LCOV - code coverage report
Current view: top level - source4/auth/ntlm - auth_simple.c (source / functions) Hit Total Coverage
Test: coverage report for support-claim-type-attributes 6b5c566e Lines: 79 91 86.8 %
Date: 2023-11-21 12:31:41 Functions: 3 3 100.0 %

          Line data    Source code
       1             : /* 
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    auth functions
       5             : 
       6             :    Copyright (C) Simo Sorce 2005
       7             :    Copyright (C) Andrew Tridgell 2005
       8             :    Copyright (C) Andrew Bartlett 2005
       9             :    
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             :    
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             :    
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include <tevent.h>
      26             : #include "lib/util/tevent_ntstatus.h"
      27             : #include "auth/auth.h"
      28             : #include "dsdb/samdb/samdb.h"
      29             : #include "lib/param/param.h"
      30             : 
      31             : #undef DBGC_CLASS
      32             : #define DBGC_CLASS DBGC_AUTH
      33             : 
      34             : struct authenticate_ldap_simple_bind_state {
      35             :         bool using_tls;
      36             :         struct auth4_context *auth_context;
      37             :         struct auth_usersupplied_info *user_info;
      38             :         struct auth_session_info *session_info;
      39             : };
      40             : 
      41             : static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq);
      42             : 
      43         466 : _PUBLIC_ struct tevent_req *authenticate_ldap_simple_bind_send(TALLOC_CTX *mem_ctx,
      44             :                                         struct tevent_context *ev,
      45             :                                         struct imessaging_context *msg,
      46             :                                         struct loadparm_context *lp_ctx,
      47             :                                         struct tsocket_address *remote_address,
      48             :                                         struct tsocket_address *local_address,
      49             :                                         bool using_tls,
      50             :                                         const char *dn,
      51             :                                         const char *password)
      52             : {
      53         466 :         struct tevent_req *req = NULL;
      54         466 :         struct authenticate_ldap_simple_bind_state *state = NULL;
      55         466 :         struct auth_usersupplied_info *user_info = NULL;
      56         466 :         const char *nt4_domain = NULL;
      57         466 :         const char *nt4_username = NULL;
      58         466 :         struct tevent_req *subreq = NULL;
      59           0 :         NTSTATUS status;
      60             : 
      61         466 :         req = tevent_req_create(mem_ctx, &state,
      62             :                                 struct authenticate_ldap_simple_bind_state);
      63         466 :         if (req == NULL) {
      64           0 :                 return NULL;
      65             :         }
      66         466 :         state->using_tls = using_tls;
      67             : 
      68         466 :         status = auth_context_create(state, ev, msg, lp_ctx,
      69         466 :                                      &state->auth_context);
      70         466 :         if (tevent_req_nterror(req, status)) {
      71           0 :                 return tevent_req_post(req, ev);
      72             :         }
      73             : 
      74         466 :         user_info = talloc_zero(state, struct auth_usersupplied_info);
      75         466 :         if (tevent_req_nomem(user_info, req)) {
      76           0 :                 return tevent_req_post(req, ev);
      77             :         }
      78         466 :         state->user_info = user_info;
      79             : 
      80         466 :         user_info->client.account_name = dn;
      81             :         /* No client.domain_name, use account_name instead */
      82             :         /* user_info->mapped.* will be filled below */
      83             : 
      84         466 :         user_info->workstation_name = lpcfg_netbios_name(lp_ctx);
      85             : 
      86         466 :         user_info->remote_host = remote_address;
      87         466 :         user_info->local_host = local_address;
      88             : 
      89         466 :         user_info->service_description = "LDAP";
      90             : 
      91         466 :         if (using_tls) {
      92         414 :                 user_info->auth_description = "simple bind/TLS";
      93             :         } else {
      94          52 :                 user_info->auth_description = "simple bind";
      95             :         }
      96             : 
      97         466 :         user_info->password_state = AUTH_PASSWORD_PLAIN;
      98         466 :         user_info->password.plaintext = talloc_strdup(user_info, password);
      99         466 :         if (tevent_req_nomem(user_info->password.plaintext, req)) {
     100           0 :                 return tevent_req_post(req, ev);
     101             :         }
     102             : 
     103         466 :         user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME |
     104             :                 USER_INFO_DONT_CHECK_UNIX_ACCOUNT;
     105             : 
     106         466 :         user_info->logon_parameters =
     107             :                 MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
     108             :                 MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
     109             :                 MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
     110             :                 MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
     111             : 
     112         466 :         status = crack_auto_name_to_nt4_name(state, state->auth_context->sam_ctx,
     113             :                                              dn, &nt4_domain, &nt4_username);
     114         466 :         if (!NT_STATUS_IS_OK(status)) {
     115           7 :                 log_authentication_event(msg, lp_ctx,
     116           7 :                                          &state->auth_context->start_time,
     117             :                                          user_info, status,
     118             :                                          NULL, NULL, NULL,
     119             :                                          NULL /* client_audit_info */,
     120             :                                          NULL /* server_audit_info */);
     121             :         }
     122         466 :         if (tevent_req_nterror(req, status)) {
     123           7 :                 return tevent_req_post(req, ev);
     124             :         }
     125             : 
     126         459 :         user_info->orig_client = user_info->client;
     127         459 :         user_info->client.account_name = nt4_username;
     128         459 :         user_info->client.domain_name = nt4_domain;
     129         459 :         user_info->cracknames_called = true;
     130             : 
     131         459 :         subreq = auth_check_password_send(state, ev,
     132         459 :                                           state->auth_context,
     133         459 :                                           state->user_info);
     134         459 :         if (tevent_req_nomem(subreq, req)) {
     135           0 :                 return tevent_req_post(req, ev);
     136             :         }
     137         459 :         tevent_req_set_callback(subreq, authenticate_ldap_simple_bind_done, req);
     138             : 
     139         459 :         return req;
     140             : }
     141             : 
     142         459 : static void authenticate_ldap_simple_bind_done(struct tevent_req *subreq)
     143             : {
     144           0 :         struct tevent_req *req =
     145         459 :                 tevent_req_callback_data(subreq,
     146             :                 struct tevent_req);
     147           0 :         struct authenticate_ldap_simple_bind_state *state =
     148         459 :                 tevent_req_data(req,
     149             :                 struct authenticate_ldap_simple_bind_state);
     150         459 :         struct auth4_context *auth_context = state->auth_context;
     151         459 :         struct auth_usersupplied_info *user_info = state->user_info;
     152         459 :         const char *nt4_username = user_info->mapped.account_name;
     153         459 :         const struct tsocket_address *remote_address = user_info->remote_host;
     154         459 :         const struct tsocket_address *local_address = user_info->local_host;
     155         459 :         const char *transport_protection = AUTHZ_TRANSPORT_PROTECTION_NONE;
     156         459 :         struct auth_user_info_dc *user_info_dc = NULL;
     157         459 :         uint8_t authoritative = 1;
     158         459 :         uint32_t flags = 0;
     159           0 :         NTSTATUS nt_status;
     160             : 
     161         459 :         if (state->using_tls) {
     162         407 :                 transport_protection = AUTHZ_TRANSPORT_PROTECTION_TLS;
     163             :         }
     164             : 
     165         459 :         nt_status = auth_check_password_recv(subreq, state,
     166             :                                              &user_info_dc,
     167             :                                              &authoritative);
     168         459 :         TALLOC_FREE(subreq);
     169         459 :         if (tevent_req_nterror(req, nt_status)) {
     170         115 :                 return;
     171             :         }
     172             : 
     173         344 :         flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
     174         344 :         if (!(user_info_dc->info->user_flags & NETLOGON_GUEST)) {
     175         326 :                 flags |= AUTH_SESSION_INFO_AUTHENTICATED;
     176             :         }
     177             : 
     178         344 :         nt_status = auth_context->generate_session_info(auth_context,
     179             :                                                         state,
     180             :                                                         user_info_dc,
     181             :                                                         nt4_username,
     182             :                                                         flags,
     183             :                                                         &state->session_info);
     184         344 :         if (tevent_req_nterror(req, nt_status)) {
     185           0 :                 return;
     186             :         }
     187             : 
     188         344 :         log_successful_authz_event(auth_context->msg_ctx,
     189             :                                    auth_context->lp_ctx,
     190             :                                    remote_address,
     191             :                                    local_address,
     192             :                                    "LDAP",
     193             :                                    "simple bind",
     194             :                                    transport_protection,
     195             :                                    state->session_info,
     196             :                                    NULL /* client_audit_info */,
     197             :                                    NULL /* server_audit_info */);
     198             : 
     199         344 :         tevent_req_done(req);
     200             : }
     201             : 
     202         466 : _PUBLIC_ NTSTATUS authenticate_ldap_simple_bind_recv(struct tevent_req *req,
     203             :                                         TALLOC_CTX *mem_ctx,
     204             :                                         struct auth_session_info **session_info)
     205             : {
     206           0 :         struct authenticate_ldap_simple_bind_state *state =
     207         466 :                 tevent_req_data(req,
     208             :                 struct authenticate_ldap_simple_bind_state);
     209           0 :         NTSTATUS status;
     210             : 
     211         466 :         *session_info = NULL;
     212             : 
     213         466 :         if (tevent_req_is_nterror(req, &status)) {
     214         122 :                 tevent_req_received(req);
     215         122 :                 return status;
     216             :         }
     217             : 
     218         344 :         *session_info = talloc_move(mem_ctx, &state->session_info);
     219         344 :         tevent_req_received(req);
     220         344 :         return NT_STATUS_OK;
     221             : }

Generated by: LCOV version 1.14