LCOV - code coverage report
Current view: top level - source4/auth/ntlm - auth_simple.c (source / functions) Hit Total Coverage
Test: coverage report for abartlet/fix-coverage dd10fb34 Lines: 81 87 93.1 %
Date: 2021-09-23 10:06:22 Functions: 3 3 100.0 %

          Line data    Source code
       1             : /* 
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    auth functions
       5             : 
       6             :    Copyright (C) Simo Sorce 2005
       7             :    Copyright (C) Andrew Tridgell 2005
       8             :    Copyright (C) Andrew Bartlett 2005
       9             :    
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             :    
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             :    
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include <tevent.h>
      26             : #include "lib/util/tevent_ntstatus.h"
      27             : #include "auth/auth.h"
      28             : #include "dsdb/samdb/samdb.h"
      29             : 
      30             : #undef DBGC_CLASS
      31             : #define DBGC_CLASS DBGC_AUTH
      32             : 
      33             : struct authenticate_ldap_simple_bind_state {
      34             :         bool using_tls;
      35             :         struct auth4_context *auth_context;
      36             :         struct auth_usersupplied_info *user_info;
      37             :         struct auth_session_info *session_info;
      38             : };
      39             : 
      40             : static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq);
      41             : 
      42         120 : _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
      43             :                                         struct tevent_context *ev,
      44             :                                         struct imessaging_context *msg,
      45             :                                         struct loadparm_context *lp_ctx,
      46             :                                         struct tsocket_address *remote_address,
      47             :                                         struct tsocket_address *local_address,
      48             :                                         bool using_tls,
      49             :                                         const char *dn,
      50             :                                         const char *password)
      51             : {
      52         120 :         struct tevent_req *req = NULL;
      53         120 :         struct authenticate_ldap_simple_bind_state *state = NULL;
      54         120 :         struct auth_usersupplied_info *user_info = NULL;
      55         120 :         const char *nt4_domain = NULL;
      56         120 :         const char *nt4_username = NULL;
      57         120 :         struct tevent_req *subreq = NULL;
      58             :         NTSTATUS status;
      59             : 
      60         120 :         req = tevent_req_create(mem_ctx, &state,
      61             :                                 struct authenticate_ldap_simple_bind_state);
      62         120 :         if (req == NULL) {
      63           0 :                 return NULL;
      64             :         }
      65         120 :         state->using_tls = using_tls;
      66             : 
      67         120 :         status = auth_context_create(state, ev, msg, lp_ctx,
      68         120 :                                      &state->auth_context);
      69         120 :         if (tevent_req_nterror(req, status)) {
      70           0 :                 return tevent_req_post(req, ev);
      71             :         }
      72             : 
      73         120 :         user_info = talloc_zero(state, struct auth_usersupplied_info);
      74         120 :         if (tevent_req_nomem(user_info, req)) {
      75           0 :                 return tevent_req_post(req, ev);
      76             :         }
      77         120 :         state->user_info = user_info;
      78             : 
      79         120 :         user_info->client.account_name = dn;
      80             :         /* No client.domain_name, use account_name instead */
      81             :         /* user_info->mapped.* will be filled below */
      82             : 
      83         120 :         user_info->workstation_name = NULL;
      84             : 
      85         120 :         user_info->remote_host = remote_address;
      86         120 :         user_info->local_host = local_address;
      87             : 
      88         120 :         user_info->service_description = "LDAP";
      89             : 
      90         120 :         if (using_tls) {
      91          80 :                 user_info->auth_description = "simple bind";
      92             :         } else {
      93          40 :                 user_info->auth_description = "simple bind/TLS";
      94             :         }
      95             : 
      96         120 :         user_info->password_state = AUTH_PASSWORD_PLAIN;
      97         120 :         user_info->password.plaintext = talloc_strdup(user_info, password);
      98         120 :         if (tevent_req_nomem(user_info->password.plaintext, req)) {
      99           0 :                 return tevent_req_post(req, ev);
     100             :         }
     101             : 
     102         120 :         user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
     103             :                 USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
     104             : 
     105         120 :         user_info->logon_parameters =
     106             :                 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
     107             :                 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
     108             :                 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
     109             :                 MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
     110             : 
     111         120 :         status = crack_auto_name_to_nt4_name(state, state->auth_context->sam_ctx,
     112             :                                              dn, &nt4_domain, &nt4_username);
     113         120 :         if (!NT_STATUS_IS_OK(status)) {
     114           6 :                 log_authentication_event(msg, lp_ctx,
     115           6 :                                          &state->auth_context->start_time,
     116             :                                          user_info, status,
     117             :                                          NULL, NULL, NULL);
     118             :         }
     119         120 :         if (tevent_req_nterror(req, status)) {
     120           6 :                 return tevent_req_post(req, ev);
     121             :         }
     122             : 
     123         114 :         user_info->mapped.account_name = nt4_username;
     124         114 :         user_info->mapped.domain_name = nt4_domain;
     125         114 :         user_info->mapped_state = true;
     126             : 
     127         114 :         subreq = auth_check_password_send(state, ev,
     128         114 :                                           state->auth_context,
     129         114 :                                           state->user_info);
     130         114 :         if (tevent_req_nomem(subreq, req)) {
     131           0 :                 return tevent_req_post(req, ev);
     132             :         }
     133         114 :         tevent_req_set_callback(subreq, authenticate_ldap_simple_bind_done, req);
     134             : 
     135         114 :         return req;
     136             : }
     137             : 
     138         114 : static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
     139             : {
     140          80 :         struct tevent_req *req =
     141         114 :                 tevent_req_callback_data(subreq,
     142             :                 struct tevent_req);
     143          80 :         struct authenticate_ldap_simple_bind_state *state =
     144         114 :                 tevent_req_data(req,
     145             :                 struct authenticate_ldap_simple_bind_state);
     146         114 :         struct auth4_context *auth_context = state->auth_context;
     147         114 :         struct auth_usersupplied_info *user_info = state->user_info;
     148         114 :         const char *nt4_username = user_info->mapped.account_name;
     149         114 :         const struct tsocket_address *remote_address = user_info->remote_host;
     150         114 :         const struct tsocket_address *local_address = user_info->local_host;
     151         114 :         const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
     152         114 :         struct auth_user_info_dc *user_info_dc = NULL;
     153         114 :         uint8_t authoritative = 0;
     154         114 :         uint32_t flags = 0;
     155             :         NTSTATUS nt_status;
     156             : 
     157         114 :         if (state->using_tls) {
     158          74 :                 transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
     159             :         }
     160             : 
     161         114 :         nt_status = auth_check_password_recv(subreq, state,
     162             :                                              &user_info_dc,
     163             :                                              &authoritative);
     164         114 :         TALLOC_FREE(subreq);
     165         114 :         if (tevent_req_nterror(req, nt_status)) {
     166          13 :                 return;
     167             :         }
     168             : 
     169         106 :         flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
     170         106 :         if (user_info_dc->info->authenticated) {
     171         100 :                 flags |= AUTH_SESSION_INFO_AUTHENTICATED;
     172             :         }
     173             : 
     174         106 :         nt_status = auth_context->generate_session_info(auth_context,
     175             :                                                         state,
     176             :                                                         user_info_dc,
     177             :                                                         nt4_username,
     178             :                                                         flags,
     179             :                                                         &state->session_info);
     180         106 :         if (tevent_req_nterror(req, nt_status)) {
     181           0 :                 return;
     182             :         }
     183             : 
     184         106 :         log_successful_authz_event(auth_context->msg_ctx,
     185             :                                    auth_context->lp_ctx,
     186             :                                    remote_address,
     187             :                                    local_address,
     188             :                                    "LDAP",
     189             :                                    "simple bind",
     190             :                                    transport_protection,
     191             :                                    state->session_info);
     192             : 
     193         106 :         tevent_req_done(req);
     194             : }
     195             : 
     196         120 : _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,
     197             :                                         TALLOC_CTX *mem_ctx,
     198             :                                         struct auth_session_info **session_info)
     199             : {
     200          85 :         struct authenticate_ldap_simple_bind_state *state =
     201         120 :                 tevent_req_data(req,
     202             :                 struct authenticate_ldap_simple_bind_state);
     203             :         NTSTATUS status;
     204             : 
     205         120 :         *session_info = NULL;
     206             : 
     207         120 :         if (tevent_req_is_nterror(req, &status)) {
     208          14 :                 tevent_req_received(req);
     209          14 :                 return status;
     210             :         }
     211             : 
     212         106 :         *session_info = talloc_move(mem_ctx, &state->session_info);
     213         106 :         tevent_req_received(req);
     214         106 :         return NT_STATUS_OK;
     215             : }

Generated by: LCOV version 1.13