--------------------- PatchSet 3590 Date: 2002/01/12 23:55:56 Author: kinkie Branch: ntlm Tag: (none) Log: Updated to the new API introduced in samba 3.0alpha13 an streamlined. Members: src/auth/ntlm/helpers/winbind/wb_common.c:1.1.2.2->1.1.2.3 src/auth/ntlm/helpers/winbind/wb_ntlm_auth.c:1.1.2.9->1.1.2.10 src/auth/ntlm/helpers/winbind/winbindd_nss.h:1.1.2.1->1.1.2.2 Index: squid/src/auth/ntlm/helpers/winbind/wb_common.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/helpers/winbind/Attic/wb_common.c,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/src/auth/ntlm/helpers/winbind/wb_common.c 23 Nov 2001 11:13:11 -0000 1.1.2.2 +++ squid/src/auth/ntlm/helpers/winbind/wb_common.c 12 Jan 2002 23:55:56 -0000 1.1.2.3 @@ -23,15 +23,26 @@ Boston, MA 02111-1307, USA. */ -#include "config.h" #include "winbind_nss_config.h" #include "winbindd_nss.h" +#include "config.h" + /* Global variables. These are effectively the client state information */ -static int established_socket = -1; /* fd for winbindd socket */ +int winbindd_fd = -1; /* fd for winbindd socket */ static char *excluded_domain; +/* Free a response structure */ + +void free_response(struct winbindd_response *response) +{ + /* Free any allocated extra_data */ + + if (response) + SAFE_FREE(response->extra_data); +} + /* smbd needs to be able to exclude lookups for its own domain */ @@ -49,6 +60,8 @@ static char *domain_env; static BOOL initialised; + request->length = sizeof(struct winbindd_request); + request->cmd = (enum winbindd_cmd)request_type; request->pid = getpid(); request->domain[0] = '\0'; @@ -78,15 +91,15 @@ void close_sock(void) { - if (established_socket != -1) { - close(established_socket); - established_socket = -1; + if (winbindd_fd != -1) { + close(winbindd_fd); + winbindd_fd = -1; } } /* Connect to winbindd socket */ -static int open_pipe_sock(void) +int winbind_open_pipe_sock(void) { struct sockaddr_un sunaddr; static pid_t our_pid; @@ -94,15 +107,12 @@ pstring path; if (our_pid != getpid()) { - if (established_socket != -1) { - close(established_socket); - } - established_socket = -1; + close_sock(); our_pid = getpid(); } - if (established_socket != -1) { - return established_socket; + if (winbindd_fd != -1) { + return winbindd_fd; } /* Check permissions on unix socket directory */ @@ -148,18 +158,17 @@ /* Connect to socket */ - if ((established_socket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { return -1; } - if (connect(established_socket, (struct sockaddr *)&sunaddr, + if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) { close_sock(); - established_socket = -1; return -1; } - return established_socket; + return winbindd_fd; } /* Write data to winbindd socket with timeout */ @@ -172,7 +181,7 @@ restart: - if (open_pipe_sock() == -1) { + if (winbind_open_pipe_sock() == -1) { return -1; } @@ -183,28 +192,26 @@ while(nwritten < count) { struct timeval tv; fd_set r_fds; - int selret; /* Catch pipe close on other end by checking if a read() call would not block by calling select(). */ FD_ZERO(&r_fds); - FD_SET(established_socket, &r_fds); + FD_SET(winbindd_fd, &r_fds); ZERO_STRUCT(tv); - if ((selret = select(established_socket + 1, &r_fds, - NULL, NULL, &tv)) == -1) { + if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) { close_sock(); return -1; /* Select error */ } /* Write should be OK if fd not available for reading */ - if (!FD_ISSET(established_socket, &r_fds)) { + if (!FD_ISSET(winbindd_fd, &r_fds)) { /* Do the write */ - result = write(established_socket, + result = write(winbindd_fd, (char *)buffer + nwritten, count - nwritten); @@ -240,7 +247,7 @@ while(nread < count) { - result = read(established_socket, (char *)buffer + nread, + result = read(winbindd_fd, (char *)buffer + nread, count - nread); if ((result == -1) || (result == 0)) { @@ -297,6 +304,7 @@ if ((result2 = read_sock(response->extra_data, extra_data_len)) == -1) { + free_response(response); return -1; } } @@ -306,24 +314,13 @@ return result1 + result2; } -/* Free a response structure */ +/* + * send simple types of requests + */ -void free_response(struct winbindd_response *response) -{ - /* Free any allocated extra_data */ - - if (response) - SAFE_FREE(response->extra_data); -} - -/* Handle simple types of requests */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) +NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) { struct winbindd_request lrequest; - struct winbindd_response lresponse; /* Check for our tricky environment variable */ @@ -337,11 +334,6 @@ return NSS_STATUS_NOTFOUND; } - if (!response) { - ZERO_STRUCT(lresponse); - response = &lresponse; - } - if (!request) { ZERO_STRUCT(lrequest); request = &lrequest; @@ -350,12 +342,29 @@ /* Fill in request and send down pipe */ init_request(request, req_type); - init_response(response); if (write_sock(request, sizeof(*request)) == -1) { return NSS_STATUS_UNAVAIL; } + return NSS_STATUS_SUCCESS; +} + +/* + * Get results from winbindd request + */ + +NSS_STATUS winbindd_get_response(struct winbindd_response *response) +{ + struct winbindd_response lresponse; + + if (!response) { + ZERO_STRUCT(lresponse); + response = &lresponse; + } + + init_response(response); + /* Wait for reply */ if (read_reply(response) == -1) { return NSS_STATUS_UNAVAIL; @@ -373,3 +382,17 @@ return NSS_STATUS_SUCCESS; } + +/* Handle simple types of requests */ + +NSS_STATUS winbindd_request(int req_type, + struct winbindd_request *request, + struct winbindd_response *response) +{ + NSS_STATUS status; + + status = winbindd_send_request(req_type, request); + if (status != NSS_STATUS_SUCCESS) + return(status); + return winbindd_get_response(response); +} Index: squid/src/auth/ntlm/helpers/winbind/wb_ntlm_auth.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/helpers/winbind/Attic/wb_ntlm_auth.c,v retrieving revision 1.1.2.9 retrieving revision 1.1.2.10 diff -u -r1.1.2.9 -r1.1.2.10 --- squid/src/auth/ntlm/helpers/winbind/wb_ntlm_auth.c 11 Jan 2002 14:27:11 -0000 1.1.2.9 +++ squid/src/auth/ntlm/helpers/winbind/wb_ntlm_auth.c 12 Jan 2002 23:56:45 -0000 1.1.2.10 @@ -25,6 +25,10 @@ #include /* for gettimeofday */ #include /* BUG: is this portable? */ +#ifdef HAVE_CTYPE_H +#include +#endif + #include "winbind_nss_config.h" #include "winbindd_nss.h" @@ -106,16 +110,16 @@ } } -static char domuser[200]; lstring lmhash, nthash; static char have_nthash=0; /* simple flag. A tad dirty.. */ +struct winbindd_request request; +struct winbindd_response response; void do_authenticate(ntlm_authenticate *auth, int auth_length) { lstring tmp; - int offset=0,tocopy; - struct winbindd_request request; - struct winbindd_response response; + int tocopy; NSS_STATUS winbindd_result; + char *domain,*user; /* domain */ tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain); @@ -123,10 +127,9 @@ SEND("NA No domain supplied"); return; } - tocopy=min(tmp.l,sizeof(domuser)); - xstrncpy(domuser, tmp.str, tocopy); - domuser[tocopy]='\\'; - offset=tocopy+1; + tocopy=min(tmp.l,sizeof(fstring)); + xstrncpy(request.data.auth_crap.domain, tmp.str, tocopy); + domain=request.data.auth_crap.domain; /* just a shortcut */ /* username */ tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user); @@ -134,62 +137,56 @@ SEND("NA No username in request"); return; } - tocopy=min(sizeof(domuser-offset),tmp.l); - xstrncpy(domuser+offset,tmp.str,tocopy); - domuser[offset+tocopy]='\0'; + tocopy=min(sizeof(fstring),tmp.l); + xstrncpy(request.data.auth_crap.user,tmp.str,tocopy); + user=request.data.auth_crap.user; /* now the LM hash */ lmhash = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - if (lmhash.str == NULL || lmhash.l == 0) { - SEND("NA No lm hash"); - return; - } - if (lmhash.l != 24) { + if (lmhash.l != 0 && lmhash.l != 24) { SEND("NA broken lm hash"); return; } - + if (lmhash.l==24) { + memcpy(request.data.auth_crap.lm_resp,lmhash.str,24); + request.data.auth_crap.lm_resp_len=24; + } else { + warn("No lm hash provided by user %s\\%s\n",domain,user); + request.data.auth_crap.lm_resp_len=0; + } + nthash = ntlm_fetch_string((char *) auth, auth_length, &auth->ntresponse); - if (nthash.str == NULL || nthash.l == 0) { - have_nthash=0; - nthash.str[0]='\0'; - debug("No NT hash"); - } else { - if (nthash.l != 24) { - SEND("NA nt hash supplied but broken"); - return; - } - have_nthash=1; + if (nthash.l != 0 && nthash.l != 24) { + SEND("NA broken nt hash"); + return; + } + if (nthash.l==0) { + debug("no nthash\n"); + request.data.auth_crap.nt_resp_len=0; + } else { /* now I'm sure it's 24 chars long */ + memcpy(request.data.auth_crap.nt_resp,nthash.str,24); + request.data.auth_crap.nt_resp_len=24; } - debug("Checking user '%s' lmhash='%24s', have_nthash=%d, nthash='%24s'\n", - domuser, lmhash.str, have_nthash, nthash.str); + debug("Checking user '%s\\%s' lmhash='%24s', have_nthash=%d, " + "nthash='%24s'\n", + domain, user, lmhash.str, have_nthash, nthash.str); - memset(&request,0,sizeof(struct winbindd_request)); memset(&response,0,sizeof(struct winbindd_response)); memcpy(request.data.auth_crap.chal,challenge,CHALLENGE_LEN); - strcpy(request.data.auth_crap.user,domuser); - memcpy(request.data.auth_crap.lm_resp,lmhash.str,24); - request.data.auth_crap.lm_resp_len=24; - if (have_nthash) { - memcpy(request.data.auth_crap.nt_resp,nthash.str,24); - request.data.auth_crap.nt_resp_len=24; - } else { /* TODO: figure out how not to supply this */ - request.data.auth_crap.nt_resp[0]='\0'; - request.data.auth_crap.nt_resp_len=0; - } + winbindd_result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); debug("winbindd result: %d\n",winbindd_result); if (winbindd_result==WINBINDD_OK) { - lc(domuser); - SEND2("AF %s",domuser); + lc(domain); + lc(user); + SEND2("AF %s\\%s",domain,user); } else { SEND("NA authentication error"); } - return; /* useless */ } Index: squid/src/auth/ntlm/helpers/winbind/winbindd_nss.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/ntlm/helpers/winbind/Attic/winbindd_nss.h,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- squid/src/auth/ntlm/helpers/winbind/winbindd_nss.h 22 Nov 2001 18:07:41 -0000 1.1.2.1 +++ squid/src/auth/ntlm/helpers/winbind/winbindd_nss.h 12 Jan 2002 23:57:36 -0000 1.1.2.2 @@ -35,16 +35,22 @@ #define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */ #define WINBINDD_DONT_ENV "_NO_WINBINDD" +/* Update this when you change the interface. */ + +#define WINBIND_INTERFACE_VERSION 2 + /* Socket commands */ enum winbindd_cmd { + WINBINDD_INTERFACE_VERSION, /* Always a well known value */ + /* Get users and groups */ - WINBINDD_GETPWNAM_FROM_USER, - WINBINDD_GETPWNAM_FROM_UID, - WINBINDD_GETGRNAM_FROM_GROUP, - WINBINDD_GETGRNAM_FROM_GID, + WINBINDD_GETPWNAM, + WINBINDD_GETPWUID, + WINBINDD_GETGRNAM, + WINBINDD_GETGRGID, WINBINDD_GETGROUPS, /* Enumerate users and groups */ @@ -83,6 +89,8 @@ /* Miscellaneous other stuff */ WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ + WINBINDD_PING, /* Just tell me winbind is running */ + WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ /* Placeholder for end of cmd list */ @@ -92,6 +100,7 @@ /* Winbind request structure */ struct winbindd_request { + uint32 length; enum winbindd_cmd cmd; /* Winbindd command to execute */ pid_t pid; /* pid of calling process */ @@ -107,6 +116,7 @@ struct { unsigned char chal[8]; fstring user; + fstring domain; fstring lm_resp; uint16 lm_resp_len; fstring nt_resp; @@ -137,12 +147,13 @@ /* Header information */ - int length; /* Length of response */ + uint32 length; /* Length of response */ enum winbindd_result result; /* Result code */ /* Fixed length return data */ union { + int interface_version; /* Try to ensure this is always in the same spot... */ /* getpwnam, getpwuid */ @@ -177,6 +188,10 @@ } name; uid_t uid; /* sid_to_uid */ gid_t gid; /* sid_to_gid */ + struct winbindd_info { + char winbind_separator; + fstring samba_version; + } info; } data; /* Variable length return data */