static int transform_plugin(TSCont contp, TSEvent event, void *edata) { TSHttpTxn txnp = (TSHttpTxn) edata; switch (event) { case TS_EVENT_HTTP_READ_REQUEST_HDR: if (request_ok(txnp)) { TSHttpTxnHookAdd(txnp, TS_HTTP_READ_CACHE_HDR_HOOK, contp); TSHttpTxnHookAdd(txnp, TS_HTTP_READ_RESPONSE_HDR_HOOK, contp); } TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); break; case TS_EVENT_HTTP_READ_CACHE_HDR: if (cache_response_ok(txnp)) { TSHttpTxnHookAdd(txnp, TS_HTTP_RESPONSE_TRANSFORM_HOOK, transform_create(txnp)); } TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); break; case TS_EVENT_HTTP_READ_RESPONSE_HDR: if (server_response_ok(txnp)) { TSHttpTxnHookAdd(txnp, TS_HTTP_RESPONSE_TRANSFORM_HOOK, transform_create(txnp)); } TSHttpTxnReenable(txnp, TS_EVENT_HTTP_CONTINUE); break; default: break; } return 0; }
void winbindd_list_trusted_domains(struct winbindd_cli_state *state) { struct winbindd_tdc_domain *dom_list = NULL; struct winbindd_tdc_domain *d = NULL; size_t num_domains = 0; int extra_data_len = 0; char *extra_data = NULL; int i = 0; DEBUG(3, ("[%5lu]: list trusted domains\n", (unsigned long)state->pid)); if( !wcache_tdc_fetch_list( &dom_list, &num_domains )) { request_error(state); goto done; } extra_data = talloc_strdup(state->mem_ctx, ""); if (extra_data == NULL) { request_error(state); goto done; } for ( i = 0; i < num_domains; i++ ) { struct winbindd_domain *domain; bool is_online = true; d = &dom_list[i]; domain = find_domain_from_name_noinit(d->domain_name); if (domain) { is_online = domain->online; } extra_data = talloc_asprintf_append_buffer( extra_data, "%s\\%s\\%s\\%s\\%s\\%s\\%s\\%s\n", d->domain_name, d->dns_name ? d->dns_name : d->domain_name, sid_string_talloc(state->mem_ctx, &d->sid), get_trust_type_string(d), trust_is_transitive(d) ? "Yes" : "No", trust_is_inbound(d) ? "Yes" : "No", trust_is_outbound(d) ? "Yes" : "No", is_online ? "Online" : "Offline" ); } extra_data_len = strlen(extra_data); if (extra_data_len > 0) { /* Strip the last \n */ extra_data[extra_data_len-1] = '\0'; state->response->extra_data.data = extra_data; state->response->length += extra_data_len; } request_ok(state); done: TALLOC_FREE( dom_list ); }
void winbindd_wins_byname(struct winbindd_cli_state *state) { struct sockaddr_storage *ip_list = NULL; int i, count, maxlen, size; fstring response; char addr[INET6_ADDRSTRLEN]; /* Ensure null termination */ state->request->data.winsreq[sizeof(state->request->data.winsreq)-1]='\0'; DEBUG(3, ("[%5lu]: wins_byname %s\n", (unsigned long)state->pid, state->request->data.winsreq)); *response = '\0'; maxlen = sizeof(response) - 1; ip_list = lookup_byname_backend( state->mem_ctx, state->request->data.winsreq, &count); if (ip_list != NULL){ for (i = count; i ; i--) { print_sockaddr(addr, sizeof(addr), &ip_list[i-1]); size = strlen(addr); if (size > maxlen) { TALLOC_FREE(ip_list); request_error(state); return; } if (i != 0) { /* Clear out the newline character */ /* But only if there is something in there, otherwise we clobber something in the stack */ if (strlen(response)) { response[strlen(response)-1] = ' '; } } fstrcat(response,addr); fstrcat(response,"\t"); } size = strlen(state->request->data.winsreq) + strlen(response); if (size > maxlen) { TALLOC_FREE(ip_list); request_error(state); return; } fstrcat(response,state->request->data.winsreq); fstrcat(response,"\n"); TALLOC_FREE(ip_list); } else { request_error(state); return; } fstrcpy(state->response->data.winsresp,response); request_ok(state); }
void winbindd_wins_byip(struct winbindd_cli_state *state) { fstring response; int i, count, maxlen, size; struct node_status *status; /* Ensure null termination */ state->request->data.winsreq[sizeof(state->request->data.winsreq)-1]='\0'; DEBUG(3, ("[%5lu]: wins_byip %s\n", (unsigned long)state->pid, state->request->data.winsreq)); *response = '\0'; maxlen = sizeof(response) - 1; if ((status = lookup_byaddr_backend( state->mem_ctx, state->request->data.winsreq, &count))) { size = strlen(state->request->data.winsreq); if (size > maxlen) { TALLOC_FREE(status); request_error(state); return; } fstrcat(response,state->request->data.winsreq); fstrcat(response,"\t"); for (i = 0; i < count; i++) { /* ignore group names */ if (status[i].flags & 0x80) continue; if (status[i].type == 0x20) { size = sizeof(status[i].name) + strlen(response); if (size > maxlen) { TALLOC_FREE(status); request_error(state); return; } fstrcat(response, status[i].name); fstrcat(response, " "); } } /* make last character a newline */ response[strlen(response)-1] = '\n'; TALLOC_FREE(status); } fstrcpy(state->response->data.winsresp,response); request_ok(state); }
void winbindd_ccache_save(struct winbindd_cli_state *state) { struct winbindd_domain *domain; fstring name_domain, name_user; NTSTATUS status; /* Ensure null termination */ state->request->data.ccache_save.user[ sizeof(state->request->data.ccache_save.user)-1]='\0'; state->request->data.ccache_save.pass[ sizeof(state->request->data.ccache_save.pass)-1]='\0'; DEBUG(3, ("[%5lu]: save password of user %s\n", (unsigned long)state->pid, state->request->data.ccache_save.user)); /* Parse domain and username */ if (!canonicalize_username(state->request->data.ccache_save.user, name_domain, name_user)) { DEBUG(5,("winbindd_ccache_save: cannot parse domain and user " "from name [%s]\n", state->request->data.ccache_save.user)); request_error(state); return; } /* * The domain is checked here only for compatibility * reasons. We used to do the winbindd memory ccache for * ntlm_auth in the domain child. With that code, we had to * make sure that we do have a domain around to send this * to. Now we do the memory cache in the parent winbindd, * where it would not matter if we have a domain or not. */ domain = find_auth_domain(state->request->flags, name_domain); if (domain == NULL) { DEBUG(5, ("winbindd_ccache_save: can't get domain [%s]\n", name_domain)); request_error(state); return; } if (!check_client_uid(state, state->request->data.ccache_save.uid)) { request_error(state); return; } status = winbindd_add_memory_creds( state->request->data.ccache_save.user, state->request->data.ccache_save.uid, state->request->data.ccache_save.pass); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("winbindd_add_memory_creds failed %s\n", nt_errstr(status))); request_error(state); return; } request_ok(state); }
void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) { struct winbindd_domain *domain; fstring name_domain, name_user; NTSTATUS result = NT_STATUS_NOT_SUPPORTED; struct WINBINDD_MEMORY_CREDS *entry; DATA_BLOB initial, challenge, auth; uint32_t initial_blob_len, challenge_blob_len, extra_len; /* Ensure null termination */ state->request->data.ccache_ntlm_auth.user[ sizeof(state->request->data.ccache_ntlm_auth.user)-1]='\0'; DEBUG(3, ("[%5lu]: perform NTLM auth on behalf of user %s\n", (unsigned long)state->pid, state->request->data.ccache_ntlm_auth.user)); /* Parse domain and username */ if (!canonicalize_username(state->request->data.ccache_ntlm_auth.user, name_domain, name_user)) { DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n", state->request->data.ccache_ntlm_auth.user)); request_error(state); return; } domain = find_auth_domain(state->request->flags, name_domain); if (domain == NULL) { DEBUG(5,("winbindd_ccache_ntlm_auth: can't get domain [%s]\n", name_domain)); request_error(state); return; } if (!check_client_uid(state, state->request->data.ccache_ntlm_auth.uid)) { request_error(state); return; } /* validate blob lengths */ initial_blob_len = state->request->data.ccache_ntlm_auth.initial_blob_len; challenge_blob_len = state->request->data.ccache_ntlm_auth.challenge_blob_len; extra_len = state->request->extra_len; if (initial_blob_len > extra_len || challenge_blob_len > extra_len || initial_blob_len + challenge_blob_len > extra_len || initial_blob_len + challenge_blob_len < initial_blob_len || initial_blob_len + challenge_blob_len < challenge_blob_len) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: blob lengths overrun " "or wrap. Buffer [%d+%d > %d]\n", initial_blob_len, challenge_blob_len, extra_len)); goto process_result; } /* Parse domain and username */ if (!parse_domain_user(state->request->data.ccache_ntlm_auth.user, name_domain, name_user)) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse " "domain and user from name [%s]\n", state->request->data.ccache_ntlm_auth.user)); goto process_result; } entry = find_memory_creds_by_name(state->request->data.ccache_ntlm_auth.user); if (entry == NULL || entry->nt_hash == NULL || entry->lm_hash == NULL) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: could not find " "credentials for user %s\n", state->request->data.ccache_ntlm_auth.user)); goto process_result; } DEBUG(10,("winbindd_dual_ccache_ntlm_auth: found ccache [%s]\n", entry->username)); if (!client_can_access_ccache_entry(state->request->data.ccache_ntlm_auth.uid, entry)) { goto process_result; } if (initial_blob_len == 0 && challenge_blob_len == 0) { /* this is just a probe to see if credentials are available. */ result = NT_STATUS_OK; state->response->data.ccache_ntlm_auth.auth_blob_len = 0; goto process_result; } initial = data_blob_const(state->request->extra_data.data, initial_blob_len); challenge = data_blob_const( state->request->extra_data.data + initial_blob_len, state->request->data.ccache_ntlm_auth.challenge_blob_len); result = do_ntlm_auth_with_stored_pw( name_user, name_domain, entry->pass, initial, challenge, &auth, state->response->data.ccache_ntlm_auth.session_key); if (!NT_STATUS_IS_OK(result)) { goto process_result; } state->response->extra_data.data = talloc_memdup( state->mem_ctx, auth.data, auth.length); if (!state->response->extra_data.data) { result = NT_STATUS_NO_MEMORY; goto process_result; } state->response->length += auth.length; state->response->data.ccache_ntlm_auth.auth_blob_len = auth.length; data_blob_free(&auth); process_result: if (!NT_STATUS_IS_OK(result)) { request_error(state); return; } request_ok(state); }