diff options
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_builtin.c | 12 | ||||
| -rw-r--r-- | source3/auth/auth_compat.c | 10 | ||||
| -rw-r--r-- | source3/auth/auth_domain.c | 12 | ||||
| -rw-r--r-- | source3/auth/auth_netlogond.c | 6 | ||||
| -rw-r--r-- | source3/auth/auth_ntlmssp.c | 2 | ||||
| -rw-r--r-- | source3/auth/auth_sam.c | 219 | ||||
| -rw-r--r-- | source3/auth/auth_script.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_server.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_unix.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 64 | ||||
| -rw-r--r-- | source3/auth/auth_wbc.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_winbind.c | 4 |
12 files changed, 225 insertions, 120 deletions
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index 3741f29779..f8f048a6f2 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -34,8 +34,8 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { /* mark this as 'not for me' */ NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; @@ -77,8 +77,8 @@ static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *o static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; fstring user; @@ -130,8 +130,8 @@ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, co static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { return NT_STATUS_NOT_IMPLEMENTED; } diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c index 77a994828f..e90036f3ff 100644 --- a/source3/auth/auth_compat.c +++ b/source3/auth/auth_compat.c @@ -35,10 +35,12 @@ SMB hash return True if the password is correct, False otherwise ****************************************************************************/ -NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info) +NTSTATUS check_plaintext_password(const char *smb_name, + DATA_BLOB plaintext_password, + struct auth_serversupplied_info **server_info) { struct auth_context *plaintext_auth_context = NULL; - auth_usersupplied_info *user_info = NULL; + struct auth_usersupplied_info *user_info = NULL; uint8_t chal[8]; NTSTATUS nt_status; if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) { @@ -72,9 +74,9 @@ static NTSTATUS pass_check_smb(struct auth_context *actx, { NTSTATUS nt_status; - auth_serversupplied_info *server_info = NULL; + struct auth_serversupplied_info *server_info = NULL; if (encrypted) { - auth_usersupplied_info *user_info = NULL; + struct auth_usersupplied_info *user_info = NULL; if (actx == NULL) { return NT_STATUS_INTERNAL_ERROR; } diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index c527360321..a07aa617c4 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -251,10 +251,10 @@ machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli))); ************************************************************************/ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, const char *domain, uchar chal[8], - auth_serversupplied_info **server_info, + struct auth_serversupplied_info **server_info, const char *dc_name, struct sockaddr_storage *dc_ss) @@ -372,8 +372,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; const char *domain = lp_workgroup(); @@ -441,8 +441,8 @@ static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char static NTSTATUS check_trustdomain_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; unsigned char trust_md4_password[16]; diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index ebfed83d41..bfd12281c4 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -27,7 +27,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, const struct auth_context *auth_context, const char *ncalrpc_sockname, uint8_t schannel_key[16], - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, struct netr_SamInfo3 **pinfo3, NTSTATUS *schannel_bind_result) { @@ -153,8 +153,8 @@ static char *mymachinepw(TALLOC_CTX *mem_ctx) static NTSTATUS check_netlogond_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { TALLOC_CTX *frame = talloc_stackframe(); struct netr_SamInfo3 *info3 = NULL; diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 4243a24ca7..88f0e69443 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -85,7 +85,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, { AUTH_NTLMSSP_STATE *auth_ntlmssp_state = (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context; - auth_usersupplied_info *user_info = NULL; + struct auth_usersupplied_info *user_info = NULL; NTSTATUS nt_status; bool username_was_mapped; diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index f0500b3611..1dd8fc950e 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -33,21 +33,23 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, TALLOC_CTX *mem_ctx, - struct samu *sampass, - const auth_usersupplied_info *user_info, + const char *username, + uint32_t acct_ctrl, + const uint8_t *lm_pw, + const uint8_t *nt_pw, + const struct auth_usersupplied_info *user_info, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { - uint32 acct_ctrl; - const uint8 *lm_pw, *nt_pw; - struct samr_Password lm_hash, nt_hash, client_lm_hash, client_nt_hash; - const char *username = pdb_get_username(sampass); - bool got_lm = false, got_nt = false; + struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash; + struct samr_Password *lm_hash = NULL; + struct samr_Password *nt_hash = NULL; + struct samr_Password *client_lm_hash = NULL; + struct samr_Password *client_nt_hash = NULL; - *user_sess_key = data_blob(NULL, 0); - *lm_sess_key = data_blob(NULL, 0); + *user_sess_key = data_blob_null; + *lm_sess_key = data_blob_null; - acct_ctrl = pdb_get_acct_ctrl(sampass); if (acct_ctrl & ACB_PWNOTREQ) { if (lp_null_passwords()) { DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username)); @@ -58,34 +60,35 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } } - lm_pw = pdb_get_lanman_passwd(sampass); - nt_pw = pdb_get_nt_passwd(sampass); if (lm_pw) { - memcpy(lm_hash.hash, lm_pw, sizeof(lm_hash.hash)); + memcpy(_lm_hash.hash, lm_pw, sizeof(_lm_hash.hash)); + lm_hash = &_lm_hash; } if (nt_pw) { - memcpy(nt_hash.hash, nt_pw, sizeof(nt_hash.hash)); + memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash)); + nt_hash = &_nt_hash; } - if (user_info->lm_interactive_pwd.data && sizeof(client_lm_hash.hash) == user_info->lm_interactive_pwd.length) { - memcpy(client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(lm_hash.hash)); - got_lm = true; + if (user_info->lm_interactive_pwd.data && sizeof(_client_lm_hash.hash) == user_info->lm_interactive_pwd.length) { + memcpy(_client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(_lm_hash.hash)); + client_lm_hash = &_client_lm_hash; } - if (user_info->nt_interactive_pwd.data && sizeof(client_nt_hash.hash) == user_info->nt_interactive_pwd.length) { - memcpy(client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(nt_hash.hash)); - got_nt = true; + if (user_info->nt_interactive_pwd.data && sizeof(_client_nt_hash.hash) == user_info->nt_interactive_pwd.length) { + memcpy(_client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(_nt_hash.hash)); + client_nt_hash = &_client_nt_hash; } - if (got_lm || got_nt) { - *user_sess_key = data_blob(mem_ctx, 16); + + if (client_lm_hash || client_nt_hash) { + *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); if (!user_sess_key->data) { return NT_STATUS_NO_MEMORY; } SMBsesskeygen_ntv1(nt_pw, user_sess_key->data); return hash_password_check(mem_ctx, lp_lanman_auth(), - got_lm ? &client_lm_hash : NULL, - got_nt ? &client_nt_hash : NULL, + client_lm_hash, + client_nt_hash, username, - lm_pw ? &lm_hash: NULL, - nt_pw ? &nt_hash : NULL); + lm_hash, + nt_hash); } else { return ntlm_password_check(mem_ctx, lp_lanman_auth(), lp_ntlm_auth(), @@ -95,8 +98,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, username, user_info->smb_name, user_info->client_domain, - lm_pw ? &lm_hash: NULL, - nt_pw ? &nt_hash : NULL, + lm_hash, + nt_hash, user_sess_key, lm_sess_key); } } @@ -165,7 +168,7 @@ static bool logon_hours_ok(struct samu *sampass) static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, struct samu *sampass, - const auth_usersupplied_info *user_info) + const struct auth_usersupplied_info *user_info) { uint32 acct_ctrl = pdb_get_acct_ctrl(sampass); char *workstation_list; @@ -278,6 +281,75 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/** + * Check whether the given password is one of the last two + * password history entries. If so, the bad pwcount should + * not be incremented even thought the actual password check + * failed. + */ +static bool need_to_increment_bad_pw_count( + const struct auth_context *auth_context, + struct samu* sampass, + const struct auth_usersupplied_info *user_info) +{ + uint8_t i; + const uint8_t *pwhistory; + uint32_t pwhistory_len; + uint32_t policy_pwhistory_len; + uint32_t acct_ctrl; + const char *username; + TALLOC_CTX *mem_ctx = talloc_stackframe(); + bool result = true; + + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, + &policy_pwhistory_len); + if (policy_pwhistory_len == 0) { + goto done; + } + + pwhistory = pdb_get_pw_history(sampass, &pwhistory_len); + if (!pwhistory || pwhistory_len == 0) { + goto done; + } + + acct_ctrl = pdb_get_acct_ctrl(sampass); + username = pdb_get_username(sampass); + + for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) { + static const uint8_t zero16[SALTED_MD5_HASH_LEN]; + const uint8_t *salt; + const uint8_t *nt_pw; + NTSTATUS status; + DATA_BLOB user_sess_key = data_blob_null; + DATA_BLOB lm_sess_key = data_blob_null; + + salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN]; + nt_pw = salt + PW_HISTORY_SALT_LEN; + + if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) { + /* skip zero password hash */ + continue; + } + + if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) { + /* skip nonzero salt (old format entry) */ + continue; + } + + status = sam_password_ok(auth_context, mem_ctx, + username, acct_ctrl, NULL, nt_pw, + user_info, &user_sess_key, &lm_sess_key); + if (NT_STATUS_IS_OK(status)) { + result = false; + break; + } + } + +done: + TALLOC_FREE(mem_ctx); + return result; +} + /**************************************************************************** check if a username/password is OK assuming the password is a 24 byte SMB hash supplied in the user_info structure @@ -287,8 +359,8 @@ return an NT_STATUS constant. static NTSTATUS check_sam_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { struct samu *sampass=NULL; bool ret; @@ -297,6 +369,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, DATA_BLOB user_sess_key = data_blob_null; DATA_BLOB lm_sess_key = data_blob_null; bool updated_autolock = False, updated_badpw = False; + uint32_t acct_ctrl; + const char *username; + const uint8_t *nt_pw; + const uint8_t *lm_pw; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; @@ -305,7 +381,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, /* the returned struct gets kept on the server_info, by means of a steal further down */ - if ( !(sampass = samu_new( mem_ctx )) ) { + sampass = samu_new(mem_ctx); + if (sampass == NULL) { return NT_STATUS_NO_MEMORY; } @@ -322,16 +399,22 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_NO_SUCH_USER; } + acct_ctrl = pdb_get_acct_ctrl(sampass); + username = pdb_get_username(sampass); + nt_pw = pdb_get_nt_passwd(sampass); + lm_pw = pdb_get_lanman_passwd(sampass); + /* see if autolock flag needs to be updated */ - if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) + if (acct_ctrl & ACB_NORMAL) pdb_update_autolock_flag(sampass, &updated_autolock); /* Quit if the account was locked out. */ - if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { - DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass))); + if (acct_ctrl & ACB_AUTOLOCK) { + DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); return NT_STATUS_ACCOUNT_LOCKED_OUT; } - nt_status = sam_password_ok(auth_context, mem_ctx, sampass, + nt_status = sam_password_ok(auth_context, mem_ctx, + username, acct_ctrl, lm_pw, nt_pw, user_info, &user_sess_key, &lm_sess_key); /* Notify passdb backend of login success/failure. If not @@ -340,10 +423,19 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status)); if (!NT_STATUS_IS_OK(nt_status)) { + bool increment_bad_pw_count = false; + if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && - pdb_get_acct_ctrl(sampass) &ACB_NORMAL && + acct_ctrl & ACB_NORMAL && NT_STATUS_IS_OK(update_login_attempts_status)) - { + { + increment_bad_pw_count = + need_to_increment_bad_pw_count(auth_context, + sampass, + user_info); + } + + if (increment_bad_pw_count) { pdb_increment_bad_password_count(sampass); updated_badpw = True; } else { @@ -351,18 +443,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, &updated_badpw); } if (updated_autolock || updated_badpw){ + NTSTATUS status; + become_root(); - if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass))) - DEBUG(1, ("Failed to modify entry.\n")); + status = pdb_update_sam_account(sampass); unbecome_root(); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to modify entry: %s\n", + nt_errstr(status))); + } } - data_blob_free(&user_sess_key); - data_blob_free(&lm_sess_key); - TALLOC_FREE(sampass); - return nt_status; + goto done; } - if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && + if ((acct_ctrl & ACB_NORMAL) && (pdb_get_bad_password_count(sampass) > 0)){ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); @@ -370,30 +465,36 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, } if (updated_autolock || updated_badpw){ + NTSTATUS status; + become_root(); - if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass))) - DEBUG(1, ("Failed to modify entry.\n")); + status = pdb_update_sam_account(sampass); unbecome_root(); - } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to modify entry: %s\n", + nt_errstr(status))); + } + } nt_status = sam_account_ok(mem_ctx, sampass, user_info); if (!NT_STATUS_IS_OK(nt_status)) { - TALLOC_FREE(sampass); - data_blob_free(&user_sess_key); - data_blob_free(&lm_sess_key); - return nt_status; + goto done; } become_root(); nt_status = make_server_info_sam(server_info, sampass); unbecome_root(); + /* + * sampass has been stolen to server_info. + * So NULL it out to prevent segfaults. + */ + sampass = NULL; if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); - data_blob_free(&user_sess_key); - data_blob_free(&lm_sess_key); - return nt_status; + goto done; } (*server_info)->user_session_key = @@ -408,6 +509,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, (*server_info)->nss_token |= user_info->was_mapped; +done: + TALLOC_FREE(sampass); + data_blob_free(&user_sess_key); + data_blob_free(&lm_sess_key); return nt_status; } @@ -431,8 +536,8 @@ Check SAM security (above) but with a few extra checks. static NTSTATUS check_samstrict_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { bool is_local_name, is_my_domain; diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c index 6cbace71e8..be1ae81501 100644 --- a/source3/auth/auth_script.c +++ b/source3/auth/auth_script.c @@ -40,8 +40,8 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, "auth_script", "script", NULL); char *secret_str; diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 287b50b080..ec92787dce 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -270,8 +270,8 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { struct server_security_state *state = talloc_get_type_abort( my_private_data, struct server_security_state); diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 58c765226d..3e2df9a123 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -85,8 +85,8 @@ static bool update_smbpassword_file(const char *user, const char *password) static NTSTATUS check_unix_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; struct passwd *pass = NULL; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 8167a80a4f..de552cf57e 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -33,7 +33,7 @@ auth_serversupplied_info struct. ****************************************************************************/ -static void sort_sid_array_for_smbd(auth_serversupplied_info *result, +static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result, const DOM_SID *pgroup_sid) { unsigned int i; @@ -107,7 +107,7 @@ static int _smb_create_user(const char *domain, const char *unix_username, const Create an auth_usersupplied_data structure ****************************************************************************/ -static NTSTATUS make_user_info(auth_usersupplied_info **user_info, +static NTSTATUS make_user_info(struct auth_usersupplied_info **user_info, const char *smb_name, const char *internal_username, const char *client_domain, @@ -121,7 +121,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name)); - *user_info = SMB_MALLOC_P(auth_usersupplied_info); + *user_info = SMB_MALLOC_P(struct auth_usersupplied_info); if (*user_info == NULL) { DEBUG(0,("malloc failed for user_info (size %lu)\n", (unsigned long)sizeof(*user_info))); return NT_STATUS_NO_MEMORY; @@ -188,7 +188,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, Create an auth_usersupplied_data structure after appropriate mapping. ****************************************************************************/ -NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, +NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, @@ -252,7 +252,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, Decrypt and encrypt the passwords. ****************************************************************************/ -bool make_user_info_netlogon_network(auth_usersupplied_info **user_info, +bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, @@ -290,7 +290,7 @@ bool make_user_info_netlogon_network(auth_usersupplied_info **user_info, Decrypt and encrypt the passwords. ****************************************************************************/ -bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, +bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, @@ -402,7 +402,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, Create an auth_usersupplied_data structure ****************************************************************************/ -bool make_user_info_for_reply(auth_usersupplied_info **user_info, +bool make_user_info_for_reply(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const uint8 chal[8], @@ -460,7 +460,7 @@ bool make_user_info_for_reply(auth_usersupplied_info **user_info, Create an auth_usersupplied_data structure ****************************************************************************/ -NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, +NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, DATA_BLOB lm_resp, DATA_BLOB nt_resp) @@ -478,7 +478,7 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, Create a guest user_info blob, for anonymous authenticaion. ****************************************************************************/ -bool make_user_info_guest(auth_usersupplied_info **user_info) +bool make_user_info_guest(struct auth_usersupplied_info **user_info) { NTSTATUS nt_status; @@ -494,7 +494,7 @@ bool make_user_info_guest(auth_usersupplied_info **user_info) return NT_STATUS_IS_OK(nt_status) ? True : False; } -static int server_info_dtor(auth_serversupplied_info *server_info) +static int server_info_dtor(struct auth_serversupplied_info *server_info) { TALLOC_FREE(server_info->sam_account); ZERO_STRUCTP(server_info); @@ -505,11 +505,11 @@ static int server_info_dtor(auth_serversupplied_info *server_info) Make a server_info struct. Free with TALLOC_FREE(). ***************************************************************************/ -static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) +static struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) { struct auth_serversupplied_info *result; - result = TALLOC_ZERO_P(mem_ctx, auth_serversupplied_info); + result = TALLOC_ZERO_P(mem_ctx, struct auth_serversupplied_info); if (result == NULL) { DEBUG(0, ("talloc failed\n")); return NULL; @@ -562,12 +562,12 @@ static bool is_our_machine_account(const char *username) Make (and fill) a user_info struct from a struct samu ***************************************************************************/ -NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, +NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, struct samu *sampass) { struct passwd *pwd; gid_t *gids; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; const char *username = pdb_get_username(sampass); NTSTATUS status; @@ -701,7 +701,7 @@ static NTSTATUS log_nt_token(NT_USER_TOKEN *token) * server_info->sids (the info3/sam groups). Find the unix gids. */ -NTSTATUS create_local_token(auth_serversupplied_info *server_info) +NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) { NTSTATUS status; size_t i; @@ -1140,7 +1140,7 @@ bool user_in_group(const char *username, const char *groupname) to a struct samu ***************************************************************************/ -NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, +NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, char *unix_username, struct passwd *pwd) { @@ -1151,7 +1151,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, TALLOC_CTX *mem_ctx = NULL; DOM_SID u_sid; enum lsa_SidType type; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; if ( !(sampass = samu_new( NULL )) ) { return NT_STATUS_NO_MEMORY; @@ -1261,7 +1261,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, the guest gid, then create one. ***************************************************************************/ -static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info) +static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **server_info) { NTSTATUS status; struct samu *sampass = NULL; @@ -1274,8 +1274,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf return NT_STATUS_NO_MEMORY; } - sid_copy(&guest_sid, get_global_sam_sid()); - sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST); + sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST); become_root(); ret = pdb_getsampwsid(sampass, &guest_sid); @@ -1355,9 +1354,9 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, - const auth_serversupplied_info *src) + const struct auth_serversupplied_info *src) { - auth_serversupplied_info *dst; + struct auth_serversupplied_info *dst; dst = make_server_info(mem_ctx); if (dst == NULL) { @@ -1433,7 +1432,7 @@ bool server_info_set_session_key(struct auth_serversupplied_info *info, return (info->user_session_key.data != NULL); } -static auth_serversupplied_info *guest_info = NULL; +static struct auth_serversupplied_info *guest_info = NULL; bool init_guest_info(void) { @@ -1444,7 +1443,7 @@ bool init_guest_info(void) } NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { *server_info = copy_serverinfo(mem_ctx, guest_info); return (*server_info != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; @@ -1620,7 +1619,7 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser, NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, const char *sent_nt_username, const char *domain, - auth_serversupplied_info **server_info, + struct auth_serversupplied_info **server_info, struct netr_SamInfo3 *info3) { char zeros[16]; @@ -1637,7 +1636,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, uid_t uid = (uid_t)-1; gid_t gid = (gid_t)-1; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; /* Here is where we should check the list of @@ -1645,13 +1644,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, matches. */ - sid_copy(&user_sid, info3->base.domain_sid); - if (!sid_append_rid(&user_sid, info3->base.rid)) { + if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { return NT_STATUS_INVALID_PARAMETER; } - sid_copy(&group_sid, info3->base.domain_sid); - if (!sid_append_rid(&group_sid, info3->base.primary_gid)) { + if (!sid_compose(&group_sid, info3->base.domain_sid, + info3->base.primary_gid)) { return NT_STATUS_INVALID_PARAMETER; } @@ -1873,7 +1871,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, const char *sent_nt_username, const char *domain, const struct wbcAuthUserInfo *info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { char zeros[16]; @@ -1890,7 +1888,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, uid_t uid = (uid_t)-1; gid_t gid = (gid_t)-1; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; result = make_server_info(NULL); if (result == NULL) { @@ -2114,7 +2112,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, Free a user_info struct ***************************************************************************/ -void free_user_info(auth_usersupplied_info **user_info) +void free_user_info(struct auth_usersupplied_info **user_info) { DEBUG(5,("attempting to free (and zero) a user_info structure\n")); if (*user_info != NULL) { diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c index 580c8b550d..85b05efb36 100644 --- a/source3/auth/auth_wbc.c +++ b/source3/auth/auth_wbc.c @@ -47,8 +47,8 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; wbcErr wbc_status; diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index d1b00a3268..74723e6af4 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -30,8 +30,8 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; wbcErr wbc_status; |