summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth.c8
-rw-r--r--source3/auth/auth_domain.c3
-rw-r--r--source3/auth/auth_rhosts.c2
-rw-r--r--source3/auth/auth_sam.c87
-rw-r--r--source3/auth/auth_util.c126
-rw-r--r--source3/auth/auth_winbind.c2
-rw-r--r--source3/auth/pampass.c8
7 files changed, 128 insertions, 108 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 8316c4b617..553d9a686e 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -131,7 +131,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
DEBUG(5, ("challenge is: \n"));
- dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
+ dump_data(5, (const char *)auth_context->challenge.data, auth_context->challenge.length);
SMB_ASSERT(auth_context->challenge.length == 8);
@@ -228,7 +228,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
auth_context->challenge_set_by));
DEBUG(10, ("challenge is: \n"));
- dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
+ dump_data(5, (const char *)auth_context->challenge.data, auth_context->challenge.length);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("user_info has passwords of length %d and %d\n",
@@ -373,10 +373,10 @@ BOOL load_auth_module(struct auth_context *auth_context,
if (p) {
*p = 0;
module_params = p+1;
- trim_string(module_params, " ", " ");
+ trim_char(module_params, ' ', ' ');
}
- trim_string(module_name, " ", " ");
+ trim_char(module_name, ' ', ' ');
entry = auth_find_backend_entry(module_name);
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index aacea261fe..43e7597cd9 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -26,9 +26,6 @@
extern BOOL global_machine_password_needs_changing;
-extern userdom_struct current_user_info;
-
-
/**
* Connect to a remote server for domain security authenticaion.
*
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
index fab2d551f2..b295df9328 100644
--- a/source3/auth/auth_rhosts.c
+++ b/source3/auth/auth_rhosts.c
@@ -40,7 +40,7 @@ static BOOL check_user_equiv(const char *user, const char *remote, const char *e
if (! lines) return False;
for (i=0; lines[i]; i++) {
char *buf = lines[i];
- trim_string(buf," "," ");
+ trim_char(buf,' ',' ');
if (buf[0] != '#' && buf[0] != '\n')
{
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index fb66d53cd4..ce97bd7df2 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -27,8 +27,9 @@
#define DBGC_CLASS DBGC_AUTH
/****************************************************************************
-core of smb password checking routine.
+ Core of smb password checking routine.
****************************************************************************/
+
static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
const uchar *part_passwd,
const DATA_BLOB *sec_blob,
@@ -54,8 +55,7 @@ static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
}
SMBOWFencrypt(part_passwd, sec_blob->data, p24);
- if (user_sess_key != NULL)
- {
+ if (user_sess_key != NULL) {
SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key);
}
@@ -74,12 +74,11 @@ static BOOL smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
return (memcmp(p24, nt_response->data, 24) == 0);
}
-
/****************************************************************************
-core of smb password checking routine. (NTLMv2, LMv2)
-
-Note: The same code works with both NTLMv2 and LMv2.
+ Core of smb password checking routine. (NTLMv2, LMv2)
+ Note: The same code works with both NTLMv2 and LMv2.
****************************************************************************/
+
static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
const uchar *part_passwd,
const DATA_BLOB *sec_blob,
@@ -92,8 +91,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
uchar client_response[16];
DATA_BLOB client_key_data;
- if (part_passwd == NULL)
- {
+ if (part_passwd == NULL) {
DEBUG(10,("No password set - DISALLOWING access\n"));
/* No password set - always False */
return False;
@@ -121,8 +119,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
}
SMBOWFencrypt_ntv2(kr, sec_blob, &client_key_data, value_from_encryption);
- if (user_sess_key != NULL)
- {
+ if (user_sess_key != NULL) {
SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key);
}
@@ -142,11 +139,11 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response,
return (memcmp(value_from_encryption, client_response, 16) == 0);
}
-
/****************************************************************************
Do a specific test for an smb password being correct, given a smb_password and
the lanman and NT responses.
****************************************************************************/
+
static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
TALLOC_CTX *mem_ctx,
SAM_ACCOUNT *sampass,
@@ -158,15 +155,11 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
uint32 auth_flags;
acct_ctrl = pdb_get_acct_ctrl(sampass);
- if (acct_ctrl & ACB_PWNOTREQ)
- {
- if (lp_null_passwords())
- {
+ if (acct_ctrl & ACB_PWNOTREQ) {
+ if (lp_null_passwords()) {
DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", pdb_get_username(sampass)));
return(NT_STATUS_OK);
- }
- else
- {
+ } else {
DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", pdb_get_username(sampass)));
return(NT_STATUS_LOGON_FAILURE);
}
@@ -191,8 +184,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
@@ -201,9 +193,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
- user_sess_key))
-
- {
+ user_sess_key)) {
return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n"));
@@ -218,8 +208,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
DEBUG(4,("sam_password_ok: Checking NT MD4 password\n"));
if (smb_pwd_check_ntlmv1(&user_info->nt_resp,
nt_pw, &auth_context->challenge,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
} else {
DEBUG(3,("sam_password_ok: NT MD4 password check failed for user %s\n",pdb_get_username(sampass)));
@@ -247,8 +236,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
DEBUG(4,("sam_password_ok: Checking LM password\n"));
if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
lm_pw, &auth_context->challenge,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
}
@@ -268,8 +256,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
user_info->client_domain.str,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
@@ -278,8 +265,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
nt_pw, &auth_context->challenge,
user_info->smb_name.str,
"",
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
@@ -287,12 +273,10 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
- I think this is related to Win9X pass-though authentication
*/
DEBUG(4,("sam_password_ok: Checking NT MD4 password in LM field\n"));
- if (lp_ntlm_auth())
- {
+ if (lp_ntlm_auth()) {
if (smb_pwd_check_ntlmv1(&user_info->lm_resp,
nt_pw, &auth_context->challenge,
- user_sess_key))
- {
+ user_sess_key)) {
return NT_STATUS_OK;
}
DEBUG(3,("sam_password_ok: LM password, NT MD4 password in LM field and LMv2 failed for user %s\n",pdb_get_username(sampass)));
@@ -313,6 +297,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
Do a specific test for a SAM_ACCOUNT being vaild for this connection
(ie not disabled, expired and the like).
****************************************************************************/
+
static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
SAM_ACCOUNT *sampass,
const auth_usersupplied_info *user_info)
@@ -325,16 +310,22 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
/* Quit if the account was disabled. */
if (acct_ctrl & ACB_DISABLED) {
- DEBUG(1,("Account for user '%s' was disabled.\n", pdb_get_username(sampass)));
+ DEBUG(1,("sam_account_ok: Account for user '%s' was disabled.\n", pdb_get_username(sampass)));
return NT_STATUS_ACCOUNT_DISABLED;
}
+ /* Quit if the account was locked out. */
+ if (acct_ctrl & ACB_AUTOLOCK) {
+ DEBUG(1,("sam_account_ok: Account for user %s was locked out.\n", pdb_get_username(sampass)));
+ return NT_STATUS_ACCOUNT_LOCKED_OUT;
+ }
+
/* Test account expire time */
kickoff_time = pdb_get_kickoff_time(sampass);
if (kickoff_time != 0 && time(NULL) > kickoff_time) {
- DEBUG(1,("Account for user '%s' has expired.\n", pdb_get_username(sampass)));
- DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time));
+ DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", pdb_get_username(sampass)));
+ DEBUG(3,("sam_account_ok: Account expired at '%ld' unix time.\n", (long)kickoff_time));
return NT_STATUS_ACCOUNT_EXPIRED;
}
@@ -344,14 +335,14 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
/* check for immediate expiry "must change at next logon" */
if (must_change_time == 0 && last_set_time != 0) {
- DEBUG(1,("Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
+ DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass)));
return NT_STATUS_PASSWORD_MUST_CHANGE;
}
/* check for expired password */
if (must_change_time < time(NULL) && must_change_time != 0) {
- DEBUG(1,("Account for user '%s' password expired!.\n", pdb_get_username(sampass)));
- DEBUG(1,("Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time));
+ DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", pdb_get_username(sampass)));
+ DEBUG(1,("sam_account_ok: Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time));
return NT_STATUS_PASSWORD_EXPIRED;
}
}
@@ -359,8 +350,8 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
/* Test workstation. Workstation list is comma separated. */
workstation_list = talloc_strdup(mem_ctx, pdb_get_workstations(sampass));
-
- if (!workstation_list) return NT_STATUS_NO_MEMORY;
+ if (!workstation_list)
+ return NT_STATUS_NO_MEMORY;
if (*workstation_list) {
BOOL invalid_ws = True;
@@ -369,7 +360,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
fstring tok;
while (next_token(&s, tok, ",", sizeof(tok))) {
- DEBUG(10,("checking for workstation match %s and %s (len=%d)\n",
+ DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n",
tok, user_info->wksta_name.str, user_info->wksta_name.len));
if(strequal(tok, user_info->wksta_name.str)) {
invalid_ws = False;
@@ -399,7 +390,6 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-
/****************************************************************************
check if a username/password is OK assuming the password is a 24 byte
SMB hash supplied in the user_info structure
@@ -434,9 +424,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
ret = pdb_getsampwnam(sampass, user_info->internal_username.str);
unbecome_root();
- if (ret == False)
- {
- DEBUG(3,("Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str));
+ if (ret == False) {
+ DEBUG(3,("check_sam_security: Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str));
pdb_free_sam(&sampass);
return NT_STATUS_NO_SUCH_USER;
}
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 5403ee8c39..952aa8ba59 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -216,8 +216,8 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
client_domain, smb_name, wksta_name));
/* don't allow "" as a domain, fixes a Win9X bug
- where it doens't supply a domain for logon script
- 'net use' commands.*/
+ where it doens't supply a domain for logon script
+ 'net use' commands. */
if ( *client_domain )
domain = client_domain;
@@ -227,7 +227,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
/* do what win2k does. Always map unknown domains to our own
and let the "passdb backend" handle unknown users. */
- if ( !is_trusted_domain(domain) )
+ if ( !is_trusted_domain(domain) && !strequal(domain, get_global_sam_name()) )
domain = get_default_sam_name();
/* we know that it is a trusted domain (and we are allowing them) or it is our domain */
@@ -393,7 +393,7 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info,
dump_data(100, plaintext_password.data, plaintext_password.length);
#endif
- SMBencrypt( (const uchar *)plaintext_password.data, (const uchar*)chal, local_lm_response);
+ SMBencrypt( (const char *)plaintext_password.data, (const uchar*)chal, local_lm_response);
local_lm_blob = data_blob(local_lm_response, 24);
/* We can't do an NT hash here, as the password needs to be
@@ -646,43 +646,66 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
* of groups.
******************************************************************************/
-static NTSTATUS get_user_groups_from_local_sam(const char *username, uid_t uid, gid_t gid,
- int *n_groups, DOM_SID **groups, gid_t **unix_groups)
+static NTSTATUS get_user_groups(const char *username, uid_t uid, gid_t gid,
+ int *n_groups, DOM_SID **groups, gid_t **unix_groups)
{
- int n_unix_groups;
- int i;
+ int n_unix_groups;
+ int i;
*n_groups = 0;
*groups = NULL;
+
+ /* Try winbind first */
- n_unix_groups = groups_max();
- if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) {
- DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n"));
- return NT_STATUS_NO_MEMORY;
+ if ( strchr(username, *lp_winbind_separator()) ) {
+ n_unix_groups = winbind_getgroups( username, unix_groups );
+
+ DEBUG(10,("get_user_groups: winbind_getgroups(%s): result = %s\n", username,
+ n_unix_groups == -1 ? "FAIL" : "SUCCESS"));
+
+ if ( n_unix_groups == -1 )
+ return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */
}
-
- if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) {
- gid_t *groups_tmp;
- groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups);
- if (!groups_tmp) {
- SAFE_FREE(*unix_groups);
+ else {
+ /* fallback to getgrouplist() */
+
+ n_unix_groups = groups_max();
+
+ if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) {
+ DEBUG(0, ("get_user_groups: Out of memory allocating unix group list\n"));
return NT_STATUS_NO_MEMORY;
}
- *unix_groups = groups_tmp;
-
+
if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) {
- DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n"));
- SAFE_FREE(*unix_groups);
- return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */
+
+ gid_t *groups_tmp;
+
+ groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups);
+
+ if (!groups_tmp) {
+ SAFE_FREE(*unix_groups);
+ return NT_STATUS_NO_MEMORY;
+ }
+ *unix_groups = groups_tmp;
+
+ if (sys_getgrouplist(username, gid, *unix_groups, &n_unix_groups) == -1) {
+ DEBUG(0, ("get_user_groups: failed to get the unix group list\n"));
+ SAFE_FREE(*unix_groups);
+ return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */
+ }
}
}
debug_unix_user_token(DBGC_CLASS, 5, uid, gid, n_unix_groups, *unix_groups);
+ /* now setup the space for storing the SIDS */
+
if (n_unix_groups > 0) {
+
*groups = malloc(sizeof(DOM_SID) * n_unix_groups);
+
if (!*groups) {
- DEBUG(0, ("get_user_group_from_local_sam: malloc() failed for DOM_SID list!\n"));
+ DEBUG(0, ("get_user_group: malloc() failed for DOM_SID list!\n"));
SAFE_FREE(*unix_groups);
return NT_STATUS_NO_MEMORY;
}
@@ -692,7 +715,8 @@ static NTSTATUS get_user_groups_from_local_sam(const char *username, uid_t uid,
for (i = 0; i < *n_groups; i++) {
if (!NT_STATUS_IS_OK(gid_to_sid(&(*groups)[i], (*unix_groups)[i]))) {
- DEBUG(1, ("get_user_groups_from_local_sam: failed to convert gid %ld to a sid!\n", (long int)(*unix_groups)[i+1]));
+ DEBUG(1, ("get_user_groups: failed to convert gid %ld to a sid!\n",
+ (long int)(*unix_groups)[i+1]));
SAFE_FREE(*groups);
SAFE_FREE(*unix_groups);
return NT_STATUS_NO_SUCH_USER;
@@ -743,10 +767,9 @@ static NTSTATUS add_user_groups(auth_serversupplied_info **server_info,
BOOL is_guest;
uint32 rid;
- nt_status = get_user_groups_from_local_sam(pdb_get_username(sampass),
- uid, gid,
- &n_groupSIDs, &groupSIDs,
- &unix_groups);
+ nt_status = get_user_groups(pdb_get_username(sampass), uid, gid,
+ &n_groupSIDs, &groupSIDs, &unix_groups);
+
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(4,("get_user_groups_from_local_sam failed\n"));
free_server_info(server_info);
@@ -1068,11 +1091,11 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
/* Store the user group information in the server_info
returned to the caller. */
- nt_status = get_user_groups_from_local_sam((*server_info)->unix_name,
+ nt_status = get_user_groups((*server_info)->unix_name,
uid, gid, &n_lgroupSIDs, &lgroupSIDs, &unix_groups);
- if ( !NT_STATUS_IS_OK(nt_status) )
- {
- DEBUG(4,("get_user_groups_from_local_sam failed\n"));
+
+ if ( !NT_STATUS_IS_OK(nt_status) ) {
+ DEBUG(4,("get_user_groups failed\n"));
return nt_status;
}
@@ -1080,9 +1103,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
(*server_info)->n_groups = n_lgroupSIDs;
/* Create a 'combined' list of all SIDs we might want in the SD */
- all_group_SIDs = malloc(sizeof(DOM_SID) *
- (n_lgroupSIDs + info3->num_groups2 +
- info3->num_other_sids));
+
+ all_group_SIDs = malloc(sizeof(DOM_SID) * (info3->num_groups2 +info3->num_other_sids));
+
if (!all_group_SIDs) {
DEBUG(0, ("malloc() failed for DOM_SID list!\n"));
SAFE_FREE(lgroupSIDs);
@@ -1090,20 +1113,30 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
+#if 0 /* JERRY -- no such thing as local groups in current code */
/* Copy the 'local' sids */
memcpy(all_group_SIDs, lgroupSIDs, sizeof(DOM_SID) * n_lgroupSIDs);
SAFE_FREE(lgroupSIDs);
+#endif
/* and create (by appending rids) the 'domain' sids */
+
for (i = 0; i < info3->num_groups2; i++) {
- sid_copy(&all_group_SIDs[i+n_lgroupSIDs], &(info3->dom_sid.sid));
- if (!sid_append_rid(&all_group_SIDs[i+n_lgroupSIDs], info3->gids[i].g_rid)) {
+
+ sid_copy(&all_group_SIDs[i], &(info3->dom_sid.sid));
+
+ if (!sid_append_rid(&all_group_SIDs[i], info3->gids[i].g_rid)) {
+
nt_status = NT_STATUS_INVALID_PARAMETER;
+
DEBUG(3,("could not append additional group rid 0x%x\n",
info3->gids[i].g_rid));
+
SAFE_FREE(lgroupSIDs);
free_server_info(server_info);
+
return nt_status;
+
}
}
@@ -1113,19 +1146,20 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
*/
- for (i = 0; i < info3->num_other_sids; i++)
- sid_copy(&all_group_SIDs[
- n_lgroupSIDs + info3->num_groups2 + i],
+ for (i = 0; i < info3->num_other_sids; i++) {
+ sid_copy(&all_group_SIDs[info3->num_groups2 + i],
&info3->other_sids[i].sid);
+ }
/* Where are the 'global' sids... */
/* can the user be guest? if yes, where is it stored? */
- if (!NT_STATUS_IS_OK(
- nt_status = create_nt_user_token(
- &user_sid, &group_sid,
- n_lgroupSIDs + info3->num_groups2 + info3->num_other_sids,
- all_group_SIDs, False, &token))) {
+
+ nt_status = create_nt_user_token(&user_sid, &group_sid,
+ info3->num_groups2 + info3->num_other_sids,
+ all_group_SIDs, False, &token);
+
+ if ( !NT_STATUS_IS_OK(nt_status) ) {
DEBUG(4,("create_nt_user_token failed\n"));
SAFE_FREE(all_group_SIDs);
free_server_info(server_info);
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index aa8f345a5b..cae7aadd0c 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -36,7 +36,7 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response
if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) {
return NT_STATUS_NO_MEMORY;
}
- prs_copy_data_in(&ps, info3_ndr, len);
+ prs_copy_data_in(&ps, (char *)info3_ndr, len);
prs_set_offset(&ps,0);
if (!net_io_user_info3("", info3, &ps, 1, 3)) {
DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n"));
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index d666e439b0..3239686a20 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -230,7 +230,7 @@ static struct chat_struct *make_pw_chat(char *p)
special_char_sub(prompt);
fstrcpy(t->prompt, prompt);
strlower_m(t->prompt);
- trim_string(t->prompt, " ", " ");
+ trim_char(t->prompt, ' ', ' ');
if (!next_token(&p, reply, NULL, sizeof(fstring)))
break;
@@ -241,7 +241,7 @@ static struct chat_struct *make_pw_chat(char *p)
special_char_sub(reply);
fstrcpy(t->reply, reply);
strlower_m(t->reply);
- trim_string(t->reply, " ", " ");
+ trim_char(t->reply, ' ', ' ');
}
return list;
@@ -304,7 +304,7 @@ static int smb_pam_passchange_conv(int num_msg,
case PAM_PROMPT_ECHO_ON:
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: PAM said: %s\n", msg[replies]->msg));
fstrcpy(current_prompt, msg[replies]->msg);
- trim_string(current_prompt, " ", " ");
+ trim_char(current_prompt, ' ', ' ');
for (t=pw_chat; t; t=t->next) {
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: trying to match |%s| to |%s|\n",
@@ -335,7 +335,7 @@ static int smb_pam_passchange_conv(int num_msg,
case PAM_PROMPT_ECHO_OFF:
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: %s\n", msg[replies]->msg));
fstrcpy(current_prompt, msg[replies]->msg);
- trim_string(current_prompt, " ", " ");
+ trim_char(current_prompt, ' ', ' ');
for (t=pw_chat; t; t=t->next) {
DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |%s| to |%s|\n",