summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_domain.c11
-rw-r--r--source3/auth/auth_server.c9
-rw-r--r--source3/auth/auth_util.c104
3 files changed, 95 insertions, 29 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index bedd318c3c..8ad6329da9 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -50,6 +50,8 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
NTSTATUS result;
struct rpc_pipe_client *netlogon_pipe = NULL;
+ *cli = NULL;
+
*pipe_ret = NULL;
/* TODO: Send a SAMLOGON request to determine whether this is a valid
@@ -81,6 +83,11 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
result = NT_STATUS_NO_LOGON_SERVERS;
}
+ if (*cli) {
+ cli_shutdown(*cli);
+ *cli = NULL;
+ }
+
release_server_mutex();
return result;
}
@@ -111,6 +118,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \
machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
cli_shutdown(*cli);
+ *cli = NULL;
release_server_mutex();
return result;
}
@@ -126,6 +134,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
"trust account password for domain '%s'\n",
domain));
cli_shutdown(*cli);
+ *cli = NULL;
release_server_mutex();
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
@@ -141,6 +150,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
if (!NT_STATUS_IS_OK(result)) {
cli_shutdown(*cli);
+ *cli = NULL;
release_server_mutex();
return result;
}
@@ -150,6 +160,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \
machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
cli_shutdown(*cli);
+ *cli = NULL;
release_server_mutex();
return NT_STATUS_NO_LOGON_SERVERS;
}
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 7bec1b4128..6e4dba0be2 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -39,7 +39,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
char *pserver;
BOOL connected_ok = False;
- if (!(cli = cli_initialise(cli)))
+ if (!(cli = cli_initialise()))
return NULL;
/* security = server just can't function with spnego */
@@ -49,7 +49,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
p = pserver;
while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
- standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost));
+ standard_sub_basic(current_user_info.smb_name, current_user_info.domain,
+ desthost, sizeof(desthost));
strupper_m(desthost);
if(!resolve_name( desthost, &dest_ip, 0x20)) {
@@ -85,7 +86,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
return NULL;
}
- if (!attempt_netbios_session_request(cli, global_myname(),
+ if (!attempt_netbios_session_request(&cli, global_myname(),
desthost, &dest_ip)) {
release_server_mutex();
DEBUG(1,("password server fails session request\n"));
@@ -129,7 +130,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
}
release_server_mutex();
-
+
DEBUG(3,("password server OK\n"));
return cli;
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 493d7393d0..823bf8c322 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -611,12 +611,17 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
* Add alias SIDs from memberships within the partially created token SID list
*/
-static NTSTATUS add_aliases(TALLOC_CTX *tmp_ctx, const DOM_SID *domain_sid,
+static NTSTATUS add_aliases(const DOM_SID *domain_sid,
struct nt_user_token *token)
{
uint32 *aliases;
size_t i, num_aliases;
NTSTATUS status;
+ TALLOC_CTX *tmp_ctx;
+
+ if (!(tmp_ctx = talloc_init("add_aliases"))) {
+ return NT_STATUS_NO_MEMORY;
+ }
aliases = NULL;
num_aliases = 0;
@@ -629,6 +634,7 @@ static NTSTATUS add_aliases(TALLOC_CTX *tmp_ctx, const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("pdb_enum_alias_memberships failed: %s\n",
nt_errstr(status)));
+ TALLOC_FREE(tmp_ctx);
return status;
}
@@ -640,10 +646,12 @@ static NTSTATUS add_aliases(TALLOC_CTX *tmp_ctx, const DOM_SID *domain_sid,
&token->num_sids);
if (token->user_sids == NULL) {
DEBUG(0, ("add_sid_to_array failed\n"));
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
}
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}
@@ -686,7 +694,7 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token)
/*******************************************************************
*******************************************************************/
-static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token )
+static NTSTATUS add_builtin_administrators( struct nt_user_token *token )
{
DOM_SID domadm;
@@ -808,22 +816,14 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
int num_groupsids,
const DOM_SID *groupsids)
{
- TALLOC_CTX *tmp_ctx;
struct nt_user_token *result = NULL;
int i;
NTSTATUS status;
gid_t gid;
- tmp_ctx = talloc_new(mem_ctx);
- if (tmp_ctx == NULL) {
- DEBUG(0, ("talloc_new failed\n"));
- return NULL;
- }
-
- result = TALLOC_ZERO_P(tmp_ctx, NT_USER_TOKEN);
- if (result == NULL) {
+ if (!(result = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN))) {
DEBUG(0, ("talloc failed\n"));
- goto done;
+ return NULL;
}
/* Add the user and primary group sid */
@@ -875,7 +875,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
unbecome_root();
}
else {
- status = add_builtin_administrators( tmp_ctx, result );
+ status = add_builtin_administrators( result );
if ( !NT_STATUS_IS_OK(status) ) {
/* just log a complaint but do not fail */
DEBUG(3,("create_local_nt_token: failed to check for local Administrators"
@@ -896,7 +896,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
become_root();
status = create_builtin_users( );
if ( !NT_STATUS_IS_OK(status) ) {
- DEBUG(0,("create_local_nt_token: Failed to create BUILTIN\\Administrators group!\n"));
+ DEBUG(0,("create_local_nt_token: Failed to create BUILTIN\\Users group!\n"));
/* don't fail, just log the message */
}
unbecome_root();
@@ -909,31 +909,26 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
/* Now add the aliases. First the one from our local SAM */
- status = add_aliases(tmp_ctx, get_global_sam_sid(), result);
+ status = add_aliases(get_global_sam_sid(), result);
if (!NT_STATUS_IS_OK(status)) {
- result = NULL;
- goto done;
+ TALLOC_FREE(result);
+ return NULL;
}
/* Finally the builtin ones */
- status = add_aliases(tmp_ctx, &global_sid_Builtin, result);
+ status = add_aliases(&global_sid_Builtin, result);
if (!NT_STATUS_IS_OK(status)) {
- result = NULL;
- goto done;
+ TALLOC_FREE(result);
+ return NULL;
}
}
get_privileges_for_sids(&result->privileges, result->user_sids,
result->num_sids);
-
- talloc_steal(mem_ctx, result);
-
- done:
- TALLOC_FREE(tmp_ctx);
return result;
}
@@ -1443,6 +1438,65 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
return (*server_info != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
}
+BOOL copy_current_user(struct current_user *dst, struct current_user *src)
+{
+ gid_t *groups;
+ NT_USER_TOKEN *nt_token;
+
+ groups = memdup(src->ut.groups, sizeof(gid_t) * src->ut.ngroups);
+ if ((src->ut.ngroups != 0) && (groups == NULL)) {
+ return False;
+ }
+
+ nt_token = dup_nt_token(NULL, src->nt_user_token);
+ if (nt_token == NULL) {
+ SAFE_FREE(groups);
+ return False;
+ }
+
+ dst->conn = src->conn;
+ dst->vuid = src->vuid;
+ dst->ut.uid = src->ut.uid;
+ dst->ut.gid = src->ut.gid;
+ dst->ut.ngroups = src->ut.ngroups;
+ dst->ut.groups = groups;
+ dst->nt_user_token = nt_token;
+ return True;
+}
+
+BOOL set_current_user_guest(struct current_user *dst)
+{
+ gid_t *groups;
+ NT_USER_TOKEN *nt_token;
+
+ groups = memdup(guest_info->groups,
+ sizeof(gid_t) * guest_info->n_groups);
+ if (groups == NULL) {
+ return False;
+ }
+
+ nt_token = dup_nt_token(NULL, guest_info->ptok);
+ if (nt_token == NULL) {
+ SAFE_FREE(groups);
+ return False;
+ }
+
+ TALLOC_FREE(dst->nt_user_token);
+ SAFE_FREE(dst->ut.groups);
+
+ /* dst->conn is never really dereferenced, it's only tested for
+ * equality in uid.c */
+ dst->conn = NULL;
+
+ dst->vuid = UID_FIELD_INVALID;
+ dst->ut.uid = guest_info->uid;
+ dst->ut.gid = guest_info->gid;
+ dst->ut.ngroups = guest_info->n_groups;
+ dst->ut.groups = groups;
+ dst->nt_user_token = nt_token;
+ return True;
+}
+
/***************************************************************************
Purely internal function for make_server_info_info3
Fill the sam account from getpwnam