Remove fstring from map_username. Create a more sane interface than the called-parameter-is-modified.

Jeremy.

4 files changed, 155 insertions, 77 deletions

diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 4ce0336ccc..ac757d5a35 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -429,14 +429,15 @@ use this machine as the password server.\n"));
 	cli_ulogoff(cli);
 
 	if (NT_STATUS_IS_OK(nt_status)) {
-		fstring real_username;
-		struct passwd *pass;
+		char *real_username = NULL;
+		struct passwd *pass = NULL;
 
-		if ( (pass = smb_getpwnam( NULL, user_info->mapped.account_name,
-			real_username, True )) != NULL ) 
+		if ( (pass = smb_getpwnam(talloc_tos(), user_info->mapped.account_name,
+			&real_username, True )) != NULL )
 		{
 			nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
 			TALLOC_FREE(pass);
+			TALLOC_FREE(real_username);
 		}
 		else
 		{
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 2fcee89bbb..c319edf57f 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -96,9 +96,12 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
 	const char *domain;
 	NTSTATUS result;
 	bool was_mapped;
-	fstring internal_username;
-	fstrcpy(internal_username, smb_name);
-	was_mapped = map_username(internal_username);
+	char *internal_username = NULL;
+
+	was_mapped = map_username(talloc_tos(), smb_name, &internal_username);
+	if (!internal_username) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n",
 		 client_domain, smb_name, workstation_name));
@@ -974,27 +977,45 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
 			      struct passwd **pwd,
 			      bool *username_was_mapped)
 {
-	fstring dom_user, lower_username;
-	fstring real_username;
+	char *orig_dom_user = NULL;
+	char *dom_user = NULL;
+	char *lower_username = NULL;
+	char *real_username = NULL;
 	struct passwd *passwd;
 
-	fstrcpy( lower_username, username );
+	lower_username = talloc_strdup(mem_ctx, username);
+	if (!lower_username) {
+		return NT_STATUS_NO_MEMORY;
+	}
 	strlower_m( lower_username );
 
-	fstr_sprintf(dom_user, "%s%c%s", domain, *lp_winbind_separator(), 
-		lower_username);
+	orig_dom_user = talloc_asprintf(mem_ctx,
+				"%s%c%s",
+				domain,
+				*lp_winbind_separator(),
+				lower_username);
+	if (!orig_dom_user) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	/* Get the passwd struct.  Try to create the account if necessary. */
 
-	*username_was_mapped = map_username(dom_user);
+	*username_was_mapped = map_username(mem_ctx, orig_dom_user, &dom_user);
+	if (!dom_user) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	passwd = smb_getpwnam( NULL, dom_user, real_username, True );
+	passwd = smb_getpwnam(mem_ctx, dom_user, &real_username, True );
 	if (!passwd) {
 		DEBUG(3, ("Failed to find authenticated user %s via "
 			  "getpwnam(), denying access.\n", dom_user));
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
+	if (!real_username) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	*pwd = passwd;
 
 	/* This is pointless -- there is no suport for differing 
@@ -1015,31 +1036,31 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
  ****************************************************************************/
 
 struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
-			     fstring save_username, bool create )
+			     char **p_save_username, bool create )
 {
 	struct passwd *pw = NULL;
-	char *p;
-	fstring username;
+	char *p = NULL;
+	char *username = NULL;
 
 	/* we only save a copy of the username it has been mangled 
 	   by winbindd use default domain */
-
-	save_username[0] = '\0';
+	*p_save_username = NULL;
 
 	/* don't call map_username() here since it has to be done higher 
 	   up the stack so we don't call it multiple times */
 
-	fstrcpy( username, domuser );
+	username = talloc_strdup(mem_ctx, domuser);
+	if (!username) {
+		return NULL;
+	}
 
 	p = strchr_m( username, *lp_winbind_separator() );
 
 	/* code for a DOMAIN\user string */
 
 	if ( p ) {
-		fstring strip_username;
-
 		pw = Get_Pwnam_alloc( mem_ctx, domuser );
-		if ( pw ) {	
+		if ( pw ) {
 			/* make sure we get the case of the username correct */
 			/* work around 'winbind use default domain = yes' */
 
@@ -1050,12 +1071,20 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
 				*p = '\0';
 				domain = username;
 
-				fstr_sprintf(save_username, "%s%c%s", domain, *lp_winbind_separator(), pw->pw_name);
+				*p_save_username = talloc_asprintf(mem_ctx,
+								"%s%c%s",
+								domain,
+								*lp_winbind_separator(),
+								pw->pw_name);
+				if (!*p_save_username) {
+					TALLOC_FREE(pw);
+					return NULL;
+				}
+			} else {
+				*p_save_username = talloc_strdup(mem_ctx, pw->pw_name);
 			}
-			else
-				fstrcpy( save_username, pw->pw_name );
 
-			/* whew -- done! */		
+			/* whew -- done! */
 			return pw;
 		}
 
@@ -1063,8 +1092,10 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
 		/* remember that p and username are overlapping memory */
 
 		p++;
-		fstrcpy( strip_username, p );
-		fstrcpy( username, strip_username );
+		username = talloc_strdup(mem_ctx, p);
+		if (!username) {
+			return NULL;
+		}
 	}
 
 	/* just lookup a plain username */
@@ -1087,9 +1118,9 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
 
 	/* one last check for a valid passwd struct */
 
-	if ( pw )
-		fstrcpy( save_username, pw->pw_name );
-
+	if (pw) {
+		*p_save_username = talloc_strdup(mem_ctx, pw->pw_name);
+	}
 	return pw;
 }
 
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 9d6b6a445b..50716fd56b 100644
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -40,8 +40,8 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
 	char *realm = NULL;
 	char *user = NULL;
 	char *p;
-	fstring fuser;
-	fstring unixuser;
+	char *fuser = NULL;
+	char *unixuser = NULL;
 	struct passwd *pw = NULL;
 
 	DEBUG(3, ("Kerberos ticket principal name is [%s]\n", princ_name));
@@ -109,13 +109,25 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
 		DEBUG(10, ("Domain is [%s] (using Winbind)\n", domain));
 	}
 
-	/* We have to use fstring for this - map_username requires it. */
-	fstr_sprintf(fuser, "%s%c%s", domain, *lp_winbind_separator(), user);
+	fuser = talloc_asprintf(mem_ctx,
+				"%s%c%s",
+				domain,
+				*lp_winbind_separator(),
+				user);
+	if (!fuser) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	*is_mapped = map_username(fuser);
+	*is_mapped = map_username(mem_ctx, fuser, &fuser);
+	if (!fuser) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	pw = smb_getpwnam(mem_ctx, fuser, unixuser, true);
+	pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
 	if (pw) {
+		if (!unixuser) {
+			return NT_STATUS_NO_MEMORY;
+		}
 		/* if a real user check pam account restrictions */
 		/* only really perfomed if "obey pam restriction" is true */
 		/* do this before an eventual mapping to guest occurs */
@@ -134,8 +146,11 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
 
 		if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
 			*mapped_to_guest = true;
-			fstrcpy(fuser, lp_guestaccount());
-			pw = smb_getpwnam(mem_ctx, fuser, unixuser, true);
+			fuser = talloc_strdup(mem_ctx, lp_guestaccount());
+			if (!fuser) {
+				return NT_STATUS_NO_MEMORY;
+			}
+			pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
 		}
 
 		/* extra sanity check that the guest account is valid */
@@ -146,6 +161,10 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
 		}
 	}
 
+	if (!unixuser) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	*username = talloc_strdup(mem_ctx, unixuser);
 	if (!*username) {
 		return NT_STATUS_NO_MEMORY;
diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index 3d7123c18e..9ae81fdec8 100644
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -78,7 +78,9 @@ static char *skip_space(char *s)
 	return s;
 }
 
-static bool fetch_map_from_gencache(fstring user)
+static bool fetch_map_from_gencache(TALLOC_CTX *ctx,
+			const char *user_in,
+			char **p_user_out)
 {
 	char *key, *value;
 	bool found;
@@ -87,8 +89,8 @@ static bool fetch_map_from_gencache(fstring user)
 		return false;
 	}
 
-	key = talloc_asprintf_strupper_m(talloc_tos(), "USERNAME_MAP/%s",
-					 user);
+	key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
+					 user_in);
 	if (key == NULL) {
 		return false;
 	}
@@ -97,12 +99,15 @@ static bool fetch_map_from_gencache(fstring user)
 	if (!found) {
 		return false;
 	}
-	fstrcpy(user, value);
-	SAFE_FREE(value);
+	TALLOC_FREE(*p_user_out);
+	*p_user_out = talloc_strdup(ctx, value);
+	if (!*p_user_out) {
+		return false;
+	}
 	return true;
 }
 
-static void store_map_in_gencache(const char *from, const char *to)
+static void store_map_in_gencache(TALLOC_CTX *ctx, const char *from, const char *to)
 {
 	char *key;
 	int cache_time = lp_username_map_cache_time();
@@ -111,7 +116,7 @@ static void store_map_in_gencache(const char *from, const char *to)
 		return;
 	}
 
-	key = talloc_asprintf_strupper_m(talloc_tos(), "USERNAME_MAP/%s",
+	key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
 					 from);
         if (key == NULL) {
                 return;
@@ -125,11 +130,11 @@ static void store_map_in_gencache(const char *from, const char *to)
  try lower case.
 ****************************************************************************/
 
-bool user_in_netgroup(const char *user, const char *ngname)
+bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname)
 {
 #ifdef HAVE_NETGROUP
 	static char *my_yp_domain = NULL;
-	fstring lowercase_user;
+	char *lowercase_user = NULL;
 
 	if (my_yp_domain == NULL) {
 		yp_get_default_domain(&my_yp_domain);
@@ -152,7 +157,10 @@ bool user_in_netgroup(const char *user, const char *ngname)
 	 * Ok, innetgr is case sensitive. Try once more with lowercase
 	 * just in case. Attempt to fix #703. JRA.
 	 */
-	fstrcpy(lowercase_user, user);
+	lowercase_user = talloc_strdup(ctx, user);
+	if (!lowercase_user) {
+		return false;
+	}
 	strlower_m(lowercase_user);
 
 	if (strcmp(user,lowercase_user) == 0) {
@@ -176,7 +184,7 @@ bool user_in_netgroup(const char *user, const char *ngname)
  and netgroup lists.
 ****************************************************************************/
 
-bool user_in_list(const char *user,const char **list)
+bool user_in_list(TALLOC_CTX *ctx, const char *user,const char **list)
 {
 	if (!list || !*list)
 		return False;
@@ -204,7 +212,7 @@ bool user_in_list(const char *user,const char **list)
 			 * Old behaviour. Check netgroup list
 			 * followed by UNIX list.
 			 */
-			if(user_in_netgroup(user, *list +1))
+			if(user_in_netgroup(ctx, user, *list +1))
 				return True;
 			if(user_in_group(user, *list +1))
 				return True;
@@ -216,7 +224,7 @@ bool user_in_list(const char *user,const char **list)
 				 */
 				if(user_in_group(user, *list +2))
 					return True;
-				if(user_in_netgroup(user, *list +2))
+				if(user_in_netgroup(ctx, user, *list +2))
 					return True;
 
 			} else {
@@ -235,7 +243,7 @@ bool user_in_list(const char *user,const char **list)
 				/*
 				 * Search netgroup list followed by UNIX list.
 				 */
-				if(user_in_netgroup(user, *list +2))
+				if(user_in_netgroup(ctx, user, *list +2))
 					return True;
 				if(user_in_group(user, *list +2))
 					return True;
@@ -243,7 +251,7 @@ bool user_in_list(const char *user,const char **list)
 				/*
 				 * Just search netgroup list.
 				 */
-				if(user_in_netgroup(user, *list +1))
+				if(user_in_netgroup(ctx, user, *list +1))
 					return True;
 			}
 		}
@@ -253,7 +261,7 @@ bool user_in_list(const char *user,const char **list)
 	return(False);
 }
 
-bool map_username(fstring user)
+bool map_username(TALLOC_CTX *ctx, const char *user_in, char **p_user_out)
 {
 	XFILE *f;
 	char *mapfile = lp_username_map();
@@ -262,19 +270,28 @@ bool map_username(fstring user)
 	bool mapped_user = False;
 	char *cmd = lp_username_map_script();
 
-	if (!*user)
+	*p_user_out = NULL;
+
+	if (!user_in)
+		return false;
+
+	/* Initially make a copy of the incoming name. */
+	*p_user_out = talloc_strdup(ctx, user_in);
+	if (!*p_user_out) {
 		return false;
+	}
 
-	if (strequal(user,get_last_to()))
+	if (strequal(user_in,get_last_to()))
 		return false;
 
-	if (strequal(user,get_last_from())) {
-		DEBUG(3,("Mapped user %s to %s\n",user,get_last_to()));
-		fstrcpy(user,get_last_to());
+	if (strequal(user_in,get_last_from())) {
+		DEBUG(3,("Mapped user %s to %s\n",user_in,get_last_to()));
+		TALLOC_FREE(*p_user_out);
+		*p_user_out = talloc_strdup(ctx, get_last_to());
 		return true;
 	}
 
-	if (fetch_map_from_gencache(user)) {
+	if (fetch_map_from_gencache(ctx, user_in, p_user_out)) {
 		return true;
 	}
 
@@ -285,10 +302,10 @@ bool map_username(fstring user)
 		char *command = NULL;
 		int numlines, ret, fd;
 
-		command = talloc_asprintf(talloc_tos(),
+		command = talloc_asprintf(ctx,
 					"%s \"%s\"",
 					cmd,
-					user);
+					user_in);
 		if (!command) {
 			return false;
 		}
@@ -306,17 +323,21 @@ bool map_username(fstring user)
 		}
 
 		numlines = 0;
-		qlines = fd_lines_load(fd, &numlines, 0, talloc_tos());
+		qlines = fd_lines_load(fd, &numlines, 0, ctx);
 		DEBUGADD(10,("Lines returned = [%d]\n", numlines));
 		close(fd);
 
 		/* should be either no lines or a single line with the mapped username */
 
 		if (numlines && qlines) {
-			DEBUG(3,("Mapped user %s to %s\n", user, qlines[0] ));
-			set_last_from_to(user, qlines[0]);
-			store_map_in_gencache(user, qlines[0]);
-			fstrcpy( user, qlines[0] );
+			DEBUG(3,("Mapped user %s to %s\n", user_in, qlines[0] ));
+			set_last_from_to(user_in, qlines[0]);
+			store_map_in_gencache(ctx, user_in, qlines[0]);
+			TALLOC_FREE(*p_user_out);
+			*p_user_out = talloc_strdup(ctx, qlines[0]);
+			if (!*p_user_out) {
+				return false;
+			}
 		}
 
 		TALLOC_FREE(qlines);
@@ -367,20 +388,26 @@ bool map_username(fstring user)
 
 		/* skip lines like 'user = ' */
 
-		dosuserlist = str_list_make_v3(talloc_tos(), dosname, NULL);
+		dosuserlist = str_list_make_v3(ctx, dosname, NULL);
 		if (!dosuserlist) {
 			DEBUG(0,("Bad username map entry.  Unable to build user list.  Ignoring.\n"));
 			continue;
 		}
 
 		if (strchr_m(dosname,'*') ||
-		    user_in_list(user, (const char **)dosuserlist)) {
-			DEBUG(3,("Mapped user %s to %s\n",user,unixname));
+		    user_in_list(ctx, user_in, (const char **)dosuserlist)) {
+			DEBUG(3,("Mapped user %s to %s\n",user_in,unixname));
 			mapped_user = True;
 
-			set_last_from_to(user, unixname);
-			store_map_in_gencache(user, unixname);
-			fstrcpy( user, unixname );
+			set_last_from_to(user_in, unixname);
+			store_map_in_gencache(ctx, user_in, unixname);
+			TALLOC_FREE(*p_user_out);
+			*p_user_out = talloc_strdup(ctx, unixname);
+			if (!*p_user_out) {
+				TALLOC_FREE(dosuserlist);
+				x_fclose(f);
+				return false;
+			}
 
 			if ( return_if_mapped ) {
 				TALLOC_FREE(dosuserlist);
@@ -399,8 +426,8 @@ bool map_username(fstring user)
 	 * that we don't scan the file again for the same user.
 	 */
 
-	set_last_from_to(user, user);
-	store_map_in_gencache(user, user);
+	set_last_from_to(user_in, user_in);
+	store_map_in_gencache(ctx, user_in, user_in);
 
 	return mapped_user;
 }