diff options
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_domain.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 9 | ||||
| -rw-r--r-- | source3/auth/auth_winbind.c | 4 | ||||
| -rw-r--r-- | source3/auth/token_util.c | 20 |
4 files changed, 28 insertions, 9 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index b2c87174fd..1de9869f90 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -270,7 +270,9 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, &info3); if (NT_STATUS_IS_OK(nt_status)) { - (*server_info)->was_mapped |= user_info->was_mapped; + if (user_info->was_mapped) { + (*server_info)->was_mapped = user_info->was_mapped; + } if ( ! (*server_info)->guest) { /* if a real user check pam account restrictions */ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 3f65e6b126..fea1b2d761 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1103,7 +1103,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf struct samu *sampass = NULL; DOM_SID guest_sid; bool ret; - static const char zeros[16] = { 0, }; + char zeros[16]; if ( !(sampass = samu_new( NULL )) ) { return NT_STATUS_NO_MEMORY; @@ -1138,6 +1138,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf /* annoying, but the Guest really does have a session key, and it is all zeros! */ + ZERO_STRUCT(zeros); (*server_info)->user_session_key = data_blob(zeros, sizeof(zeros)); (*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros)); @@ -1420,7 +1421,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, auth_serversupplied_info **server_info, NET_USER_INFO_3 *info3) { - static const char zeros[16] = { 0, }; + char zeros[16]; NTSTATUS nt_status = NT_STATUS_OK; char *found_username = NULL; @@ -1624,7 +1625,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, &(info3->uni_logon_srv)); /* ensure we are never given NULL session keys */ - + + ZERO_STRUCT(zeros); + if (memcmp(info3->user_sess_key, zeros, sizeof(zeros)) == 0) { result->user_session_key = data_blob_null; } else { diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 959c550524..b24aa3a75b 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -134,7 +134,9 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, } if (NT_STATUS_IS_OK(nt_status)) { - (*server_info)->was_mapped |= user_info->was_mapped; + if (user_info->was_mapped) { + (*server_info)->was_mapped = user_info->was_mapped; + } } } } else if (NT_STATUS_IS_OK(nt_status)) { diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 27c98c9581..9ca5216af0 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -77,12 +77,19 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) NT_USER_TOKEN *get_root_nt_token( void ) { - static NT_USER_TOKEN *token = NULL; + struct nt_user_token *token = NULL; DOM_SID u_sid, g_sid; struct passwd *pw; + void *cache_data; - if ( token ) - return token; + cache_data = memcache_lookup_talloc( + NULL, SINGLETON_CACHE_TALLOC, + data_blob_string_const("root_nt_token")); + + if (cache_data != NULL) { + return talloc_get_type_abort( + cache_data, struct nt_user_token); + } if ( !(pw = sys_getpwnam( "root" )) ) { DEBUG(0,("get_root_nt_token: getpwnam(\"root\") failed!\n")); @@ -97,6 +104,11 @@ NT_USER_TOKEN *get_root_nt_token( void ) token = create_local_nt_token(NULL, &u_sid, False, 1, &global_sid_Builtin_Administrators); + + memcache_add_talloc( + NULL, SINGLETON_CACHE_TALLOC, + data_blob_string_const("root_nt_token"), token); + return token; } @@ -284,7 +296,7 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx, DEBUG(10, ("Create local NT token for %s\n", sid_string_dbg(user_sid))); - if (!(result = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN))) { + if (!(result = TALLOC_ZERO_P(mem_ctx, struct nt_user_token))) { DEBUG(0, ("talloc failed\n")); return NULL; } |