Merge branch 'master' of git://git.samba.org/samba

author: Nadezhda Ivanova <nadezhda.ivanova@postpath.com> 2010-01-13 12:02:31 +0200
committer: Nadezhda Ivanova <nadezhda.ivanova@postpath.com> 2010-01-13 12:02:31 +0200
commit: 9b3871ed293f76e770e572cd6b59f59670f1f6f8 (patch)
tree: 2b79286e3a6f7af9e26466393a0b26075a238be8 /source3/auth
parent: 309473f938d18b9993c2c4f120eeff7b4641985a (diff)
parent: ca847952054f5bbde1d40ad4260589b6fcc9721d (diff)
download: samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.gz
samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.bz2
samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.zip
12 files changed, 225 insertions, 120 deletions
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index 3741f29779..f8f048a6f2 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -34,8 +34,8 @@
 static NTSTATUS check_guest_security(const struct auth_context *auth_context,
 				     void *my_private_data, 
 				     TALLOC_CTX *mem_ctx,
-				     const auth_usersupplied_info *user_info, 
-				     auth_serversupplied_info **server_info)
+				     const struct auth_usersupplied_info *user_info,
+				     struct auth_serversupplied_info **server_info)
 {
 	/* mark this as 'not for me' */
 	NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
@@ -77,8 +77,8 @@ static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *o
 static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
 						void *my_private_data, 
 						TALLOC_CTX *mem_ctx,
-						const auth_usersupplied_info *user_info, 
-						auth_serversupplied_info **server_info)
+						const struct auth_usersupplied_info *user_info,
+						struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status;
 	fstring user;
@@ -130,8 +130,8 @@ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, co
 static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context,
 					       void *my_private_data, 
 					       TALLOC_CTX *mem_ctx,
-					       const auth_usersupplied_info *user_info, 
-					       auth_serversupplied_info **server_info)
+					       const struct auth_usersupplied_info *user_info,
+					       struct auth_serversupplied_info **server_info)
 {
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index 77a994828f..e90036f3ff 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -35,10 +35,12 @@ SMB hash
 return True if the password is correct, False otherwise
 ****************************************************************************/
 
-NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
+NTSTATUS check_plaintext_password(const char *smb_name,
+				  DATA_BLOB plaintext_password,
+				  struct auth_serversupplied_info **server_info)
 {
 	struct auth_context *plaintext_auth_context = NULL;
-	auth_usersupplied_info *user_info = NULL;
+	struct auth_usersupplied_info *user_info = NULL;
 	uint8_t chal[8];
 	NTSTATUS nt_status;
 	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
@@ -72,9 +74,9 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
 
 {
 	NTSTATUS nt_status;
-	auth_serversupplied_info *server_info = NULL;
+	struct auth_serversupplied_info *server_info = NULL;
 	if (encrypted) {
-		auth_usersupplied_info *user_info = NULL;
+		struct auth_usersupplied_info *user_info = NULL;
 		if (actx == NULL) {
 			return NT_STATUS_INTERNAL_ERROR;
 		}
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index c527360321..a07aa617c4 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -251,10 +251,10 @@ machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
 ************************************************************************/
 
 static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
-					const auth_usersupplied_info *user_info, 
+					const struct auth_usersupplied_info *user_info,
 					const char *domain,
 					uchar chal[8],
-					auth_serversupplied_info **server_info, 
+					struct auth_serversupplied_info **server_info,
 					const char *dc_name,
 					struct sockaddr_storage *dc_ss)
 
@@ -372,8 +372,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
 					void *my_private_data, 
 					TALLOC_CTX *mem_ctx,
-					const auth_usersupplied_info *user_info, 
-					auth_serversupplied_info **server_info)
+					const struct auth_usersupplied_info *user_info,
+					struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
 	const char *domain = lp_workgroup();
@@ -441,8 +441,8 @@ static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char
 static NTSTATUS check_trustdomain_security(const struct auth_context *auth_context,
 					   void *my_private_data, 
 					   TALLOC_CTX *mem_ctx,
-					   const auth_usersupplied_info *user_info, 
-					   auth_serversupplied_info **server_info)
+					   const struct auth_usersupplied_info *user_info,
+					   struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
 	unsigned char trust_md4_password[16];
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index ebfed83d41..bfd12281c4 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -27,7 +27,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
 				   const struct auth_context *auth_context,
 				   const char *ncalrpc_sockname,
 				   uint8_t schannel_key[16],
-				   const auth_usersupplied_info *user_info,
+				   const struct auth_usersupplied_info *user_info,
 				   struct netr_SamInfo3 **pinfo3,
 				   NTSTATUS *schannel_bind_result)
 {
@@ -153,8 +153,8 @@ static char *mymachinepw(TALLOC_CTX *mem_ctx)
 static NTSTATUS check_netlogond_security(const struct auth_context *auth_context,
 					 void *my_private_data,
 					 TALLOC_CTX *mem_ctx,
-					 const auth_usersupplied_info *user_info,
-					 auth_serversupplied_info **server_info)
+					 const struct auth_usersupplied_info *user_info,
+					 struct auth_serversupplied_info **server_info)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
 	struct netr_SamInfo3 *info3 = NULL;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 4243a24ca7..88f0e69443 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -85,7 +85,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 {
 	AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
 		(AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
-	auth_usersupplied_info *user_info = NULL;
+	struct auth_usersupplied_info *user_info = NULL;
 	NTSTATUS nt_status;
 	bool username_was_mapped;
 
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index f0500b3611..1dd8fc950e 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -33,21 +33,23 @@
 
 static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 				TALLOC_CTX *mem_ctx,
-				struct samu *sampass, 
-				const auth_usersupplied_info *user_info, 
+				const char *username,
+				uint32_t acct_ctrl,
+				const uint8_t *lm_pw,
+				const uint8_t *nt_pw,
+				const struct auth_usersupplied_info *user_info,
 				DATA_BLOB *user_sess_key, 
 				DATA_BLOB *lm_sess_key)
 {
-	uint32 acct_ctrl;
-	const uint8 *lm_pw, *nt_pw;
-	struct samr_Password lm_hash, nt_hash, client_lm_hash, client_nt_hash;
-	const char *username = pdb_get_username(sampass);
-	bool got_lm = false, got_nt = false;
+	struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash;
+	struct samr_Password *lm_hash = NULL;
+	struct samr_Password *nt_hash = NULL;
+	struct samr_Password *client_lm_hash = NULL;
+	struct samr_Password *client_nt_hash = NULL;
 
-	*user_sess_key = data_blob(NULL, 0);
-	*lm_sess_key = data_blob(NULL, 0);
+	*user_sess_key = data_blob_null;
+	*lm_sess_key = data_blob_null;
 
-	acct_ctrl = pdb_get_acct_ctrl(sampass);
 	if (acct_ctrl & ACB_PWNOTREQ) {
 		if (lp_null_passwords()) {
 			DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username));
@@ -58,34 +60,35 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 		}		
 	}
 
-	lm_pw = pdb_get_lanman_passwd(sampass);
-	nt_pw = pdb_get_nt_passwd(sampass);
 	if (lm_pw) {
-		memcpy(lm_hash.hash, lm_pw, sizeof(lm_hash.hash));
+		memcpy(_lm_hash.hash, lm_pw, sizeof(_lm_hash.hash));
+		lm_hash = &_lm_hash;
 	}
 	if (nt_pw) {
-		memcpy(nt_hash.hash, nt_pw, sizeof(nt_hash.hash));
+		memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash));
+		nt_hash = &_nt_hash;
 	}
-	if (user_info->lm_interactive_pwd.data && sizeof(client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
-		memcpy(client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(lm_hash.hash));
-		got_lm = true;
+	if (user_info->lm_interactive_pwd.data && sizeof(_client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
+		memcpy(_client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(_lm_hash.hash));
+		client_lm_hash = &_client_lm_hash;
 	}
-	if (user_info->nt_interactive_pwd.data && sizeof(client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
-		memcpy(client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(nt_hash.hash));
-		got_nt = true;
+	if (user_info->nt_interactive_pwd.data && sizeof(_client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
+		memcpy(_client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(_nt_hash.hash));
+		client_nt_hash = &_client_nt_hash;
 	}
-	if (got_lm || got_nt) {
-		*user_sess_key = data_blob(mem_ctx, 16);
+
+	if (client_lm_hash || client_nt_hash) {
+		*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
 		if (!user_sess_key->data) {
 			return NT_STATUS_NO_MEMORY;
 		}
 		SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
 		return hash_password_check(mem_ctx, lp_lanman_auth(),
-					   got_lm ? &client_lm_hash : NULL, 
-					   got_nt ? &client_nt_hash : NULL,
+					   client_lm_hash,
+					   client_nt_hash,
 					   username, 
-					   lm_pw ? &lm_hash: NULL, 
-					   nt_pw ? &nt_hash : NULL);
+					   lm_hash,
+					   nt_hash);
 	} else {
 		return ntlm_password_check(mem_ctx, lp_lanman_auth(),
 					   lp_ntlm_auth(),
@@ -95,8 +98,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
 					   username, 
 					   user_info->smb_name,
 					   user_info->client_domain,
-					   lm_pw ? &lm_hash: NULL, 
-					   nt_pw ? &nt_hash : NULL,
+					   lm_hash,
+					   nt_hash,
 					   user_sess_key, lm_sess_key);
 	}
 }
@@ -165,7 +168,7 @@ static bool logon_hours_ok(struct samu *sampass)
 
 static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
 			       struct samu *sampass, 
-			       const auth_usersupplied_info *user_info)
+			       const struct auth_usersupplied_info *user_info)
 {
 	uint32	acct_ctrl = pdb_get_acct_ctrl(sampass);
 	char *workstation_list;
@@ -278,6 +281,75 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }
 
+/**
+ * Check whether the given password is one of the last two
+ * password history entries. If so, the bad pwcount should
+ * not be incremented even thought the actual password check
+ * failed.
+ */
+static bool need_to_increment_bad_pw_count(
+	const struct auth_context *auth_context,
+	struct samu* sampass,
+	const struct auth_usersupplied_info *user_info)
+{
+	uint8_t i;
+	const uint8_t *pwhistory;
+	uint32_t pwhistory_len;
+	uint32_t policy_pwhistory_len;
+	uint32_t acct_ctrl;
+	const char *username;
+	TALLOC_CTX *mem_ctx = talloc_stackframe();
+	bool result = true;
+
+	pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY,
+			       &policy_pwhistory_len);
+	if (policy_pwhistory_len == 0) {
+		goto done;
+	}
+
+	pwhistory = pdb_get_pw_history(sampass, &pwhistory_len);
+	if (!pwhistory || pwhistory_len == 0) {
+		goto done;
+	}
+
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	username = pdb_get_username(sampass);
+
+	for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) {
+		static const uint8_t zero16[SALTED_MD5_HASH_LEN];
+		const uint8_t *salt;
+		const uint8_t *nt_pw;
+		NTSTATUS status;
+		DATA_BLOB user_sess_key = data_blob_null;
+		DATA_BLOB lm_sess_key = data_blob_null;
+
+		salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
+		nt_pw = salt + PW_HISTORY_SALT_LEN;
+
+		if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) {
+			/* skip zero password hash */
+			continue;
+		}
+
+		if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) {
+			/* skip nonzero salt (old format entry) */
+			continue;
+		}
+
+		status = sam_password_ok(auth_context, mem_ctx,
+					 username, acct_ctrl, NULL, nt_pw,
+					 user_info, &user_sess_key, &lm_sess_key);
+		if (NT_STATUS_IS_OK(status)) {
+			result = false;
+			break;
+		}
+	}
+
+done:
+	TALLOC_FREE(mem_ctx);
+	return result;
+}
+
 /****************************************************************************
 check if a username/password is OK assuming the password is a 24 byte
 SMB hash supplied in the user_info structure
@@ -287,8 +359,8 @@ return an NT_STATUS constant.
 static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 				   void *my_private_data, 
 				   TALLOC_CTX *mem_ctx,
-				   const auth_usersupplied_info *user_info, 
-				   auth_serversupplied_info **server_info)
+				   const struct auth_usersupplied_info *user_info,
+				   struct auth_serversupplied_info **server_info)
 {
 	struct samu *sampass=NULL;
 	bool ret;
@@ -297,6 +369,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 	DATA_BLOB user_sess_key = data_blob_null;
 	DATA_BLOB lm_sess_key = data_blob_null;
 	bool updated_autolock = False, updated_badpw = False;
+	uint32_t acct_ctrl;
+	const char *username;
+	const uint8_t *nt_pw;
+	const uint8_t *lm_pw;
 
 	if (!user_info || !auth_context) {
 		return NT_STATUS_UNSUCCESSFUL;
@@ -305,7 +381,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 	/* the returned struct gets kept on the server_info, by means
 	   of a steal further down */
 
-	if ( !(sampass = samu_new( mem_ctx )) ) {
+	sampass = samu_new(mem_ctx);
+	if (sampass == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -322,16 +399,22 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
+	acct_ctrl = pdb_get_acct_ctrl(sampass);
+	username = pdb_get_username(sampass);
+	nt_pw = pdb_get_nt_passwd(sampass);
+	lm_pw = pdb_get_lanman_passwd(sampass);
+
 	/* see if autolock flag needs to be updated */
-	if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
+	if (acct_ctrl & ACB_NORMAL)
 		pdb_update_autolock_flag(sampass, &updated_autolock);
 	/* Quit if the account was locked out. */
-	if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
-		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass)));
+	if (acct_ctrl & ACB_AUTOLOCK) {
+		DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
 		return NT_STATUS_ACCOUNT_LOCKED_OUT;
 	}
 
-	nt_status = sam_password_ok(auth_context, mem_ctx, sampass, 
+	nt_status = sam_password_ok(auth_context, mem_ctx,
+				    username, acct_ctrl, lm_pw, nt_pw,
 				    user_info, &user_sess_key, &lm_sess_key);
 
 	/* Notify passdb backend of login success/failure. If not 
@@ -340,10 +423,19 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 	update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status));
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
+		bool increment_bad_pw_count = false;
+
 		if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && 
-		    pdb_get_acct_ctrl(sampass) &ACB_NORMAL &&
+		    acct_ctrl & ACB_NORMAL &&
 		    NT_STATUS_IS_OK(update_login_attempts_status)) 
-		{  
+		{
+			increment_bad_pw_count =
+				need_to_increment_bad_pw_count(auth_context,
+							       sampass,
+							       user_info);
+		}
+
+		if (increment_bad_pw_count) {
 			pdb_increment_bad_password_count(sampass);
 			updated_badpw = True;
 		} else {
@@ -351,18 +443,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 						      &updated_badpw);
 		}
 		if (updated_autolock || updated_badpw){
+			NTSTATUS status;
+
 			become_root();
-			if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
-				DEBUG(1, ("Failed to modify entry.\n"));
+			status = pdb_update_sam_account(sampass);
 			unbecome_root();
+
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(1, ("Failed to modify entry: %s\n",
+					  nt_errstr(status)));
+			}
 		}
-		data_blob_free(&user_sess_key);
-		data_blob_free(&lm_sess_key);
-		TALLOC_FREE(sampass);
-		return nt_status;
+		goto done;
 	}
 
-	if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && 
+	if ((acct_ctrl & ACB_NORMAL) &&
 	    (pdb_get_bad_password_count(sampass) > 0)){
 		pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
 		pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
@@ -370,30 +465,36 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 	}
 
 	if (updated_autolock || updated_badpw){
+		NTSTATUS status;
+
 		become_root();
-		if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
-			DEBUG(1, ("Failed to modify entry.\n"));
+		status = pdb_update_sam_account(sampass);
 		unbecome_root();
- 	}
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(1, ("Failed to modify entry: %s\n",
+				  nt_errstr(status)));
+		}
+	}
 
 	nt_status = sam_account_ok(mem_ctx, sampass, user_info);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
-		TALLOC_FREE(sampass);
-		data_blob_free(&user_sess_key);
-		data_blob_free(&lm_sess_key);
-		return nt_status;
+		goto done;
 	}
 
 	become_root();
 	nt_status = make_server_info_sam(server_info, sampass);
 	unbecome_root();
+	/*
+	 * sampass has been stolen to server_info.
+	 * So NULL it out to prevent segfaults.
+	 */
+	sampass = NULL;
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
-		data_blob_free(&user_sess_key);
-		data_blob_free(&lm_sess_key);
-		return nt_status;
+		goto done;
 	}
 
 	(*server_info)->user_session_key =
@@ -408,6 +509,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 
 	(*server_info)->nss_token |= user_info->was_mapped;
 
+done:
+	TALLOC_FREE(sampass);
+	data_blob_free(&user_sess_key);
+	data_blob_free(&lm_sess_key);
 	return nt_status;
 }
 
@@ -431,8 +536,8 @@ Check SAM security (above) but with a few extra checks.
 static NTSTATUS check_samstrict_security(const struct auth_context *auth_context,
 					 void *my_private_data, 
 					 TALLOC_CTX *mem_ctx,
-					 const auth_usersupplied_info *user_info, 
-					 auth_serversupplied_info **server_info)
+					 const struct auth_usersupplied_info *user_info,
+					 struct auth_serversupplied_info **server_info)
 {
 	bool is_local_name, is_my_domain;
 
diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c
index 6cbace71e8..be1ae81501 100644
--- a/source3/auth/auth_script.c
+++ b/source3/auth/auth_script.c
@@ -40,8 +40,8 @@
 static NTSTATUS script_check_user_credentials(const struct auth_context *auth_context,
 					void *my_private_data, 
 					TALLOC_CTX *mem_ctx,
-					const auth_usersupplied_info *user_info, 
-					auth_serversupplied_info **server_info)
+					const struct auth_usersupplied_info *user_info,
+					struct auth_serversupplied_info **server_info)
 {
 	const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, "auth_script", "script", NULL);
 	char *secret_str;
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 287b50b080..ec92787dce 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -270,8 +270,8 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
 static NTSTATUS check_smbserver_security(const struct auth_context *auth_context,
 					 void *my_private_data, 
 					 TALLOC_CTX *mem_ctx,
-					 const auth_usersupplied_info *user_info, 
-					 auth_serversupplied_info **server_info)
+					 const struct auth_usersupplied_info *user_info,
+					 struct auth_serversupplied_info **server_info)
 {
 	struct server_security_state *state = talloc_get_type_abort(
 		my_private_data, struct server_security_state);
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index 58c765226d..3e2df9a123 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -85,8 +85,8 @@ static bool update_smbpassword_file(const char *user, const char *password)
 static NTSTATUS check_unix_security(const struct auth_context *auth_context,
 			     void *my_private_data, 
 			     TALLOC_CTX *mem_ctx,
-			     const auth_usersupplied_info *user_info, 
-			     auth_serversupplied_info **server_info)
+			     const struct auth_usersupplied_info *user_info,
+			     struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status;
 	struct passwd *pass = NULL;
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 8167a80a4f..de552cf57e 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -33,7 +33,7 @@
  auth_serversupplied_info struct.
 ****************************************************************************/
 
-static void sort_sid_array_for_smbd(auth_serversupplied_info *result,
+static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result,
 				const DOM_SID *pgroup_sid)
 {
 	unsigned int i;
@@ -107,7 +107,7 @@ static int _smb_create_user(const char *domain, const char *unix_username, const
  Create an auth_usersupplied_data structure
 ****************************************************************************/
 
-static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
+static NTSTATUS make_user_info(struct auth_usersupplied_info **user_info,
                                const char *smb_name,
                                const char *internal_username,
                                const char *client_domain,
@@ -121,7 +121,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
 
 	DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
 
-	*user_info = SMB_MALLOC_P(auth_usersupplied_info);
+	*user_info = SMB_MALLOC_P(struct auth_usersupplied_info);
 	if (*user_info == NULL) {
 		DEBUG(0,("malloc failed for user_info (size %lu)\n", (unsigned long)sizeof(*user_info)));
 		return NT_STATUS_NO_MEMORY;
@@ -188,7 +188,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
  Create an auth_usersupplied_data structure after appropriate mapping.
 ****************************************************************************/
 
-NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
 			    const char *smb_name,
 			    const char *client_domain,
 			    const char *wksta_name,
@@ -252,7 +252,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
  Decrypt and encrypt the passwords.
 ****************************************************************************/
 
-bool make_user_info_netlogon_network(auth_usersupplied_info **user_info, 
+bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
 				     const char *smb_name, 
 				     const char *client_domain, 
 				     const char *wksta_name, 
@@ -290,7 +290,7 @@ bool make_user_info_netlogon_network(auth_usersupplied_info **user_info,
  Decrypt and encrypt the passwords.
 ****************************************************************************/
 
-bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, 
+bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info,
 					 const char *smb_name, 
 					 const char *client_domain, 
 					 const char *wksta_name, 
@@ -402,7 +402,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
  Create an auth_usersupplied_data structure
 ****************************************************************************/
 
-bool make_user_info_for_reply(auth_usersupplied_info **user_info, 
+bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
 			      const char *smb_name, 
 			      const char *client_domain,
 			      const uint8 chal[8],
@@ -460,7 +460,7 @@ bool make_user_info_for_reply(auth_usersupplied_info **user_info,
  Create an auth_usersupplied_data structure
 ****************************************************************************/
 
-NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, 
+NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
                                       const char *smb_name,
                                       const char *client_domain, 
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp)
@@ -478,7 +478,7 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
  Create a guest user_info blob, for anonymous authenticaion.
 ****************************************************************************/
 
-bool make_user_info_guest(auth_usersupplied_info **user_info) 
+bool make_user_info_guest(struct auth_usersupplied_info **user_info)
 {
 	NTSTATUS nt_status;
 
@@ -494,7 +494,7 @@ bool make_user_info_guest(auth_usersupplied_info **user_info)
 	return NT_STATUS_IS_OK(nt_status) ? True : False;
 }
 
-static int server_info_dtor(auth_serversupplied_info *server_info)
+static int server_info_dtor(struct auth_serversupplied_info *server_info)
 {
 	TALLOC_FREE(server_info->sam_account);
 	ZERO_STRUCTP(server_info);
@@ -505,11 +505,11 @@ static int server_info_dtor(auth_serversupplied_info *server_info)
  Make a server_info struct. Free with TALLOC_FREE().
 ***************************************************************************/
 
-static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
+static struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
 {
 	struct auth_serversupplied_info *result;
 
-	result = TALLOC_ZERO_P(mem_ctx, auth_serversupplied_info);
+	result = TALLOC_ZERO_P(mem_ctx, struct auth_serversupplied_info);
 	if (result == NULL) {
 		DEBUG(0, ("talloc failed\n"));
 		return NULL;
@@ -562,12 +562,12 @@ static bool is_our_machine_account(const char *username)
  Make (and fill) a user_info struct from a struct samu
 ***************************************************************************/
 
-NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
+NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
 			      struct samu *sampass)
 {
 	struct passwd *pwd;
 	gid_t *gids;
-	auth_serversupplied_info *result;
+	struct auth_serversupplied_info *result;
 	const char *username = pdb_get_username(sampass);
 	NTSTATUS status;
 
@@ -701,7 +701,7 @@ static NTSTATUS log_nt_token(NT_USER_TOKEN *token)
  * server_info->sids (the info3/sam groups). Find the unix gids.
  */
 
-NTSTATUS create_local_token(auth_serversupplied_info *server_info)
+NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
 {
 	NTSTATUS status;
 	size_t i;
@@ -1140,7 +1140,7 @@ bool user_in_group(const char *username, const char *groupname)
  to a struct samu
 ***************************************************************************/
 
-NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, 
+NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
                              char *unix_username,
 			     struct passwd *pwd)
 {
@@ -1151,7 +1151,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
 	TALLOC_CTX *mem_ctx = NULL;
 	DOM_SID u_sid;
 	enum lsa_SidType type;
-	auth_serversupplied_info *result;
+	struct auth_serversupplied_info *result;
 	
 	if ( !(sampass = samu_new( NULL )) ) {
 		return NT_STATUS_NO_MEMORY;
@@ -1261,7 +1261,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
  the guest gid, then create one.
 ***************************************************************************/
 
-static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info)
+static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS status;
 	struct samu *sampass = NULL;
@@ -1274,8 +1274,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	sid_copy(&guest_sid, get_global_sam_sid());
-	sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST);
+	sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
 
 	become_root();
 	ret = pdb_getsampwsid(sampass, &guest_sid);
@@ -1355,9 +1354,9 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
 
 
 struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
-						 const auth_serversupplied_info *src)
+						 const struct auth_serversupplied_info *src)
 {
-	auth_serversupplied_info *dst;
+	struct auth_serversupplied_info *dst;
 
 	dst = make_server_info(mem_ctx);
 	if (dst == NULL) {
@@ -1433,7 +1432,7 @@ bool server_info_set_session_key(struct auth_serversupplied_info *info,
 	return (info->user_session_key.data != NULL);
 }
 
-static auth_serversupplied_info *guest_info = NULL;
+static struct auth_serversupplied_info *guest_info = NULL;
 
 bool init_guest_info(void)
 {
@@ -1444,7 +1443,7 @@ bool init_guest_info(void)
 }
 
 NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
-				auth_serversupplied_info **server_info)
+				struct auth_serversupplied_info **server_info)
 {
 	*server_info = copy_serverinfo(mem_ctx, guest_info);
 	return (*server_info != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
@@ -1620,7 +1619,7 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
 NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, 
 				const char *sent_nt_username,
 				const char *domain,
-				auth_serversupplied_info **server_info, 
+				struct auth_serversupplied_info **server_info,
 				struct netr_SamInfo3 *info3)
 {
 	char zeros[16];
@@ -1637,7 +1636,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 	uid_t uid = (uid_t)-1;
 	gid_t gid = (gid_t)-1;
 
-	auth_serversupplied_info *result;
+	struct auth_serversupplied_info *result;
 
 	/* 
 	   Here is where we should check the list of
@@ -1645,13 +1644,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 	   matches.
 	*/
 
-	sid_copy(&user_sid, info3->base.domain_sid);
-	if (!sid_append_rid(&user_sid, info3->base.rid)) {
+	if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
-	sid_copy(&group_sid, info3->base.domain_sid);
-	if (!sid_append_rid(&group_sid, info3->base.primary_gid)) {
+	if (!sid_compose(&group_sid, info3->base.domain_sid,
+			 info3->base.primary_gid)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
@@ -1873,7 +1871,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
 					  const char *sent_nt_username,
 					  const char *domain,
 					  const struct wbcAuthUserInfo *info,
-					  auth_serversupplied_info **server_info)
+					  struct auth_serversupplied_info **server_info)
 {
 	char zeros[16];
 
@@ -1890,7 +1888,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
 	uid_t uid = (uid_t)-1;
 	gid_t gid = (gid_t)-1;
 
-	auth_serversupplied_info *result;
+	struct auth_serversupplied_info *result;
 
 	result = make_server_info(NULL);
 	if (result == NULL) {
@@ -2114,7 +2112,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
  Free a user_info struct
 ***************************************************************************/
 
-void free_user_info(auth_usersupplied_info **user_info)
+void free_user_info(struct auth_usersupplied_info **user_info)
 {
 	DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
 	if (*user_info != NULL) {
diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c
index 580c8b550d..85b05efb36 100644
--- a/source3/auth/auth_wbc.c
+++ b/source3/auth/auth_wbc.c
@@ -47,8 +47,8 @@
 static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
 				       void *my_private_data,
 				       TALLOC_CTX *mem_ctx,
-				       const auth_usersupplied_info *user_info,
-				       auth_serversupplied_info **server_info)
+				       const struct auth_usersupplied_info *user_info,
+				       struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status;
 	wbcErr wbc_status;
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d1b00a3268..74723e6af4 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -30,8 +30,8 @@
 static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 				       void *my_private_data, 
 				       TALLOC_CTX *mem_ctx,
-				       const auth_usersupplied_info *user_info, 
-				       auth_serversupplied_info **server_info)
+				       const struct auth_usersupplied_info *user_info,
+				       struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status;
 	wbcErr wbc_status;
author	Nadezhda Ivanova <nadezhda.ivanova@postpath.com>	2010-01-13 12:02:31 +0200
committer	Nadezhda Ivanova <nadezhda.ivanova@postpath.com>	2010-01-13 12:02:31 +0200
commit	9b3871ed293f76e770e572cd6b59f59670f1f6f8 (patch)
tree	2b79286e3a6f7af9e26466393a0b26075a238be8 /source3/auth
parent	309473f938d18b9993c2c4f120eeff7b4641985a (diff)
parent	ca847952054f5bbde1d40ad4260589b6fcc9721d (diff)
download	samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.gz samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.bz2 samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.zip