summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2010-08-18 17:17:42 +0200
committerSimo Sorce <idra@samba.org>2010-08-30 10:43:20 -0400
commit9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd (patch)
tree3a3db771636f2e29e6debc1f96a12b67b8f41e90 /source3
parent5f419eaa3289903a44c34fa1280e51bc197c65f3 (diff)
downloadsamba-9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd.tar.gz
samba-9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd.tar.bz2
samba-9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd.zip
s3-auth: Use SamInfo3_for_guest to create guest server_info.
Signed-off-by: Simo Sorce <idra@samba.org>
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_util.c89
1 files changed, 70 insertions, 19 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1ff9714b1f..23f557a316 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -25,6 +25,7 @@
#include "smbd/globals.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/arcfour.h"
+#include "rpc_client/init_lsa.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -631,6 +632,54 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
return NT_STATUS_OK;
}
+static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
+ struct netr_SamInfo3 *info3)
+{
+ const char *guest_account = lp_guestaccount();
+ struct dom_sid domain_sid;
+ struct passwd *pwd;
+ const char *tmp;
+ NTSTATUS status;
+
+ pwd = getpwnam_alloc(mem_ctx, guest_account);
+ if (pwd == NULL) {
+ DEBUG(0,("SamInfo3_for_guest: Unable to locate guest "
+ "account [%s]!\n", guest_account));
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* Set acount name */
+ tmp = talloc_strdup(mem_ctx, pwd->pw_name);
+ if (tmp == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ init_lsa_String(&info3->base.account_name, tmp);
+
+ /* Set domain name */
+ tmp = talloc_strdup(mem_ctx, get_global_sam_name());
+ if (tmp == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ init_lsa_StringLarge(&info3->base.domain, tmp);
+
+ /* Domain sid */
+ sid_copy(&domain_sid, get_global_sam_sid());
+
+ info3->base.domain_sid = sid_dup_talloc(mem_ctx, &domain_sid);
+ if (info3->base.domain_sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Guest rid */
+ info3->base.rid = DOMAIN_RID_GUEST;
+
+ /* Primary gid */
+ info3->base.primary_gid = BUILTIN_RID_GUESTS;
+
+ TALLOC_FREE(pwd);
+ return status;
+}
+
/***************************************************************************
Make (and fill) a user_info struct for a guest login.
This *must* succeed for smbd to start. If there is no mapping entry for
@@ -639,43 +688,42 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **server_info)
{
+ static const char zeros[16] = {0};
+ const char *guest_account = lp_guestaccount();
+ const char *domain = global_myname();
+ struct netr_SamInfo3 info3;
+ TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- struct samu *sampass = NULL;
- struct dom_sid guest_sid;
- bool ret;
- static const char zeros[16] = {0, };
fstring tmp;
- if ( !(sampass = samu_new( NULL )) ) {
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
- sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_RID_GUEST);
+ ZERO_STRUCT(info3);
- become_root();
- ret = pdb_getsampwsid(sampass, &guest_sid);
- unbecome_root();
-
- if (!ret) {
- TALLOC_FREE(sampass);
- return NT_STATUS_NO_SUCH_USER;
+ status = get_guest_info3(tmp_ctx, &info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
- status = make_server_info_sam(server_info, sampass);
+ status = make_server_info_info3(tmp_ctx,
+ guest_account,
+ domain,
+ server_info,
+ &info3);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(sampass);
- return status;
+ goto done;
}
- TALLOC_FREE(sampass);
-
(*server_info)->guest = True;
status = create_local_token(*server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("create_local_token failed: %s\n",
nt_errstr(status)));
- return status;
+ goto done;
}
/* annoying, but the Guest really does have a session key, and it is
@@ -687,6 +735,9 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser
". _-$", sizeof(tmp));
(*server_info)->sanitized_username = talloc_strdup(*server_info, tmp);
+ status = NT_STATUS_OK;
+done:
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}