Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : auth functions
5 :
6 : Copyright (C) Simo Sorce 2005
7 : Copyright (C) Andrew Tridgell 2005
8 : Copyright (C) Andrew Bartlett 2005
9 :
10 : This program is free software; you can redistribute it and/or modify
11 : it under the terms of the GNU General Public License as published by
12 : the Free Software Foundation; either version 3 of the License, or
13 : (at your option) any later version.
14 :
15 : This program is distributed in the hope that it will be useful,
16 : but WITHOUT ANY WARRANTY; without even the implied warranty of
17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 : GNU General Public License for more details.
19 :
20 : You should have received a copy of the GNU General Public License
21 : along with this program. If not, see <http://www.gnu.org/licenses/>.
22 : */
23 :
24 : #include "includes.h"
25 : #include <tevent.h>
26 : #include "lib/util/tevent_ntstatus.h"
27 : #include "auth/auth.h"
28 : #include "dsdb/samdb/samdb.h"
29 : #include "lib/param/param.h"
30 :
31 : #undef DBGC_CLASS
32 : #define DBGC_CLASS DBGC_AUTH
33 :
34 : struct authenticate_ldap_simple_bind_state {
35 : bool using_tls;
36 : struct auth4_context *auth_context;
37 : struct auth_usersupplied_info *user_info;
38 : struct auth_session_info *session_info;
39 : };
40 :
41 : static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq);
42 :
43 466 : _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
44 : struct tevent_context *ev,
45 : struct imessaging_context *msg,
46 : struct loadparm_context *lp_ctx,
47 : struct tsocket_address *remote_address,
48 : struct tsocket_address *local_address,
49 : bool using_tls,
50 : const char *dn,
51 : const char *password)
52 : {
53 466 : struct tevent_req *req = NULL;
54 466 : struct authenticate_ldap_simple_bind_state *state = NULL;
55 466 : struct auth_usersupplied_info *user_info = NULL;
56 466 : const char *nt4_domain = NULL;
57 466 : const char *nt4_username = NULL;
58 466 : struct tevent_req *subreq = NULL;
59 0 : NTSTATUS status;
60 :
61 466 : req = tevent_req_create(mem_ctx, &state,
62 : struct authenticate_ldap_simple_bind_state);
63 466 : if (req == NULL) {
64 0 : return NULL;
65 : }
66 466 : state->using_tls = using_tls;
67 :
68 466 : status = auth_context_create(state, ev, msg, lp_ctx,
69 466 : &state->auth_context);
70 466 : if (tevent_req_nterror(req, status)) {
71 0 : return tevent_req_post(req, ev);
72 : }
73 :
74 466 : user_info = talloc_zero(state, struct auth_usersupplied_info);
75 466 : if (tevent_req_nomem(user_info, req)) {
76 0 : return tevent_req_post(req, ev);
77 : }
78 466 : state->user_info = user_info;
79 :
80 466 : user_info->client.account_name = dn;
81 : /* No client.domain_name, use account_name instead */
82 : /* user_info->mapped.* will be filled below */
83 :
84 466 : user_info->workstation_name = lpcfg_netbios_name(lp_ctx);
85 :
86 466 : user_info->remote_host = remote_address;
87 466 : user_info->local_host = local_address;
88 :
89 466 : user_info->service_description = "LDAP";
90 :
91 466 : if (using_tls) {
92 414 : user_info->auth_description = "simple bind/TLS";
93 : } else {
94 52 : user_info->auth_description = "simple bind";
95 : }
96 :
97 466 : user_info->password_state = AUTH_PASSWORD_PLAIN;
98 466 : user_info->password.plaintext = talloc_strdup(user_info, password);
99 466 : if (tevent_req_nomem(user_info->password.plaintext, req)) {
100 0 : return tevent_req_post(req, ev);
101 : }
102 :
103 466 : user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
104 : USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
105 :
106 466 : user_info->logon_parameters =
107 : MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
108 : MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
109 : MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
110 : MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
111 :
112 466 : status = crack_auto_name_to_nt4_name(state, state->auth_context->sam_ctx,
113 : dn, &nt4_domain, &nt4_username);
114 466 : if (!NT_STATUS_IS_OK(status)) {
115 7 : log_authentication_event(msg, lp_ctx,
116 7 : &state->auth_context->start_time,
117 : user_info, status,
118 : NULL, NULL, NULL,
119 : NULL /* client_audit_info */,
120 : NULL /* server_audit_info */);
121 : }
122 466 : if (tevent_req_nterror(req, status)) {
123 7 : return tevent_req_post(req, ev);
124 : }
125 :
126 459 : user_info->orig_client = user_info->client;
127 459 : user_info->client.account_name = nt4_username;
128 459 : user_info->client.domain_name = nt4_domain;
129 459 : user_info->cracknames_called = true;
130 :
131 459 : subreq = auth_check_password_send(state, ev,
132 459 : state->auth_context,
133 459 : state->user_info);
134 459 : if (tevent_req_nomem(subreq, req)) {
135 0 : return tevent_req_post(req, ev);
136 : }
137 459 : tevent_req_set_callback(subreq, authenticate_ldap_simple_bind_done, req);
138 :
139 459 : return req;
140 : }
141 :
142 459 : static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
143 : {
144 0 : struct tevent_req *req =
145 459 : tevent_req_callback_data(subreq,
146 : struct tevent_req);
147 0 : struct authenticate_ldap_simple_bind_state *state =
148 459 : tevent_req_data(req,
149 : struct authenticate_ldap_simple_bind_state);
150 459 : struct auth4_context *auth_context = state->auth_context;
151 459 : struct auth_usersupplied_info *user_info = state->user_info;
152 459 : const char *nt4_username = user_info->mapped.account_name;
153 459 : const struct tsocket_address *remote_address = user_info->remote_host;
154 459 : const struct tsocket_address *local_address = user_info->local_host;
155 459 : const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
156 459 : struct auth_user_info_dc *user_info_dc = NULL;
157 459 : uint8_t authoritative = 1;
158 459 : uint32_t flags = 0;
159 0 : NTSTATUS nt_status;
160 :
161 459 : if (state->using_tls) {
162 407 : transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
163 : }
164 :
165 459 : nt_status = auth_check_password_recv(subreq, state,
166 : &user_info_dc,
167 : &authoritative);
168 459 : TALLOC_FREE(subreq);
169 459 : if (tevent_req_nterror(req, nt_status)) {
170 115 : return;
171 : }
172 :
173 344 : flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
174 344 : if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
175 326 : flags |= AUTH_SESSION_INFO_AUTHENTICATED;
176 : }
177 :
178 344 : nt_status = auth_context->generate_session_info(auth_context,
179 : state,
180 : user_info_dc,
181 : nt4_username,
182 : flags,
183 : &state->session_info);
184 344 : if (tevent_req_nterror(req, nt_status)) {
185 0 : return;
186 : }
187 :
188 344 : log_successful_authz_event(auth_context->msg_ctx,
189 : auth_context->lp_ctx,
190 : remote_address,
191 : local_address,
192 : "LDAP",
193 : "simple bind",
194 : transport_protection,
195 : state->session_info,
196 : NULL /* client_audit_info */,
197 : NULL /* server_audit_info */);
198 :
199 344 : tevent_req_done(req);
200 : }
201 :
202 466 : _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,
203 : TALLOC_CTX *mem_ctx,
204 : struct auth_session_info **session_info)
205 : {
206 0 : struct authenticate_ldap_simple_bind_state *state =
207 466 : tevent_req_data(req,
208 : struct authenticate_ldap_simple_bind_state);
209 0 : NTSTATUS status;
210 :
211 466 : *session_info = NULL;
212 :
213 466 : if (tevent_req_is_nterror(req, &status)) {
214 122 : tevent_req_received(req);
215 122 : return status;
216 : }
217 :
218 344 : *session_info = talloc_move(mem_ctx, &state->session_info);
219 344 : tevent_req_received(req);
220 344 : return NT_STATUS_OK;
221 : }
|
