Added NT_USER_TOKEN into server_info to fix extra groups problem.

Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)

4 files changed, 58 insertions, 43 deletions

diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c
index a8c0eebb94..50cf6a7142 100644
--- a/source3/libsmb/asn1.c
+++ b/source3/libsmb/asn1.c
@@ -32,14 +32,14 @@ BOOL asn1_write(ASN1_DATA *data, const void *p, int len)
 {
 	if (data->has_error) return False;
 	if (data->length < data->ofs+len) {
-		uint8 *p;
-		p = Realloc(data->data, data->ofs+len);
-		if (!p) {
+		uint8 *newp;
+		newp = Realloc(data->data, data->ofs+len);
+		if (!newp) {
 			SAFE_FREE(data->data);
 			data->has_error = True;
 			return False;
 		}
-		data->data = p;
+		data->data = newp;
 		data->length = data->ofs+len;
 	}
 	memcpy(data->data + data->ofs, p, len);
@@ -112,20 +112,27 @@ BOOL asn1_pop_tag(ASN1_DATA *data)
 BOOL asn1_write_OID(ASN1_DATA *data, const char *OID)
 {
 	unsigned v, v2;
-	char *p = (char *)OID;
+	const char *p = (const char *)OID;
+	char *newp;
 
-	if (!asn1_push_tag(data, ASN1_OID)) return False;
-	v = strtol(p, &p, 10);
-	v2 = strtol(p, &p, 10);
-	if (!asn1_write_uint8(data, 40*v + v2)) return False;
+	if (!asn1_push_tag(data, ASN1_OID))
+		return False;
+	v = strtol(p, &newp, 10);
+	p = newp;
+	v2 = strtol(p, &newp, 10);
+	p = newp;
+	if (!asn1_write_uint8(data, 40*v + v2))
+		return False;
 
 	while (*p) {
-		v = strtol(p, &p, 10);
+		v = strtol(p, &newp, 10);
+		p = newp;
 		if (v >= (1<<28)) asn1_write_uint8(data, 0x80 | ((v>>28)&0xff));
 		if (v >= (1<<21)) asn1_write_uint8(data, 0x80 | ((v>>21)&0xff));
 		if (v >= (1<<14)) asn1_write_uint8(data, 0x80 | ((v>>14)&0xff));
 		if (v >= (1<<7)) asn1_write_uint8(data, 0x80 | ((v>>7)&0xff));
-		if (!asn1_write_uint8(data, v&0x7f)) return False;
+		if (!asn1_write_uint8(data, v&0x7f))
+			return False;
 	}
 	return asn1_pop_tag(data);
 }
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index e9981d7205..d9f8e19910 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -212,7 +212,7 @@ int cli_nt_delete_on_close(struct cli_state *cli, int fnum, BOOL flag)
  Used in smbtorture.
 ****************************************************************************/
 
-int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess,
+int cli_nt_create_full(struct cli_state *cli, const char *fname, uint32 DesiredAccess,
 		 uint32 FileAttributes, uint32 ShareAccess,
 		 uint32 CreateDisposition, uint32 CreateOptions)
 {
@@ -268,7 +268,7 @@ int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess,
 open a file
 ****************************************************************************/
 
-int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess)
+int cli_nt_create(struct cli_state *cli, const char *fname, uint32 DesiredAccess)
 {
 	return cli_nt_create_full(cli, fname, DesiredAccess, 0,
 				FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_EXISTS_OPEN, 0x0);
@@ -278,7 +278,7 @@ int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess)
 open a file
 WARNING: if you open with O_WRONLY then getattrE won't work!
 ****************************************************************************/
-int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
+int cli_open(struct cli_state *cli, const char *fname, int flags, int share_mode)
 {
 	char *p;
 	unsigned openfn=0;
diff --git a/source3/libsmb/domain_client_validate.c b/source3/libsmb/domain_client_validate.c
index 20db1ee4d6..7a8fa66841 100644
--- a/source3/libsmb/domain_client_validate.c
+++ b/source3/libsmb/domain_client_validate.c
@@ -352,25 +352,41 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
 		}
 	}
 
-        /* Store the user group information in the server_info returned to
-           the caller. */
+	/* Store the user group information in the server_info returned to the caller. */
 	
-	if (NT_STATUS_IS_OK(status)) {
-		if (((*server_info)->group_rids = malloc(info3.num_groups2 *
-						      sizeof(uint32))) == NULL) {
-			DEBUG(1, ("out of memory allocating rid group membership\n"));
+	if (NT_STATUS_IS_OK(status) && (info3.num_groups2 != 0)) {
+		DOM_SID domain_sid;
+		int i;
+		NT_USER_TOKEN *ptok;
+		auth_serversupplied_info *pserver_info = *server_info;
+
+		if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) {
+			DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n"));
 			status = NT_STATUS_NO_MEMORY;
 			free_server_info(server_info);
-		} else {
-			int i;
-			
-			(*server_info)->n_rids = info3.num_groups2;
-			
-			for (i = 0; i < (*server_info)->n_rids; i++) {
-				(*server_info)->group_rids[i] = info3.gids[i].g_rid;
-				DEBUG(5, ("** adding group rid 0x%x\n",
-					  info3.gids[i].g_rid));
-			}
+			goto done;
+		}
+
+		ptok = pserver_info->ptok;
+		ptok->num_sids = (size_t)info3.num_groups2;
+
+		if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) {
+			DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n"));
+			status = NT_STATUS_NO_MEMORY;
+			free_server_info(server_info);
+			goto done;
+		}
+ 
+		if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
+			DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n"));
+			status = NT_STATUS_NO_MEMORY;
+			free_server_info(server_info);
+			goto done;
+		}
+ 
+		for (i = 0; i < ptok->num_sids; i++) {
+			sid_copy(&ptok->user_sids[i], &domain_sid);
+			sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
 		}
 	}
 
@@ -390,6 +406,8 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
 	}
 #endif /* 0 */
 
+  done:
+
 	/* Note - once the cli stream is shutdown the mem_ctx used
 	   to allocate the other_sids and gids structures has been deleted - so
 	   these pointers are no longer valid..... */
diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c
index 64e23e0feb..4a2c5f1604 100644
--- a/source3/libsmb/pwd_cache.c
+++ b/source3/libsmb/pwd_cache.c
@@ -49,41 +49,31 @@ BOOL pwd_is_nullpwd(const struct pwd_info *pwd)
 /****************************************************************************
 compares two passwords.  hmm, not as trivial as expected.  hmm.
 ****************************************************************************/
-BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2)
+BOOL pwd_compare(const struct pwd_info *pwd1, const struct pwd_info *pwd2)
 {
-	if (pwd1->cleartext && pwd2->cleartext)
-	{
+	if (pwd1->cleartext && pwd2->cleartext) {
 		if (strequal(pwd1->password, pwd2->password))
-		{
 			return True;
-		}
 	}
 	if (pwd1->null_pwd && pwd2->null_pwd)
-	{
 		return True;
-	}
 
 	if (!pwd1->null_pwd  && !pwd2->null_pwd &&
-	    !pwd1->cleartext && !pwd2->cleartext)
-	{
+	    !pwd1->cleartext && !pwd2->cleartext) {
 #ifdef DEBUG_PASSWORD
 		DEBUG(100,("pwd compare: nt#\n"));
 		dump_data(100, pwd1->smb_nt_pwd, 16);
 		dump_data(100, pwd2->smb_nt_pwd, 16);
 #endif
 		if (memcmp(pwd1->smb_nt_pwd, pwd2->smb_nt_pwd, 16) == 0)
-		{
 			return True;
-		}
 #ifdef DEBUG_PASSWORD
 		DEBUG(100,("pwd compare: lm#\n"));
 		dump_data(100, pwd1->smb_lm_pwd, 16);
 		dump_data(100, pwd2->smb_lm_pwd, 16);
 #endif
 		if (memcmp(pwd1->smb_lm_pwd, pwd2->smb_lm_pwd, 16) == 0)
-		{
 			return True;
-		}
 	}
 	return False;
 }