summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in1
-rw-r--r--source3/auth/auth_util.c121
-rw-r--r--source3/auth/server_info_sam.c151
3 files changed, 152 insertions, 121 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index d7b84ccee2..c783777ed3 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -765,6 +765,7 @@ AUTH_NETLOGOND_OBJ = auth/auth_netlogond.o
AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
auth/server_info.o \
+ auth/server_info_sam.o \
auth/auth_compat.o auth/auth_ntlmssp.o \
$(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ)
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 2cb02f4033..0e94fd9dd4 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -493,127 +493,6 @@ bool make_user_info_guest(struct auth_usersupplied_info **user_info)
return NT_STATUS_IS_OK(nt_status) ? True : False;
}
-/***************************************************************************
- Is the incoming username our own machine account ?
- If so, the connection is almost certainly from winbindd.
-***************************************************************************/
-
-static bool is_our_machine_account(const char *username)
-{
- bool ret;
- char *truncname = NULL;
- size_t ulen = strlen(username);
-
- if (ulen == 0 || username[ulen-1] != '$') {
- return false;
- }
- truncname = SMB_STRDUP(username);
- if (!truncname) {
- return false;
- }
- truncname[ulen-1] = '\0';
- ret = strequal(truncname, global_myname());
- SAFE_FREE(truncname);
- return ret;
-}
-
-/***************************************************************************
- Make (and fill) a user_info struct from a struct samu
-***************************************************************************/
-
-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
- struct samu *sampass)
-{
- struct passwd *pwd;
- gid_t *gids;
- struct auth_serversupplied_info *result;
- const char *username = pdb_get_username(sampass);
- NTSTATUS status;
-
- if ( !(result = make_server_info(NULL)) ) {
- return NT_STATUS_NO_MEMORY;
- }
-
- if ( !(pwd = getpwnam_alloc(result, username)) ) {
- DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
- pdb_get_username(sampass)));
- TALLOC_FREE(result);
- return NT_STATUS_NO_SUCH_USER;
- }
-
- result->sam_account = sampass;
- result->unix_name = pwd->pw_name;
- /* Ensure that we keep pwd->pw_name, because we will free pwd below */
- talloc_steal(result, pwd->pw_name);
- result->utok.gid = pwd->pw_gid;
- result->utok.uid = pwd->pw_uid;
-
- TALLOC_FREE(pwd);
-
- result->sanitized_username = sanitize_username(result,
- result->unix_name);
- if (result->sanitized_username == NULL) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (IS_DC && is_our_machine_account(username)) {
- /*
- * Ensure for a connection from our own
- * machine account (from winbindd on a DC)
- * there are no supplementary groups.
- * Prevents loops in calling gid_to_sid().
- */
- result->sids = NULL;
- gids = NULL;
- result->num_sids = 0;
-
- /*
- * This is a hack of monstrous proportions.
- * If we know it's winbindd talking to us,
- * we know we must never recurse into it,
- * so turn off contacting winbindd for this
- * entire process. This will get fixed when
- * winbindd doesn't need to talk to smbd on
- * a PDC. JRA.
- */
-
- (void)winbind_off();
-
- DEBUG(10, ("make_server_info_sam: our machine account %s "
- "setting supplementary group list empty and "
- "turning off winbindd requests.\n",
- username));
- } else {
- status = pdb_enum_group_memberships(result, sampass,
- &result->sids, &gids,
- &result->num_sids);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
- nt_errstr(status)));
- result->sam_account = NULL; /* Don't free on error exit. */
- TALLOC_FREE(result);
- return status;
- }
- }
-
- /* For now we throw away the gids and convert via sid_to_gid
- * later. This needs fixing, but I'd like to get the code straight and
- * simple first. */
-
- TALLOC_FREE(gids);
-
- DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
- pdb_get_username(sampass), result->unix_name));
-
- *server_info = result;
- /* Ensure that the sampass will be freed with the result */
- talloc_steal(result, sampass);
-
- return NT_STATUS_OK;
-}
-
static NTSTATUS log_nt_token(NT_USER_TOKEN *token)
{
TALLOC_CTX *frame = talloc_stackframe();
diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
new file mode 100644
index 0000000000..c6e7522011
--- /dev/null
+++ b/source3/auth/server_info_sam.c
@@ -0,0 +1,151 @@
+/*
+ Unix SMB/CIFS implementation.
+ Authentication utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Andrew Bartlett 2001
+ Copyright (C) Jeremy Allison 2000-2001
+ Copyright (C) Rafal Szczesniak 2002
+ Copyright (C) Volker Lendecke 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smbd/globals.h"
+#include "../libcli/auth/libcli_auth.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_AUTH
+
+
+/***************************************************************************
+ Is the incoming username our own machine account ?
+ If so, the connection is almost certainly from winbindd.
+***************************************************************************/
+
+static bool is_our_machine_account(const char *username)
+{
+ bool ret;
+ char *truncname = NULL;
+ size_t ulen = strlen(username);
+
+ if (ulen == 0 || username[ulen-1] != '$') {
+ return false;
+ }
+ truncname = SMB_STRDUP(username);
+ if (!truncname) {
+ return false;
+ }
+ truncname[ulen-1] = '\0';
+ ret = strequal(truncname, global_myname());
+ SAFE_FREE(truncname);
+ return ret;
+}
+
+/***************************************************************************
+ Make (and fill) a user_info struct from a struct samu
+***************************************************************************/
+
+NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
+ struct samu *sampass)
+{
+ struct passwd *pwd;
+ gid_t *gids;
+ struct auth_serversupplied_info *result;
+ const char *username = pdb_get_username(sampass);
+ NTSTATUS status;
+
+ if ( !(result = make_server_info(NULL)) ) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if ( !(pwd = getpwnam_alloc(result, username)) ) {
+ DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
+ pdb_get_username(sampass)));
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ result->sam_account = sampass;
+ result->unix_name = pwd->pw_name;
+ /* Ensure that we keep pwd->pw_name, because we will free pwd below */
+ talloc_steal(result, pwd->pw_name);
+ result->utok.gid = pwd->pw_gid;
+ result->utok.uid = pwd->pw_uid;
+
+ TALLOC_FREE(pwd);
+
+ result->sanitized_username = sanitize_username(result,
+ result->unix_name);
+ if (result->sanitized_username == NULL) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (IS_DC && is_our_machine_account(username)) {
+ /*
+ * Ensure for a connection from our own
+ * machine account (from winbindd on a DC)
+ * there are no supplementary groups.
+ * Prevents loops in calling gid_to_sid().
+ */
+ result->sids = NULL;
+ gids = NULL;
+ result->num_sids = 0;
+
+ /*
+ * This is a hack of monstrous proportions.
+ * If we know it's winbindd talking to us,
+ * we know we must never recurse into it,
+ * so turn off contacting winbindd for this
+ * entire process. This will get fixed when
+ * winbindd doesn't need to talk to smbd on
+ * a PDC. JRA.
+ */
+
+ (void)winbind_off();
+
+ DEBUG(10, ("make_server_info_sam: our machine account %s "
+ "setting supplementary group list empty and "
+ "turning off winbindd requests.\n",
+ username));
+ } else {
+ status = pdb_enum_group_memberships(result, sampass,
+ &result->sids, &gids,
+ &result->num_sids);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
+ nt_errstr(status)));
+ result->sam_account = NULL; /* Don't free on error exit. */
+ TALLOC_FREE(result);
+ return status;
+ }
+ }
+
+ /* For now we throw away the gids and convert via sid_to_gid
+ * later. This needs fixing, but I'd like to get the code straight and
+ * simple first. */
+
+ TALLOC_FREE(gids);
+
+ DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
+ pdb_get_username(sampass), result->unix_name));
+
+ *server_info = result;
+ /* Ensure that the sampass will be freed with the result */
+ talloc_steal(result, sampass);
+
+ return NT_STATUS_OK;
+}