summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/pam_winbind.c16
-rw-r--r--source3/nsswitch/wbinfo.c14
-rw-r--r--source3/nsswitch/winbindd_nss.h4
-rw-r--r--source3/nsswitch/winbindd_pam.c54
4 files changed, 33 insertions, 55 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 64e2173822..9a00ac2886 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -45,7 +45,9 @@ static int _pam_parse(int argc, const char **argv)
ctrl |= WINBIND_TRY_FIRST_PASS_ARG;
else if (!strcasecmp(*argv, "unknown_ok"))
ctrl |= WINBIND_UNKNOWN_OK_ARG;
- else if (!strncasecmp(*argv, "required_membership", strlen("required_membership")))
+ else if (!strncasecmp(*argv, "require_membership_of", strlen("require_membership_of")))
+ ctrl |= WINBIND_REQUIRED_MEMBERSHIP;
+ else if (!strncasecmp(*argv, "require-membership-of", strlen("require-membership-of")))
ctrl |= WINBIND_REQUIRED_MEMBERSHIP;
else {
_pam_log(LOG_ERR, "pam_parse: unknown option; %s", *argv);
@@ -213,8 +215,8 @@ static int winbind_auth_request(const char *user, const char *pass, const char *
/* lookup name? */
if (!strncmp("S-", member, 2) == 0) {
- struct winbindd_request request;
- struct winbindd_response response;
+ struct winbindd_request sid_request;
+ struct winbindd_response sid_response;
ZERO_STRUCT(request);
ZERO_STRUCT(response);
@@ -230,11 +232,11 @@ static int winbind_auth_request(const char *user, const char *pass, const char *
return PAM_AUTH_ERR;
}
- member = strdup(response.data.sid.sid);
+ member = response.data.sid.sid;
}
- strncpy(request.data.auth.required_membership_sid, member,
- sizeof(request.data.auth.required_membership_sid)-1);
+ strncpy(request.data.auth.require_membership_of_sid, member,
+ sizeof(request.data.auth.require_membership_of_sid)-1);
return pam_winbind_request_log(WINBINDD_PAM_AUTH, &request, &response, ctrl, user);
}
@@ -488,7 +490,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* Retrieve membership-string here */
for ( i=0; i<argc; i++ ) {
- if (!strncmp(argv[i], "required_membership", strlen("required_membership"))) {
+ if (!strncmp(argv[i], "require_membership_of", strlen("require_membership_of"))) {
char *p;
char *parm = strdup(argv[i]);
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 2abd9c69a1..69f464f446 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -567,18 +567,10 @@ static BOOL wbinfo_auth_crap(char *username)
parse_wbinfo_domain_user(username, name_domain, name_user);
- if (push_utf8_fstring(request.data.auth_crap.user, name_user) == -1) {
- d_printf("unable to create utf8 string for '%s'\n",
- name_user);
- return False;
- }
+ fstrcpy(request.data.auth_crap.user, name_user);
- if (push_utf8_fstring(request.data.auth_crap.domain,
- name_domain) == -1) {
- d_printf("unable to create utf8 string for '%s'\n",
- name_domain);
- return False;
- }
+ fstrcpy(request.data.auth_crap.domain,
+ name_domain);
generate_random_buffer(request.data.auth_crap.chal, 8);
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 6a457f3800..9a99bad9d7 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -181,7 +181,7 @@ struct winbindd_request {
character is. */
fstring user;
fstring pass;
- fstring required_membership_sid;
+ fstring require_membership_of_sid;
} auth; /* pam_winbind auth module */
struct {
unsigned char chal[8];
@@ -192,7 +192,7 @@ struct winbindd_request {
fstring nt_resp;
uint16 nt_resp_len;
fstring workstation;
- fstring required_membership_sid;
+ fstring require_membership_of_sid;
} auth_crap;
struct {
fstring user;
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index e8d15f4703..e13649afe1 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -59,7 +59,7 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
NET_USER_INFO_3 *info3,
const char *group_sid)
{
- DOM_SID required_membership_sid;
+ DOM_SID require_membership_of_sid;
DOM_SID *all_sids;
size_t num_all_sids = (2 + info3->num_groups2 + info3->num_other_sids);
size_t i, j = 0;
@@ -71,7 +71,7 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
- if (!string_to_sid(&required_membership_sid, group_sid)) {
+ if (!string_to_sid(&require_membership_of_sid, group_sid)) {
DEBUG(0, ("check_info3_in_group: could not parse %s as a SID!",
group_sid));
@@ -133,9 +133,9 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
fstring sid1, sid2;
DEBUG(10, ("User has SID: %s\n",
sid_to_string(sid1, &all_sids[i])));
- if (sid_equal(&required_membership_sid, &all_sids[i])) {
+ if (sid_equal(&require_membership_of_sid, &all_sids[i])) {
DEBUG(10, ("SID %s matches %s - user permitted to authenticate!\n",
- sid_to_string(sid1, &required_membership_sid), sid_to_string(sid2, &all_sids[i])));
+ sid_to_string(sid1, &require_membership_of_sid), sid_to_string(sid2, &all_sids[i])));
return NT_STATUS_OK;
}
}
@@ -334,10 +334,10 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
/* Check if the user is in the right group */
- if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth.required_membership_sid))) {
+ if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth.require_membership_of_sid))) {
DEBUG(3, ("User %s is not in the required group (%s), so plaintext authentication is rejected\n",
state->request.data.auth.user,
- state->request.data.auth.required_membership_sid));
+ state->request.data.auth.require_membership_of_sid));
}
}
@@ -414,7 +414,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
NET_USER_INFO_3 info3;
struct cli_state *cli = NULL;
TALLOC_CTX *mem_ctx = NULL;
- char *name_user = NULL;
+ const char *name_user = NULL;
const char *name_domain = NULL;
const char *workstation;
struct winbindd_domain *contact_domain;
@@ -432,7 +432,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
/* send a better message than ACCESS_DENIED */
asprintf(&error_string, "winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on %s are set correctly.",
get_winbind_priv_pipe_dir());
- push_utf8_fstring(state->response.data.auth.error_string, error_string);
+ fstrcpy(state->response.data.auth.error_string, error_string);
SAFE_FREE(error_string);
result = NT_STATUS_ACCESS_DENIED;
goto done;
@@ -442,26 +442,16 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0;
state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0;
- if (!(mem_ctx = talloc_init("winbind pam auth crap for (utf8) %s", state->request.data.auth_crap.user))) {
+ if (!(mem_ctx = talloc_init("winbind pam auth crap for %s", state->request.data.auth_crap.user))) {
DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
result = NT_STATUS_NO_MEMORY;
goto done;
}
- if (pull_utf8_talloc(mem_ctx, &name_user, state->request.data.auth_crap.user) == (size_t)-1) {
- DEBUG(0, ("winbindd_pam_auth_crap: pull_utf8_talloc failed!\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
+ name_user = state->request.data.auth_crap.user;
if (*state->request.data.auth_crap.domain) {
- char *dom = NULL;
- if (pull_utf8_talloc(mem_ctx, &dom, state->request.data.auth_crap.domain) == (size_t)-1) {
- DEBUG(0, ("winbindd_pam_auth_crap: pull_utf8_talloc failed!\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- name_domain = dom;
+ name_domain = state->request.data.auth_crap.domain;
} else if (lp_winbind_use_default_domain()) {
name_domain = lp_workgroup();
} else {
@@ -475,13 +465,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
name_domain, name_user));
if (*state->request.data.auth_crap.workstation) {
- char *wrk = NULL;
- if (pull_utf8_talloc(mem_ctx, &wrk, state->request.data.auth_crap.workstation) == (size_t)-1) {
- DEBUG(0, ("winbindd_pam_auth_crap: pull_utf8_talloc failed!\n"));
- result = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- workstation = wrk;
+ workstation = state->request.data.auth_crap.workstation;
} else {
workstation = global_myname();
}
@@ -587,10 +571,10 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
netsamlogon_cache_store( cli->mem_ctx, name_user, &info3 );
wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
- if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth_crap.required_membership_sid))) {
+ if (!NT_STATUS_IS_OK(result = check_info3_in_group(mem_ctx, &info3, state->request.data.auth_crap.require_membership_of_sid))) {
DEBUG(3, ("User %s is not in the required group (%s), so plaintext authentication is rejected\n",
state->request.data.auth_crap.user,
- state->request.data.auth_crap.required_membership_sid));
+ state->request.data.auth_crap.require_membership_of_sid));
goto done;
}
@@ -616,8 +600,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
DEBUG(5, ("Setting unix username to [%s]\n", username_out));
- /* this interface is in UTF8 */
- if (push_utf8_allocate((char **)&state->response.extra_data, username_out) == -1) {
+ state->response.extra_data = strdup(username_out);
+ if (!state->response.extra_data) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
@@ -643,11 +627,11 @@ done:
}
state->response.data.auth.nt_status = NT_STATUS_V(result);
- push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result));
+ fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
/* we might have given a more useful error above */
if (!*state->response.data.auth.error_string)
- push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
+ fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
state->response.data.auth.pam_error = nt_status_to_pam(result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
@@ -677,7 +661,7 @@ enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state)
DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)state->pid,
state->request.data.chauthtok.user));
- if (!(mem_ctx = talloc_init("winbind password change for (utf8) %s",
+ if (!(mem_ctx = talloc_init("winbind password change for %s",
state->request.data.chauthtok.user))) {
DEBUG(0, ("winbindd_pam_auth_crap: could not talloc_init()!\n"));
result = NT_STATUS_NO_MEMORY;
generated by cgit (git 2.34.1) at 2024-11-12 12:27:16 +0000