static bool wbinfo_lookupname(const char *full_name) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcDomainSid sid; char *sid_str; enum wbcSidType type; fstring domain_name; fstring account_name; /* Send off request */ parse_wbinfo_domain_user(full_name, domain_name, account_name); wbc_status = wbcLookupName(domain_name, account_name, &sid, &type); if (!WBC_ERROR_IS_OK(wbc_status)) { return false; } wbc_status = wbcSidToString(&sid, &sid_str); if (!WBC_ERROR_IS_OK(wbc_status)) { return false; } /* Display response */ d_printf("%s %s (%d)\n", sid_str, sid_type_lookup(type), type); wbcFreeMemory(sid_str); return true; }
static bool wbinfo_lookupname(char *name) { struct winbindd_request request; struct winbindd_response response; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); parse_wbinfo_domain_user(name, request.data.name.dom_name, request.data.name.name); if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) != NSS_STATUS_SUCCESS) return false; /* Display response */ d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type); return true; }
static bool wbinfo_auth_crap(char *username, const char *pass) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcAuthUserParams params; struct wbcAuthUserInfo *info = NULL; struct wbcAuthErrorInfo *err = NULL; DATA_BLOB lm = data_blob_null; DATA_BLOB nt = data_blob_null; fstring name_user; fstring name_domain; parse_wbinfo_domain_user(username, name_domain, name_user); params.account_name = name_user; params.domain_name = name_domain; params.workstation_name = NULL; params.flags = 0; params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; params.level = WBC_AUTH_USER_LEVEL_RESPONSE; generate_random_buffer(params.password.response.challenge, 8); if (lp_client_ntlmv2_auth()) { DATA_BLOB server_chal; DATA_BLOB names_blob; server_chal = data_blob(params.password.response.challenge, 8); /* Pretend this is a login to 'us', for blob purposes */ names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup()); if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, &names_blob, &lm, &nt, NULL)) { data_blob_free(&names_blob); data_blob_free(&server_chal); return false; } data_blob_free(&names_blob); data_blob_free(&server_chal); } else { if (lp_client_lanman_auth()) { bool ok; lm = data_blob(NULL, 24); ok = SMBencrypt(pass, params.password.response.challenge, lm.data); if (!ok) { data_blob_free(&lm); } } nt = data_blob(NULL, 24); SMBNTencrypt(pass, params.password.response.challenge, nt.data); } params.password.response.nt_length = nt.length; params.password.response.nt_data = nt.data; params.password.response.lm_length = lm.length; params.password.response.lm_data = lm.data; wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err); /* Display response */ d_printf("challenge/response password authentication %s\n", WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); if (wbc_status == WBC_ERR_AUTH_ERROR) { d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", err->nt_string, err->nt_status, err->display_string); wbcFreeMemory(err); } else if (WBC_ERROR_IS_OK(wbc_status)) { wbcFreeMemory(info); } data_blob_free(&nt); data_blob_free(&lm); return WBC_ERROR_IS_OK(wbc_status); }
static bool wbinfo_set_auth_user(char *username) { const char *password; char *p; fstring user, domain; /* Separate into user and password */ parse_wbinfo_domain_user(username, domain, user); p = strchr(user, '%'); if (p != NULL) { *p = 0; password = p+1; } else { char *thepass = getpass("Password: "******""; } /* Store or remove DOMAIN\username%password in secrets.tdb */ secrets_init(); if (user[0]) { if (!secrets_store(SECRETS_AUTH_USER, user, strlen(user) + 1)) { d_fprintf(stderr, "error storing username\n"); return false; } /* We always have a domain name added by the parse_wbinfo_domain_user() function. */ if (!secrets_store(SECRETS_AUTH_DOMAIN, domain, strlen(domain) + 1)) { d_fprintf(stderr, "error storing domain name\n"); return false; } } else { secrets_delete(SECRETS_AUTH_USER); secrets_delete(SECRETS_AUTH_DOMAIN); } if (password[0]) { if (!secrets_store(SECRETS_AUTH_PASSWORD, password, strlen(password) + 1)) { d_fprintf(stderr, "error storing password\n"); return false; } } else secrets_delete(SECRETS_AUTH_PASSWORD); return true; }
static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username) { struct winbindd_request request; struct winbindd_response response; NSS_STATUS result; fstring name_user; fstring name_domain; fstring pass; char *p; /* Send off request */ ZERO_STRUCT(request); ZERO_STRUCT(response); p = strchr(username, '%'); if (p) { *p = 0; fstrcpy(pass, p + 1); } parse_wbinfo_domain_user(username, name_domain, name_user); request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT; fstrcpy(request.data.auth_crap.user, name_user); fstrcpy(request.data.auth_crap.domain, name_domain); generate_random_buffer(request.data.auth_crap.chal, 8); if (lp_client_ntlmv2_auth(lp_ctx)) { DATA_BLOB server_chal; DATA_BLOB names_blob; DATA_BLOB lm_response; DATA_BLOB nt_response; TALLOC_CTX *mem_ctx; mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { d_printf("talloc_new failed\n"); return false; } server_chal = data_blob(request.data.auth_crap.chal, 8); /* Pretend this is a login to 'us', for blob purposes */ names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx)); if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal, &names_blob, &lm_response, &nt_response, NULL, NULL)) { data_blob_free(&names_blob); data_blob_free(&server_chal); return false; } data_blob_free(&names_blob); data_blob_free(&server_chal); memcpy(request.data.auth_crap.nt_resp, nt_response.data, MIN(nt_response.length, sizeof(request.data.auth_crap.nt_resp))); request.data.auth_crap.nt_resp_len = nt_response.length; memcpy(request.data.auth_crap.lm_resp, lm_response.data, MIN(lm_response.length, sizeof(request.data.auth_crap.lm_resp))); request.data.auth_crap.lm_resp_len = lm_response.length; data_blob_free(&nt_response); data_blob_free(&lm_response); } else { if (lp_client_lanman_auth(lp_ctx) && SMBencrypt(pass, request.data.auth_crap.chal, (unsigned char *)request.data.auth_crap.lm_resp)) { request.data.auth_crap.lm_resp_len = 24; } else { request.data.auth_crap.lm_resp_len = 0; } SMBNTencrypt(pass, request.data.auth_crap.chal, (unsigned char *)request.data.auth_crap.nt_resp); request.data.auth_crap.nt_resp_len = 24; } result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); /* Display response */ d_printf("challenge/response password authentication %s\n", (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, response.data.auth.nt_status, response.data.auth.error_string); return result == NSS_STATUS_SUCCESS; }