summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-09-06 13:37:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-09-06 13:37:11 +0000
commit789d51b42ceb2d99658c72bf55904083d451fcab (patch)
treec965fd3d8f658760a9573f095bd5c213e61a9304 /source3/auth
parent94d6c0e8952ce220d2ca3ef4f97e10517595fcbf (diff)
downloadsamba-789d51b42ceb2d99658c72bf55904083d451fcab.tar.gz
samba-789d51b42ceb2d99658c72bf55904083d451fcab.tar.bz2
samba-789d51b42ceb2d99658c72bf55904083d451fcab.zip
This is the 'easy' parts of the trusted domains patch n+3 patch from
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> It includes a conversion of make_user_info*() to NTSTATUS and some minor changes to other files. It also picks up on a nasty segfault that can occour in some security=domain cases. Andrew Bartlett (This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_domain.c2
-rw-r--r--source3/auth/auth_util.c122
2 files changed, 70 insertions, 54 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index f7a268de1f..e8f11bb3d5 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -251,7 +251,7 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli,
}
/***********************************************************************
- We have been asked to dynamcially determine the IP addresses of
+ We have been asked to dynamically determine the IP addresses of
the PDC and BDC's for DOMAIN, and query them in turn.
************************************************************************/
static NTSTATUS find_connect_pdc(struct cli_state **cli,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5ae942fac7..78dc0d4ee4 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -4,6 +4,7 @@
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Andrew Bartlett 2001
Copyright (C) Jeremy Allison 2000-2001
+ Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -56,7 +57,7 @@ static int smb_create_user(const char *unix_user, const char *homedir)
Add and Delete UNIX users on demand, based on NTSTATUS codes.
****************************************************************************/
-void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
+void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
{
struct passwd *pwd=NULL;
@@ -81,15 +82,15 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli
Create an auth_usersupplied_data structure
****************************************************************************/
-static BOOL make_user_info(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *internal_username,
- const char *client_domain,
- const char *domain,
- const char *wksta_name,
- DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
- DATA_BLOB plaintext,
- uint32 auth_flags, BOOL encrypted)
+static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *internal_username,
+ const char *client_domain,
+ const char *domain,
+ const char *wksta_name,
+ DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
+ DATA_BLOB plaintext,
+ uint32 auth_flags, BOOL encrypted)
{
DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
@@ -97,7 +98,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
*user_info = malloc(sizeof(**user_info));
if (!user_info) {
DEBUG(0,("malloc failed for user_info (size %d)\n", sizeof(*user_info)));
- return False;
+ return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*user_info);
@@ -109,7 +110,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->smb_name.len = strlen(smb_name);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->internal_username.str = strdup(internal_username);
@@ -117,7 +118,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->internal_username.len = strlen(internal_username);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->domain.str = strdup(domain);
@@ -125,7 +126,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->domain.len = strlen(domain);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->client_domain.str = strdup(client_domain);
@@ -133,7 +134,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->client_domain.len = strlen(client_domain);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->wksta_name.str = strdup(wksta_name);
@@ -141,7 +142,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->wksta_name.len = strlen(wksta_name);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
DEBUG(5,("making blobs for %s's user_info struct\n", internal_username));
@@ -155,26 +156,26 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name));
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
-BOOL make_user_info_map(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *client_domain,
- const char *wksta_name,
- DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
- DATA_BLOB plaintext,
- uint32 ntlmssp_flags, BOOL encrypted)
+NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *client_domain,
+ const char *wksta_name,
+ DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
+ DATA_BLOB plaintext,
+ uint32 ntlmssp_flags, BOOL encrypted)
{
const char *domain;
fstring internal_username;
fstrcpy(internal_username, smb_name);
map_username(internal_username);
-
+
DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n",
client_domain, smb_name, wksta_name));
@@ -203,7 +204,7 @@ BOOL make_user_info_map(auth_usersupplied_info **user_info,
client_domain, lp_winbind_separator(),
smb_name) < 0) {
DEBUG(0, ("make_user_info_map: asprintf() failed!\n"));
- return False;
+ return NT_STATUS_NO_MEMORY;
}
DEBUG(5, ("make_user_info_map: testing for user %s\n", user));
@@ -245,6 +246,7 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
const uchar *nt_network_pwd, int nt_pwd_len)
{
BOOL ret;
+ NTSTATUS nt_status;
DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len);
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
@@ -258,12 +260,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
auth_flags |= AUTH_FLAG_NTLMv2_RESP;
}
- ret = make_user_info_map(user_info,
- smb_name, client_domain,
- wksta_name,
- lm_blob, nt_blob,
- plaintext_blob,
- auth_flags, True);
+ nt_status = make_user_info_map(user_info,
+ smb_name, client_domain,
+ wksta_name,
+ lm_blob, nt_blob,
+ plaintext_blob,
+ auth_flags, True);
+
+ ret = NT_STATUS_IS_OK(nt_status) ? True : False;
data_blob_free(&lm_blob);
data_blob_free(&nt_blob);
@@ -329,6 +333,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
{
BOOL ret;
+ NTSTATUS nt_status;
DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
@@ -338,14 +343,15 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
if (nt_interactive_pwd)
auth_flags |= AUTH_FLAG_NTLM_RESP;
- ret = make_user_info_map(user_info,
- smb_name, client_domain,
- wksta_name,
- local_lm_blob,
- local_nt_blob,
- plaintext_blob,
- auth_flags, True);
+ nt_status = make_user_info_map(user_info,
+ smb_name, client_domain,
+ wksta_name,
+ local_lm_blob,
+ local_nt_blob,
+ plaintext_blob,
+ auth_flags, True);
+ ret = NT_STATUS_IS_OK(nt_status) ? True : False;
data_blob_free(&local_lm_blob);
data_blob_free(&local_nt_blob);
return ret;
@@ -366,7 +372,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
DATA_BLOB local_lm_blob;
DATA_BLOB local_nt_blob;
- BOOL ret = False;
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
uint32 auth_flags = AUTH_FLAG_NONE;
/*
@@ -397,25 +403,25 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
}
ret = make_user_info_map(user_info, smb_name,
- client_domain,
- get_remote_machine_name(),
- local_lm_blob,
- local_nt_blob,
- plaintext_password,
- auth_flags, False);
+ client_domain,
+ get_remote_machine_name(),
+ local_lm_blob,
+ local_nt_blob,
+ plaintext_password,
+ auth_flags, False);
data_blob_free(&local_lm_blob);
- return ret;
+ return NT_STATUS_IS_OK(ret) ? True : False;
}
/****************************************************************************
Create an auth_usersupplied_data structure
****************************************************************************/
-BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *client_domain,
- DATA_BLOB lm_resp, DATA_BLOB nt_resp)
+NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *client_domain,
+ DATA_BLOB lm_resp, DATA_BLOB nt_resp)
{
uint32 auth_flags = AUTH_FLAG_NONE;
@@ -450,14 +456,17 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
DATA_BLOB nt_blob = data_blob(NULL, 0);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
uint32 auth_flags = AUTH_FLAG_NONE;
+ NTSTATUS nt_status;
- return make_user_info(user_info,
+ nt_status = make_user_info(user_info,
"","",
"","",
"",
nt_blob, lm_blob,
plaintext_blob,
auth_flags, True);
+
+ return NT_STATUS_IS_OK(nt_status) ? True : False;
}
/****************************************************************************
@@ -633,7 +642,14 @@ static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid,
return NT_STATUS_OK;
}
- usr = getpwuid_alloc(uid);
+ /*
+ * This is _essential_ to prevent occasional segfaults when
+ * winbind can't find uid -> username mapping
+ */
+ if (!(usr = getpwuid_alloc(uid))) {
+ DEBUG(0, ("Couldn't find passdb structure for UID = %d ! Aborting.\n", uid));
+ return NT_STATUS_NO_SUCH_USER;
+ };
n_unix_groups = groups_max();
if ((*unix_groups = malloc( sizeof(gid_t) * groups_max() ) ) == NULL) {