|
 |
6729ff |
From 80f3551d4f594438dcc93dd82a7953c4a913badd Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Date: Mon, 16 Dec 2013 12:57:20 +0100
|
|
|
6729ff |
Subject: [PATCH 1/7] s3-lib: Add winbind_lookup_usersids().
|
|
|
6729ff |
|
|
|
6729ff |
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
|
|
|
6729ff |
Signed-off-by: Guenther Deschner <gd@samba.org>
|
|
|
6729ff |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
|
|
|
6729ff |
(cherry picked from commit 241e98d8ee099f9cc5feb835085b4abd2b1ee663)
|
|
|
6729ff |
---
|
|
|
6729ff |
source3/lib/winbind_util.c | 34 +++++
|
|
|
6729ff |
source3/lib/winbind_util.h | 4 +
|
|
|
6729ff |
source3/passdb/ABI/pdb-0.1.0.sigs | 311 ++++++++++++++++++++++++++++++++++++++
|
|
|
6729ff |
source3/wscript_build | 2 +-
|
|
|
6729ff |
4 files changed, 350 insertions(+), 1 deletion(-)
|
|
|
6729ff |
create mode 100644 source3/passdb/ABI/pdb-0.1.0.sigs
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
|
|
|
6729ff |
index b458ebe..f62682b 100644
|
|
|
6729ff |
--- a/source3/lib/winbind_util.c
|
|
|
6729ff |
+++ b/source3/lib/winbind_util.c
|
|
|
6729ff |
@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
return true;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const struct dom_sid *user_sid,
|
|
|
6729ff |
+ uint32_t *p_num_sids,
|
|
|
6729ff |
+ struct dom_sid **p_sids)
|
|
|
6729ff |
+{
|
|
|
6729ff |
+ wbcErr ret;
|
|
|
6729ff |
+ struct wbcDomainSid dom_sid;
|
|
|
6729ff |
+ struct wbcDomainSid *sid_list = NULL;
|
|
|
6729ff |
+ uint32_t num_sids;
|
|
|
6729ff |
+
|
|
|
6729ff |
+ memcpy(&dom_sid, user_sid, sizeof(dom_sid));
|
|
|
6729ff |
+
|
|
|
6729ff |
+ ret = wbcLookupUserSids(&dom_sid,
|
|
|
6729ff |
+ false,
|
|
|
6729ff |
+ &num_sids,
|
|
|
6729ff |
+ &sid_list);
|
|
|
6729ff |
+ if (ret != WBC_ERR_SUCCESS) {
|
|
|
6729ff |
+ return false;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
|
|
|
6729ff |
+ if (*p_sids == NULL) {
|
|
|
6729ff |
+ wbcFreeMemory(sid_list);
|
|
|
6729ff |
+ return false;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ *p_num_sids = num_sids;
|
|
|
6729ff |
+ wbcFreeMemory(sid_list);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ return true;
|
|
|
6729ff |
+}
|
|
|
6729ff |
+
|
|
|
6729ff |
#else /* WITH_WINBIND */
|
|
|
6729ff |
|
|
|
6729ff |
struct passwd * winbind_getpwnam(const char * name)
|
|
|
6729ff |
diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
|
|
|
6729ff |
index 541bb95..abbc5a9 100644
|
|
|
6729ff |
--- a/source3/lib/winbind_util.h
|
|
|
6729ff |
+++ b/source3/lib/winbind_util.h
|
|
|
6729ff |
@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
size_t num_members,
|
|
|
6729ff |
uint32_t **pp_alias_rids,
|
|
|
6729ff |
size_t *p_num_alias_rids);
|
|
|
6729ff |
+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const struct dom_sid *user_sid,
|
|
|
6729ff |
+ uint32_t *p_num_sids,
|
|
|
6729ff |
+ struct dom_sid **p_sids);
|
|
|
6729ff |
|
|
|
6729ff |
#endif /* __LIB__WINBIND_UTIL_H__ */
|
|
|
6729ff |
diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/pdb-0.1.0.sigs
|
|
|
6729ff |
new file mode 100644
|
|
|
6729ff |
index 0000000..f4de9c4
|
|
|
6729ff |
--- /dev/null
|
|
|
6729ff |
+++ b/source3/passdb/ABI/pdb-0.1.0.sigs
|
|
|
6729ff |
@@ -0,0 +1,311 @@
|
|
|
6729ff |
+PDB_secrets_clear_domain_protection: bool (const char *)
|
|
|
6729ff |
+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *)
|
|
|
6729ff |
+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *)
|
|
|
6729ff |
+PDB_secrets_mark_domain_protected: bool (const char *)
|
|
|
6729ff |
+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *)
|
|
|
6729ff |
+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *)
|
|
|
6729ff |
+account_policy_get: bool (enum pdb_policy_type, uint32_t *)
|
|
|
6729ff |
+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *)
|
|
|
6729ff |
+account_policy_get_desc: const char *(enum pdb_policy_type)
|
|
|
6729ff |
+account_policy_name_to_typenum: enum pdb_policy_type (const char *)
|
|
|
6729ff |
+account_policy_names_list: void (TALLOC_CTX *, const char ***, int *)
|
|
|
6729ff |
+account_policy_set: bool (enum pdb_policy_type, uint32_t)
|
|
|
6729ff |
+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *)
|
|
|
6729ff |
+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t)
|
|
|
6729ff |
+algorithmic_pdb_rid_is_user: bool (uint32_t)
|
|
|
6729ff |
+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t)
|
|
|
6729ff |
+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t)
|
|
|
6729ff |
+algorithmic_rid_base: int (void)
|
|
|
6729ff |
+builtin_domain_name: const char *(void)
|
|
|
6729ff |
+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
|
|
|
6729ff |
+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
|
|
|
6729ff |
+create_builtin_administrators: NTSTATUS (const struct dom_sid *)
|
|
|
6729ff |
+create_builtin_users: NTSTATUS (const struct dom_sid *)
|
|
|
6729ff |
+decode_account_policy_name: const char *(enum pdb_policy_type)
|
|
|
6729ff |
+get_account_pol_db: struct db_context *(void)
|
|
|
6729ff |
+get_account_policy_attr: const char *(enum pdb_policy_type)
|
|
|
6729ff |
+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *)
|
|
|
6729ff |
+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **)
|
|
|
6729ff |
+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *)
|
|
|
6729ff |
+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int)
|
|
|
6729ff |
+get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *)
|
|
|
6729ff |
+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *)
|
|
|
6729ff |
+gid_to_sid: void (struct dom_sid *, gid_t)
|
|
|
6729ff |
+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *)
|
|
|
6729ff |
+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int)
|
|
|
6729ff |
+grant_all_privileges: bool (const struct dom_sid *)
|
|
|
6729ff |
+grant_privilege_by_name: bool (const struct dom_sid *, const char *)
|
|
|
6729ff |
+grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
|
|
|
6729ff |
+groupdb_tdb_init: const struct mapping_backend *(void)
|
|
|
6729ff |
+init_account_policy: bool (void)
|
|
|
6729ff |
+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool)
|
|
|
6729ff |
+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t)
|
|
|
6729ff |
+initialize_password_db: bool (bool, struct tevent_context *)
|
|
|
6729ff |
+is_dc_trusted_domain_situation: bool (const char *)
|
|
|
6729ff |
+is_privileged_sid: bool (const struct dom_sid *)
|
|
|
6729ff |
+local_password_change: NTSTATUS (const char *, int, const char *, char **, char **)
|
|
|
6729ff |
+login_cache_delentry: bool (const struct samu *)
|
|
|
6729ff |
+login_cache_init: bool (void)
|
|
|
6729ff |
+login_cache_read: bool (struct samu *, struct login_cache *)
|
|
|
6729ff |
+login_cache_shutdown: bool (void)
|
|
|
6729ff |
+login_cache_write: bool (const struct samu *, const struct login_cache *)
|
|
|
6729ff |
+lookup_builtin_name: bool (const char *, uint32_t *)
|
|
|
6729ff |
+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **)
|
|
|
6729ff |
+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *)
|
|
|
6729ff |
+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
|
|
|
6729ff |
+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
|
|
|
6729ff |
+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
|
|
|
6729ff |
+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **)
|
|
|
6729ff |
+lookup_unix_group_name: bool (const char *, struct dom_sid *)
|
|
|
6729ff |
+lookup_unix_user_name: bool (const char *, struct dom_sid *)
|
|
|
6729ff |
+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **)
|
|
|
6729ff |
+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **)
|
|
|
6729ff |
+make_pdb_method: NTSTATUS (struct pdb_methods **)
|
|
|
6729ff |
+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *)
|
|
|
6729ff |
+max_algorithmic_gid: gid_t (void)
|
|
|
6729ff |
+max_algorithmic_uid: uid_t (void)
|
|
|
6729ff |
+my_sam_name: const char *(void)
|
|
|
6729ff |
+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *)
|
|
|
6729ff |
+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
|
|
|
6729ff |
+pdb_add_sam_account: NTSTATUS (struct samu *)
|
|
|
6729ff |
+pdb_build_fields_present: uint32_t (struct samu *)
|
|
|
6729ff |
+pdb_capabilities: uint32_t (void)
|
|
|
6729ff |
+pdb_copy_sam_account: bool (struct samu *, struct samu *)
|
|
|
6729ff |
+pdb_create_alias: NTSTATUS (const char *, uint32_t *)
|
|
|
6729ff |
+pdb_create_builtin: NTSTATUS (uint32_t)
|
|
|
6729ff |
+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
|
|
|
6729ff |
+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
|
|
|
6729ff |
+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
|
|
|
6729ff |
+pdb_decode_acct_ctrl: uint32_t (const char *)
|
|
|
6729ff |
+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
|
|
|
6729ff |
+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
|
|
|
6729ff |
+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *)
|
|
|
6729ff |
+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
|
|
|
6729ff |
+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
|
|
|
6729ff |
+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
|
|
|
6729ff |
+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
|
|
|
6729ff |
+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
|
|
|
6729ff |
+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
|
|
|
6729ff |
+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
|
|
|
6729ff |
+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
|
|
|
6729ff |
+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
|
|
|
6729ff |
+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
|
|
|
6729ff |
+pdb_del_trusted_domain: NTSTATUS (const char *)
|
|
|
6729ff |
+pdb_del_trusteddom_pw: bool (const char *)
|
|
|
6729ff |
+pdb_delete_alias: NTSTATUS (const struct dom_sid *)
|
|
|
6729ff |
+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t)
|
|
|
6729ff |
+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid)
|
|
|
6729ff |
+pdb_delete_sam_account: NTSTATUS (struct samu *)
|
|
|
6729ff |
+pdb_delete_secret: NTSTATUS (const char *)
|
|
|
6729ff |
+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *)
|
|
|
6729ff |
+pdb_element_is_changed: bool (const struct samu *, enum pdb_elements)
|
|
|
6729ff |
+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements)
|
|
|
6729ff |
+pdb_encode_acct_ctrl: char *(uint32_t, size_t)
|
|
|
6729ff |
+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
|
|
|
6729ff |
+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
|
|
|
6729ff |
+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
|
|
|
6729ff |
+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *)
|
|
|
6729ff |
+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *)
|
|
|
6729ff |
+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***)
|
|
|
6729ff |
+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
|
|
|
6729ff |
+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***)
|
|
|
6729ff |
+pdb_find_backend_entry: struct pdb_init_function_entry *(const char *)
|
|
|
6729ff |
+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *)
|
|
|
6729ff |
+pdb_get_acct_ctrl: uint32_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_acct_desc: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
|
|
|
6729ff |
+pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *)
|
|
|
6729ff |
+pdb_get_backends: const struct pdb_init_function_entry *(void)
|
|
|
6729ff |
+pdb_get_bad_password_count: uint16_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_bad_password_time: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_code_page: uint16_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_comment: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_country_code: uint16_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_dir_drive: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_domain: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *)
|
|
|
6729ff |
+pdb_get_fullname: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_group_rid: uint32_t (struct samu *)
|
|
|
6729ff |
+pdb_get_group_sid: const struct dom_sid *(struct samu *)
|
|
|
6729ff |
+pdb_get_homedir: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_hours: const uint8_t *(const struct samu *)
|
|
|
6729ff |
+pdb_get_hours_len: uint32_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements)
|
|
|
6729ff |
+pdb_get_kickoff_time: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_lanman_passwd: const uint8_t *(const struct samu *)
|
|
|
6729ff |
+pdb_get_logoff_time: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_logon_count: uint16_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_logon_divs: uint16_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_logon_script: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_logon_time: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_munged_dial: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_nt_passwd: const uint8_t *(const struct samu *)
|
|
|
6729ff |
+pdb_get_nt_username: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_pass_can_change: bool (const struct samu *)
|
|
|
6729ff |
+pdb_get_pass_can_change_time: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_pass_last_set_time: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_pass_must_change_time: time_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_plaintext_passwd: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_profile_path: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
|
|
|
6729ff |
+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
|
|
|
6729ff |
+pdb_get_seq_num: bool (time_t *)
|
|
|
6729ff |
+pdb_get_tevent_context: struct tevent_context *(void)
|
|
|
6729ff |
+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
|
|
|
6729ff |
+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
|
|
|
6729ff |
+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
|
|
|
6729ff |
+pdb_get_unknown_6: uint32_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_user_rid: uint32_t (const struct samu *)
|
|
|
6729ff |
+pdb_get_user_sid: const struct dom_sid *(const struct samu *)
|
|
|
6729ff |
+pdb_get_username: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_get_workstations: const char *(const struct samu *)
|
|
|
6729ff |
+pdb_getgrgid: bool (GROUP_MAP *, gid_t)
|
|
|
6729ff |
+pdb_getgrnam: bool (GROUP_MAP *, const char *)
|
|
|
6729ff |
+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid)
|
|
|
6729ff |
+pdb_gethexhours: bool (const char *, unsigned char *)
|
|
|
6729ff |
+pdb_gethexpwd: bool (const char *, unsigned char *)
|
|
|
6729ff |
+pdb_getsampwnam: bool (struct samu *, const char *)
|
|
|
6729ff |
+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_gid_to_sid: bool (gid_t, struct dom_sid *)
|
|
|
6729ff |
+pdb_group_rid_to_gid: gid_t (uint32_t)
|
|
|
6729ff |
+pdb_increment_bad_password_count: bool (struct samu *)
|
|
|
6729ff |
+pdb_is_password_change_time_max: bool (time_t)
|
|
|
6729ff |
+pdb_is_responsible_for_builtin: bool (void)
|
|
|
6729ff |
+pdb_is_responsible_for_our_sam: bool (void)
|
|
|
6729ff |
+pdb_is_responsible_for_unix_groups: bool (void)
|
|
|
6729ff |
+pdb_is_responsible_for_unix_users: bool (void)
|
|
|
6729ff |
+pdb_is_responsible_for_wellknown: bool (void)
|
|
|
6729ff |
+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *)
|
|
|
6729ff |
+pdb_new_rid: bool (uint32_t *)
|
|
|
6729ff |
+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
|
|
|
6729ff |
+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
|
|
|
6729ff |
+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool)
|
|
|
6729ff |
+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
|
|
|
6729ff |
+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
|
|
|
6729ff |
+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
|
|
|
6729ff |
+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
|
|
|
6729ff |
+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *)
|
|
|
6729ff |
+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **)
|
|
|
6729ff |
+pdb_search_groups: struct pdb_search *(TALLOC_CTX *)
|
|
|
6729ff |
+pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_type)
|
|
|
6729ff |
+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t)
|
|
|
6729ff |
+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t)
|
|
|
6729ff |
+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
|
|
|
6729ff |
+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_pass_can_change: bool (struct samu *, bool)
|
|
|
6729ff |
+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_plaintext_passwd: bool (struct samu *, const char *)
|
|
|
6729ff |
+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *)
|
|
|
6729ff |
+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *)
|
|
|
6729ff |
+pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *)
|
|
|
6729ff |
+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *)
|
|
|
6729ff |
+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **)
|
|
|
6729ff |
+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state)
|
|
|
6729ff |
+pdb_sethexhours: void (char *, const unsigned char *)
|
|
|
6729ff |
+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t)
|
|
|
6729ff |
+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *)
|
|
|
6729ff |
+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *)
|
|
|
6729ff |
+pdb_uid_to_sid: bool (uid_t, struct dom_sid *)
|
|
|
6729ff |
+pdb_update_autolock_flag: bool (struct samu *, bool *)
|
|
|
6729ff |
+pdb_update_bad_password_count: bool (struct samu *, bool *)
|
|
|
6729ff |
+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *)
|
|
|
6729ff |
+pdb_update_login_attempts: NTSTATUS (struct samu *, bool)
|
|
|
6729ff |
+pdb_update_sam_account: NTSTATUS (struct samu *)
|
|
|
6729ff |
+privilege_create_account: NTSTATUS (const struct dom_sid *)
|
|
|
6729ff |
+privilege_delete_account: NTSTATUS (const struct dom_sid *)
|
|
|
6729ff |
+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *)
|
|
|
6729ff |
+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *)
|
|
|
6729ff |
+revoke_all_privileges: bool (const struct dom_sid *)
|
|
|
6729ff |
+revoke_privilege_by_name: bool (const struct dom_sid *, const char *)
|
|
|
6729ff |
+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
|
|
|
6729ff |
+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *)
|
|
|
6729ff |
+samu_new: struct samu *(TALLOC_CTX *)
|
|
|
6729ff |
+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *)
|
|
|
6729ff |
+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
|
|
|
6729ff |
+sid_check_is_builtin: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_for_passdb: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_in_builtin: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_in_unix_groups: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_in_unix_users: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_unix_groups: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_unix_users: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_wellknown_builtin: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **)
|
|
|
6729ff |
+sid_check_object_is_for_passdb: bool (const struct dom_sid *)
|
|
|
6729ff |
+sid_to_gid: bool (const struct dom_sid *, gid_t *)
|
|
|
6729ff |
+sid_to_uid: bool (const struct dom_sid *, uid_t *)
|
|
|
6729ff |
+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *)
|
|
|
6729ff |
+smb_add_user_group: int (const char *, const char *)
|
|
|
6729ff |
+smb_create_group: int (const char *, gid_t *)
|
|
|
6729ff |
+smb_delete_group: int (const char *)
|
|
|
6729ff |
+smb_delete_user_group: int (const char *, const char *)
|
|
|
6729ff |
+smb_nscd_flush_group_cache: void (void)
|
|
|
6729ff |
+smb_nscd_flush_user_cache: void (void)
|
|
|
6729ff |
+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function)
|
|
|
6729ff |
+smb_set_primary_group: int (const char *, const char *)
|
|
|
6729ff |
+uid_to_sid: void (struct dom_sid *, uid_t)
|
|
|
6729ff |
+uid_to_unix_users_sid: void (uid_t, struct dom_sid *)
|
|
|
6729ff |
+unix_groups_domain_name: const char *(void)
|
|
|
6729ff |
+unix_users_domain_name: const char *(void)
|
|
|
6729ff |
+unixid_from_both: void (struct unixid *, uint32_t)
|
|
|
6729ff |
+unixid_from_gid: void (struct unixid *, uint32_t)
|
|
|
6729ff |
+unixid_from_uid: void (struct unixid *, uint32_t)
|
|
|
6729ff |
+wb_is_trusted_domain: wbcErr (const char *)
|
|
|
6729ff |
+winbind_allocate_gid: bool (gid_t *)
|
|
|
6729ff |
+winbind_allocate_uid: bool (uid_t *)
|
|
|
6729ff |
+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **)
|
|
|
6729ff |
+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
|
|
|
6729ff |
+winbind_getpwnam: struct passwd *(const char *)
|
|
|
6729ff |
+winbind_getpwsid: struct passwd *(const struct dom_sid *)
|
|
|
6729ff |
+winbind_gid_to_sid: bool (struct dom_sid *, gid_t)
|
|
|
6729ff |
+winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *)
|
|
|
6729ff |
+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **)
|
|
|
6729ff |
+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
|
|
|
6729ff |
+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **)
|
|
|
6729ff |
+winbind_ping: bool (void)
|
|
|
6729ff |
+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
|
|
|
6729ff |
+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
|
|
|
6729ff |
+winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
|
|
|
6729ff |
diff --git a/source3/wscript_build b/source3/wscript_build
|
|
|
6729ff |
index e0432bf..6d6b6aa 100755
|
|
|
6729ff |
--- a/source3/wscript_build
|
|
|
6729ff |
+++ b/source3/wscript_build
|
|
|
6729ff |
@@ -736,7 +736,7 @@ bld.SAMBA3_LIBRARY('pdb',
|
|
|
6729ff |
passdb/lookup_sid.h''',
|
|
|
6729ff |
abi_match=private_pdb_match,
|
|
|
6729ff |
abi_directory='passdb/ABI',
|
|
|
6729ff |
- vnum='0',
|
|
|
6729ff |
+ vnum='0.1.0',
|
|
|
6729ff |
vars=locals())
|
|
|
6729ff |
|
|
|
6729ff |
bld.SAMBA3_LIBRARY('smbldaphelper',
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.5.2
|
|
|
6729ff |
|
|
|
6729ff |
|
|
|
6729ff |
From 91debcafd196a9e821efddce0a9d75c48f8e168d Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Date: Fri, 13 Dec 2013 19:08:34 +0100
|
|
|
6729ff |
Subject: [PATCH 2/7] s3-auth: Add passwd_to_SamInfo3().
|
|
|
6729ff |
|
|
|
6729ff |
First this function tries to contacts winbind if the user is a domain
|
|
|
6729ff |
user to get valid information about it. If winbind isn't running it will
|
|
|
6729ff |
try to create everything from the passwd struct. This is not always
|
|
|
6729ff |
reliable but works in most cases. It improves the current situation
|
|
|
6729ff |
which doesn't talk to winbind at all.
|
|
|
6729ff |
|
|
|
6729ff |
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
|
|
|
6729ff |
Signed-off-by: Guenther Deschner <gd@samba.org>
|
|
|
6729ff |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
(cherry picked from commit 1bb11c7744df6928cb8a096373ab920366b38770)
|
|
|
6729ff |
---
|
|
|
6729ff |
source3/auth/proto.h | 4 ++
|
|
|
6729ff |
source3/auth/server_info.c | 116 +++++++++++++++++++++++++++++++++++++++++++++
|
|
|
6729ff |
2 files changed, 120 insertions(+)
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
|
|
|
6729ff |
index 76661fc..8385e66 100644
|
|
|
6729ff |
--- a/source3/auth/proto.h
|
|
|
6729ff |
+++ b/source3/auth/proto.h
|
|
|
6729ff |
@@ -286,6 +286,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
const char *login_server,
|
|
|
6729ff |
struct netr_SamInfo3 **_info3,
|
|
|
6729ff |
struct extra_auth_info *extra);
|
|
|
6729ff |
+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const char *unix_username,
|
|
|
6729ff |
+ const struct passwd *pwd,
|
|
|
6729ff |
+ struct netr_SamInfo3 **pinfo3);
|
|
|
6729ff |
struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
struct netr_SamInfo3 *orig);
|
|
|
6729ff |
struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
|
|
|
6729ff |
index d2b7d6e..46d8178 100644
|
|
|
6729ff |
--- a/source3/auth/server_info.c
|
|
|
6729ff |
+++ b/source3/auth/server_info.c
|
|
|
6729ff |
@@ -24,6 +24,7 @@
|
|
|
6729ff |
#include "../libcli/security/security.h"
|
|
|
6729ff |
#include "rpc_client/util_netlogon.h"
|
|
|
6729ff |
#include "nsswitch/libwbclient/wbclient.h"
|
|
|
6729ff |
+#include "lib/winbind_util.h"
|
|
|
6729ff |
#include "passdb.h"
|
|
|
6729ff |
|
|
|
6729ff |
#undef DBGC_CLASS
|
|
|
6729ff |
@@ -436,6 +437,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
return NT_STATUS_OK;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const char *unix_username,
|
|
|
6729ff |
+ const struct passwd *pwd,
|
|
|
6729ff |
+ struct netr_SamInfo3 **pinfo3)
|
|
|
6729ff |
+{
|
|
|
6729ff |
+ struct netr_SamInfo3 *info3;
|
|
|
6729ff |
+ NTSTATUS status;
|
|
|
6729ff |
+ TALLOC_CTX *tmp_ctx;
|
|
|
6729ff |
+ const char *domain_name = NULL;
|
|
|
6729ff |
+ const char *user_name = NULL;
|
|
|
6729ff |
+ struct dom_sid domain_sid;
|
|
|
6729ff |
+ struct dom_sid user_sid;
|
|
|
6729ff |
+ struct dom_sid group_sid;
|
|
|
6729ff |
+ enum lsa_SidType type;
|
|
|
6729ff |
+ uint32_t num_sids = 0;
|
|
|
6729ff |
+ struct dom_sid *user_sids = NULL;
|
|
|
6729ff |
+ bool ok;
|
|
|
6729ff |
+
|
|
|
6729ff |
+ tmp_ctx = talloc_stackframe();
|
|
|
6729ff |
+
|
|
|
6729ff |
+ ok = lookup_name_smbconf(tmp_ctx,
|
|
|
6729ff |
+ unix_username,
|
|
|
6729ff |
+ LOOKUP_NAME_ALL,
|
|
|
6729ff |
+ &domain_name,
|
|
|
6729ff |
+ &user_name,
|
|
|
6729ff |
+ &user_sid,
|
|
|
6729ff |
+ &type);
|
|
|
6729ff |
+ if (!ok) {
|
|
|
6729ff |
+ status = NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ if (type != SID_NAME_USER) {
|
|
|
6729ff |
+ status = NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ ok = winbind_lookup_usersids(tmp_ctx,
|
|
|
6729ff |
+ &user_sid,
|
|
|
6729ff |
+ &num_sids,
|
|
|
6729ff |
+ &user_sids);
|
|
|
6729ff |
+ /* Check if winbind is running */
|
|
|
6729ff |
+ if (ok) {
|
|
|
6729ff |
+ /*
|
|
|
6729ff |
+ * Winbind is running and the first element of the user_sids
|
|
|
6729ff |
+ * is the primary group.
|
|
|
6729ff |
+ */
|
|
|
6729ff |
+ if (num_sids > 0) {
|
|
|
6729ff |
+ group_sid = user_sids[0];
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+ } else {
|
|
|
6729ff |
+ /*
|
|
|
6729ff |
+ * Winbind is not running, create the group_sid from the
|
|
|
6729ff |
+ * group id.
|
|
|
6729ff |
+ */
|
|
|
6729ff |
+ gid_to_sid(&group_sid, pwd->pw_gid);
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ /* Make sure we have a valid group sid */
|
|
|
6729ff |
+ ok = !is_null_sid(&group_sid);
|
|
|
6729ff |
+ if (!ok) {
|
|
|
6729ff |
+ status = NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ /* Construct a netr_SamInfo3 from the information we have */
|
|
|
6729ff |
+ info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3);
|
|
|
6729ff |
+ if (!info3) {
|
|
|
6729ff |
+ status = NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ info3->base.account_name.string = talloc_strdup(info3, unix_username);
|
|
|
6729ff |
+ if (info3->base.account_name.string == NULL) {
|
|
|
6729ff |
+ status = NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ ZERO_STRUCT(domain_sid);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ sid_copy(&domain_sid, &user_sid);
|
|
|
6729ff |
+ sid_split_rid(&domain_sid, &info3->base.rid);
|
|
|
6729ff |
+ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ ok = sid_peek_check_rid(&domain_sid, &group_sid,
|
|
|
6729ff |
+ &info3->base.primary_gid);
|
|
|
6729ff |
+ if (!ok) {
|
|
|
6729ff |
+ DEBUG(1, ("The primary group domain sid(%s) does not "
|
|
|
6729ff |
+ "match the domain sid(%s) for %s(%s)\n",
|
|
|
6729ff |
+ sid_string_dbg(&group_sid),
|
|
|
6729ff |
+ sid_string_dbg(&domain_sid),
|
|
|
6729ff |
+ unix_username,
|
|
|
6729ff |
+ sid_string_dbg(&user_sid)));
|
|
|
6729ff |
+ status = NT_STATUS_INVALID_SID;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ info3->base.acct_flags = ACB_NORMAL;
|
|
|
6729ff |
+
|
|
|
6729ff |
+ if (num_sids) {
|
|
|
6729ff |
+ status = group_sids_to_info3(info3, user_sids, num_sids);
|
|
|
6729ff |
+ if (!NT_STATUS_IS_OK(status)) {
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ *pinfo3 = talloc_steal(mem_ctx, info3);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ status = NT_STATUS_OK;
|
|
|
6729ff |
+done:
|
|
|
6729ff |
+ talloc_free(tmp_ctx);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ return status;
|
|
|
6729ff |
+}
|
|
|
6729ff |
+
|
|
|
6729ff |
#undef RET_NOMEM
|
|
|
6729ff |
|
|
|
6729ff |
#define RET_NOMEM(ptr) do { \
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.5.2
|
|
|
6729ff |
|
|
|
6729ff |
|
|
|
6729ff |
From c7b7670dc5cd8dbf727258666b6417d67afafb33 Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Date: Fri, 13 Dec 2013 19:11:01 +0100
|
|
|
6729ff |
Subject: [PATCH 3/7] s3-auth: Pass talloc context to make_server_info_pw().
|
|
|
6729ff |
|
|
|
6729ff |
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
|
|
|
6729ff |
Signed-off-by: Guenther Deschner <gd@samba.org>
|
|
|
6729ff |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
(cherry picked from commit 1b59c9743cf3fbd66b0b8b52162b2cc8d922e5cf)
|
|
|
6729ff |
---
|
|
|
6729ff |
source3/auth/auth_unix.c | 7 +++++--
|
|
|
6729ff |
source3/auth/auth_util.c | 52 +++++++++++++++++++++++++++++-------------------
|
|
|
6729ff |
source3/auth/proto.h | 7 ++++---
|
|
|
6729ff |
source3/auth/user_krb5.c | 5 +----
|
|
|
6729ff |
4 files changed, 42 insertions(+), 29 deletions(-)
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
|
|
|
6729ff |
index c8b5435..7b483a2 100644
|
|
|
6729ff |
--- a/source3/auth/auth_unix.c
|
|
|
6729ff |
+++ b/source3/auth/auth_unix.c
|
|
|
6729ff |
@@ -67,8 +67,11 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
|
|
|
6729ff |
unbecome_root();
|
|
|
6729ff |
|
|
|
6729ff |
if (NT_STATUS_IS_OK(nt_status)) {
|
|
|
6729ff |
- if (pass) {
|
|
|
6729ff |
- make_server_info_pw(server_info, pass->pw_name, pass);
|
|
|
6729ff |
+ if (pass != NULL) {
|
|
|
6729ff |
+ nt_status = make_server_info_pw(mem_ctx,
|
|
|
6729ff |
+ pass->pw_name,
|
|
|
6729ff |
+ pass,
|
|
|
6729ff |
+ server_info);
|
|
|
6729ff |
} else {
|
|
|
6729ff |
/* we need to do somthing more useful here */
|
|
|
6729ff |
nt_status = NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
|
|
6729ff |
index ceaa706..b225b0d 100644
|
|
|
6729ff |
--- a/source3/auth/auth_util.c
|
|
|
6729ff |
+++ b/source3/auth/auth_util.c
|
|
|
6729ff |
@@ -639,14 +639,15 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
to a struct samu
|
|
|
6729ff |
***************************************************************************/
|
|
|
6729ff |
|
|
|
6729ff |
-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
- char *unix_username,
|
|
|
6729ff |
- struct passwd *pwd)
|
|
|
6729ff |
+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const char *unix_username,
|
|
|
6729ff |
+ const struct passwd *pwd,
|
|
|
6729ff |
+ struct auth_serversupplied_info **server_info)
|
|
|
6729ff |
{
|
|
|
6729ff |
NTSTATUS status;
|
|
|
6729ff |
struct samu *sampass = NULL;
|
|
|
6729ff |
char *qualified_name = NULL;
|
|
|
6729ff |
- TALLOC_CTX *mem_ctx = NULL;
|
|
|
6729ff |
+ TALLOC_CTX *tmp_ctx;
|
|
|
6729ff |
struct dom_sid u_sid;
|
|
|
6729ff |
enum lsa_SidType type;
|
|
|
6729ff |
struct auth_serversupplied_info *result;
|
|
|
6729ff |
@@ -664,27 +665,27 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
* plaintext passwords were used with no SAM backend.
|
|
|
6729ff |
*/
|
|
|
6729ff |
|
|
|
6729ff |
- mem_ctx = talloc_init("make_server_info_pw_tmp");
|
|
|
6729ff |
- if (!mem_ctx) {
|
|
|
6729ff |
+ tmp_ctx = talloc_stackframe();
|
|
|
6729ff |
+ if (tmp_ctx == NULL) {
|
|
|
6729ff |
return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
|
|
|
6729ff |
+ qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
|
|
|
6729ff |
unix_users_domain_name(),
|
|
|
6729ff |
unix_username );
|
|
|
6729ff |
if (!qualified_name) {
|
|
|
6729ff |
- TALLOC_FREE(mem_ctx);
|
|
|
6729ff |
+ TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
|
|
|
6729ff |
+ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
|
|
|
6729ff |
NULL, NULL,
|
|
|
6729ff |
&u_sid, &type)) {
|
|
|
6729ff |
- TALLOC_FREE(mem_ctx);
|
|
|
6729ff |
+ TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
return NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- TALLOC_FREE(mem_ctx);
|
|
|
6729ff |
+ TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
|
|
|
6729ff |
if (type != SID_NAME_USER) {
|
|
|
6729ff |
return NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
@@ -707,7 +708,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
/* set the user sid to be the calculated u_sid */
|
|
|
6729ff |
pdb_set_user_sid(sampass, &u_sid, PDB_SET);
|
|
|
6729ff |
|
|
|
6729ff |
- result = make_server_info(NULL);
|
|
|
6729ff |
+ result = make_server_info(mem_ctx);
|
|
|
6729ff |
if (result == NULL) {
|
|
|
6729ff |
TALLOC_FREE(sampass);
|
|
|
6729ff |
return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
@@ -992,25 +993,36 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
struct passwd *pwd;
|
|
|
6729ff |
NTSTATUS status;
|
|
|
6729ff |
struct auth_serversupplied_info *result;
|
|
|
6729ff |
+ TALLOC_CTX *tmp_ctx;
|
|
|
6729ff |
|
|
|
6729ff |
- pwd = Get_Pwnam_alloc(talloc_tos(), username);
|
|
|
6729ff |
- if (pwd == NULL) {
|
|
|
6729ff |
- return NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
+ tmp_ctx = talloc_stackframe();
|
|
|
6729ff |
+ if (tmp_ctx == NULL) {
|
|
|
6729ff |
+ return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- status = make_server_info_pw(&result, pwd->pw_name, pwd);
|
|
|
6729ff |
+ pwd = Get_Pwnam_alloc(tmp_ctx, username);
|
|
|
6729ff |
+ if (pwd == NULL) {
|
|
|
6729ff |
+ status = NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
|
|
|
6729ff |
+ status = make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result);
|
|
|
6729ff |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
6729ff |
- return status;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
result->nss_token = true;
|
|
|
6729ff |
result->guest = is_guest;
|
|
|
6729ff |
|
|
|
6729ff |
/* Now turn the server_info into a session_info with the full token etc */
|
|
|
6729ff |
- status = create_local_token(mem_ctx, result, NULL, pwd->pw_name, session_info);
|
|
|
6729ff |
- TALLOC_FREE(result);
|
|
|
6729ff |
- TALLOC_FREE(pwd);
|
|
|
6729ff |
+ status = create_local_token(mem_ctx,
|
|
|
6729ff |
+ result,
|
|
|
6729ff |
+ NULL,
|
|
|
6729ff |
+ pwd->pw_name,
|
|
|
6729ff |
+ session_info);
|
|
|
6729ff |
+
|
|
|
6729ff |
+done:
|
|
|
6729ff |
+ talloc_free(tmp_ctx);
|
|
|
6729ff |
|
|
|
6729ff |
return status;
|
|
|
6729ff |
}
|
|
|
6729ff |
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
|
|
|
6729ff |
index 8385e66..7abca07 100644
|
|
|
6729ff |
--- a/source3/auth/proto.h
|
|
|
6729ff |
+++ b/source3/auth/proto.h
|
|
|
6729ff |
@@ -206,9 +206,10 @@ bool user_in_group_sid(const char *username, const struct dom_sid *group_sid);
|
|
|
6729ff |
bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *group_sid);
|
|
|
6729ff |
bool user_in_group(const char *username, const char *groupname);
|
|
|
6729ff |
struct passwd;
|
|
|
6729ff |
-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
- char *unix_username,
|
|
|
6729ff |
- struct passwd *pwd);
|
|
|
6729ff |
+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const char *unix_username,
|
|
|
6729ff |
+ const struct passwd *pwd,
|
|
|
6729ff |
+ struct auth_serversupplied_info **server_info);
|
|
|
6729ff |
NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
const char *username,
|
|
|
6729ff |
bool is_guest,
|
|
|
6729ff |
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
|
|
|
6729ff |
index 974a8aa..7d44285 100644
|
|
|
6729ff |
--- a/source3/auth/user_krb5.c
|
|
|
6729ff |
+++ b/source3/auth/user_krb5.c
|
|
|
6729ff |
@@ -242,7 +242,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
*/
|
|
|
6729ff |
DEBUG(10, ("didn't find user %s in passdb, calling "
|
|
|
6729ff |
"make_server_info_pw\n", username));
|
|
|
6729ff |
- status = make_server_info_pw(&tmp, username, pw);
|
|
|
6729ff |
+ status = make_server_info_pw(mem_ctx, username, pw, &tmp);
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
TALLOC_FREE(sampass);
|
|
|
6729ff |
@@ -253,9 +253,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
return status;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- /* Steal tmp server info into the server_info pointer. */
|
|
|
6729ff |
- server_info = talloc_move(mem_ctx, &tmp);
|
|
|
6729ff |
-
|
|
|
6729ff |
/* make_server_info_pw does not set the domain. Without this
|
|
|
6729ff |
* we end up with the local netbios name in substitutions for
|
|
|
6729ff |
* %D. */
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.5.2
|
|
|
6729ff |
|
|
|
6729ff |
|
|
|
6729ff |
From 4fbd13598e8bdc6acf41329f71de806de4265f36 Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Date: Fri, 13 Dec 2013 19:19:02 +0100
|
|
|
6729ff |
Subject: [PATCH 4/7] s3-auth: Add passwd_to_SamInfo3().
|
|
|
6729ff |
|
|
|
6729ff |
Correctly lookup users which come from smb.conf. passwd_to_SamInfo3()
|
|
|
6729ff |
tries to contact winbind if the user is a domain user to get
|
|
|
6729ff |
valid information about it. If winbind isn't running it will try to
|
|
|
6729ff |
create everything from the passwd struct. This is not always reliable
|
|
|
6729ff |
but works in most cases. It improves the current situation which doesn't
|
|
|
6729ff |
talk to winbind at all.
|
|
|
6729ff |
|
|
|
6729ff |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
|
|
|
6729ff |
|
|
|
6729ff |
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
|
|
|
6729ff |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
|
|
|
6729ff |
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104
|
|
|
6729ff |
|
|
|
6729ff |
(cherry picked from commit 40e6456b5896e934fcd581c2cac2389984256e09)
|
|
|
6729ff |
---
|
|
|
6729ff |
source3/auth/auth_util.c | 87 +++++++++-------------------------------------
|
|
|
6729ff |
source3/auth/server_info.c | 22 ++++++++++--
|
|
|
6729ff |
2 files changed, 36 insertions(+), 73 deletions(-)
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
|
|
6729ff |
index b225b0d..24190af 100644
|
|
|
6729ff |
--- a/source3/auth/auth_util.c
|
|
|
6729ff |
+++ b/source3/auth/auth_util.c
|
|
|
6729ff |
@@ -645,98 +645,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
struct auth_serversupplied_info **server_info)
|
|
|
6729ff |
{
|
|
|
6729ff |
NTSTATUS status;
|
|
|
6729ff |
- struct samu *sampass = NULL;
|
|
|
6729ff |
- char *qualified_name = NULL;
|
|
|
6729ff |
- TALLOC_CTX *tmp_ctx;
|
|
|
6729ff |
- struct dom_sid u_sid;
|
|
|
6729ff |
- enum lsa_SidType type;
|
|
|
6729ff |
+ TALLOC_CTX *tmp_ctx = NULL;
|
|
|
6729ff |
struct auth_serversupplied_info *result;
|
|
|
6729ff |
|
|
|
6729ff |
- /*
|
|
|
6729ff |
- * The SID returned in server_info->sam_account is based
|
|
|
6729ff |
- * on our SAM sid even though for a pure UNIX account this should
|
|
|
6729ff |
- * not be the case as it doesn't really exist in the SAM db.
|
|
|
6729ff |
- * This causes lookups on "[in]valid users" to fail as they
|
|
|
6729ff |
- * will lookup this name as a "Unix User" SID to check against
|
|
|
6729ff |
- * the user token. Fix this by adding the "Unix User"\unix_username
|
|
|
6729ff |
- * SID to the sid array. The correct fix should probably be
|
|
|
6729ff |
- * changing the server_info->sam_account user SID to be a
|
|
|
6729ff |
- * S-1-22 Unix SID, but this might break old configs where
|
|
|
6729ff |
- * plaintext passwords were used with no SAM backend.
|
|
|
6729ff |
- */
|
|
|
6729ff |
-
|
|
|
6729ff |
tmp_ctx = talloc_stackframe();
|
|
|
6729ff |
if (tmp_ctx == NULL) {
|
|
|
6729ff |
return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
|
|
|
6729ff |
- unix_users_domain_name(),
|
|
|
6729ff |
- unix_username );
|
|
|
6729ff |
- if (!qualified_name) {
|
|
|
6729ff |
- TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
- return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
- }
|
|
|
6729ff |
-
|
|
|
6729ff |
- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
|
|
|
6729ff |
- NULL, NULL,
|
|
|
6729ff |
- &u_sid, &type)) {
|
|
|
6729ff |
- TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
- return NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
- }
|
|
|
6729ff |
-
|
|
|
6729ff |
- TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
-
|
|
|
6729ff |
- if (type != SID_NAME_USER) {
|
|
|
6729ff |
- return NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
- }
|
|
|
6729ff |
-
|
|
|
6729ff |
- if ( !(sampass = samu_new( NULL )) ) {
|
|
|
6729ff |
- return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
- }
|
|
|
6729ff |
-
|
|
|
6729ff |
- status = samu_set_unix( sampass, pwd );
|
|
|
6729ff |
- if (!NT_STATUS_IS_OK(status)) {
|
|
|
6729ff |
- return status;
|
|
|
6729ff |
- }
|
|
|
6729ff |
-
|
|
|
6729ff |
- /* In pathological cases the above call can set the account
|
|
|
6729ff |
- * name to the DOMAIN\username form. Reset the account name
|
|
|
6729ff |
- * using unix_username */
|
|
|
6729ff |
- pdb_set_username(sampass, unix_username, PDB_SET);
|
|
|
6729ff |
-
|
|
|
6729ff |
- /* set the user sid to be the calculated u_sid */
|
|
|
6729ff |
- pdb_set_user_sid(sampass, &u_sid, PDB_SET);
|
|
|
6729ff |
-
|
|
|
6729ff |
- result = make_server_info(mem_ctx);
|
|
|
6729ff |
+ result = make_server_info(tmp_ctx);
|
|
|
6729ff |
if (result == NULL) {
|
|
|
6729ff |
- TALLOC_FREE(sampass);
|
|
|
6729ff |
- return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ status = NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(),
|
|
|
6729ff |
- &result->info3, &result->extra);
|
|
|
6729ff |
- TALLOC_FREE(sampass);
|
|
|
6729ff |
+ status = passwd_to_SamInfo3(result,
|
|
|
6729ff |
+ unix_username,
|
|
|
6729ff |
+ pwd,
|
|
|
6729ff |
+ &result->info3);
|
|
|
6729ff |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
6729ff |
- DEBUG(10, ("Failed to convert samu to info3: %s\n",
|
|
|
6729ff |
- nt_errstr(status)));
|
|
|
6729ff |
- TALLOC_FREE(result);
|
|
|
6729ff |
- return status;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
result->unix_name = talloc_strdup(result, unix_username);
|
|
|
6729ff |
-
|
|
|
6729ff |
if (result->unix_name == NULL) {
|
|
|
6729ff |
- TALLOC_FREE(result);
|
|
|
6729ff |
- return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ status = NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ goto done;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
result->utok.uid = pwd->pw_uid;
|
|
|
6729ff |
result->utok.gid = pwd->pw_gid;
|
|
|
6729ff |
|
|
|
6729ff |
- *server_info = result;
|
|
|
6729ff |
+ *server_info = talloc_steal(mem_ctx, result);
|
|
|
6729ff |
+ status = NT_STATUS_OK;
|
|
|
6729ff |
+done:
|
|
|
6729ff |
+ talloc_free(tmp_ctx);
|
|
|
6729ff |
|
|
|
6729ff |
- return NT_STATUS_OK;
|
|
|
6729ff |
+ return status;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
|
|
|
6729ff |
index 46d8178..43711d5 100644
|
|
|
6729ff |
--- a/source3/auth/server_info.c
|
|
|
6729ff |
+++ b/source3/auth/server_info.c
|
|
|
6729ff |
@@ -489,10 +489,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
}
|
|
|
6729ff |
} else {
|
|
|
6729ff |
/*
|
|
|
6729ff |
- * Winbind is not running, create the group_sid from the
|
|
|
6729ff |
- * group id.
|
|
|
6729ff |
+ * Winbind is not running, try to create the group_sid from the
|
|
|
6729ff |
+ * passwd group id.
|
|
|
6729ff |
+ */
|
|
|
6729ff |
+
|
|
|
6729ff |
+ /*
|
|
|
6729ff |
+ * This can lead to a primary group of S-1-22-2-XX which
|
|
|
6729ff |
+ * will be rejected by other Samba code.
|
|
|
6729ff |
*/
|
|
|
6729ff |
gid_to_sid(&group_sid, pwd->pw_gid);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ ZERO_STRUCT(domain_sid);
|
|
|
6729ff |
+
|
|
|
6729ff |
+ /*
|
|
|
6729ff |
+ * If we are a unix group, set the group_sid to the
|
|
|
6729ff |
+ * 'Domain Users' RID of 513 which will always resolve to a
|
|
|
6729ff |
+ * name.
|
|
|
6729ff |
+ */
|
|
|
6729ff |
+ if (sid_check_is_in_unix_groups(&group_sid)) {
|
|
|
6729ff |
+ sid_compose(&group_sid,
|
|
|
6729ff |
+ get_global_sam_sid(),
|
|
|
6729ff |
+ DOMAIN_RID_USERS);
|
|
|
6729ff |
+ }
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
/* Make sure we have a valid group sid */
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.5.2
|
|
|
6729ff |
|
|
|
6729ff |
|
|
|
6729ff |
From 76bb5e0888f4131ab773d90160051a51c401c90d Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Date: Tue, 18 Feb 2014 10:02:57 +0100
|
|
|
6729ff |
Subject: [PATCH 5/7] s3-auth: Pass mem_ctx to make_server_info_sam().
|
|
|
6729ff |
|
|
|
6729ff |
Coverity-Id: 1168009
|
|
|
6729ff |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
|
|
|
6729ff |
|
|
|
6729ff |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
|
|
|
6729ff |
Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd
|
|
|
6729ff |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
(cherry picked from commit 3dc72266005e87a291f5bf9847257e8c54314d39)
|
|
|
6729ff |
---
|
|
|
6729ff |
source3/auth/check_samsec.c | 2 +-
|
|
|
6729ff |
source3/auth/proto.h | 5 ++--
|
|
|
6729ff |
source3/auth/server_info_sam.c | 56 +++++++++++++++++++++++++++---------------
|
|
|
6729ff |
source3/auth/user_krb5.c | 12 +++++----
|
|
|
6729ff |
4 files changed, 47 insertions(+), 28 deletions(-)
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
|
|
|
6729ff |
index 7ed8cc2..b6cac60 100644
|
|
|
6729ff |
--- a/source3/auth/check_samsec.c
|
|
|
6729ff |
+++ b/source3/auth/check_samsec.c
|
|
|
6729ff |
@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
become_root();
|
|
|
6729ff |
- nt_status = make_server_info_sam(server_info, sampass);
|
|
|
6729ff |
+ nt_status = make_server_info_sam(mem_ctx, sampass, server_info);
|
|
|
6729ff |
unbecome_root();
|
|
|
6729ff |
|
|
|
6729ff |
TALLOC_FREE(sampass);
|
|
|
6729ff |
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
|
|
|
6729ff |
index 7abca07..eac3e54 100644
|
|
|
6729ff |
--- a/source3/auth/proto.h
|
|
|
6729ff |
+++ b/source3/auth/proto.h
|
|
|
6729ff |
@@ -190,8 +190,9 @@ bool make_user_info_guest(const struct tsocket_address *remote_address,
|
|
|
6729ff |
struct auth_usersupplied_info **user_info);
|
|
|
6729ff |
|
|
|
6729ff |
struct samu;
|
|
|
6729ff |
-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
- struct samu *sampass);
|
|
|
6729ff |
+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ struct samu *sampass,
|
|
|
6729ff |
+ struct auth_serversupplied_info **pserver_info);
|
|
|
6729ff |
NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
const struct auth_serversupplied_info *server_info,
|
|
|
6729ff |
DATA_BLOB *session_key,
|
|
|
6729ff |
diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
|
|
|
6729ff |
index 5d657f9..47087b1 100644
|
|
|
6729ff |
--- a/source3/auth/server_info_sam.c
|
|
|
6729ff |
+++ b/source3/auth/server_info_sam.c
|
|
|
6729ff |
@@ -58,39 +58,51 @@ static bool is_our_machine_account(const char *username)
|
|
|
6729ff |
Make (and fill) a user_info struct from a struct samu
|
|
|
6729ff |
***************************************************************************/
|
|
|
6729ff |
|
|
|
6729ff |
-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
- struct samu *sampass)
|
|
|
6729ff |
+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ struct samu *sampass,
|
|
|
6729ff |
+ struct auth_serversupplied_info **pserver_info)
|
|
|
6729ff |
{
|
|
|
6729ff |
struct passwd *pwd;
|
|
|
6729ff |
- struct auth_serversupplied_info *result;
|
|
|
6729ff |
+ struct auth_serversupplied_info *server_info;
|
|
|
6729ff |
const char *username = pdb_get_username(sampass);
|
|
|
6729ff |
+ TALLOC_CTX *tmp_ctx;
|
|
|
6729ff |
NTSTATUS status;
|
|
|
6729ff |
|
|
|
6729ff |
- if ( !(result = make_server_info(NULL)) ) {
|
|
|
6729ff |
+ tmp_ctx = talloc_stackframe();
|
|
|
6729ff |
+ if (tmp_ctx == NULL) {
|
|
|
6729ff |
return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- if ( !(pwd = Get_Pwnam_alloc(result, username)) ) {
|
|
|
6729ff |
+ server_info = make_server_info(tmp_ctx);
|
|
|
6729ff |
+ if (server_info == NULL) {
|
|
|
6729ff |
+ return NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
+
|
|
|
6729ff |
+ pwd = Get_Pwnam_alloc(tmp_ctx, username);
|
|
|
6729ff |
+ if (pwd == NULL) {
|
|
|
6729ff |
DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
|
|
|
6729ff |
pdb_get_username(sampass)));
|
|
|
6729ff |
- TALLOC_FREE(result);
|
|
|
6729ff |
- return NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
+ status = NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
+ goto out;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(),
|
|
|
6729ff |
- &result->info3, &result->extra);
|
|
|
6729ff |
+ status = samu_to_SamInfo3(server_info,
|
|
|
6729ff |
+ sampass,
|
|
|
6729ff |
+ lp_netbios_name(),
|
|
|
6729ff |
+ &server_info->info3,
|
|
|
6729ff |
+ &server_info->extra);
|
|
|
6729ff |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
6729ff |
- TALLOC_FREE(result);
|
|
|
6729ff |
- return status;
|
|
|
6729ff |
+ goto out;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- result->unix_name = pwd->pw_name;
|
|
|
6729ff |
- /* Ensure that we keep pwd->pw_name, because we will free pwd below */
|
|
|
6729ff |
- talloc_steal(result, pwd->pw_name);
|
|
|
6729ff |
- result->utok.gid = pwd->pw_gid;
|
|
|
6729ff |
- result->utok.uid = pwd->pw_uid;
|
|
|
6729ff |
+ server_info->unix_name = talloc_strdup(server_info, pwd->pw_name);
|
|
|
6729ff |
+ if (server_info->unix_name == NULL) {
|
|
|
6729ff |
+ status = NT_STATUS_NO_MEMORY;
|
|
|
6729ff |
+ goto out;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
|
|
|
6729ff |
- TALLOC_FREE(pwd);
|
|
|
6729ff |
+ server_info->utok.gid = pwd->pw_gid;
|
|
|
6729ff |
+ server_info->utok.uid = pwd->pw_uid;
|
|
|
6729ff |
|
|
|
6729ff |
if (IS_DC && is_our_machine_account(username)) {
|
|
|
6729ff |
/*
|
|
|
6729ff |
@@ -110,9 +122,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
|
|
|
6729ff |
- pdb_get_username(sampass), result->unix_name));
|
|
|
6729ff |
+ pdb_get_username(sampass), server_info->unix_name));
|
|
|
6729ff |
+
|
|
|
6729ff |
+ *pserver_info = talloc_steal(mem_ctx, server_info);
|
|
|
6729ff |
|
|
|
6729ff |
- *server_info = result;
|
|
|
6729ff |
+ status = NT_STATUS_OK;
|
|
|
6729ff |
+out:
|
|
|
6729ff |
+ talloc_free(tmp_ctx);
|
|
|
6729ff |
|
|
|
6729ff |
- return NT_STATUS_OK;
|
|
|
6729ff |
+ return status;
|
|
|
6729ff |
}
|
|
|
6729ff |
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
|
|
|
6729ff |
index 7d44285..e40c8ac 100644
|
|
|
6729ff |
--- a/source3/auth/user_krb5.c
|
|
|
6729ff |
+++ b/source3/auth/user_krb5.c
|
|
|
6729ff |
@@ -223,9 +223,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
* SID consistency with ntlmssp session setup
|
|
|
6729ff |
*/
|
|
|
6729ff |
struct samu *sampass;
|
|
|
6729ff |
- /* The stupid make_server_info_XX functions here
|
|
|
6729ff |
- don't take a talloc context. */
|
|
|
6729ff |
- struct auth_serversupplied_info *tmp = NULL;
|
|
|
6729ff |
|
|
|
6729ff |
sampass = samu_new(talloc_tos());
|
|
|
6729ff |
if (sampass == NULL) {
|
|
|
6729ff |
@@ -235,14 +232,19 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
if (pdb_getsampwnam(sampass, username)) {
|
|
|
6729ff |
DEBUG(10, ("found user %s in passdb, calling "
|
|
|
6729ff |
"make_server_info_sam\n", username));
|
|
|
6729ff |
- status = make_server_info_sam(&tmp, sampass);
|
|
|
6729ff |
+ status = make_server_info_sam(mem_ctx,
|
|
|
6729ff |
+ sampass,
|
|
|
6729ff |
+ &server_info);
|
|
|
6729ff |
} else {
|
|
|
6729ff |
/*
|
|
|
6729ff |
* User not in passdb, make it up artificially
|
|
|
6729ff |
*/
|
|
|
6729ff |
DEBUG(10, ("didn't find user %s in passdb, calling "
|
|
|
6729ff |
"make_server_info_pw\n", username));
|
|
|
6729ff |
- status = make_server_info_pw(mem_ctx, username, pw, &tmp);
|
|
|
6729ff |
+ status = make_server_info_pw(mem_ctx,
|
|
|
6729ff |
+ username,
|
|
|
6729ff |
+ pw,
|
|
|
6729ff |
+ &server_info);
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
TALLOC_FREE(sampass);
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.5.2
|
|
|
6729ff |
|
|
|
6729ff |
|
|
|
6729ff |
From f9c0adb6237c6e60c33ee6af21f55c0cdefa132c Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Date: Tue, 18 Feb 2014 10:19:57 +0100
|
|
|
6729ff |
Subject: [PATCH 6/7] s3-auth: Pass mem_ctx to auth_check_ntlm_password().
|
|
|
6729ff |
|
|
|
6729ff |
Coverity-Id: 1168009
|
|
|
6729ff |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
|
|
|
6729ff |
|
|
|
6729ff |
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
|
|
|
6729ff |
Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a
|
|
|
6729ff |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
(cherry picked from commit 4d792db03f18aa164b565c7fdc7b446c174fba28)
|
|
|
6729ff |
---
|
|
|
6729ff |
source3/auth/auth.c | 50 ++++++++++++++++++-----------
|
|
|
6729ff |
source3/auth/auth_ntlmssp.c | 6 ++--
|
|
|
6729ff |
source3/auth/proto.h | 8 +++--
|
|
|
6729ff |
source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++--
|
|
|
6729ff |
source3/torture/pdbtest.c | 5 ++-
|
|
|
6729ff |
5 files changed, 48 insertions(+), 27 deletions(-)
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
|
|
|
6729ff |
index c3797cf..dc9af02 100644
|
|
|
6729ff |
--- a/source3/auth/auth.c
|
|
|
6729ff |
+++ b/source3/auth/auth.c
|
|
|
6729ff |
@@ -160,18 +160,19 @@ static bool check_domain_match(const char *user, const char *domain)
|
|
|
6729ff |
*
|
|
|
6729ff |
**/
|
|
|
6729ff |
|
|
|
6729ff |
-NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
|
|
|
6729ff |
- const struct auth_usersupplied_info *user_info,
|
|
|
6729ff |
- struct auth_serversupplied_info **server_info)
|
|
|
6729ff |
+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const struct auth_context *auth_context,
|
|
|
6729ff |
+ const struct auth_usersupplied_info *user_info,
|
|
|
6729ff |
+ struct auth_serversupplied_info **pserver_info)
|
|
|
6729ff |
{
|
|
|
6729ff |
/* if all the modules say 'not for me' this is reasonable */
|
|
|
6729ff |
NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
|
|
|
6729ff |
const char *unix_username;
|
|
|
6729ff |
auth_methods *auth_method;
|
|
|
6729ff |
- TALLOC_CTX *mem_ctx;
|
|
|
6729ff |
|
|
|
6729ff |
- if (!user_info || !auth_context || !server_info)
|
|
|
6729ff |
+ if (user_info == NULL || auth_context == NULL || pserver_info == NULL) {
|
|
|
6729ff |
return NT_STATUS_LOGON_FAILURE;
|
|
|
6729ff |
+ }
|
|
|
6729ff |
|
|
|
6729ff |
DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
|
|
|
6729ff |
user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
|
|
|
6729ff |
@@ -205,17 +206,27 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
|
|
|
6729ff |
return NT_STATUS_LOGON_FAILURE;
|
|
|
6729ff |
|
|
|
6729ff |
for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
|
|
|
6729ff |
+ struct auth_serversupplied_info *server_info;
|
|
|
6729ff |
+ TALLOC_CTX *tmp_ctx;
|
|
|
6729ff |
NTSTATUS result;
|
|
|
6729ff |
|
|
|
6729ff |
- mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
|
|
|
6729ff |
- user_info->mapped.domain_name, user_info->client.account_name);
|
|
|
6729ff |
+ tmp_ctx = talloc_named(mem_ctx,
|
|
|
6729ff |
+ 0,
|
|
|
6729ff |
+ "%s authentication for user %s\\%s",
|
|
|
6729ff |
+ auth_method->name,
|
|
|
6729ff |
+ user_info->mapped.domain_name,
|
|
|
6729ff |
+ user_info->client.account_name);
|
|
|
6729ff |
|
|
|
6729ff |
- result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
|
|
|
6729ff |
+ result = auth_method->auth(auth_context,
|
|
|
6729ff |
+ auth_method->private_data,
|
|
|
6729ff |
+ tmp_ctx,
|
|
|
6729ff |
+ user_info,
|
|
|
6729ff |
+ &server_info);
|
|
|
6729ff |
|
|
|
6729ff |
/* check if the module did anything */
|
|
|
6729ff |
if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) {
|
|
|
6729ff |
DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name));
|
|
|
6729ff |
- talloc_destroy(mem_ctx);
|
|
|
6729ff |
+ TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
continue;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
@@ -229,19 +240,20 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
|
|
|
6729ff |
auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- talloc_destroy(mem_ctx);
|
|
|
6729ff |
-
|
|
|
6729ff |
- if ( NT_STATUS_IS_OK(nt_status))
|
|
|
6729ff |
- {
|
|
|
6729ff |
- break;
|
|
|
6729ff |
+ if (NT_STATUS_IS_OK(nt_status)) {
|
|
|
6729ff |
+ *pserver_info = talloc_steal(mem_ctx, server_info);
|
|
|
6729ff |
+ TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
+ break;
|
|
|
6729ff |
}
|
|
|
6729ff |
+
|
|
|
6729ff |
+ TALLOC_FREE(tmp_ctx);
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
/* successful authentication */
|
|
|
6729ff |
|
|
|
6729ff |
if (NT_STATUS_IS_OK(nt_status)) {
|
|
|
6729ff |
- unix_username = (*server_info)->unix_name;
|
|
|
6729ff |
- if (!(*server_info)->guest) {
|
|
|
6729ff |
+ unix_username = (*pserver_info)->unix_name;
|
|
|
6729ff |
+ if (!(*pserver_info)->guest) {
|
|
|
6729ff |
const char *rhost;
|
|
|
6729ff |
|
|
|
6729ff |
if (tsocket_address_is_inet(user_info->remote_host, "ip")) {
|
|
|
6729ff |
@@ -270,9 +282,9 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
if (NT_STATUS_IS_OK(nt_status)) {
|
|
|
6729ff |
- DEBUG((*server_info)->guest ? 5 : 2,
|
|
|
6729ff |
+ DEBUG((*pserver_info)->guest ? 5 : 2,
|
|
|
6729ff |
("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
|
|
|
6729ff |
- (*server_info)->guest ? "guest " : "",
|
|
|
6729ff |
+ (*pserver_info)->guest ? "guest " : "",
|
|
|
6729ff |
user_info->client.account_name,
|
|
|
6729ff |
user_info->mapped.account_name,
|
|
|
6729ff |
unix_username));
|
|
|
6729ff |
@@ -286,7 +298,7 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
|
|
|
6729ff |
DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
|
|
|
6729ff |
user_info->client.account_name, user_info->mapped.account_name,
|
|
|
6729ff |
nt_errstr(nt_status)));
|
|
|
6729ff |
- ZERO_STRUCTP(server_info);
|
|
|
6729ff |
+ ZERO_STRUCTP(pserver_info);
|
|
|
6729ff |
|
|
|
6729ff |
return nt_status;
|
|
|
6729ff |
}
|
|
|
6729ff |
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
|
|
|
6729ff |
index f99bd44..cb7726c 100644
|
|
|
6729ff |
--- a/source3/auth/auth_ntlmssp.c
|
|
|
6729ff |
+++ b/source3/auth/auth_ntlmssp.c
|
|
|
6729ff |
@@ -134,8 +134,10 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
|
|
|
6729ff |
|
|
|
6729ff |
mapped_user_info->flags = user_info->flags;
|
|
|
6729ff |
|
|
|
6729ff |
- nt_status = auth_check_ntlm_password(auth_context,
|
|
|
6729ff |
- mapped_user_info, &server_info);
|
|
|
6729ff |
+ nt_status = auth_check_ntlm_password(mem_ctx,
|
|
|
6729ff |
+ auth_context,
|
|
|
6729ff |
+ mapped_user_info,
|
|
|
6729ff |
+ &server_info);
|
|
|
6729ff |
|
|
|
6729ff |
if (!NT_STATUS_IS_OK(nt_status)) {
|
|
|
6729ff |
DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
|
|
|
6729ff |
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
|
|
|
6729ff |
index eac3e54..15b1ba0 100644
|
|
|
6729ff |
--- a/source3/auth/proto.h
|
|
|
6729ff |
+++ b/source3/auth/proto.h
|
|
|
6729ff |
@@ -65,6 +65,8 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
|
|
|
6729ff |
* struct. When the return is other than NT_STATUS_OK the contents
|
|
|
6729ff |
* of that structure is undefined.
|
|
|
6729ff |
*
|
|
|
6729ff |
+ * @param mem_ctx The memory context to use to allocate server_info
|
|
|
6729ff |
+ *
|
|
|
6729ff |
* @param user_info Contains the user supplied components, including the passwords.
|
|
|
6729ff |
* Must be created with make_user_info() or one of its wrappers.
|
|
|
6729ff |
*
|
|
|
6729ff |
@@ -79,9 +81,9 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
|
|
|
6729ff |
* @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
|
|
|
6729ff |
*
|
|
|
6729ff |
**/
|
|
|
6729ff |
-
|
|
|
6729ff |
-NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
|
|
|
6729ff |
- const struct auth_usersupplied_info *user_info,
|
|
|
6729ff |
+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ const struct auth_context *auth_context,
|
|
|
6729ff |
+ const struct auth_usersupplied_info *user_info,
|
|
|
6729ff |
struct auth_serversupplied_info **server_info);
|
|
|
6729ff |
|
|
|
6729ff |
/* The following definitions come from auth/auth_builtin.c */
|
|
|
6729ff |
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
|
|
6729ff |
index e5ca474..0c8c9a5 100644
|
|
|
6729ff |
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
|
|
|
6729ff |
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
|
|
|
6729ff |
@@ -1650,8 +1650,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
|
|
|
6729ff |
} /* end switch */
|
|
|
6729ff |
|
|
|
6729ff |
if ( NT_STATUS_IS_OK(status) ) {
|
|
|
6729ff |
- status = auth_check_ntlm_password(auth_context,
|
|
|
6729ff |
- user_info, &server_info);
|
|
|
6729ff |
+ status = auth_check_ntlm_password(p->mem_ctx,
|
|
|
6729ff |
+ auth_context,
|
|
|
6729ff |
+ user_info,
|
|
|
6729ff |
+ &server_info);
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
TALLOC_FREE(auth_context);
|
|
|
6729ff |
diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
|
|
|
6729ff |
index 17da455..14d58b9 100644
|
|
|
6729ff |
--- a/source3/torture/pdbtest.c
|
|
|
6729ff |
+++ b/source3/torture/pdbtest.c
|
|
|
6729ff |
@@ -304,7 +304,10 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry)
|
|
|
6729ff |
return False;
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
- status = auth_check_ntlm_password(auth_context, user_info, &server_info);
|
|
|
6729ff |
+ status = auth_check_ntlm_password(mem_ctx,
|
|
|
6729ff |
+ auth_context,
|
|
|
6729ff |
+ user_info,
|
|
|
6729ff |
+ &server_info);
|
|
|
6729ff |
|
|
|
6729ff |
if (!NT_STATUS_IS_OK(status)) {
|
|
|
6729ff |
DEBUG(0, ("Failed to test authentication with auth module: %s\n", nt_errstr(status)));
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.5.2
|
|
|
6729ff |
|
|
|
6729ff |
|
|
|
6729ff |
From a48bcd84c59b5b2cb8c3e0f5d68b35065bed81d7 Mon Sep 17 00:00:00 2001
|
|
|
6729ff |
From: Andreas Schneider <asn@samba.org>
|
|
|
6729ff |
Date: Tue, 18 Feb 2014 13:52:49 +0100
|
|
|
6729ff |
Subject: [PATCH 7/7] s3-auth: Pass mem_ctx to do_map_to_guest_server_info().
|
|
|
6729ff |
|
|
|
6729ff |
Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a
|
|
|
6729ff |
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
|
|
|
6729ff |
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
|
|
|
6729ff |
Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104
|
|
|
6729ff |
|
|
|
6729ff |
(cherry picked from commit 79e2725f339e7c5336b4053348c4266268de6ca3)
|
|
|
6729ff |
---
|
|
|
6729ff |
source3/auth/auth_ntlmssp.c | 7 ++++---
|
|
|
6729ff |
source3/auth/auth_util.c | 12 +++++++-----
|
|
|
6729ff |
source3/auth/proto.h | 8 +++++---
|
|
|
6729ff |
3 files changed, 16 insertions(+), 11 deletions(-)
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
|
|
|
6729ff |
index cb7726c..d4fe901 100644
|
|
|
6729ff |
--- a/source3/auth/auth_ntlmssp.c
|
|
|
6729ff |
+++ b/source3/auth/auth_ntlmssp.c
|
|
|
6729ff |
@@ -151,10 +151,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
|
|
|
6729ff |
free_user_info(&mapped_user_info);
|
|
|
6729ff |
|
|
|
6729ff |
if (!NT_STATUS_IS_OK(nt_status)) {
|
|
|
6729ff |
- nt_status = do_map_to_guest_server_info(nt_status,
|
|
|
6729ff |
- &server_info,
|
|
|
6729ff |
+ nt_status = do_map_to_guest_server_info(mem_ctx,
|
|
|
6729ff |
+ nt_status,
|
|
|
6729ff |
user_info->client.account_name,
|
|
|
6729ff |
- user_info->client.domain_name);
|
|
|
6729ff |
+ user_info->client.domain_name,
|
|
|
6729ff |
+ &server_info);
|
|
|
6729ff |
*server_returned_info = talloc_steal(mem_ctx, server_info);
|
|
|
6729ff |
return nt_status;
|
|
|
6729ff |
}
|
|
|
6729ff |
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
|
|
|
6729ff |
index 24190af..8cf5cb7 100644
|
|
|
6729ff |
--- a/source3/auth/auth_util.c
|
|
|
6729ff |
+++ b/source3/auth/auth_util.c
|
|
|
6729ff |
@@ -1536,9 +1536,11 @@ bool is_trusted_domain(const char* dom_name)
|
|
|
6729ff |
on a logon error possibly map the error to success if "map to guest"
|
|
|
6729ff |
is set approriately
|
|
|
6729ff |
*/
|
|
|
6729ff |
-NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
|
|
|
6729ff |
- struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
- const char *user, const char *domain)
|
|
|
6729ff |
+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ NTSTATUS status,
|
|
|
6729ff |
+ const char *user,
|
|
|
6729ff |
+ const char *domain,
|
|
|
6729ff |
+ struct auth_serversupplied_info **server_info)
|
|
|
6729ff |
{
|
|
|
6729ff |
user = user ? user : "";
|
|
|
6729ff |
domain = domain ? domain : "";
|
|
|
6729ff |
@@ -1548,13 +1550,13 @@ NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
|
|
|
6729ff |
(lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
|
|
|
6729ff |
DEBUG(3,("No such user %s [%s] - using guest account\n",
|
|
|
6729ff |
user, domain));
|
|
|
6729ff |
- return make_server_info_guest(NULL, server_info);
|
|
|
6729ff |
+ return make_server_info_guest(mem_ctx, server_info);
|
|
|
6729ff |
}
|
|
|
6729ff |
} else if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
|
|
|
6729ff |
if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
|
|
|
6729ff |
DEBUG(3,("Registered username %s for guest access\n",
|
|
|
6729ff |
user));
|
|
|
6729ff |
- return make_server_info_guest(NULL, server_info);
|
|
|
6729ff |
+ return make_server_info_guest(mem_ctx, server_info);
|
|
|
6729ff |
}
|
|
|
6729ff |
}
|
|
|
6729ff |
|
|
|
6729ff |
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
|
|
|
6729ff |
index 15b1ba0..7b8959f 100644
|
|
|
6729ff |
--- a/source3/auth/proto.h
|
|
|
6729ff |
+++ b/source3/auth/proto.h
|
|
|
6729ff |
@@ -264,9 +264,11 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
|
|
|
6729ff |
enum auth_password_state password_state);
|
|
|
6729ff |
void free_user_info(struct auth_usersupplied_info **user_info);
|
|
|
6729ff |
|
|
|
6729ff |
-NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
|
|
|
6729ff |
- struct auth_serversupplied_info **server_info,
|
|
|
6729ff |
- const char *user, const char *domain);
|
|
|
6729ff |
+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
|
|
|
6729ff |
+ NTSTATUS status,
|
|
|
6729ff |
+ const char *user,
|
|
|
6729ff |
+ const char *domain,
|
|
|
6729ff |
+ struct auth_serversupplied_info **server_info);
|
|
|
6729ff |
|
|
|
6729ff |
/* The following definitions come from auth/auth_winbind.c */
|
|
|
6729ff |
|
|
|
6729ff |
--
|
|
|
6729ff |
1.8.5.2
|
|
|
6729ff |
|