NTSTATUS auth4_init(void);
NTSTATUS auth_register(const struct auth_operations *ops);
NTSTATUS server_service_auth_init(void);
-NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct imessaging_context *msg,
- struct loadparm_context *lp_ctx,
- const char *nt4_domain,
- const char *nt4_username,
- const char *password,
- const uint32_t logon_parameters,
- struct auth_session_info **session_info);
+NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct imessaging_context *msg,
+ struct loadparm_context *lp_ctx,
+ struct tsocket_address *remote_address,
+ struct tsocket_address *local_address,
+ const char *dn,
+ const char *password,
+ struct auth_session_info **session_info);
struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
#include "includes.h"
#include "auth/auth.h"
+#include "dsdb/samdb/samdb.h"
/*
It's allowed to pass NULL as session_info,
when the caller doesn't need a session_info
*/
-_PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct imessaging_context *msg,
- struct loadparm_context *lp_ctx,
- const char *nt4_domain,
- const char *nt4_username,
- const char *password,
- const uint32_t logon_parameters,
- struct auth_session_info **session_info)
+_PUBLIC_ NTSTATUS authenticate_ldap_simple_bind(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct imessaging_context *msg,
+ struct loadparm_context *lp_ctx,
+ struct tsocket_address *remote_address,
+ struct tsocket_address *local_address,
+ const char *dn,
+ const char *password,
+ struct auth_session_info **session_info)
{
struct auth4_context *auth_context;
struct auth_usersupplied_info *user_info;
NTSTATUS nt_status;
uint8_t authoritative = 0;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ const char *nt4_domain;
+ const char *nt4_username;
if (!tmp_ctx) {
return NT_STATUS_NO_MEMORY;
}
+ nt_status = crack_auto_name_to_nt4_name(tmp_ctx, ev, lp_ctx, dn,
+ &nt4_domain, &nt4_username);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+
nt_status = auth_context_create(tmp_ctx,
ev, msg,
lp_ctx,
}
user_info->mapped_state = true;
- user_info->client.account_name = nt4_username;
+ user_info->client.account_name = dn;
+ /* No client.domain_name, use account_name instead */
user_info->mapped.account_name = nt4_username;
- user_info->client.domain_name = nt4_domain;
user_info->mapped.domain_name = nt4_domain;
user_info->workstation_name = NULL;
- user_info->remote_host = NULL;
+ user_info->remote_host = remote_address;
+ user_info->local_host = local_address;
+
+ user_info->service_description = "ldap simple bind";
user_info->password_state = AUTH_PASSWORD_PLAIN;
user_info->password.plaintext = talloc_strdup(user_info, password);
user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
- user_info->logon_parameters = logon_parameters |
+ user_info->logon_parameters =
+ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
+ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
int result;
const char *errstr;
- const char *nt4_domain, *nt4_account;
struct auth_session_info *session_info;
goto do_reply;
}
- status = crack_auto_name_to_nt4_name(call, call->conn->connection->event.ctx, call->conn->lp_ctx, req->dn, &nt4_domain, &nt4_account);
- if (NT_STATUS_IS_OK(status)) {
- status = authenticate_username_pw(call,
- call->conn->connection->event.ctx,
- call->conn->connection->msg_ctx,
- call->conn->lp_ctx,
- nt4_domain, nt4_account,
- req->creds.password,
- MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
- MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT,
- &session_info);
- }
+ status = authenticate_ldap_simple_bind(call,
+ call->conn->connection->event.ctx,
+ call->conn->connection->msg_ctx,
+ call->conn->lp_ctx,
+ call->conn->connection->remote_address,
+ call->conn->connection->local_address,
+ req->dn,
+ req->creds.password,
+ &session_info);
if (NT_STATUS_IS_OK(status)) {
result = LDAP_SUCCESS;