diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-09-06 13:37:11 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-09-06 13:37:11 +0000 |
commit | 789d51b42ceb2d99658c72bf55904083d451fcab (patch) | |
tree | c965fd3d8f658760a9573f095bd5c213e61a9304 /source3 | |
parent | 94d6c0e8952ce220d2ca3ef4f97e10517595fcbf (diff) | |
download | samba-789d51b42ceb2d99658c72bf55904083d451fcab.tar.gz samba-789d51b42ceb2d99658c72bf55904083d451fcab.tar.bz2 samba-789d51b42ceb2d99658c72bf55904083d451fcab.zip |
This is the 'easy' parts of the trusted domains patch n+3 patch from
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
It includes a conversion of make_user_info*() to NTSTATUS and some minor
changes to other files.
It also picks up on a nasty segfault that can occour in some security=domain
cases.
Andrew Bartlett
(This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 3 | ||||
-rw-r--r-- | source3/auth/auth_domain.c | 2 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 122 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 2 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 24 | ||||
-rw-r--r-- | source3/utils/net_rpc.c | 8 |
6 files changed, 93 insertions, 68 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 531ca74474..796d994b13 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -242,7 +242,8 @@ UNIGRP_OBJ = libsmb/netlogon_unigrp.o AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \ auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \ - auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ) + auth/auth_builtin.o auth/auth_compat.o \ + $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ) MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index f7a268de1f..e8f11bb3d5 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -251,7 +251,7 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli, } /*********************************************************************** - We have been asked to dynamcially determine the IP addresses of + We have been asked to dynamically determine the IP addresses of the PDC and BDC's for DOMAIN, and query them in turn. ************************************************************************/ static NTSTATUS find_connect_pdc(struct cli_state **cli, diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5ae942fac7..78dc0d4ee4 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -4,6 +4,7 @@ Copyright (C) Andrew Tridgell 1992-1998 Copyright (C) Andrew Bartlett 2001 Copyright (C) Jeremy Allison 2000-2001 + Copyright (C) Rafal Szczesniak 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -56,7 +57,7 @@ static int smb_create_user(const char *unix_user, const char *homedir) Add and Delete UNIX users on demand, based on NTSTATUS codes. ****************************************************************************/ -void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status) +void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status) { struct passwd *pwd=NULL; @@ -81,15 +82,15 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli Create an auth_usersupplied_data structure ****************************************************************************/ -static BOOL make_user_info(auth_usersupplied_info **user_info, - const char *smb_name, - const char *internal_username, - const char *client_domain, - const char *domain, - const char *wksta_name, - DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, - DATA_BLOB plaintext, - uint32 auth_flags, BOOL encrypted) +static NTSTATUS make_user_info(auth_usersupplied_info **user_info, + const char *smb_name, + const char *internal_username, + const char *client_domain, + const char *domain, + const char *wksta_name, + DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, + DATA_BLOB plaintext, + uint32 auth_flags, BOOL encrypted) { DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name)); @@ -97,7 +98,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, *user_info = malloc(sizeof(**user_info)); if (!user_info) { DEBUG(0,("malloc failed for user_info (size %d)\n", sizeof(*user_info))); - return False; + return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(*user_info); @@ -109,7 +110,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, (*user_info)->smb_name.len = strlen(smb_name); } else { free_user_info(user_info); - return False; + return NT_STATUS_NO_MEMORY; } (*user_info)->internal_username.str = strdup(internal_username); @@ -117,7 +118,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, (*user_info)->internal_username.len = strlen(internal_username); } else { free_user_info(user_info); - return False; + return NT_STATUS_NO_MEMORY; } (*user_info)->domain.str = strdup(domain); @@ -125,7 +126,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, (*user_info)->domain.len = strlen(domain); } else { free_user_info(user_info); - return False; + return NT_STATUS_NO_MEMORY; } (*user_info)->client_domain.str = strdup(client_domain); @@ -133,7 +134,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, (*user_info)->client_domain.len = strlen(client_domain); } else { free_user_info(user_info); - return False; + return NT_STATUS_NO_MEMORY; } (*user_info)->wksta_name.str = strdup(wksta_name); @@ -141,7 +142,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, (*user_info)->wksta_name.len = strlen(wksta_name); } else { free_user_info(user_info); - return False; + return NT_STATUS_NO_MEMORY; } DEBUG(5,("making blobs for %s's user_info struct\n", internal_username)); @@ -155,26 +156,26 @@ static BOOL make_user_info(auth_usersupplied_info **user_info, DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name)); - return True; + return NT_STATUS_OK; } /**************************************************************************** Create an auth_usersupplied_data structure after appropriate mapping. ****************************************************************************/ -BOOL make_user_info_map(auth_usersupplied_info **user_info, - const char *smb_name, - const char *client_domain, - const char *wksta_name, - DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, - DATA_BLOB plaintext, - uint32 ntlmssp_flags, BOOL encrypted) +NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + const char *wksta_name, + DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, + DATA_BLOB plaintext, + uint32 ntlmssp_flags, BOOL encrypted) { const char *domain; fstring internal_username; fstrcpy(internal_username, smb_name); map_username(internal_username); - + DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n", client_domain, smb_name, wksta_name)); @@ -203,7 +204,7 @@ BOOL make_user_info_map(auth_usersupplied_info **user_info, client_domain, lp_winbind_separator(), smb_name) < 0) { DEBUG(0, ("make_user_info_map: asprintf() failed!\n")); - return False; + return NT_STATUS_NO_MEMORY; } DEBUG(5, ("make_user_info_map: testing for user %s\n", user)); @@ -245,6 +246,7 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, const uchar *nt_network_pwd, int nt_pwd_len) { BOOL ret; + NTSTATUS nt_status; DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len); DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len); DATA_BLOB plaintext_blob = data_blob(NULL, 0); @@ -258,12 +260,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, auth_flags |= AUTH_FLAG_NTLMv2_RESP; } - ret = make_user_info_map(user_info, - smb_name, client_domain, - wksta_name, - lm_blob, nt_blob, - plaintext_blob, - auth_flags, True); + nt_status = make_user_info_map(user_info, + smb_name, client_domain, + wksta_name, + lm_blob, nt_blob, + plaintext_blob, + auth_flags, True); + + ret = NT_STATUS_IS_OK(nt_status) ? True : False; data_blob_free(&lm_blob); data_blob_free(&nt_blob); @@ -329,6 +333,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, { BOOL ret; + NTSTATUS nt_status; DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response)); DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); DATA_BLOB plaintext_blob = data_blob(NULL, 0); @@ -338,14 +343,15 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, if (nt_interactive_pwd) auth_flags |= AUTH_FLAG_NTLM_RESP; - ret = make_user_info_map(user_info, - smb_name, client_domain, - wksta_name, - local_lm_blob, - local_nt_blob, - plaintext_blob, - auth_flags, True); + nt_status = make_user_info_map(user_info, + smb_name, client_domain, + wksta_name, + local_lm_blob, + local_nt_blob, + plaintext_blob, + auth_flags, True); + ret = NT_STATUS_IS_OK(nt_status) ? True : False; data_blob_free(&local_lm_blob); data_blob_free(&local_nt_blob); return ret; @@ -366,7 +372,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, DATA_BLOB local_lm_blob; DATA_BLOB local_nt_blob; - BOOL ret = False; + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; uint32 auth_flags = AUTH_FLAG_NONE; /* @@ -397,25 +403,25 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, } ret = make_user_info_map(user_info, smb_name, - client_domain, - get_remote_machine_name(), - local_lm_blob, - local_nt_blob, - plaintext_password, - auth_flags, False); + client_domain, + get_remote_machine_name(), + local_lm_blob, + local_nt_blob, + plaintext_password, + auth_flags, False); data_blob_free(&local_lm_blob); - return ret; + return NT_STATUS_IS_OK(ret) ? True : False; } /**************************************************************************** Create an auth_usersupplied_data structure ****************************************************************************/ -BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info, - const char *smb_name, - const char *client_domain, - DATA_BLOB lm_resp, DATA_BLOB nt_resp) +NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + DATA_BLOB lm_resp, DATA_BLOB nt_resp) { uint32 auth_flags = AUTH_FLAG_NONE; @@ -450,14 +456,17 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info) DATA_BLOB nt_blob = data_blob(NULL, 0); DATA_BLOB plaintext_blob = data_blob(NULL, 0); uint32 auth_flags = AUTH_FLAG_NONE; + NTSTATUS nt_status; - return make_user_info(user_info, + nt_status = make_user_info(user_info, "","", "","", "", nt_blob, lm_blob, plaintext_blob, auth_flags, True); + + return NT_STATUS_IS_OK(nt_status) ? True : False; } /**************************************************************************** @@ -633,7 +642,14 @@ static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid, return NT_STATUS_OK; } - usr = getpwuid_alloc(uid); + /* + * This is _essential_ to prevent occasional segfaults when + * winbind can't find uid -> username mapping + */ + if (!(usr = getpwuid_alloc(uid))) { + DEBUG(0, ("Couldn't find passdb structure for UID = %d ! Aborting.\n", uid)); + return NT_STATUS_NO_SUCH_USER; + }; n_unix_groups = groups_max(); if ((*unix_groups = malloc( sizeof(gid_t) * groups_max() ) ) == NULL) { diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f28441886a..e187e1556e 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -473,6 +473,8 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_E /* * preferred length is set to 5 as a "our" preferred length * nt sets this parameter to 2 + * update (20.08.2002): it's not preferred length, but preferred size! + * it needs further investigation how to optimally choose this value */ uint32 max_num_domains = q_u->preferred_len < 5 ? q_u->preferred_len : 10; TRUSTDOM **trust_doms; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index c37c655fd1..3dc9fe9208 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -439,14 +439,14 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf, auth_flags |= AUTH_FLAG_NTLM_RESP; } else if (nthash.length > 24) { auth_flags |= AUTH_FLAG_NTLMv2_RESP; - } + }; + + nt_status = make_user_info_map(&user_info, user, workgroup, machine, + lmhash, nthash, plaintext_password, + auth_flags, True); - if (!make_user_info_map(&user_info, - user, workgroup, - machine, - lmhash, nthash, - plaintext_password, - auth_flags, True)) { + /* it looks a bit weird, but this function returns int type... */ + if (!NT_STATUS_IS_OK(nt_status)) { return ERROR_NT(NT_STATUS_NO_MEMORY); } @@ -621,7 +621,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, NTSTATUS nt_status; BOOL doencrypt = global_encrypted_passwords_negotiated; - + START_PROFILE(SMBsesssetupX); ZERO_STRUCT(lm_resp); @@ -776,11 +776,9 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, nt_status = check_guest_password(&server_info); } else if (doencrypt) { - if (!make_user_info_for_reply_enc(&user_info, - user, domain, - lm_resp, nt_resp)) { - nt_status = NT_STATUS_NO_MEMORY; - } else { + nt_status = make_user_info_for_reply_enc(&user_info, user, domain, + lm_resp, nt_resp); + if (NT_STATUS_IS_OK(nt_status)) { nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, user_info, &server_info); diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 25ed337c1f..4067ce344d 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -1972,6 +1972,12 @@ static int rpc_trustdom_list(int argc, const char **argv) d_printf("%s%s%s\n", trusted_dom_names[i], padding, ascii_sid); }; + + /* + * in case of no trusted domains say something rather + * than just display blank line + */ + if (!num_domains) d_printf("none\n"); } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); @@ -2076,6 +2082,8 @@ static int rpc_trustdom_list(int argc, const char **argv) }; }; + if (!num_domains) d_printf("none\n"); + } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); /* close opened samr and domain policy handles */ |