summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-09-06 13:37:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-09-06 13:37:11 +0000
commit789d51b42ceb2d99658c72bf55904083d451fcab (patch)
treec965fd3d8f658760a9573f095bd5c213e61a9304 /source3
parent94d6c0e8952ce220d2ca3ef4f97e10517595fcbf (diff)
downloadsamba-789d51b42ceb2d99658c72bf55904083d451fcab.tar.gz
samba-789d51b42ceb2d99658c72bf55904083d451fcab.tar.bz2
samba-789d51b42ceb2d99658c72bf55904083d451fcab.zip
This is the 'easy' parts of the trusted domains patch n+3 patch from
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> It includes a conversion of make_user_info*() to NTSTATUS and some minor changes to other files. It also picks up on a nasty segfault that can occour in some security=domain cases. Andrew Bartlett (This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in3
-rw-r--r--source3/auth/auth_domain.c2
-rw-r--r--source3/auth/auth_util.c122
-rw-r--r--source3/rpc_server/srv_lsa_nt.c2
-rw-r--r--source3/smbd/sesssetup.c24
-rw-r--r--source3/utils/net_rpc.c8
6 files changed, 93 insertions, 68 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 531ca74474..796d994b13 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -242,7 +242,8 @@ UNIGRP_OBJ = libsmb/netlogon_unigrp.o
AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \
auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \
- auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
+ auth/auth_builtin.o auth/auth_compat.o \
+ $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ)
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index f7a268de1f..e8f11bb3d5 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -251,7 +251,7 @@ static NTSTATUS attempt_connect_to_dc(struct cli_state **cli,
}
/***********************************************************************
- We have been asked to dynamcially determine the IP addresses of
+ We have been asked to dynamically determine the IP addresses of
the PDC and BDC's for DOMAIN, and query them in turn.
************************************************************************/
static NTSTATUS find_connect_pdc(struct cli_state **cli,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5ae942fac7..78dc0d4ee4 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -4,6 +4,7 @@
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Andrew Bartlett 2001
Copyright (C) Jeremy Allison 2000-2001
+ Copyright (C) Rafal Szczesniak 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -56,7 +57,7 @@ static int smb_create_user(const char *unix_user, const char *homedir)
Add and Delete UNIX users on demand, based on NTSTATUS codes.
****************************************************************************/
-void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
+void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status)
{
struct passwd *pwd=NULL;
@@ -81,15 +82,15 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli
Create an auth_usersupplied_data structure
****************************************************************************/
-static BOOL make_user_info(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *internal_username,
- const char *client_domain,
- const char *domain,
- const char *wksta_name,
- DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
- DATA_BLOB plaintext,
- uint32 auth_flags, BOOL encrypted)
+static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *internal_username,
+ const char *client_domain,
+ const char *domain,
+ const char *wksta_name,
+ DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
+ DATA_BLOB plaintext,
+ uint32 auth_flags, BOOL encrypted)
{
DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
@@ -97,7 +98,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
*user_info = malloc(sizeof(**user_info));
if (!user_info) {
DEBUG(0,("malloc failed for user_info (size %d)\n", sizeof(*user_info)));
- return False;
+ return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(*user_info);
@@ -109,7 +110,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->smb_name.len = strlen(smb_name);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->internal_username.str = strdup(internal_username);
@@ -117,7 +118,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->internal_username.len = strlen(internal_username);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->domain.str = strdup(domain);
@@ -125,7 +126,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->domain.len = strlen(domain);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->client_domain.str = strdup(client_domain);
@@ -133,7 +134,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->client_domain.len = strlen(client_domain);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*user_info)->wksta_name.str = strdup(wksta_name);
@@ -141,7 +142,7 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
(*user_info)->wksta_name.len = strlen(wksta_name);
} else {
free_user_info(user_info);
- return False;
+ return NT_STATUS_NO_MEMORY;
}
DEBUG(5,("making blobs for %s's user_info struct\n", internal_username));
@@ -155,26 +156,26 @@ static BOOL make_user_info(auth_usersupplied_info **user_info,
DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name));
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
-BOOL make_user_info_map(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *client_domain,
- const char *wksta_name,
- DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
- DATA_BLOB plaintext,
- uint32 ntlmssp_flags, BOOL encrypted)
+NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *client_domain,
+ const char *wksta_name,
+ DATA_BLOB lm_pwd, DATA_BLOB nt_pwd,
+ DATA_BLOB plaintext,
+ uint32 ntlmssp_flags, BOOL encrypted)
{
const char *domain;
fstring internal_username;
fstrcpy(internal_username, smb_name);
map_username(internal_username);
-
+
DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n",
client_domain, smb_name, wksta_name));
@@ -203,7 +204,7 @@ BOOL make_user_info_map(auth_usersupplied_info **user_info,
client_domain, lp_winbind_separator(),
smb_name) < 0) {
DEBUG(0, ("make_user_info_map: asprintf() failed!\n"));
- return False;
+ return NT_STATUS_NO_MEMORY;
}
DEBUG(5, ("make_user_info_map: testing for user %s\n", user));
@@ -245,6 +246,7 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
const uchar *nt_network_pwd, int nt_pwd_len)
{
BOOL ret;
+ NTSTATUS nt_status;
DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len);
DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
@@ -258,12 +260,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info,
auth_flags |= AUTH_FLAG_NTLMv2_RESP;
}
- ret = make_user_info_map(user_info,
- smb_name, client_domain,
- wksta_name,
- lm_blob, nt_blob,
- plaintext_blob,
- auth_flags, True);
+ nt_status = make_user_info_map(user_info,
+ smb_name, client_domain,
+ wksta_name,
+ lm_blob, nt_blob,
+ plaintext_blob,
+ auth_flags, True);
+
+ ret = NT_STATUS_IS_OK(nt_status) ? True : False;
data_blob_free(&lm_blob);
data_blob_free(&nt_blob);
@@ -329,6 +333,7 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
{
BOOL ret;
+ NTSTATUS nt_status;
DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
@@ -338,14 +343,15 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
if (nt_interactive_pwd)
auth_flags |= AUTH_FLAG_NTLM_RESP;
- ret = make_user_info_map(user_info,
- smb_name, client_domain,
- wksta_name,
- local_lm_blob,
- local_nt_blob,
- plaintext_blob,
- auth_flags, True);
+ nt_status = make_user_info_map(user_info,
+ smb_name, client_domain,
+ wksta_name,
+ local_lm_blob,
+ local_nt_blob,
+ plaintext_blob,
+ auth_flags, True);
+ ret = NT_STATUS_IS_OK(nt_status) ? True : False;
data_blob_free(&local_lm_blob);
data_blob_free(&local_nt_blob);
return ret;
@@ -366,7 +372,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
DATA_BLOB local_lm_blob;
DATA_BLOB local_nt_blob;
- BOOL ret = False;
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
uint32 auth_flags = AUTH_FLAG_NONE;
/*
@@ -397,25 +403,25 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
}
ret = make_user_info_map(user_info, smb_name,
- client_domain,
- get_remote_machine_name(),
- local_lm_blob,
- local_nt_blob,
- plaintext_password,
- auth_flags, False);
+ client_domain,
+ get_remote_machine_name(),
+ local_lm_blob,
+ local_nt_blob,
+ plaintext_password,
+ auth_flags, False);
data_blob_free(&local_lm_blob);
- return ret;
+ return NT_STATUS_IS_OK(ret) ? True : False;
}
/****************************************************************************
Create an auth_usersupplied_data structure
****************************************************************************/
-BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
- const char *smb_name,
- const char *client_domain,
- DATA_BLOB lm_resp, DATA_BLOB nt_resp)
+NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
+ const char *smb_name,
+ const char *client_domain,
+ DATA_BLOB lm_resp, DATA_BLOB nt_resp)
{
uint32 auth_flags = AUTH_FLAG_NONE;
@@ -450,14 +456,17 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
DATA_BLOB nt_blob = data_blob(NULL, 0);
DATA_BLOB plaintext_blob = data_blob(NULL, 0);
uint32 auth_flags = AUTH_FLAG_NONE;
+ NTSTATUS nt_status;
- return make_user_info(user_info,
+ nt_status = make_user_info(user_info,
"","",
"","",
"",
nt_blob, lm_blob,
plaintext_blob,
auth_flags, True);
+
+ return NT_STATUS_IS_OK(nt_status) ? True : False;
}
/****************************************************************************
@@ -633,7 +642,14 @@ static NTSTATUS get_user_groups_from_local_sam(const DOM_SID *user_sid,
return NT_STATUS_OK;
}
- usr = getpwuid_alloc(uid);
+ /*
+ * This is _essential_ to prevent occasional segfaults when
+ * winbind can't find uid -> username mapping
+ */
+ if (!(usr = getpwuid_alloc(uid))) {
+ DEBUG(0, ("Couldn't find passdb structure for UID = %d ! Aborting.\n", uid));
+ return NT_STATUS_NO_SUCH_USER;
+ };
n_unix_groups = groups_max();
if ((*unix_groups = malloc( sizeof(gid_t) * groups_max() ) ) == NULL) {
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index f28441886a..e187e1556e 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -473,6 +473,8 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_E
/*
* preferred length is set to 5 as a "our" preferred length
* nt sets this parameter to 2
+ * update (20.08.2002): it's not preferred length, but preferred size!
+ * it needs further investigation how to optimally choose this value
*/
uint32 max_num_domains = q_u->preferred_len < 5 ? q_u->preferred_len : 10;
TRUSTDOM **trust_doms;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index c37c655fd1..3dc9fe9208 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -439,14 +439,14 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
auth_flags |= AUTH_FLAG_NTLM_RESP;
} else if (nthash.length > 24) {
auth_flags |= AUTH_FLAG_NTLMv2_RESP;
- }
+ };
+
+ nt_status = make_user_info_map(&user_info, user, workgroup, machine,
+ lmhash, nthash, plaintext_password,
+ auth_flags, True);
- if (!make_user_info_map(&user_info,
- user, workgroup,
- machine,
- lmhash, nthash,
- plaintext_password,
- auth_flags, True)) {
+ /* it looks a bit weird, but this function returns int type... */
+ if (!NT_STATUS_IS_OK(nt_status)) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
@@ -621,7 +621,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
NTSTATUS nt_status;
BOOL doencrypt = global_encrypted_passwords_negotiated;
-
+
START_PROFILE(SMBsesssetupX);
ZERO_STRUCT(lm_resp);
@@ -776,11 +776,9 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
nt_status = check_guest_password(&server_info);
} else if (doencrypt) {
- if (!make_user_info_for_reply_enc(&user_info,
- user, domain,
- lm_resp, nt_resp)) {
- nt_status = NT_STATUS_NO_MEMORY;
- } else {
+ nt_status = make_user_info_for_reply_enc(&user_info, user, domain,
+ lm_resp, nt_resp);
+ if (NT_STATUS_IS_OK(nt_status)) {
nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context,
user_info,
&server_info);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 25ed337c1f..4067ce344d 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -1972,6 +1972,12 @@ static int rpc_trustdom_list(int argc, const char **argv)
d_printf("%s%s%s\n", trusted_dom_names[i], padding, ascii_sid);
};
+
+ /*
+ * in case of no trusted domains say something rather
+ * than just display blank line
+ */
+ if (!num_domains) d_printf("none\n");
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
@@ -2076,6 +2082,8 @@ static int rpc_trustdom_list(int argc, const char **argv)
};
};
+ if (!num_domains) d_printf("none\n");
+
} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
/* close opened samr and domain policy handles */