diff options
Diffstat (limited to 'source3/winbindd')
| -rw-r--r-- | source3/winbindd/winbindd.c | 18 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 10 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_group.c | 33 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_misc.c | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 25 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_proto.h | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_rpc.c | 2 |
7 files changed, 56 insertions, 36 deletions
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index ac2a87ffce..ce1a1fe52f 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -59,7 +59,7 @@ struct messaging_context *winbind_messaging_context(void) /* Reload configuration */ -static bool reload_services_file(const char *logfile) +static bool reload_services_file(const char *lfile) { bool ret; @@ -73,8 +73,8 @@ static bool reload_services_file(const char *logfile) /* if this is a child, restore the logfile to the special name - <domain>, idmap, etc. */ - if (logfile && *logfile) { - lp_set_logfile(logfile); + if (lfile && *lfile) { + lp_set_logfile(lfile); } reopen_logs(); @@ -792,14 +792,14 @@ static bool remove_idle_client(void) } /* check if HUP has been received and reload files */ -void winbind_check_sighup(const char *logfile) +void winbind_check_sighup(const char *lfile) { if (do_sighup) { DEBUG(3, ("got SIGHUP\n")); flush_caches(); - reload_services_file(logfile); + reload_services_file(lfile); do_sighup = False; } @@ -1096,11 +1096,11 @@ int main(int argc, char **argv, char **envp) poptFreeContext(pc); if (!override_logfile) { - char *logfile = NULL; - if (asprintf(&logfile,"%s/log.winbindd", + char *lfile = NULL; + if (asprintf(&lfile,"%s/log.winbindd", get_dyn_LOGFILEBASE()) > 0) { - lp_set_logfile(logfile); - SAFE_FREE(logfile); + lp_set_logfile(lfile); + SAFE_FREE(lfile); } } setup_logging("winbindd", log_stdout); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 9268542da6..3c69859731 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -225,10 +225,10 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain) close_conns_after_fork(); if (!override_logfile) { - char *logfile; - if (asprintf(&logfile, "%s/log.winbindd-dc-connect", get_dyn_LOGFILEBASE()) > 0) { - lp_set_logfile(logfile); - SAFE_FREE(logfile); + char *lfile; + if (asprintf(&lfile, "%s/log.winbindd-dc-connect", get_dyn_LOGFILEBASE()) > 0) { + lp_set_logfile(lfile); + SAFE_FREE(lfile); reopen_logs(); } } @@ -672,7 +672,7 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain, if (!W_ERROR_IS_OK(werr)) { DEBUG(10,("rpccli_netr_GetAnyDCName failed: %s\n", - dos_errstr(werr))); + win_errstr(werr))); talloc_destroy(mem_ctx); return false; } diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index f2b6fbefb5..8e56138bb5 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -382,6 +382,24 @@ static int namecmp( const void *a, const void *b ) return StrCaseCmp( * (char * const *) a, * (char * const *) b); } +static void sort_unique_list(char ***list, uint32 *n_list) +{ + uint32_t i; + + /* search for duplicates for sorting and looking for matching + neighbors */ + + qsort(*list, *n_list, sizeof(char*), QSORT_CAST namecmp); + + for (i=1; i < *n_list; i++) { + if (strcmp((*list)[i-1], (*list)[i]) == 0) { + memmove(&((*list)[i-1]), &((*list)[i]), + sizeof(char*)*((*n_list)-i)); + (*n_list)--; + } + } +} + static NTSTATUS add_names_to_list( TALLOC_CTX *ctx, char ***list, uint32 *n_list, char **names, uint32 n_names ) @@ -414,19 +432,6 @@ static NTSTATUS add_names_to_list( TALLOC_CTX *ctx, new_list[i] = talloc_strdup( new_list, names[j] ); } - /* search for duplicates for sorting and looking for matching - neighbors */ - - qsort( new_list, n_new_list, sizeof(char*), QSORT_CAST namecmp ); - - for ( i=1; i<n_new_list; i++ ) { - if ( strcmp( new_list[i-1], new_list[i] ) == 0 ) { - memmove( &new_list[i-1], &new_list[i], - sizeof(char*)*(n_new_list-i) ); - n_new_list--; - } - } - *list = new_list; *n_list = n_new_list; @@ -663,6 +668,8 @@ static bool fill_grent_mem(struct winbindd_domain *domain, } TALLOC_FREE( glist ); + sort_unique_list(&names, &num_names); + DEBUG(10, ("looked up %d names\n", num_names)); again: diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c index 50936c01a3..0e34615c3a 100644 --- a/source3/winbindd/winbindd_misc.c +++ b/source3/winbindd/winbindd_misc.c @@ -492,7 +492,7 @@ enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain, if (!W_ERROR_IS_OK(werr)) { DEBUG(5, ("Error requesting DCname for domain %s: %s\n", - state->request.domain_name, dos_errstr(werr))); + state->request.domain_name, win_errstr(werr))); return WINBINDD_ERROR; } diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 9ff3899661..7de28b08a9 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1854,17 +1854,28 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp) || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) { - DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", - state->request.data.auth_crap.lm_resp_len, - state->request.data.auth_crap.nt_resp_len)); - result = NT_STATUS_INVALID_PARAMETER; - goto done; + if (!state->request.flags & WBFLAG_BIG_NTLMV2_BLOB || + state->request.extra_len != state->request.data.auth_crap.nt_resp_len) { + DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", + state->request.data.auth_crap.lm_resp_len, + state->request.data.auth_crap.nt_resp_len)); + result = NT_STATUS_INVALID_PARAMETER; + goto done; + } } lm_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); - nt_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.nt_resp, - state->request.data.auth_crap.nt_resp_len); + + if (state->request.flags & WBFLAG_BIG_NTLMV2_BLOB) { + nt_resp = data_blob_talloc(state->mem_ctx, + state->request.extra_data.data, + state->request.data.auth_crap.nt_resp_len); + } else { + nt_resp = data_blob_talloc(state->mem_ctx, + state->request.data.auth_crap.nt_resp, + state->request.data.auth_crap.nt_resp_len); + } /* what domain should we contact? */ diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 95ccf30cfe..65ad47dd03 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -63,7 +63,7 @@ void setup_async_write(struct fd_event *event, void *data, size_t length, void *private_data); void request_error(struct winbindd_cli_state *state); void request_ok(struct winbindd_cli_state *state); -void winbind_check_sighup(const char *logfile); +void winbind_check_sighup(const char *lfile); void winbind_check_sigterm(bool in_parent); int main(int argc, char **argv, char **envp); diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index d966e50159..7dea342a53 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -636,6 +636,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, return NT_STATUS_OK; } +#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */ + NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 num_sids, const DOM_SID *sids, |