diff options
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_builtin.c | 6 | ||||
| -rw-r--r-- | source3/auth/auth_domain.c | 13 | ||||
| -rw-r--r-- | source3/auth/auth_netlogond.c | 10 | ||||
| -rw-r--r-- | source3/auth/auth_ntlmssp.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_sam.c | 5 | ||||
| -rw-r--r-- | source3/auth/auth_samba4.c | 118 | ||||
| -rw-r--r-- | source3/auth/auth_script.c | 22 | ||||
| -rw-r--r-- | source3/auth/auth_server.c | 41 | ||||
| -rw-r--r-- | source3/auth/auth_unix.c | 3 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 19 | ||||
| -rw-r--r-- | source3/auth/auth_wbc.c | 2 | ||||
| -rw-r--r-- | source3/auth/auth_winbind.c | 2 | ||||
| -rw-r--r-- | source3/auth/check_samsec.c | 2 | ||||
| -rw-r--r-- | source3/auth/pass_check.c | 16 | ||||
| -rw-r--r-- | source3/auth/proto.h | 36 | ||||
| -rw-r--r-- | source3/auth/server_info.c | 2 | ||||
| -rw-r--r-- | source3/auth/server_info_sam.c | 6 | ||||
| -rw-r--r-- | source3/auth/token_util.c | 11 | ||||
| -rw-r--r-- | source3/auth/wscript_build | 25 |
19 files changed, 253 insertions, 90 deletions
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index afe71ee2a6..cfe89495a0 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -57,7 +57,7 @@ static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *o { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } @@ -117,7 +117,7 @@ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, co { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } @@ -171,7 +171,7 @@ static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, con { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 5824d91a0a..c18a81ab57 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -26,6 +26,7 @@ #include "rpc_client/cli_netlogon.h" #include "secrets.h" #include "passdb.h" +#include "libsmb/libsmb.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -68,7 +69,7 @@ void attempt_machine_password_change(void) DEBUG(0,("attempt_machine_password_change: unable to lock " "the machine account password for machine %s in " "domain %s.\n", - global_myname(), lp_workgroup() )); + lp_netbios_name(), lp_workgroup() )); return; } @@ -76,7 +77,7 @@ void attempt_machine_password_change(void) trust_passwd_hash, &lct, NULL)) { DEBUG(0,("attempt_machine_password_change: unable to read the " "machine account password for %s in domain %s.\n", - global_myname(), lp_workgroup())); + lp_netbios_name(), lp_workgroup())); TALLOC_FREE(lock); return; } @@ -145,7 +146,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, } /* Attempt connection */ - result = cli_full_connection(cli, global_myname(), dc_name, dc_ss, 0, + result = cli_full_connection(cli, lp_netbios_name(), dc_name, dc_ss, 0, "IPC$", "IPC", "", "", "", 0, Undefined); if (!NT_STATUS_IS_OK(result)) { @@ -218,7 +219,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); result = rpccli_netlogon_setup_creds(netlogon_pipe, dc_name, /* server name */ domain, /* domain */ - global_myname(), /* client name */ + lp_netbios_name(), /* client name */ account_name, /* machine account name */ machine_pwd, sec_chan_type, @@ -418,7 +419,7 @@ static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } @@ -524,7 +525,7 @@ static NTSTATUS auth_init_trustdomain(struct auth_context *auth_context, const c { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index 8e332c8e5a..7fb037457e 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -133,7 +133,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, p, p, user_info->logon_parameters, /* flags such as 'allow * workstation logon' */ - global_myname(), /* server name */ + lp_netbios_name(), /* server name */ user_info->client.account_name, /* user name logging on. */ user_info->client.domain_name, /* domain name */ user_info->workstation_name, /* workstation name */ @@ -234,7 +234,7 @@ static NTSTATUS mymachinepw(uint8_t pwd[16]) DEBUG(10, ("default_nc = %s\n", default_nc)); myname = talloc_asprintf_strupper_m(talloc_tos(), "%s$", - global_myname()); + lp_netbios_name()); if (myname == NULL) { DEBUG(10, ("talloc failed\n")); status = NT_STATUS_NO_MEMORY; @@ -375,8 +375,8 @@ static NTSTATUS check_netlogond_security(const struct auth_context *auth_context dump_data(10, machine_password, 16); status = rpccli_netlogon_setup_creds( - p, global_myname(), lp_workgroup(), global_myname(), - global_myname(), machine_password, SEC_CHAN_BDC, &neg_flags); + p, lp_netbios_name(), lp_workgroup(), lp_netbios_name(), + lp_netbios_name(), machine_password, SEC_CHAN_BDC, &neg_flags); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("rpccli_netlogon_setup_creds failed: %s\n", @@ -429,7 +429,7 @@ static NTSTATUS auth_init_netlogond(struct auth_context *auth_context, { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 58974210dd..1fecc0988e 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -184,13 +184,13 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state) struct auth_ntlmssp_state *ans; struct auth_context *auth_context; - if ((enum server_types)lp_server_role() == ROLE_STANDALONE) { + if ((enum server_role)lp_server_role() == ROLE_STANDALONE) { is_standalone = true; } else { is_standalone = false; } - netbios_name = global_myname(); + netbios_name = lp_netbios_name(); netbios_domain = lp_workgroup(); /* This should be a 'netbios domain -> DNS domain' mapping */ dns_domain = get_mydnsdomname(talloc_tos()); diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 8d2300dda7..7faa8de027 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -22,7 +22,6 @@ #include "includes.h" #include "auth.h" -#include "../libcli/auth/libcli_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -45,7 +44,7 @@ static NTSTATUS auth_init_sam_ignoredomain(struct auth_context *auth_context, co { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } @@ -109,7 +108,7 @@ static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *par { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c new file mode 100644 index 0000000000..03b7884068 --- /dev/null +++ b/source3/auth/auth_samba4.c @@ -0,0 +1,118 @@ +/* + Unix SMB/CIFS implementation. + Authenticate against Samba4's auth subsystem + Copyright (C) Volker Lendecke 2008 + Copyright (C) Andrew Bartlett 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "source3/include/auth.h" +#include "source4/auth/auth.h" +#include "auth/auth_sam_reply.h" +#include "param/param.h" +#include "source4/lib/events/events.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + +static NTSTATUS check_samba4_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct netr_SamInfo3 *info3 = NULL; + NTSTATUS nt_status; + struct auth_user_info_dc *user_info_dc; + struct auth4_context *auth4_context; + struct loadparm_context *lp_ctx; + + lp_ctx = loadparm_init_s3(frame, loadparm_s3_context()); + if (lp_ctx == NULL) { + DEBUG(10, ("loadparm_init_s3 failed\n")); + talloc_free(frame); + return NT_STATUS_INVALID_SERVER_STATE; + } + + /* We create a private tevent context here to avoid nested loops in + * the s3 one, as that may not be expected */ + nt_status = auth_context_create(mem_ctx, + s4_event_context_init(frame), NULL, + lp_ctx, + &auth4_context); + NT_STATUS_NOT_OK_RETURN(nt_status); + + nt_status = auth_context_set_challenge(auth4_context, auth_context->challenge.data, "auth_samba4"); + NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth4_context); + + nt_status = auth_check_password(auth4_context, auth4_context, user_info, &user_info_dc); + NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, auth4_context); + + nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx, + user_info_dc, + &info3); + if (NT_STATUS_IS_OK(nt_status)) { + /* We need the strings from the server_info to be valid as long as the info3 is around */ + talloc_steal(info3, user_info_dc); + } + talloc_free(auth4_context); + + if (!NT_STATUS_IS_OK(nt_status)) { + goto done; + } + + nt_status = make_server_info_info3(mem_ctx, user_info->client.account_name, + user_info->mapped.domain_name, server_info, + info3); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(10, ("make_server_info_info3 failed: %s\n", + nt_errstr(nt_status))); + TALLOC_FREE(frame); + return nt_status; + } + + nt_status = NT_STATUS_OK; + + done: + TALLOC_FREE(frame); + return nt_status; +} + +/* module initialisation */ +static NTSTATUS auth_init_samba4(struct auth_context *auth_context, + const char *param, + auth_methods **auth_method) +{ + struct auth_methods *result; + + result = talloc_zero(auth_context, struct auth_methods); + if (result == NULL) { + return NT_STATUS_NO_MEMORY; + } + result->name = "samba4"; + result->auth = check_samba4_security; + + *auth_method = result; + return NT_STATUS_OK; +} + +NTSTATUS auth_samba4_init(void) +{ + smb_register_auth(AUTH_INTERFACE_VERSION, "samba4", + auth_init_samba4); + return NT_STATUS_OK; +} diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c index ad973106b1..4432ff4aec 100644 --- a/source3/auth/auth_script.c +++ b/source3/auth/auth_script.c @@ -74,32 +74,32 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co return NT_STATUS_NO_MEMORY; } - safe_strcpy( secret_str, user_info->mapped.domain_name, secret_str_len - 1); - safe_strcat( secret_str, "\n", secret_str_len - 1); - safe_strcat( secret_str, user_info->client.account_name, secret_str_len - 1); - safe_strcat( secret_str, "\n", secret_str_len - 1); + strlcpy( secret_str, user_info->mapped.domain_name, secret_str_len); + strlcat( secret_str, "\n", secret_str_len); + strlcat( secret_str, user_info->client.account_name, secret_str_len); + strlcat( secret_str, "\n", secret_str_len); for (i = 0; i < 8; i++) { slprintf(&hex_str[i*2], 3, "%02X", auth_context->challenge.data[i]); } - safe_strcat( secret_str, hex_str, secret_str_len - 1); - safe_strcat( secret_str, "\n", secret_str_len - 1); + strlcat( secret_str, hex_str, secret_str_len); + strlcat( secret_str, "\n", secret_str_len); if (user_info->password.response.lanman.data) { for (i = 0; i < 24; i++) { slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.lanman.data[i]); } - safe_strcat( secret_str, hex_str, secret_str_len - 1); + strlcat( secret_str, hex_str, secret_str_len); } - safe_strcat( secret_str, "\n", secret_str_len - 1); + strlcat( secret_str, "\n", secret_str_len); if (user_info->password.response.nt.data) { for (i = 0; i < 24; i++) { slprintf(&hex_str[i*2], 3, "%02X", user_info->password.response.nt.data[i]); } - safe_strcat( secret_str, hex_str, secret_str_len - 1); + strlcat( secret_str, hex_str, secret_str_len); } - safe_strcat( secret_str, "\n", secret_str_len - 1); + strlcat( secret_str, "\n", secret_str_len); DEBUG(10,("script_check_user_credentials: running %s with parameters:\n%s\n", script, secret_str )); @@ -124,7 +124,7 @@ static NTSTATUS auth_init_script(struct auth_context *auth_context, const char * { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 5dc8ea7f04..da380db01a 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -22,6 +22,7 @@ #include "auth.h" #include "system/passwd.h" #include "smbd/smbd.h" +#include "libsmb/libsmb.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -43,12 +44,6 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) struct named_mutex *mutex = NULL; NTSTATUS status; - if (!(cli = cli_initialise())) - return NULL; - - /* security = server just can't function with spnego */ - cli->use_spnego = False; - pserver = talloc_strdup(mem_ctx, lp_passwordserver()); p = pserver; @@ -63,12 +58,18 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } strupper_m(desthost); + if (strequal(desthost, myhostname())) { + DEBUG(1,("Password server loop - disabling " + "password server %s\n", desthost)); + continue; + } + if(!resolve_name( desthost, &dest_ss, 0x20, false)) { DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost)); continue; } - if (ismyaddr((struct sockaddr *)&dest_ss)) { + if (ismyaddr((struct sockaddr *)(void *)&dest_ss)) { DEBUG(1,("Password server loop - disabling password server %s\n",desthost)); continue; } @@ -80,11 +81,11 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) mutex = grab_named_mutex(talloc_tos(), desthost, 10); if (mutex == NULL) { - cli_shutdown(cli); return NULL; } - status = cli_connect(cli, desthost, &dest_ss); + status = cli_connect_nb(desthost, &dest_ss, 0, 0x20, + lp_netbios_name(), Undefined, &cli); if (NT_STATUS_IS_OK(status)) { DEBUG(3,("connected to password server %s\n",desthost)); connected_ok = True; @@ -97,21 +98,11 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (!connected_ok) { DEBUG(0,("password server not available\n")); - cli_shutdown(cli); return NULL; } - if (!attempt_netbios_session_request(&cli, global_myname(), - desthost, &dest_ss)) { - TALLOC_FREE(mutex); - DEBUG(1,("password server fails session request\n")); - cli_shutdown(cli); - return NULL; - } - - if (strequal(desthost,myhostname())) { - exit_server_cleanly("Password server loop!"); - } + /* security = server just can't function with spnego */ + cli->use_spnego = False; DEBUG(3,("got session\n")); @@ -258,7 +249,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte /* The return must be allocated on the caller's mem_ctx, as our own will be destoyed just after the call. */ - return data_blob_talloc((TALLOC_CTX *)auth_context, cli->secblob.data,8); + return data_blob_talloc(discard_const_p(TALLOC_CTX, auth_context), cli->secblob.data,8); } else { return data_blob_null; } @@ -341,7 +332,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context baduser = talloc_asprintf(mem_ctx, "%s%s", INVALID_USER_PREFIX, - global_myname()); + lp_netbios_name()); if (!baduser) { return NT_STATUS_NO_MEMORY; } @@ -426,7 +417,7 @@ use this machine as the password server.\n")); } /* if logged in as guest then reject */ - if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) { + if (cli->is_guestlogin) { DEBUG(1,("password server %s gave us guest only\n", cli->desthost)); nt_status = NT_STATUS_LOGON_FAILURE; } @@ -461,7 +452,7 @@ static NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const cha { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 8f9eacf76b..36956986c5 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -20,7 +20,6 @@ #include "includes.h" #include "auth.h" #include "system/passwd.h" -#include "../librpc/gen_ndr/samr.h" #include "smbd/globals.h" #undef DBGC_CLASS @@ -74,7 +73,7 @@ static NTSTATUS auth_init_unix(struct auth_context *auth_context, const char* pa { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index b7ec9fff70..64c290eb04 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -23,7 +23,6 @@ #include "includes.h" #include "auth.h" -#include "smbd/globals.h" #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/arcfour.h" #include "rpc_client/init_lsa.h" @@ -520,7 +519,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, t = session_info->security_token; - ids = TALLOC_ARRAY(talloc_tos(), struct wbcUnixId, + ids = talloc_array(talloc_tos(), struct wbcUnixId, t->num_sids); if (ids == NULL) { return NT_STATUS_NO_MEMORY; @@ -669,7 +668,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - status = samu_to_SamInfo3(result, sampass, global_myname(), + status = samu_to_SamInfo3(result, sampass, lp_netbios_name(), &result->info3, &result->extra); TALLOC_FREE(sampass); if (!NT_STATUS_IS_OK(status)) { @@ -759,7 +758,7 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ses struct auth_serversupplied_info *server_info; static const char zeros[16] = {0}; const char *guest_account = lp_guestaccount(); - const char *domain = global_myname(); + const char *domain = lp_netbios_name(); struct netr_SamInfo3 info3; TALLOC_CTX *tmp_ctx; NTSTATUS status; @@ -774,6 +773,8 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ses status = get_guest_info3(tmp_ctx, &info3); if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("get_guest_info3 failed with %s\n", + nt_errstr(status))); goto done; } @@ -783,6 +784,8 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ses &server_info, &info3); if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("make_server_info_info3 failed with %s\n", + nt_errstr(status))); goto done; } @@ -794,8 +797,8 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ses status = create_local_token(tmp_ctx, server_info, NULL, session_info); TALLOC_FREE(server_info); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("create_local_token failed: %s\n", - nt_errstr(status))); + DEBUG(0, ("create_local_token failed: %s\n", + nt_errstr(status))); goto done; } talloc_steal(NULL, *session_info); @@ -812,7 +815,7 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ses status = NT_STATUS_OK; done: TALLOC_FREE(tmp_ctx); - return NT_STATUS_OK; + return status; } /*************************************************************************** @@ -908,7 +911,7 @@ struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, dst->utok.gid = src->utok.gid; dst->utok.ngroups = src->utok.ngroups; if (src->utok.ngroups != 0) { - dst->utok.groups = (gid_t *)TALLOC_MEMDUP( + dst->utok.groups = (gid_t *)talloc_memdup( dst, src->utok.groups, sizeof(gid_t)*dst->utok.ngroups); } else { diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c index 6150040229..1b70042d90 100644 --- a/source3/auth/auth_wbc.c +++ b/source3/auth/auth_wbc.c @@ -182,7 +182,7 @@ static NTSTATUS auth_init_wbc(struct auth_context *auth_context, const char *par { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 2143353541..d4ace2c919 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -142,7 +142,7 @@ static NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char { struct auth_methods *result; - result = TALLOC_ZERO_P(auth_context, struct auth_methods); + result = talloc_zero(auth_context, struct auth_methods); if (result == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index c4bcda4b1b..2d3cb65785 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -531,7 +531,7 @@ NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge, goto done; } - info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3); + info3 = talloc_zero(mem_ctx, struct netr_SamInfo3); if (info3 == NULL) { status = NT_STATUS_NO_MEMORY; goto done; diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index a7a1c3d8f5..714cc968a7 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -502,8 +502,8 @@ it assumes the string starts lowercased ****************************************************************************/ static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn)(const char *s, - void *private_data), - int N, void *private_data) + const void *private_data), + int N, const void *private_data) { int len = strlen(s); int i; @@ -540,8 +540,8 @@ it assumes the string starts lowercased ****************************************************************************/ static NTSTATUS string_combinations(char *s, NTSTATUS (*fn)(const char *s, - void *private_data), - int N, void *private_data) + const void *private_data), + int N, const void *private_data) { int n; NTSTATUS nt_status; @@ -558,7 +558,7 @@ static NTSTATUS string_combinations(char *s, /**************************************************************************** core of password checking routine ****************************************************************************/ -static NTSTATUS password_check(const char *password, void *private_data) +static NTSTATUS password_check(const char *password, const void *private_data) { #ifdef WITH_PAM const char *rhost = (const char *)private_data; @@ -840,7 +840,7 @@ NTSTATUS pass_check(const struct passwd *pass, #endif /* defined(WITH_PAM) */ /* try it as it came to us */ - nt_status = password_check(password, (void *)rhost); + nt_status = password_check(password, (const void *)rhost); if NT_STATUS_IS_OK(nt_status) { return (nt_status); } else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { @@ -868,7 +868,7 @@ NTSTATUS pass_check(const struct passwd *pass, /* try all lowercase if it's currently all uppercase */ if (strhasupper(pass2)) { strlower_m(pass2); - nt_status = password_check(pass2, (void *)rhost); + nt_status = password_check(pass2, (const void *)rhost); if (NT_STATUS_IS_OK(nt_status)) { return (nt_status); } @@ -883,7 +883,7 @@ NTSTATUS pass_check(const struct passwd *pass, strlower_m(pass2); nt_status = string_combinations(pass2, password_check, level, - (void *)rhost); + (const void *)rhost); if (NT_STATUS_IS_OK(nt_status)) { return nt_status; } diff --git a/source3/auth/proto.h b/source3/auth/proto.h index b88bb8c626..46846ac907 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -1,3 +1,37 @@ +/* + * Unix SMB/CIFS implementation. + * Password and authentication handling + * + * Copyright (C) Andrew Tridgell 1992-2001 + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + * Copyright (C) Jeremy Allison 1997-2001 + * Copyright (C) John H Terpsta 1999-2001 + * Copyright (C) Tim Potter 2000 + * Copyright (C) Andrew Bartlett 2001-2003 + * Copyright (C) Jelmer Vernooij 2002 + * Copyright (C) Rafal Szczesniak 2002 + * Copyright (C) Gerald Carter 2003 + * Copyright (C) Volker Lendecke 2006,2010 + * Copyright (C) Michael Adam 2007 + * Copyright (C) Dan Sledz 2009 + * Copyright (C) Simo Sorce 2010 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef _AUTH_PROTO_H_ +#define _AUTH_PROTO_H_ /* The following definitions come from auth/auth.c */ @@ -270,3 +304,5 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, bool mapped_to_guest, bool username_was_mapped, DATA_BLOB *session_key, struct auth_serversupplied_info **session_info); + +#endif /* _AUTH_PROTO_H_ */ diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index 440e45c8e5..a53e556d28 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -45,7 +45,7 @@ struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) { struct auth_serversupplied_info *result; - result = TALLOC_ZERO_P(mem_ctx, struct auth_serversupplied_info); + result = talloc_zero(mem_ctx, struct auth_serversupplied_info); if (result == NULL) { DEBUG(0, ("talloc failed\n")); return NULL; diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c index 5fd78a30fa..261e3de8f2 100644 --- a/source3/auth/server_info_sam.c +++ b/source3/auth/server_info_sam.c @@ -23,8 +23,6 @@ #include "includes.h" #include "auth.h" -#include "smbd/globals.h" -#include "../libcli/auth/libcli_auth.h" #include "nsswitch/winbind_client.h" #include "passdb.h" @@ -51,7 +49,7 @@ static bool is_our_machine_account(const char *username) return false; } truncname[ulen-1] = '\0'; - ret = strequal(truncname, global_myname()); + ret = strequal(truncname, lp_netbios_name()); SAFE_FREE(truncname); return ret; } @@ -79,7 +77,7 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, return NT_STATUS_NO_SUCH_USER; } - status = samu_to_SamInfo3(result, sampass, global_myname(), + status = samu_to_SamInfo3(result, sampass, lp_netbios_name(), &result->info3, &result->extra); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(result); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index da4745d833..22df21f5ed 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -31,7 +31,6 @@ #include "../librpc/gen_ndr/netlogon.h" #include "../libcli/security/security.h" #include "../lib/util/util_pw.h" -#include "lib/winbind_util.h" #include "passdb.h" #include "lib/privileges.h" @@ -339,7 +338,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx, DEBUG(10, ("Create local NT token for %s\n", sid_string_dbg(user_sid))); - if (!(result = TALLOC_ZERO_P(mem_ctx, struct security_token))) { + if (!(result = talloc_zero(mem_ctx, struct security_token))) { DEBUG(0, ("talloc failed\n")); return NULL; } @@ -694,9 +693,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, num_group_sids = getgroups_num_group_sids; if (num_group_sids) { - group_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_group_sids); + group_sids = talloc_array(tmp_ctx, struct dom_sid, num_group_sids); if (group_sids == NULL) { - DEBUG(1, ("TALLOC_ARRAY failed\n")); + DEBUG(1, ("talloc_array failed\n")); result = NT_STATUS_NO_MEMORY; goto done; } @@ -733,9 +732,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, } num_group_sids = 1; - group_sids = TALLOC_ARRAY(tmp_ctx, struct dom_sid, num_group_sids); + group_sids = talloc_array(tmp_ctx, struct dom_sid, num_group_sids); if (group_sids == NULL) { - DEBUG(1, ("TALLOC_ARRAY failed\n")); + DEBUG(1, ("talloc_array failed\n")); result = NT_STATUS_NO_MEMORY; goto done; } diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build index 8bf2051526..74d870fc1b 100644 --- a/source3/auth/wscript_build +++ b/source3/auth/wscript_build @@ -16,16 +16,20 @@ AUTH_SRC = '''auth.c bld.SAMBA3_SUBSYSTEM('TOKEN_UTIL', source='token_util.c', + deps='samba-util', vars=locals()) +bld.SAMBA3_SUBSYSTEM('USER_UTIL', + source='user_util.c', + deps='TOKEN_UTIL') + bld.SAMBA3_SUBSYSTEM('AUTH_COMMON', source='''auth_util.c - user_util.c check_samsec.c server_info.c server_info_sam.c - user_info.c - user_util.c''', + user_info.c''', + deps='TOKEN_UTIL DCUTIL USER_UTIL', vars=locals()) bld.SAMBA3_SUBSYSTEM('auth', @@ -36,6 +40,7 @@ bld.SAMBA3_SUBSYSTEM('auth', bld.SAMBA3_MODULE('auth_sam', subsystem='auth', source=AUTH_SAM_SRC, + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_sam'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_sam')) @@ -43,6 +48,7 @@ bld.SAMBA3_MODULE('auth_sam', bld.SAMBA3_MODULE('auth_unix', subsystem='auth', source=AUTH_UNIX_SRC, + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_unix'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_unix')) @@ -50,6 +56,7 @@ bld.SAMBA3_MODULE('auth_unix', bld.SAMBA3_MODULE('auth_winbind', subsystem='auth', source=AUTH_WINBIND_SRC, + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_winbind'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_winbind')) @@ -57,6 +64,7 @@ bld.SAMBA3_MODULE('auth_winbind', bld.SAMBA3_MODULE('auth_wbc', subsystem='auth', source=AUTH_WBC_SRC, + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_wbc'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_wbc')) @@ -64,6 +72,7 @@ bld.SAMBA3_MODULE('auth_wbc', bld.SAMBA3_MODULE('auth_server', subsystem='auth', source=AUTH_SERVER_SRC, + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_server'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_server')) @@ -79,6 +88,7 @@ bld.SAMBA3_MODULE('auth_domain', bld.SAMBA3_MODULE('auth_builtin', subsystem='auth', source=AUTH_BUILTIN_SRC, + deps='samba-util', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_builtin'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_builtin')) @@ -96,3 +106,12 @@ bld.SAMBA3_MODULE('auth_script', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_script'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_script')) + +bld.SAMBA3_MODULE('auth_samba4', + subsystem='auth', + source='auth_samba4.c', + init_function='', + deps='auth4', + allow_undefined_symbols=False, + internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_samba4'), + enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_samba4')) |