summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth.c14
-rw-r--r--source3/include/auth.h5
-rw-r--r--source3/libsmb/domain_client_validate.c25
-rw-r--r--source3/nsswitch/winbindd_group.c4
-rw-r--r--source3/nsswitch/winbindd_pam.c4
-rw-r--r--source3/nsswitch/winbindd_util.c10
-rw-r--r--source3/rpc_server/srv_netlog_nt.c2
-rw-r--r--source3/smbd/auth.c14
8 files changed, 70 insertions, 8 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index e76324213e..4bdbdf5555 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -129,6 +129,7 @@ NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
auth_serversupplied_info server_info;
AUTH_STR ourdomain, theirdomain, unix_username, smb_username,
wksta_name;
+ NTSTATUS result;
ZERO_STRUCT(user_info);
ZERO_STRUCT(ourdomain);
@@ -203,7 +204,11 @@ NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
}
- return check_password(&user_info, &server_info);
+ result = check_password(&user_info, &server_info);
+
+ free_serversupplied_info(&server_info); /* No info needed */
+
+ return result;
}
NTSTATUS pass_check_smb(char *smb_user, char *unix_user,
@@ -255,3 +260,10 @@ BOOL password_ok(char *user, char *password, int pwlen)
return False;
}
+
+/* Free a auth_serversupplied_info structure */
+
+void free_serversupplied_info(auth_serversupplied_info *server_info)
+{
+ SAFE_FREE(server_info->group_rids);
+}
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 91230e4b6e..9e99600e98 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -90,6 +90,11 @@ typedef struct serversupplied_info
/* This groups info is needed for when we become_user() for this uid */
int n_groups;
gid_t *groups;
+
+ /* NT group information taken from the info3 structure */
+
+ int n_rids;
+ uint32 *group_rids;
uchar session_key[16];
diff --git a/source3/libsmb/domain_client_validate.c b/source3/libsmb/domain_client_validate.c
index 26f53f0297..26a727b1f1 100644
--- a/source3/libsmb/domain_client_validate.c
+++ b/source3/libsmb/domain_client_validate.c
@@ -326,6 +326,7 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
status = cli_nt_login_network(&cli, user_info, smb_uid_low,
&ctr, &info3);
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("domain_client_validate: unable to validate password "
"for user %s in domain %s to Domain controller %s. "
@@ -335,8 +336,28 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
}
/*
- * Here, if we really want it, we have lots of info about the user in info3.
- */
+ * Here, if we really want it, we have lots of info about the user
+ * in info3.
+ */
+
+ /* Store the user group information in the server_info returned to
+ the caller. */
+
+ if ((server_info->group_rids = malloc(info3.num_groups2 *
+ sizeof(uint32))) == NULL) {
+ DEBUG(1, ("out of memory allocating rid group membership\n"));
+ status = NT_STATUS_NO_MEMORY;
+ } else {
+ int i;
+
+ server_info->n_rids = info3.num_groups2;
+
+ for (i = 0; i < server_info->n_rids; i++) {
+ server_info->group_rids[i] = info3.gids[i].g_rid;
+ DEBUG(5, ("** adding group rid 0x%x\n",
+ info3.gids[i].g_rid));
+ }
+ }
#if 0
/*
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 092651c9a7..e1e4443442 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -107,7 +107,9 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain,
DEBUG(10, ("fill_grent_mem(): processing name %s\n",
the_name));
- /* Only add domain users */
+ /* FIXME: need to cope with groups within groups. These
+ occur in Universal groups on a Windows 2000 native mode
+ server. */
if (name_types[i] != SID_NAME_USER) {
DEBUG(3, ("fill_grent_mem(): name %s isn't a domain "
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 406b12c9f6..5cf819a19d 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -141,6 +141,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
auth_dc, trust_passwd,
last_change_time);
+ free_serversupplied_info(&server_info); /* No info needed */
+
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
@@ -218,6 +220,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
auth_dc, trust_passwd,
last_change_time);
+ free_serversupplied_info(&server_info); /* No info needed */
+
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index 614198673b..6a0a5389ef 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -344,6 +344,9 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uint32 i, total_names = 0;
+ /* Step #1: Get a list of user rids that are the members of the
+ group. */
+
if (!(group_hnd = cm_get_sam_group_handle(domain->name, &domain->sid,
group_rid)))
goto done;
@@ -357,9 +360,10 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result))
goto done;
- /* Convert list of rids into list of names. Do this in bunches of
- ~1000 to avoid crashing NT4. It looks like there is a buffer
- overflow or something like that lurking around somewhere. */
+ /* Step #2: Convert list of rids into list of usernames. Do this
+ in bunches of ~1000 to avoid crashing NT4. It looks like there
+ is a buffer overflow or something like that lurking around
+ somewhere. */
if (!(dom_hnd = cm_get_sam_dom_handle(domain->name, &domain->sid)))
goto done;
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index cb54d726b3..0f2b672d38 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -595,6 +595,8 @@ static NTSTATUS _net_logon_any(NET_ID_INFO_CTR *ctr, char *user, char *domain, c
DEBUG(5, ("_net_logon_any: exited with status %s\n",
get_nt_error_msg(nt_status)));
+ free_serversupplied_info(&server_info); /* No info needed */
+
return nt_status;
}
diff --git a/source3/smbd/auth.c b/source3/smbd/auth.c
index e76324213e..4bdbdf5555 100644
--- a/source3/smbd/auth.c
+++ b/source3/smbd/auth.c
@@ -129,6 +129,7 @@ NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
auth_serversupplied_info server_info;
AUTH_STR ourdomain, theirdomain, unix_username, smb_username,
wksta_name;
+ NTSTATUS result;
ZERO_STRUCT(user_info);
ZERO_STRUCT(ourdomain);
@@ -203,7 +204,11 @@ NTSTATUS pass_check_smb_with_chal(char *smb_user, char *unix_user,
}
- return check_password(&user_info, &server_info);
+ result = check_password(&user_info, &server_info);
+
+ free_serversupplied_info(&server_info); /* No info needed */
+
+ return result;
}
NTSTATUS pass_check_smb(char *smb_user, char *unix_user,
@@ -255,3 +260,10 @@ BOOL password_ok(char *user, char *password, int pwlen)
return False;
}
+
+/* Free a auth_serversupplied_info structure */
+
+void free_serversupplied_info(auth_serversupplied_info *server_info)
+{
+ SAFE_FREE(server_info->group_rids);
+}