Merge of server-side authentication changes to 3.0:

 - user_ok() and user_in_group() now take a list of groups, instead of
   looking for the user in the members of all groups.

 - The 'server_info' returned from the authentication is now kept around
  - in future we won't copy the sesion key, username etc, we will just
    referece them directly.

 - rhosts upgraded to use the SAM if possible, otherwise fake up based on
   getpwnam().

 - auth_util code to deal with groups upgraded to deal with non-winbind domain
   members again.

Andrew Bartlett
(This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)

1 files changed, 40 insertions, 19 deletions

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 4ce99e96bb..784c1525c8 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -62,11 +62,15 @@ void invalidate_vuid(uint16 vuid)
 
 	if (vuser == NULL)
 		return;
-
+	
 	SAFE_FREE(vuser->homedir);
-
+	SAFE_FREE(vuser->unix_homedir);
+	SAFE_FREE(vuser->logon_script);
+	
 	session_yield(vuser);
 
+	free_server_info(&vuser->server_info);
+
 	DLIST_REMOVE(validated_users, vuser);
 
 	/* clear the vuid from the 'cache' on each connection, and
@@ -93,11 +97,15 @@ void invalidate_all_vuids(void)
 	}
 }
 
-/****************************************************************************
-register a uid/name pair as being valid and that a valid password
-has been given. vuid is biased by an offset. This allows us to
-tell random client vuid's (normally zero) from valid vuids.
-****************************************************************************/
+/**
+ *  register that a valid login has been performed, establish 'session'.
+ *  @param server_info The token returned from the authentication process. 
+ *   (now 'owned' by register_vuid)
+ *
+ *  @return Newly allocated vuid, biased by an offset. (This allows us to
+ *   tell random client vuid's (normally zero) from valid vuids.)
+ *
+ */
 
 int register_vuid(auth_serversupplied_info *server_info, const char *smb_name)
 {
@@ -136,6 +144,7 @@ int register_vuid(auth_serversupplied_info *server_info, const char *smb_name)
 	if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
 		DEBUG(0,("Attempted session setup with invalid user.  No uid/gid in SAM_ACCOUNT\n"));
 		free(vuser);
+		free_server_info(&server_info);
 		return UID_FIELD_INVALID;
 	}
 	
@@ -147,20 +156,24 @@ int register_vuid(auth_serversupplied_info *server_info, const char *smb_name)
 		if (!(vuser->groups = memdup(server_info->groups, sizeof(gid_t) * vuser->n_groups))) {
 			DEBUG(0,("register_vuid: failed to memdup vuser->groups\n"));
 			free(vuser);
+			free_server_info(&server_info);
 			return UID_FIELD_INVALID;
 		}
 	}
 
 	vuser->guest = server_info->guest;
 	fstrcpy(vuser->user.unix_name, pdb_get_username(server_info->sam_account)); 
-	fstrcpy(vuser->user.smb_name, smb_name); 
+
+	/* This is a potentially untrusted username */
+	alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$", sizeof(vuser->user.smb_name));
+
 	fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account));
 	fstrcpy(vuser->user.full_name, pdb_get_fullname(server_info->sam_account));
 
 	{
 		/* Keep the homedir handy */
 		const char *homedir = pdb_get_homedir(server_info->sam_account);
-		const char *unix_homedir = pdb_get_unix_homedir(server_info->sam_account); /* should be optained by SMS */
+		const char *unix_homedir = pdb_get_unix_homedir(server_info->sam_account);
 		const char *logon_script = pdb_get_logon_script(server_info->sam_account);
 		if (homedir) {
 			vuser->homedir = smb_xstrdup(homedir);
@@ -188,10 +201,18 @@ int register_vuid(auth_serversupplied_info *server_info, const char *smb_name)
 		vuser->nt_user_token = dup_nt_token(server_info->ptok);
 	} else {
 		DEBUG(1, ("server_info does not contain a user_token - cannot continue\n"));
-		free(vuser);
+		free_server_info(&server_info);
+		SAFE_FREE(vuser->homedir);
+		SAFE_FREE(vuser->unix_homedir);
+		SAFE_FREE(vuser->logon_script);
+
+		SAFE_FREE(vuser);
 		return UID_FIELD_INVALID;
 	}
 
+	/* use this to keep tabs on all our info from the authentication */
+	vuser->server_info = server_info;
+
 	DEBUG(3,("UNIX uid %d is UNIX user %s, and will be vuid %u\n",(int)vuser->uid,vuser->user.unix_name, vuser->vuid));
 
 	next_vuid++;
@@ -246,7 +267,7 @@ void add_session_user(const char *user)
 /****************************************************************************
 check if a username is valid
 ****************************************************************************/
-BOOL user_ok(const char *user,int snum)
+BOOL user_ok(const char *user,int snum, gid_t *groups, size_t n_groups)
 {
 	char **valid, **invalid;
 	BOOL ret;
@@ -257,7 +278,7 @@ BOOL user_ok(const char *user,int snum)
 	if (lp_invalid_users(snum)) {
 		str_list_copy(&invalid, lp_invalid_users(snum));
 		if (invalid && str_list_substitute(invalid, "%S", lp_servicename(snum))) {
-			ret = !user_in_list(user, (const char **)invalid);
+			ret = !user_in_list(user, (const char **)invalid, groups, n_groups);
 		}
 	}
 	if (invalid)
@@ -266,7 +287,7 @@ BOOL user_ok(const char *user,int snum)
 	if (ret && lp_valid_users(snum)) {
 		str_list_copy(&valid, lp_valid_users(snum));
 		if (valid && str_list_substitute(valid, "%S", lp_servicename(snum))) {
-			ret = user_in_list(user, (const char **)valid);
+			ret = user_in_list(user, (const char **)valid, groups, n_groups);
 		}
 	}
 	if (valid)
@@ -275,7 +296,7 @@ BOOL user_ok(const char *user,int snum)
 	if (ret && lp_onlyuser(snum)) {
 		char **user_list = str_list_make (lp_username(snum), NULL);
 		if (user_list && str_list_substitute(user_list, "%S", lp_servicename(snum))) {
-			ret = user_in_list(user, (const char **)user_list);
+			ret = user_in_list(user, (const char **)user_list, groups, n_groups);
 		}
 		if (user_list) str_list_free (&user_list);
 	}
@@ -294,7 +315,7 @@ static char *validate_group(char *group, DATA_BLOB password,int snum)
 		setnetgrent(group);
 		while (getnetgrent(&host, &user, &domain)) {
 			if (user) {
-				if (user_ok(user, snum) && 
+				if (user_ok(user, snum, NULL, 0) && 
 				    password_ok(user,password)) {
 					endnetgrent();
 					return(user);
@@ -349,7 +370,7 @@ static char *validate_group(char *group, DATA_BLOB password,int snum)
 			while (*member) {
 				static fstring name;
 				fstrcpy(name,member);
-				if (user_ok(name,snum) &&
+				if (user_ok(name,snum, NULL, 0) &&
 				    password_ok(name,password)) {
 					endgrent();
 					return(&name[0]);
@@ -408,7 +429,7 @@ BOOL authorise_login(int snum, fstring user, DATA_BLOB password,
 		     auser = strtok(NULL,LIST_SEP)) {
 			fstring user2;
 			fstrcpy(user2,auser);
-			if (!user_ok(user2,snum))
+			if (!user_ok(user2,snum, NULL, 0))
 				continue;
 			
 			if (password_ok(user2,password)) {
@@ -443,7 +464,7 @@ and given password ok (%s)\n", user));
 			} else {
 				fstring user2;
 				fstrcpy(user2,auser);
-				if (user_ok(user2,snum) && password_ok(user2,password)) {
+				if (user_ok(user2,snum, NULL, 0) && password_ok(user2,password)) {
 					ok = True;
 					fstrcpy(user,user2);
 					DEBUG(3,("authorise_login: ACCEPTED: user list username \
@@ -468,7 +489,7 @@ and given password ok (%s)\n", user));
 		*guest = True;
 	}
 
-	if (ok && !user_ok(user,snum)) {
+	if (ok && !user_ok(user, snum, NULL, 0)) {
 		DEBUG(0,("authorise_login: rejected invalid user %s\n",user));
 		ok = False;
 	}