2 Unix SMB/CIFS implementation.
6 Copyright (C) Simo Sorce 2005
7 Copyright (C) Andrew Tridgell 2005
8 Copyright (C) Andrew Bartlett 2005
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "auth/auth.h"
26 #include "dsdb/samdb/samdb.h"
28 _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
29 struct tevent_context *ev,
30 struct imessaging_context *msg,
31 struct loadparm_context *lp_ctx,
32 struct tsocket_address *remote_address,
33 struct tsocket_address *local_address,
37 struct auth_session_info **session_info)
39 struct auth4_context *auth_context;
40 struct auth_usersupplied_info *user_info;
41 struct auth_user_info_dc *user_info_dc;
43 uint8_t authoritative = 0;
44 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
45 const char *nt4_domain;
46 const char *nt4_username;
48 const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
50 transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
54 return NT_STATUS_NO_MEMORY;
57 nt_status = crack_auto_name_to_nt4_name(tmp_ctx, ev, lp_ctx, dn,
58 &nt4_domain, &nt4_username);
60 if (!NT_STATUS_IS_OK(nt_status)) {
65 nt_status = auth_context_create(tmp_ctx,
69 if (!NT_STATUS_IS_OK(nt_status)) {
74 user_info = talloc_zero(tmp_ctx, struct auth_usersupplied_info);
77 return NT_STATUS_NO_MEMORY;
80 user_info->mapped_state = true;
81 user_info->client.account_name = dn;
82 /* No client.domain_name, use account_name instead */
83 user_info->mapped.account_name = nt4_username;
84 user_info->mapped.domain_name = nt4_domain;
86 user_info->workstation_name = NULL;
88 user_info->remote_host = remote_address;
89 user_info->local_host = local_address;
91 user_info->service_description = "LDAP";
94 user_info->auth_description = "simple bind";
96 user_info->auth_description = "simple bind/TLS";
99 user_info->password_state = AUTH_PASSWORD_PLAIN;
100 user_info->password.plaintext = talloc_strdup(user_info, password);
102 user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
103 USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
105 user_info->logon_parameters =
106 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
107 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
108 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
109 MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
111 nt_status = auth_check_password(auth_context, tmp_ctx, user_info,
112 &user_info_dc, &authoritative);
113 if (!NT_STATUS_IS_OK(nt_status)) {
114 talloc_free(tmp_ctx);
118 flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
119 if (user_info_dc->info->authenticated) {
120 flags |= AUTH_SESSION_INFO_AUTHENTICATED;
122 nt_status = auth_context->generate_session_info(auth_context,
129 if (NT_STATUS_IS_OK(nt_status)) {
130 talloc_steal(mem_ctx, *session_info);
133 log_successful_authz_event(auth_context->msg_ctx,
134 auth_context->lp_ctx,
139 transport_protection,
142 talloc_free(tmp_ctx);