2
# $Id: smb_auth.pl,v 1.5 2003/05/17 17:13:05 hno Exp $
4
#if you define this, debugging output will be printed to STDERR.
7
#to force using some DC for some domains, fill in this hash.
8
#the key is a regexp matched against the domain name
9
# the value is an array ref with PDC and BDC.
10
# the order the names are matched in is UNDEFINED.
12
# %controllers = ( "domain" => ["pdc","bdc"]);
14
#%controllers = ( ".*" => ["pdcname","bdcname"]);
16
#define this if you wish to use a WINS server. If undefined, broadcast
18
#$wins_server="winsservername";
20
# Some servers (at least mine) really really want to be called by address.
21
# If this variable is defined, we'll ask nmblookup to do a reverse DNS on the
22
# DC addresses. It might fail though, for instance because you have a crappy
23
# DNS with no reverse zones or records. If it doesn't work, you'll have to
24
# fall back to the %controllers hack.
27
# Soem servers (at least mine) don't like to be called by their fully
28
# qualified name. define this if you wish to call them ONLY by their
32
#no more user-serviceable parts
36
# %pdc used to cache the domain -> pdc_ip values. IT NEVER EXPIRES!
42
if (! m;^(\S+)(/|%5c)(\S+)\s(\S+)$; ) { #parse the line
49
$domain =~ s/%([0-9a-f][0-9a-f])/pack("H2",$1)/gie;
50
$user =~ s/%([0-9a-f][0-9a-f])/pack("H2",$1)/gie;
51
$pass =~ s/%([0-9a-f][0-9a-f])/pack("H2",$1)/gie;
52
print STDERR "domain: $domain, user: $user, pass=$pass\n"
53
if (defined ($debug));
54
# check out that we know the PDC address
56
($pdc,$bdc)=&discover_dc($domain);
67
print STDERR "No PDC found\n" if (defined($debug));
71
print STDERR "querying '$pdc' and '$bdc' for user '$domain\\$user', ".
72
"pass $pass\n" if (defined($debug));
73
$result=Authen::Smb::authen($user,$pass,$pdc,$bdc,$domain);
74
print STDERR "result is: $nt_results{$result} ($result)\n"
76
if ($result == NTV_NO_ERROR) {
77
print STDERR ("OK for user '$domain\\$user'\n") if (defined($debug));
80
print STDERR "Could not authenticate user '$domain\\$user'\n";
85
#why do Microsoft servers have to be so damn picky and convoluted?
87
my $domain = shift @_;
88
my ($pdc, $bdc, $lookupstring, $datum);
90
foreach (keys %controllers) {
91
if ($domain =~ /$_/) {
92
print STDERR "DCs forced by user: $_ => ".
93
join(',',@{$controllers{$_}}).
94
"\n" if (defined($debug));
95
return @{$controllers{$_}};
98
$lookupstring="nmblookup";
99
$lookupstring.=" -R -U $wins_server" if (defined($wins_server));
100
$lookupstring.=" -T" if (defined($try_reverse_dns));
101
$lookupstring.=" '$domain#1c'";
102
print STDERR "Discovering PDC: $lookupstring\n"
103
if (defined($debug));
104
#discover the PDC address
105
open(PDC,"$lookupstring|");
107
print STDERR "response line: $_" if (defined($debug));
108
if (m|(.*), (\d+\.\d+\.\d+\.\d+)|) {
110
print STDERR "matched $datum\n" if (defined($debug));
111
if (defined($dont_use_fqdn) && $datum =~ /^([^.]+)\..*/) {
113
print STDERR "stripped domain name: $datum\n" if (defined($debug));
115
} elsif (m|^(\d+\.\d+\.\d+\.\d+)|) {
118
#no data here, go to next line
124
print STDERR "BDC is $datum\n" if (defined($debug));
128
print STDERR "PDC is $datum\n" if (defined($debug));
134
return ($pdc,$bdc) if ($pdc);