25 RCSID(
"$Id: f62e2d5d008048d068caef16790d78b0f883eb9f $")
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/rad_assert.h>
31 #include <core/ntstatus.h>
49 uint8_t
const *challenge, uint8_t
const *response,
53 struct wbcContext *wb_ctx;
54 struct wbcAuthUserParams authparams;
57 struct wbcAuthUserInfo *info = NULL;
58 struct wbcAuthErrorInfo *error = NULL;
59 char user_name_buf[500];
60 char domain_name_buf[500];
68 memset(&authparams, 0,
sizeof(authparams));
78 len =
tmpl_expand(&authparams.account_name, user_name_buf,
sizeof(user_name_buf),
81 REDEBUG2(
"Unable to expand winbind_username");
86 len =
tmpl_expand(&authparams.domain_name, domain_name_buf,
sizeof(domain_name_buf),
89 REDEBUG2(
"Unable to expand winbind_domain");
93 RWDEBUG2(
"No domain specified; authentication may fail because of this");
100 authparams.level = WBC_AUTH_USER_LEVEL_RESPONSE;
101 authparams.password.response.nt_length =
NT_LENGTH;
104 authparams.password.response.nt_data = resp;
106 memcpy(authparams.password.response.challenge, challenge,
107 sizeof(authparams.password.response.challenge));
114 if (wb_ctx == NULL) {
115 RERROR(
"Unable to get winbind connection from pool");
119 RDEBUG2(
"sending authentication request user='%s' domain='%s'", authparams.account_name,
120 authparams.domain_name);
122 err = wbcCtxAuthenticateUserEx(wb_ctx, &authparams, &info, &error);
132 case WBC_ERR_SUCCESS:
134 RDEBUG2(
"Authenticated successfully");
136 memcpy(nthashhash, info->user_session_key, NT_DIGEST_LENGTH);
138 case WBC_ERR_WINBIND_NOT_AVAILABLE:
139 RERROR(
"Unable to contact winbind!");
140 RDEBUG2(
"Check that winbind is running and that FreeRADIUS has");
141 RDEBUG2(
"permission to connect to the winbind privileged socket.");
143 case WBC_ERR_DOMAIN_NOT_FOUND:
146 case WBC_ERR_AUTH_ERROR:
155 if (error->nt_status & NT_STATUS_PASSWORD_EXPIRED ||
156 error->nt_status & NT_STATUS_PASSWORD_MUST_CHANGE) {
163 if (error->display_string) {
164 REDEBUG2(
"%s [0x%X]", error->display_string, error->nt_status);
166 REDEBUG2(
"Authentication failed [0x%X]", error->nt_status);
176 if (error && error->display_string) {
177 REDEBUG2(
"libwbclient error: wbcErr %d (%s)", err, error->display_string);
179 REDEBUG2(
"libwbclient error: wbcErr %d", err);
186 if (info) wbcFreeMemory(info);
187 if (error) wbcFreeMemory(error);
ssize_t tmpl_expand(char const **out, char *buff, size_t outlen, REQUEST *request, vp_tmpl_t const *vpt, xlat_escape_t escape, void *escape_ctx)
Expand a vp_tmpl_t to a string writing the result to a buffer.
fr_connection_pool_t * wb_pool
#define REDEBUG2(fmt,...)
#define RWDEBUG2(fmt,...)
void * fr_connection_get(fr_connection_pool_t *pool)
Reserve a connection in the connection pool.
void fr_connection_release(fr_connection_pool_t *pool, void *conn)
Release a connection.
int do_auth_wbclient(rlm_mschap_t *inst, REQUEST *request, uint8_t const *challenge, uint8_t const *response, uint8_t nthashhash[NT_DIGEST_LENGTH])