Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/mech-winbind.c @ 8999:afc1b0ef120d HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
When :MAILBOXDIR= was empty, we might have appended extra '/' to it, which caused problems.
author Timo Sirainen <tss@iki.fi>
date Thu, 30 Apr 2009 20:00:09 -0400
parents 9f3968f49ceb
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /*
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2 * NTLM and Negotiate authentication mechanisms,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 * using Samba winbind daemon
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 *
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 * Copyright (c) 2007 Dmitry Butskoy <dmitry@butskoy.name>
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 *
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 * This software is released under the MIT license.
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 #include "common.h"
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
11 #include "lib-signals.h"
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
12 #include "mech.h"
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 #include "str.h"
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14 #include "buffer.h"
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include "base64.h"
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include "istream.h"
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 #include "ostream.h"
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19 #include <stdlib.h>
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
20 #include <unistd.h>
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
21 #include <sys/wait.h>
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
22
6182
593d2ab4df0d Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents: 6181
diff changeset
23 #define DEFAULT_WINBIND_HELPER_PATH "/usr/bin/ntlm_auth"
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 enum helper_result {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
26 HR_OK = 0, /* OK or continue */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
27 HR_FAIL = -1, /* authentication failed */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
28 HR_RESTART = -2 /* FAIL + try to restart helper */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29 };
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31 struct winbind_helper {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32 const char *param;
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
33 pid_t pid;
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
34
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 struct istream *in_pipe;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36 struct ostream *out_pipe;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 };
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 struct winbind_auth_request {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 struct auth_request auth_request;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 struct winbind_helper *winbind;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43 bool continued;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 };
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 static struct winbind_helper winbind_ntlm_context = {
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
47 "--helper-protocol=squid-2.5-ntlmssp", -1, NULL, NULL
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48 };
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
49 static struct winbind_helper winbind_spnego_context = {
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
50 "--helper-protocol=gss-spnego", -1, NULL, NULL
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51 };
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
52
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
53 static bool sigchld_handler_set = FALSE;
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
54
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 static void winbind_helper_disconnect(struct winbind_helper *winbind)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56 {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57 if (winbind->in_pipe != NULL)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
58 i_stream_destroy(&winbind->in_pipe);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
59 if (winbind->out_pipe != NULL)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
60 o_stream_destroy(&winbind->out_pipe);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
61 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
62
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
63 static void winbind_wait_pid(struct winbind_helper *winbind)
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
64 {
6230
5cf1c1ae7dd8 waitpid() fix
Timo Sirainen <tss@iki.fi>
parents: 6228
diff changeset
65 int status, ret;
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
66
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
67 if (winbind->pid == -1)
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
68 return;
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
69
8307
33eae1ca0be0 Added support for userdb checkpassword. Patch by Sascha Wilde.
Timo Sirainen <tss@iki.fi>
parents: 6411
diff changeset
70 /* FIXME: use child-wait.h API */
6230
5cf1c1ae7dd8 waitpid() fix
Timo Sirainen <tss@iki.fi>
parents: 6228
diff changeset
71 if ((ret = waitpid(winbind->pid, &status, WNOHANG)) <= 0) {
5cf1c1ae7dd8 waitpid() fix
Timo Sirainen <tss@iki.fi>
parents: 6228
diff changeset
72 if (ret < 0 && errno != ECHILD && errno != EINTR)
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
73 i_error("waitpid() failed: %m");
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
74 return;
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
75 }
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
76
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
77 if (WIFSIGNALED(status)) {
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
78 i_error("winbind: ntlm_auth died with signal %d",
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
79 WTERMSIG(status));
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
80 } else if (WIFEXITED(status)) {
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
81 i_error("winbind: ntlm_auth exited with exit code %d",
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
82 WEXITSTATUS(status));
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
83 } else {
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
84 /* shouldn't happen */
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
85 i_error("winbind: ntlm_auth exited with status %d",
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
86 status);
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
87 }
6227
b1cfce4263a2 And mark pid=-1 so restarting really works.
Timo Sirainen <tss@iki.fi>
parents: 6226
diff changeset
88 winbind->pid = -1;
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
89 }
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
90
8882
9f3968f49ceb lib-signals: Changed callback API to return siginfo_t.
Timo Sirainen <tss@iki.fi>
parents: 8605
diff changeset
91 static void sigchld_handler(const siginfo_t *si ATTR_UNUSED,
6411
6a64e64fa3a3 Renamed __attr_*__ to ATTR_*. Renamed __attrs_used__ to ATTRS_DEFINED.
Timo Sirainen <tss@iki.fi>
parents: 6234
diff changeset
92 void *context ATTR_UNUSED)
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
93 {
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
94 winbind_wait_pid(&winbind_ntlm_context);
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
95 winbind_wait_pid(&winbind_spnego_context);
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
96 }
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
97
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98 static void winbind_helper_connect(struct winbind_helper *winbind)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100 int infd[2], outfd[2];
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
101 pid_t pid;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
103 if (winbind->in_pipe != NULL || winbind->pid != -1)
6225
336ad0e3c78f Assert-crashfix.
Timo Sirainen <tss@iki.fi>
parents: 6183
diff changeset
104 return;
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
105
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
106 if (pipe(infd) < 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
107 i_error("pipe() failed: %m");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
108 return;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
110 if (pipe(outfd) < 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111 (void)close(infd[0]); (void)close(infd[1]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 return;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 pid = fork();
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 if (pid < 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117 i_error("fork() failed: %m");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 (void)close(infd[0]); (void)close(infd[1]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119 (void)close(outfd[0]); (void)close(outfd[1]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120 return;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
122
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123 if (pid == 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
124 /* child */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125 const char *helper_path, *args[3];
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127 (void)close(infd[0]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128 (void)close(outfd[1]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130 if (dup2(outfd[0], STDIN_FILENO) < 0 ||
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
131 dup2(infd[1], STDOUT_FILENO) < 0)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132 i_fatal("dup2() failed: %m");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
133
6182
593d2ab4df0d Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents: 6181
diff changeset
134 helper_path = getenv("WINBIND_HELPER_PATH");
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
135 if (helper_path == NULL)
6182
593d2ab4df0d Renamed auth_winbind_helper to auth_winbind_helper_path.
Timo Sirainen <tss@iki.fi>
parents: 6181
diff changeset
136 helper_path = DEFAULT_WINBIND_HELPER_PATH;
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
138 args[0] = helper_path;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
139 args[1] = winbind->param;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
140 args[2] = NULL;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 execv(args[0], (void *)args);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 i_fatal("execv(%s) failed: %m", args[0]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 /* parent */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
146 (void)close(infd[1]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
147 (void)close(outfd[0]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148
6234
616872f3710c One more pid fix.
Timo Sirainen <tss@iki.fi>
parents: 6230
diff changeset
149 winbind->pid = pid;
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
150 winbind->in_pipe =
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
151 i_stream_create_fd(infd[0], AUTH_CLIENT_MAX_LINE_LENGTH, TRUE);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152 winbind->out_pipe =
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153 o_stream_create_fd(outfd[1], (size_t)-1, TRUE);
6226
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
154
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
155 if (!sigchld_handler_set) {
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
156 sigchld_handler_set = TRUE;
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
157 lib_signals_set_handler(SIGCHLD, TRUE, sigchld_handler, NULL);
315b954801f7 waitpid() ntlm_auth workers so they won't be left as zombies.
Timo Sirainen <tss@iki.fi>
parents: 6225
diff changeset
158 }
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 static enum helper_result
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162 do_auth_continue(struct auth_request *auth_request,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 const unsigned char *data, size_t data_size)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164 {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
165 struct winbind_auth_request *request =
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 (struct winbind_auth_request *)auth_request;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
167 struct istream *in_pipe = request->winbind->in_pipe;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168 string_t *str;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 char *answer;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170 const char **token;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
171 bool gss_spnego = request->winbind == &winbind_spnego_context;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173 if (request->winbind->in_pipe == NULL)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174 return HR_RESTART;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
175
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176 str = t_str_new(MAX_BASE64_ENCODED_SIZE(data_size + 1) + 4);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177 str_printfa(str, "%s ", request->continued ? "KK" : "YR");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 base64_encode(data, data_size, str);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179 str_append_c(str, '\n');
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
181 if (o_stream_send_str(request->winbind->out_pipe, str_c(str)) < 0 ||
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182 o_stream_flush(request->winbind->out_pipe) < 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183 auth_request_log_error(auth_request, "winbind",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
184 "write(out_pipe) failed: %m");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185 return HR_RESTART;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
186 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
187 request->continued = FALSE;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
188
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189 while ((answer = i_stream_read_next_line(in_pipe)) == NULL) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 if (in_pipe->stream_errno != 0)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191 break;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
192 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
193 if (answer == NULL) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194 auth_request_log_error(auth_request, "winbind",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
195 "read(in_pipe) failed: %m");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
196 return HR_RESTART;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
197 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
198
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
199 token = t_strsplit_spaces(answer, " ");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
200 if (token[0] == NULL ||
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
201 (token[1] == NULL && strcmp(token[0], "BH") != 0) ||
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
202 (token[2] == NULL && gss_spnego)) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
203 auth_request_log_error(auth_request, "winbind",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
204 "Invalid input from helper: %s", answer);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
205 return HR_RESTART;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
206 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
208 /*
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
209 * NTLM:
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 * The child's reply contains 2 parts:
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211 * - The code: TT, AF or NA
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
212 * - The argument:
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213 * For TT it's the blob to send to the client, coded in base64
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
214 * For AF it's user or DOMAIN\user
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
215 * For NA it's the NT error code
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
216 *
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
217 * GSS-SPNEGO:
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
218 * The child's reply contains 3 parts:
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
219 * - The code: TT, AF or NA
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
220 * - The blob to send to the client, coded in base64
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
221 * - The argument:
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
222 * For TT it's a dummy '*'
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
223 * For AF it's DOMAIN\user
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
224 * For NA it's the NT error code
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225 */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
227 if (strcmp(token[0], "TT") == 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228 buffer_t *buf;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 buf = t_base64_decode_str(token[1]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231 auth_request->callback(auth_request,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 AUTH_CLIENT_RESULT_CONTINUE,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233 buf->data, buf->used);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
234 request->continued = TRUE;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235 return HR_OK;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 } else if (strcmp(token[0], "NA") == 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237 const char *error = gss_spnego ? token[2] : token[1];
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239 auth_request_log_info(auth_request, "winbind",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240 "user not authenticated: %s", error);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241 return HR_FAIL;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
242 } else if (strcmp(token[0], "AF") == 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243 const char *user, *p, *error;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
244
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 user = gss_spnego ? token[2] : token[1];
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
246
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
247 p = strchr(user, '\\');
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248 if (p != NULL) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
249 /* change "DOMAIN\user" to uniform style
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250 "user@DOMAIN" */
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 user = t_strconcat(p+1, "@",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252 t_strdup_until(user, p), NULL);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 if (!auth_request_set_username(auth_request, user, &error)) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 auth_request_log_info(auth_request, "winbind",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257 "%s", error);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258 return HR_FAIL;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261 if (gss_spnego && strcmp(token[1], "*") != 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262 buffer_t *buf;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
263
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264 buf = t_base64_decode_str(token[1]);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265 auth_request_success(&request->auth_request,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266 buf->data, buf->used);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 } else {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 auth_request_success(&request->auth_request, NULL, 0);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270 return HR_OK;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 } else if (strcmp(token[0], "BH") == 0) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272 auth_request_log_info(auth_request, "winbind",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273 "ntlm_auth reports broken helper: %s",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 token[1] != NULL ? token[1] : "");
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 return HR_RESTART;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276 } else {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277 auth_request_log_error(auth_request, "winbind",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 "Invalid input from helper: %s", answer);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 return HR_RESTART;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 static void
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284 mech_winbind_auth_continue(struct auth_request *auth_request,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 const unsigned char *data, size_t data_size)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
286 {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
287 struct winbind_auth_request *request =
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
288 (struct winbind_auth_request *)auth_request;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
289 enum helper_result res;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
290
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
291 res = do_auth_continue(auth_request, data, data_size);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
292 if (res != HR_OK) {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
293 if (res == HR_RESTART)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
294 winbind_helper_disconnect(request->winbind);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295 auth_request_fail(auth_request);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299 static struct auth_request *do_auth_new(struct winbind_helper *winbind)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301 struct winbind_auth_request *request;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302 pool_t pool;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304 pool = pool_alloconly_create("winbind_auth_request", 1024);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305 request = p_new(pool, struct winbind_auth_request, 1);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
306 request->auth_request.pool = pool;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
308 request->winbind = winbind;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
309 winbind_helper_connect(request->winbind);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
310 return &request->auth_request;
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
311 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
312
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
313 static struct auth_request *mech_winbind_ntlm_auth_new(void)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
314 {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
315 return do_auth_new(&winbind_ntlm_context);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
316 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
317
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318 static struct auth_request *mech_winbind_spnego_auth_new(void)
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
319 {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
320 return do_auth_new(&winbind_spnego_context);
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
321 }
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
322
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
323 const struct mech_module mech_winbind_ntlm = {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
324 "NTLM",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
325
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
326 MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
8605
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8307
diff changeset
327 MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
328
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
329 mech_winbind_ntlm_auth_new,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330 mech_generic_auth_initial,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
331 mech_winbind_auth_continue,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332 mech_generic_auth_free
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
333 };
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
334
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
335 const struct mech_module mech_winbind_spnego = {
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
336 "GSS-SPNEGO",
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
337
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 MEMBER(flags) 0,
8605
84eea1977632 auth: Code cleanup for specifying what passdb features auth mechanisms need.
Timo Sirainen <tss@iki.fi>
parents: 8307
diff changeset
339 MEMBER(passdb_need) MECH_PASSDB_NEED_NOTHING,
6181
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
340
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 mech_winbind_spnego_auth_new,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342 mech_generic_auth_initial,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 mech_winbind_auth_continue,
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344 mech_generic_auth_free
18f663e23c28 Added support for Samba's ntlm_auth helper. It's used for GSS-SPNEGO
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
345 };