NA |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 * - The argument: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 * For TT it's the blob to send to the client, coded in base64 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 * For AF it's user or DOMAIN\user |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 * For NA it's the NT error code |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 * |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 * GSS-SPNEGO: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 * The child's reply contains 3 parts: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 * - The code: TT, AF or NA |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 * - The blob to send to the client, coded in base64 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 * - The argument: |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 * For TT it's a dummy '*' |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 * For AF it's DOMAIN\user |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 * For NA it's the NT error code |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 if (strcmp(token[0], "TT") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 buffer_t *buf; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 buf = t_base64_decode_str(token[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 auth_request->callback(auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 AUTH_CLIENT_RESULT_CONTINUE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 buf->data, buf->used); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 request->continued = TRUE; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 return HR_OK; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 } else if (strcmp(token[0], "NA") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 const char *error = gss_spnego ? token[2] : token[1]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 auth_request_log_info(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 "user not authenticated: %s", error); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 return HR_FAIL; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 } else if (strcmp(token[0], "AF") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 const char *user, *p, *error; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 user = gss_spnego ? token[2] : token[1]; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 p = strchr(user, '\\'); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 if (p != NULL) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 /* change "DOMAIN\user" to uniform style |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 "user@DOMAIN" */ |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 user = t_strconcat(p+1, "@", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 t_strdup_until(user, p), NULL); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 if (!auth_request_set_username(auth_request, user, &error)) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 auth_request_log_info(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 "%s", error); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 return HR_FAIL; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 if (gss_spnego && strcmp(token[1], "*") != 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 buffer_t *buf; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 buf = t_base64_decode_str(token[1]); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
264 auth_request_success(&request->auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 buf->data, buf->used); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 } else { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 auth_request_success(&request->auth_request, NULL, 0); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 return HR_OK; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 } else if (strcmp(token[0], "BH") == 0) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 auth_request_log_info(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 "ntlm_auth reports broken helper: %s", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 token[1] != NULL ? token[1] : ""); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 } else { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 auth_request_log_error(auth_request, "winbind", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 "Invalid input from helper: %s", answer); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 return HR_RESTART; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 static void |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 mech_winbind_auth_continue(struct auth_request *auth_request, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 const unsigned char *data, size_t data_size) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 struct winbind_auth_request *request = |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 (struct winbind_auth_request *)auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 enum helper_result res; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
289 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
290 res = do_auth_continue(auth_request, data, data_size); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
291 if (res != HR_OK) { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
292 if (res == HR_RESTART) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
293 winbind_helper_disconnect(request->winbind); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
294 auth_request_fail(auth_request); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
295 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
296 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
298 static struct auth_request *do_auth_new(struct winbind_helper *winbind) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
299 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 struct winbind_auth_request *request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 pool_t pool; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
302 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 pool = pool_alloconly_create("winbind_auth_request", 1024); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
304 request = p_new(pool, struct winbind_auth_request, 1); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
305 request->auth_request.pool = pool; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
306 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
307 request->winbind = winbind; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
308 winbind_helper_connect(request->winbind); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
309 return &request->auth_request; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
310 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
311 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
312 static struct auth_request *mech_winbind_ntlm_auth_new(void) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
313 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
314 return do_auth_new(&winbind_ntlm_context); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
315 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
316 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
317 static struct auth_request *mech_winbind_spnego_auth_new(void) |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
318 { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
319 return do_auth_new(&winbind_spnego_context); |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
320 } |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
321 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
322 const struct mech_module mech_winbind_ntlm = { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
323 "NTLM", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
324 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
325 MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
326 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
327 MEMBER(passdb_need_plain) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
328 MEMBER(passdb_need_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
329 MEMBER(passdb_need_set_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
330 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
331 mech_winbind_ntlm_auth_new, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
332 mech_generic_auth_initial, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
333 mech_winbind_auth_continue, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
334 mech_generic_auth_free |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
335 }; |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
336 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
337 const struct mech_module mech_winbind_spnego = { |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
338 "GSS-SPNEGO", |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
339 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
340 MEMBER(flags) 0, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
341 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
342 MEMBER(passdb_need_plain) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
343 MEMBER(passdb_need_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
344 MEMBER(passdb_need_set_credentials) FALSE, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
345 |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
346 mech_winbind_spnego_auth_new, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
347 mech_generic_auth_initial, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
348 mech_winbind_auth_continue, |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
349 mech_generic_auth_free |
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
350 }; |