static bool wbinfo_lookupname(const char *full_name)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct wbcDomainSid sid;
char *sid_str;
enum wbcSidType type;
fstring domain_name;
fstring account_name;
/* Send off request */
parse_wbinfo_domain_user(full_name, domain_name,
account_name);
wbc_status = wbcLookupName(domain_name, account_name,
&sid, &type);
if (!WBC_ERROR_IS_OK(wbc_status)) {
return false;
}
wbc_status = wbcSidToString(&sid, &sid_str);
if (!WBC_ERROR_IS_OK(wbc_status)) {
return false;
}
/* Display response */
d_printf("%s %s (%d)\n", sid_str, sid_type_lookup(type), type);
wbcFreeMemory(sid_str);
return true;
}
static bool wbinfo_lookupname(char *name)
{
struct winbindd_request request;
struct winbindd_response response;
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
parse_wbinfo_domain_user(name, request.data.name.dom_name,
request.data.name.name);
if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
NSS_STATUS_SUCCESS)
return false;
/* Display response */
d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
return true;
}
static bool wbinfo_auth_crap(char *username, const char *pass)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
struct wbcAuthUserParams params;
struct wbcAuthUserInfo *info = NULL;
struct wbcAuthErrorInfo *err = NULL;
DATA_BLOB lm = data_blob_null;
DATA_BLOB nt = data_blob_null;
fstring name_user;
fstring name_domain;
parse_wbinfo_domain_user(username, name_domain, name_user);
params.account_name = name_user;
params.domain_name = name_domain;
params.workstation_name = NULL;
params.flags = 0;
params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
params.level = WBC_AUTH_USER_LEVEL_RESPONSE;
generate_random_buffer(params.password.response.challenge, 8);
if (lp_client_ntlmv2_auth()) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
server_chal = data_blob(params.password.response.challenge, 8);
/* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
&names_blob,
&lm, &nt, NULL)) {
data_blob_free(&names_blob);
data_blob_free(&server_chal);
return false;
}
data_blob_free(&names_blob);
data_blob_free(&server_chal);
} else {
if (lp_client_lanman_auth()) {
bool ok;
lm = data_blob(NULL, 24);
ok = SMBencrypt(pass, params.password.response.challenge,
lm.data);
if (!ok) {
data_blob_free(&lm);
}
}
nt = data_blob(NULL, 24);
SMBNTencrypt(pass, params.password.response.challenge,
nt.data);
}
params.password.response.nt_length = nt.length;
params.password.response.nt_data = nt.data;
params.password.response.lm_length = lm.length;
params.password.response.lm_data = lm.data;
wbc_status = wbcAuthenticateUserEx(¶ms, &info, &err);
/* Display response */
d_printf("challenge/response password authentication %s\n",
WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
if (wbc_status == WBC_ERR_AUTH_ERROR) {
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
err->nt_string,
err->nt_status,
err->display_string);
wbcFreeMemory(err);
} else if (WBC_ERROR_IS_OK(wbc_status)) {
wbcFreeMemory(info);
}
data_blob_free(&nt);
data_blob_free(&lm);
return WBC_ERROR_IS_OK(wbc_status);
}
static bool wbinfo_set_auth_user(char *username)
{
const char *password;
char *p;
fstring user, domain;
/* Separate into user and password */
parse_wbinfo_domain_user(username, domain, user);
p = strchr(user, '%');
if (p != NULL) {
*p = 0;
password = p+1;
} else {
char *thepass = getpass("Password: "******"";
}
/* Store or remove DOMAIN\username%password in secrets.tdb */
secrets_init();
if (user[0]) {
if (!secrets_store(SECRETS_AUTH_USER, user,
strlen(user) + 1)) {
d_fprintf(stderr, "error storing username\n");
return false;
}
/* We always have a domain name added by the
parse_wbinfo_domain_user() function. */
if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
strlen(domain) + 1)) {
d_fprintf(stderr, "error storing domain name\n");
return false;
}
} else {
secrets_delete(SECRETS_AUTH_USER);
secrets_delete(SECRETS_AUTH_DOMAIN);
}
if (password[0]) {
if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
strlen(password) + 1)) {
d_fprintf(stderr, "error storing password\n");
return false;
}
} else
secrets_delete(SECRETS_AUTH_PASSWORD);
return true;
}
static bool wbinfo_auth_crap(struct loadparm_context *lp_ctx, char *username)
{
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
fstring name_user;
fstring name_domain;
fstring pass;
char *p;
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
p = strchr(username, '%');
if (p) {
*p = 0;
fstrcpy(pass, p + 1);
}
parse_wbinfo_domain_user(username, name_domain, name_user);
request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
fstrcpy(request.data.auth_crap.user, name_user);
fstrcpy(request.data.auth_crap.domain,
name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8);
if (lp_client_ntlmv2_auth(lp_ctx)) {
DATA_BLOB server_chal;
DATA_BLOB names_blob;
DATA_BLOB lm_response;
DATA_BLOB nt_response;
TALLOC_CTX *mem_ctx;
mem_ctx = talloc_new(NULL);
if (mem_ctx == NULL) {
d_printf("talloc_new failed\n");
return false;
}
server_chal = data_blob(request.data.auth_crap.chal, 8);
/* Pretend this is a login to 'us', for blob purposes */
names_blob = NTLMv2_generate_names_blob(mem_ctx, lp_netbios_name(lp_ctx), lp_workgroup(lp_ctx));
if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain, pass, &server_chal,
&names_blob,
&lm_response, &nt_response, NULL, NULL)) {
data_blob_free(&names_blob);
data_blob_free(&server_chal);
return false;
}
data_blob_free(&names_blob);
data_blob_free(&server_chal);
memcpy(request.data.auth_crap.nt_resp, nt_response.data,
MIN(nt_response.length,
sizeof(request.data.auth_crap.nt_resp)));
request.data.auth_crap.nt_resp_len = nt_response.length;
memcpy(request.data.auth_crap.lm_resp, lm_response.data,
MIN(lm_response.length,
sizeof(request.data.auth_crap.lm_resp)));
request.data.auth_crap.lm_resp_len = lm_response.length;
data_blob_free(&nt_response);
data_blob_free(&lm_response);
} else {
if (lp_client_lanman_auth(lp_ctx)
&& SMBencrypt(pass, request.data.auth_crap.chal,
(unsigned char *)request.data.auth_crap.lm_resp)) {
request.data.auth_crap.lm_resp_len = 24;
} else {
request.data.auth_crap.lm_resp_len = 0;
}
SMBNTencrypt(pass, request.data.auth_crap.chal,
(unsigned char *)request.data.auth_crap.nt_resp);
request.data.auth_crap.nt_resp_len = 24;
}
result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
/* Display response */
d_printf("challenge/response password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS;
}
