source: vendor/current/nsswitch/libwbclient/wbc_pam.c@ 597

/*
   Unix SMB/CIFS implementation.

   Winbind client API

   Copyright (C) Gerald (Jerry) Carter 2007
   Copyright (C) Guenther Deschner 2008
   Copyright (C) Volker Lendecke 2009

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 3 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Library General Public License for more details.

   You should have received a copy of the GNU Lesser General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

/* Required Headers */

#include "replace.h"
#include "libwbclient.h"

/* Authenticate a username/password pair */
wbcErr wbcAuthenticateUser(const char *username,
                           const char *password)
{
        wbcErr wbc_status = WBC_ERR_SUCCESS;
        struct wbcAuthUserParams params;

        ZERO_STRUCT(params);

        params.account_name             = username;
        params.level                    = WBC_AUTH_USER_LEVEL_PLAIN;
        params.password.plaintext       = password;

        wbc_status = wbcAuthenticateUserEx(&params, NULL, NULL);
        BAIL_ON_WBC_ERROR(wbc_status);

done:
        return wbc_status;
}

static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx,
                                   const struct winbindd_response *resp,
                                   struct wbcAuthUserInfo **_i)
{
        wbcErr wbc_status = WBC_ERR_SUCCESS;
        struct wbcAuthUserInfo *i;
        struct wbcDomainSid domain_sid;
        char *p;
        uint32_t sn = 0;
        uint32_t j;

        i = talloc(mem_ctx, struct wbcAuthUserInfo);
        BAIL_ON_PTR_ERROR(i, wbc_status);

        i->user_flags   = resp->data.auth.info3.user_flgs;

        i->account_name = talloc_strdup(i, resp->data.auth.info3.user_name);
        BAIL_ON_PTR_ERROR(i->account_name, wbc_status);
        i->user_principal= NULL;
        i->full_name    = talloc_strdup(i, resp->data.auth.info3.full_name);
        BAIL_ON_PTR_ERROR(i->full_name, wbc_status);
        i->domain_name  = talloc_strdup(i, resp->data.auth.info3.logon_dom);
        BAIL_ON_PTR_ERROR(i->domain_name, wbc_status);
        i->dns_domain_name= NULL;

        i->acct_flags   = resp->data.auth.info3.acct_flags;
        memcpy(i->user_session_key,
               resp->data.auth.user_session_key,
               sizeof(i->user_session_key));
        memcpy(i->lm_session_key,
               resp->data.auth.first_8_lm_hash,
               sizeof(i->lm_session_key));

        i->logon_count          = resp->data.auth.info3.logon_count;
        i->bad_password_count   = resp->data.auth.info3.bad_pw_count;

        i->logon_time           = resp->data.auth.info3.logon_time;
        i->logoff_time          = resp->data.auth.info3.logoff_time;
        i->kickoff_time         = resp->data.auth.info3.kickoff_time;
        i->pass_last_set_time   = resp->data.auth.info3.pass_last_set_time;
        i->pass_can_change_time = resp->data.auth.info3.pass_can_change_time;
        i->pass_must_change_time= resp->data.auth.info3.pass_must_change_time;

        i->logon_server = talloc_strdup(i, resp->data.auth.info3.logon_srv);
        BAIL_ON_PTR_ERROR(i->logon_server, wbc_status);
        i->logon_script = talloc_strdup(i, resp->data.auth.info3.logon_script);
        BAIL_ON_PTR_ERROR(i->logon_script, wbc_status);
        i->profile_path = talloc_strdup(i, resp->data.auth.info3.profile_path);
        BAIL_ON_PTR_ERROR(i->profile_path, wbc_status);
        i->home_directory= talloc_strdup(i, resp->data.auth.info3.home_dir);
        BAIL_ON_PTR_ERROR(i->home_directory, wbc_status);
        i->home_drive   = talloc_strdup(i, resp->data.auth.info3.dir_drive);
        BAIL_ON_PTR_ERROR(i->home_drive, wbc_status);

        i->num_sids     = 2;
        i->num_sids     += resp->data.auth.info3.num_groups;
        i->num_sids     += resp->data.auth.info3.num_other_sids;

        i->sids = talloc_array(i, struct wbcSidWithAttr, i->num_sids);
        BAIL_ON_PTR_ERROR(i->sids, wbc_status);

        wbc_status = wbcStringToSid(resp->data.auth.info3.dom_sid,
                                    &domain_sid);
        BAIL_ON_WBC_ERROR(wbc_status);

#define _SID_COMPOSE(s, d, r, a) { \
        (s).sid = d; \
        if ((s).sid.num_auths < WBC_MAXSUBAUTHS) { \
                (s).sid.sub_auths[(s).sid.num_auths++] = r; \
        } else { \
                wbc_status = WBC_ERR_INVALID_SID; \
                BAIL_ON_WBC_ERROR(wbc_status); \
        } \
        (s).attributes = a; \
} while (0)

        sn = 0;
        _SID_COMPOSE(i->sids[sn], domain_sid,
                     resp->data.auth.info3.user_rid,
                     0);
        sn++;
        _SID_COMPOSE(i->sids[sn], domain_sid,
                     resp->data.auth.info3.group_rid,
                     0);
        sn++;

        p = (char *)resp->extra_data.data;
        if (!p) {
                wbc_status = WBC_ERR_INVALID_RESPONSE;
                BAIL_ON_WBC_ERROR(wbc_status);
        }