/* take a username and return a string containing a comma-separated
list of group id numbers to which the user belongs */
static char *wb_aix_getgrset(char *user)
{
struct winbindd_response response;
struct winbindd_request request;
NSS_STATUS ret;
int i, idx;
char *tmpbuf;
int num_gids;
gid_t *gid_list;
char *r_user = user;
if (*user == WB_AIX_ENCODED) {
r_user = decode_user(r_user);
if (!r_user) {
errno = ENOENT;
return NULL;
}
}
logit("getgrset '%s'\n", r_user);
ZERO_STRUCT(response);
ZERO_STRUCT(request);
STRCPY_RETNULL(request.data.username, r_user);
if (*user == WB_AIX_ENCODED) {
free(r_user);
}
ret = winbindd_request_response(NULL, WINBINDD_GETGROUPS,
&request, &response);
HANDLE_ERRORS(ret);
num_gids = response.data.num_entries;
gid_list = (gid_t *)response.extra_data.data;
/* allocate a space large enough to contruct the string */
tmpbuf = malloc(num_gids*12);
if (!tmpbuf) {
return NULL;
}
for (idx=i=0; i < num_gids-1; i++) {
idx += sprintf(tmpbuf+idx, "%u,", gid_list[i]);
}
idx += sprintf(tmpbuf+idx, "%u", gid_list[i]);
winbindd_free_response(&response);
return tmpbuf;
}
/*
authenticate a user
*/
static int wb_aix_authenticate(char *user, char *pass,
int *reenter, char **message)
{
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
char *r_user = user;
logit("authenticate '%s' response='%s'\n", user, pass);
*reenter = 0;
*message = NULL;
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
if (*user == WB_AIX_ENCODED) {
r_user = decode_user(r_user);
if (!r_user) {
return AUTH_NOTFOUND;
}
}
STRCPY_RET(request.data.auth.user, r_user);
STRCPY_RET(request.data.auth.pass, pass);
if (*user == WB_AIX_ENCODED) {
free(r_user);
}
result = winbindd_request_response(NULL, WINBINDD_PAM_AUTH,
&request, &response);
winbindd_free_response(&response);
logit("auth result %d for '%s'\n", result, user);
if (result == NSS_STATUS_SUCCESS) {
errno = 0;
return AUTH_SUCCESS;
}
return AUTH_FAILURE;
}
/*
change a user password
*/
static int wb_aix_chpass(char *user, char *oldpass, char *newpass, char **message)
{
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
char *r_user = user;
if (*user == WB_AIX_ENCODED) {
r_user = decode_user(r_user);
if (!r_user) {
errno = ENOENT;
return -1;
}
}
logit("chpass '%s' old='%s' new='%s'\n", r_user, oldpass, newpass);
*message = NULL;
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
STRCPY_RET(request.data.chauthtok.user, r_user);
STRCPY_RET(request.data.chauthtok.oldpass, oldpass);
STRCPY_RET(request.data.chauthtok.newpass, newpass);
if (*user == WB_AIX_ENCODED) {
free(r_user);
}
result = winbindd_request_response(NULL, WINBINDD_PAM_CHAUTHTOK,
&request, &response);
winbindd_free_response(&response);
if (result == NSS_STATUS_SUCCESS) {
errno = 0;
return 0;
}
errno = EINVAL;
return -1;
}
static int auth_handler(const char *user, uint8_t *ha1)
{
uint8_t key[MD5_SIZE], digest[SHA_DIGEST_LENGTH];
const char *username;
time_t expires, now;
char pass[28];
size_t len;
int err;
err = decode_user(&expires, &username, user);
if (err)
return err;
now = time(NULL);
if (expires < now) {
restund_debug("restauth: user '%s' expired %lli seconds ago\n",
user, now - expires);
return ETIMEDOUT;
}
/* avoid recursive loops */
restund_db_set_auth_handler(NULL);
err = restund_get_ha1(username, key);
restund_db_set_auth_handler(auth_handler);
if (err)
return err;
hmac_sha1(key, sizeof(key),
(uint8_t *)user, strlen(user),
digest, sizeof(digest));
len = sizeof(pass);
err = base64_encode(digest, sizeof(digest), pass, &len);
if (err)
return err;
return md5_printf(ha1, "%s:%s:%b", user, restund_realm(), pass, len);
}
static void decode_regs(struct pt_regs *pt)
{
#if defined(__bfin__)
long nr = decode_user("orig_p0", PT_ORIG_P0);
decode(p0);
decode(r0);
decode(r1);
decode(r2);
decode(r3);
decode(r4);
decode(r5);
decode_sysnum(nr);
puts("");
#elif defined(__i386__)
long nr = decode_user("orig_eax", 4 * ORIG_EAX);
decode(eax);
decode(ebx);
decode(ecx);
decode(edx);
decode(esi);
decode(edi);
decode(ebp);
decode_sysnum(nr);
puts("");
#elif defined(__x86_64__)
long nr = decode_user("orig_rax", 8 * ORIG_RAX);
decode(rax);
decode(rbx);
decode(rcx);
decode(rdx);
decode(rsi);
decode(rdi);
decode(rbp);
decode_sysnum(nr);
puts("");
#elif defined(__sparc__)
#define G1 u_regs[0]
#define G2 u_regs[1]
#define G3 u_regs[2]
#define G4 u_regs[3]
#define G5 u_regs[4]
#define G6 u_regs[5]
#define G7 u_regs[6]
#define O0 u_regs[7]
#define O1 u_regs[8]
#define O2 u_regs[9]
#define O3 u_regs[10]
#define O4 u_regs[11]
#define O5 u_regs[12]
#define O6 u_regs[13]
#define O7 u_regs[14]
decode(G1);
decode(G2);
decode(G3);
decode(G4);
decode(G5);
decode(G6);
decode(G7);
decode(O0);
decode(O1);
decode(O2);
decode(O3);
decode(O4);
decode(O5);
decode(O6);
decode(O7);
decode_sysnum(pt->G1);
puts("");
#else
#warning "no idea how to decode your arch"
puts("no idea how to decode your arch");
#endif
}