Mercurial > dovecot > original-hg > dovecot-1.2
annotate src/auth/mech-winbind.c @ 6183:657931e0af80 HEAD
Removed unused include.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Mon, 06 Aug 2007 21:23:10 +0300 |
| parents | 593d2ab4df0d |
| children | 336ad0e3c78f |
| rev | line source |
|---|---|
|
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
1 /* |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
2 * NTLM and Negotiate authentication mechanisms, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
3 * using Samba winbind daemon |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
4 * |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
5 * Copyright (c) 2007 Dmitry Butskoy <dmitry@butskoy.name> |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
6 * |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
7 * This software is released under the MIT license. |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
8 */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
9 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
10 #include "common.h" |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
11 #include "mech.h" |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
12 #include "str.h" |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
13 #include "buffer.h" |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
14 #include "base64.h" |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
15 #include "istream.h" |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
16 #include "ostream.h" |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
17 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
18 #include <stdlib.h> |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
19 #include <unistd.h> |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
20 |
|
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
21 #define DEFAULT_WINBIND_HELPER_PATH "/usr/bin/ntlm_auth" |
|
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
22 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
23 enum helper_result { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
24 HR_OK = 0, /* OK or continue */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
25 HR_FAIL = -1, /* authentication failed */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
26 HR_RESTART = -2 /* FAIL + try to restart helper */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
27 }; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
28 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
29 struct winbind_helper { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
30 const char *param; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
31 struct istream *in_pipe; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
32 struct ostream *out_pipe; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
33 }; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
34 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
35 struct winbind_auth_request { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
36 struct auth_request auth_request; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
37 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
38 struct winbind_helper *winbind; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
39 bool continued; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
40 }; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
41 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
42 static struct winbind_helper winbind_ntlm_context = { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
43 "--helper-protocol=squid-2.5-ntlmssp", NULL, NULL |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
44 }; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
45 static struct winbind_helper winbind_spnego_context = { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
46 "--helper-protocol=gss-spnego", NULL, NULL |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
47 }; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
48 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
49 static void winbind_helper_disconnect(struct winbind_helper *winbind) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
50 { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
51 if (winbind->in_pipe != NULL) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
52 i_stream_destroy(&winbind->in_pipe); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
53 if (winbind->out_pipe != NULL) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
54 o_stream_destroy(&winbind->out_pipe); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
55 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
56 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
57 static void winbind_helper_connect(struct winbind_helper *winbind) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
58 { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
59 int infd[2], outfd[2]; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
60 pid_t pid; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
61 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
62 i_assert(winbind->in_pipe == NULL); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
63 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
64 if (pipe(infd) < 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
65 i_error("pipe() failed: %m"); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
66 return; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
67 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
68 if (pipe(outfd) < 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
69 (void)close(infd[0]); (void)close(infd[1]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
70 return; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
71 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
72 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
73 pid = fork(); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
74 if (pid < 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
75 i_error("fork() failed: %m"); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
76 (void)close(infd[0]); (void)close(infd[1]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
77 (void)close(outfd[0]); (void)close(outfd[1]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
78 return; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
79 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
80 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
81 if (pid == 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
82 /* child */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
83 const char *helper_path, *args[3]; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
84 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
85 (void)close(infd[0]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
86 (void)close(outfd[1]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
87 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
88 if (dup2(outfd[0], STDIN_FILENO) < 0 || |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
89 dup2(infd[1], STDOUT_FILENO) < 0) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
90 i_fatal("dup2() failed: %m"); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
91 |
|
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
92 helper_path = getenv("WINBIND_HELPER_PATH"); |
|
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
93 if (helper_path == NULL) |
|
6182
593d2ab4df0d
Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents:
6181
diff
changeset
|
94 helper_path = DEFAULT_WINBIND_HELPER_PATH; |
|
6181
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
95 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
96 args[0] = helper_path; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
97 args[1] = winbind->param; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
98 args[2] = NULL; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
99 execv(args[0], (void *)args); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
100 i_fatal("execv(%s) failed: %m", args[0]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
101 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
102 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
103 /* parent */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
104 (void)close(infd[1]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
105 (void)close(outfd[0]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
106 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
107 winbind->in_pipe = |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
108 i_stream_create_fd(infd[0], AUTH_CLIENT_MAX_LINE_LENGTH, TRUE); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
109 winbind->out_pipe = |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
110 o_stream_create_fd(outfd[1], (size_t)-1, TRUE); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
111 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
112 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
113 static enum helper_result |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
114 do_auth_continue(struct auth_request *auth_request, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
115 const unsigned char *data, size_t data_size) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
116 { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
117 struct winbind_auth_request *request = |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
118 (struct winbind_auth_request *)auth_request; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
119 struct istream *in_pipe = request->winbind->in_pipe; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
120 string_t *str; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
121 char *answer; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
122 const char **token; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
123 bool gss_spnego = request->winbind == &winbind_spnego_context; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
124 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
125 if (request->winbind->in_pipe == NULL) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
126 return HR_RESTART; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
127 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
128 str = t_str_new(MAX_BASE64_ENCODED_SIZE(data_size + 1) + 4); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
129 str_printfa(str, "%s ", request->continued ? "KK" : "YR"); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
130 base64_encode(data, data_size, str); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
131 str_append_c(str, '\n'); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
132 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
133 if (o_stream_send_str(request->winbind->out_pipe, str_c(str)) < 0 || |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
134 o_stream_flush(request->winbind->out_pipe) < 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
135 auth_request_log_error(auth_request, "winbind", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
136 "write(out_pipe) failed: %m"); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
137 return HR_RESTART; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
138 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
139 request->continued = FALSE; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
140 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
141 while ((answer = i_stream_read_next_line(in_pipe)) == NULL) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
142 if (in_pipe->stream_errno != 0) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
143 break; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
144 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
145 if (answer == NULL) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
146 auth_request_log_error(auth_request, "winbind", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
147 "read(in_pipe) failed: %m"); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
148 return HR_RESTART; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
149 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
150 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
151 token = t_strsplit_spaces(answer, " "); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
152 if (token[0] == NULL || |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
153 (token[1] == NULL && strcmp(token[0], "BH") != 0) || |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
154 (token[2] == NULL && gss_spnego)) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
155 auth_request_log_error(auth_request, "winbind", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
156 "Invalid input from helper: %s", answer); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
157 return HR_RESTART; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
158 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
159 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
160 /* |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
161 * NTLM: |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
162 * The child's reply contains 2 parts: |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
163 * - The code: TT, AF or NA |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
164 * - The argument: |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
165 * For TT it's the blob to send to the client, coded in base64 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
166 * For AF it's user or DOMAIN\user |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
167 * For NA it's the NT error code |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
168 * |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
169 * GSS-SPNEGO: |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
170 * The child's reply contains 3 parts: |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
171 * - The code: TT, AF or NA |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
172 * - The blob to send to the client, coded in base64 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
173 * - The argument: |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
174 * For TT it's a dummy '*' |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
175 * For AF it's DOMAIN\user |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
176 * For NA it's the NT error code |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
177 */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
178 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
179 if (strcmp(token[0], "TT") == 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
180 buffer_t *buf; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
181 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
182 buf = t_base64_decode_str(token[1]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
183 auth_request->callback(auth_request, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
184 AUTH_CLIENT_RESULT_CONTINUE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
185 buf->data, buf->used); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
186 request->continued = TRUE; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
187 return HR_OK; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
188 } else if (strcmp(token[0], "NA") == 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
189 const char *error = gss_spnego ? token[2] : token[1]; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
190 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
191 auth_request_log_info(auth_request, "winbind", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
192 "user not authenticated: %s", error); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
193 return HR_FAIL; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
194 } else if (strcmp(token[0], "AF") == 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
195 const char *user, *p, *error; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
196 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
197 user = gss_spnego ? token[2] : token[1]; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
198 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
199 p = strchr(user, '\\'); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
200 if (p != NULL) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
201 /* change "DOMAIN\user" to uniform style |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
202 "user@DOMAIN" */ |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
203 user = t_strconcat(p+1, "@", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
204 t_strdup_until(user, p), NULL); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
205 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
206 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
207 if (!auth_request_set_username(auth_request, user, &error)) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
208 auth_request_log_info(auth_request, "winbind", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
209 "%s", error); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
210 return HR_FAIL; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
211 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
212 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
213 if (gss_spnego && strcmp(token[1], "*") != 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
214 buffer_t *buf; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
215 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
216 buf = t_base64_decode_str(token[1]); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
217 auth_request_success(&request->auth_request, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
218 buf->data, buf->used); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
219 } else { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
220 auth_request_success(&request->auth_request, NULL, 0); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
221 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
222 return HR_OK; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
223 } else if (strcmp(token[0], "BH") == 0) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
224 auth_request_log_info(auth_request, "winbind", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
225 "ntlm_auth reports broken helper: %s", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
226 token[1] != NULL ? token[1] : ""); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
227 return HR_RESTART; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
228 } else { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
229 auth_request_log_error(auth_request, "winbind", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
230 "Invalid input from helper: %s", answer); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
231 return HR_RESTART; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
232 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
233 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
234 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
235 static void |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
236 mech_winbind_auth_continue(struct auth_request *auth_request, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
237 const unsigned char *data, size_t data_size) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
238 { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
239 struct winbind_auth_request *request = |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
240 (struct winbind_auth_request *)auth_request; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
241 enum helper_result res; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
242 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
243 res = do_auth_continue(auth_request, data, data_size); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
244 if (res != HR_OK) { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
245 if (res == HR_RESTART) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
246 winbind_helper_disconnect(request->winbind); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
247 auth_request_fail(auth_request); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
248 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
249 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
250 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
251 static struct auth_request *do_auth_new(struct winbind_helper *winbind) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
252 { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
253 struct winbind_auth_request *request; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
254 pool_t pool; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
255 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
256 pool = pool_alloconly_create("winbind_auth_request", 1024); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
257 request = p_new(pool, struct winbind_auth_request, 1); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
258 request->auth_request.pool = pool; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
259 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
260 request->winbind = winbind; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
261 winbind_helper_connect(request->winbind); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
262 return &request->auth_request; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
263 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
264 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
265 static struct auth_request *mech_winbind_ntlm_auth_new(void) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
266 { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
267 return do_auth_new(&winbind_ntlm_context); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
268 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
269 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
270 static struct auth_request *mech_winbind_spnego_auth_new(void) |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
271 { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
272 return do_auth_new(&winbind_spnego_context); |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
273 } |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
274 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
275 const struct mech_module mech_winbind_ntlm = { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
276 "NTLM", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
277 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
278 MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
279 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
280 MEMBER(passdb_need_plain) FALSE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
281 MEMBER(passdb_need_credentials) FALSE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
282 MEMBER(passdb_need_set_credentials) FALSE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
283 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
284 mech_winbind_ntlm_auth_new, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
285 mech_generic_auth_initial, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
286 mech_winbind_auth_continue, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
287 mech_generic_auth_free |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
288 }; |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
289 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
290 const struct mech_module mech_winbind_spnego = { |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
291 "GSS-SPNEGO", |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
292 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
293 MEMBER(flags) 0, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
294 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
295 MEMBER(passdb_need_plain) FALSE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
296 MEMBER(passdb_need_credentials) FALSE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
297 MEMBER(passdb_need_set_credentials) FALSE, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
298 |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
299 mech_winbind_spnego_auth_new, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
300 mech_generic_auth_initial, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
301 mech_winbind_auth_continue, |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
302 mech_generic_auth_free |
|
18f663e23c28
Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff
changeset
|
303 }; |