diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/nsswitch/wb_client.c | 20 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_ads.c | 6 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_group.c | 16 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 55 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_proto.h | 2 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_sid.c | 3 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_user.c | 14 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_util.c | 21 |
8 files changed, 57 insertions, 80 deletions
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index cfb90e2497..10d53bf187 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -32,20 +32,18 @@ NSS_STATUS winbindd_request(int req_type, /* Copy of parse_domain_user from winbindd_util.c. Parse a string of the form DOMAIN/user into a domain and a user */ -static void parse_domain_user(const char *domuser, fstring domain, fstring user) +static BOOL parse_domain_user(const char *domuser, fstring domain, fstring user) { - char *p = strchr(domuser,*lp_winbind_separator()); + char *p = strchr(domuser,*lp_winbind_separator()); - if (!p) { - fstrcpy(domain,""); - fstrcpy(user, domuser); - return; - } + if (!p) + return False; - fstrcpy(user, p+1); - fstrcpy(domain, domuser); - domain[PTR_DIFF(p, domuser)] = 0; - strupper(domain); + fstrcpy(user, p+1); + fstrcpy(domain, domuser); + domain[PTR_DIFF(p, domuser)] = 0; + strupper(domain); + return True; } /* Call winbindd to convert a name to a sid */ diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index 1c498d394d..3ae2f85b46 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -213,7 +213,8 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, fstring name2, dom2; /* sigh. Need to fix interface to give us a raw name */ - parse_domain_user(name, dom2, name2); + if (!parse_domain_user(name, dom2, name2)) + return NT_STATUS_UNSUCCESSFUL; DEBUG(3,("ads: name_to_sid\n")); @@ -287,7 +288,8 @@ static NTSTATUS query_user(struct winbindd_domain *domain, fstring dom2, name2; /* sigh. Need to fix interface to give us a raw name */ - parse_domain_user(user_name, dom2, name2); + if (!parse_domain_user(user_name, dom2, name2)) + return NT_STATUS_UNSUCCESSFUL; DEBUG(3,("ads: query_user\n")); diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index d800456d9d..b03e506494 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -210,12 +210,7 @@ enum winbindd_result winbindd_getgrnam_from_group(struct winbindd_cli_state *sta memset(name_group, 0, sizeof(fstring)); tmp = state->request.data.groupname; - parse_domain_user(tmp, name_domain, name_group); - - /* Reject names that don't have a domain - i.e name_domain contains - the entire name. */ - - if (strequal(name_group, "")) + if (!parse_domain_user(tmp, name_domain, name_group)) return WINBINDD_ERROR; /* Get info for the domain */ @@ -934,13 +929,8 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) /* Parse domain and username */ - parse_domain_user(state->request.data.username, name_domain, - name_user); - - /* Reject names that don't have a domain - i.e name_domain contains - the entire name. */ - - if (strequal(name_domain, "")) + if (!parse_domain_user(state->request.data.username, name_domain, + name_user)) goto done; /* Get info for the domain */ diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 2ea0692fe9..1227d4cf39 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -47,12 +47,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) /* Parse domain and username */ - parse_domain_user(state->request.data.auth.user, name_domain, - name_user); - - /* don't allow the null domain */ - - if (strcmp(name_domain,"") == 0) + if (!parse_domain_user(state->request.data.auth.user, name_domain, + name_user)) return WINBINDD_ERROR; passlen = strlen(state->request.data.auth.pass); @@ -120,8 +116,9 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) /* Parse domain and username */ - parse_domain_user(state->request.data.auth_crap.user, name_domain, - name_user); + if (!parse_domain_user(state->request.data.auth_crap.user, name_domain, + name_user)) + return WINBINDD_ERROR; make_user_info_winbind_crap( &user_info, name_user, @@ -170,37 +167,39 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) enum winbindd_result winbindd_pam_chauthtok(struct winbindd_cli_state *state) { - char *oldpass, *newpass; - fstring domain, user; - uchar nt_oldhash[16]; - uchar lm_oldhash[16]; + char *oldpass, *newpass; + fstring domain, user; + uchar nt_oldhash[16]; + uchar lm_oldhash[16]; - DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid, - state->request.data.chauthtok.user)); + DEBUG(3, ("[%5d]: pam chauthtok %s\n", state->pid, + state->request.data.chauthtok.user)); - /* Setup crap */ + /* Setup crap */ - if (state == NULL) return WINBINDD_ERROR; + if (state == NULL) + return WINBINDD_ERROR; - parse_domain_user(state->request.data.chauthtok.user, domain, user); + if (!parse_domain_user(state->request.data.chauthtok.user, domain, user)) + return WINBINDD_ERROR; - oldpass = state->request.data.chauthtok.oldpass; - newpass = state->request.data.chauthtok.newpass; + oldpass = state->request.data.chauthtok.oldpass; + newpass = state->request.data.chauthtok.newpass; - nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash); + nt_lm_owf_gen(oldpass, nt_oldhash, lm_oldhash); - /* Change password */ + /* Change password */ #if 0 - /* XXX */ + /* XXX */ - if (!msrpc_sam_ntchange_pwd(server_state.controller, domain, user, - lm_oldhash, nt_oldhash, newpass)) { - DEBUG(0, ("password change failed for user %s/%s\n", domain, user)); - return WINBINDD_ERROR; - } + if (!msrpc_sam_ntchange_pwd(server_state.controller, domain, user, + lm_oldhash, nt_oldhash, newpass)) { + DEBUG(0, ("password change failed for user %s/%s\n", domain, user)); + return WINBINDD_ERROR; + } #endif - return WINBINDD_OK; + return WINBINDD_OK; } diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index 503f8b4267..4659ad69dd 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -153,5 +153,5 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain, void free_getent_state(struct getent_state *state); BOOL winbindd_param_init(void); BOOL check_domain_env(char *domain_env, char *domain); -void parse_domain_user(const char *domuser, fstring domain, fstring user); +BOOL parse_domain_user(const char *domuser, fstring domain, fstring user); #endif /* _PROTO_H_ */ diff --git a/source3/nsswitch/winbindd_sid.c b/source3/nsswitch/winbindd_sid.c index 07537b82fa..a6daecff71 100644 --- a/source3/nsswitch/winbindd_sid.c +++ b/source3/nsswitch/winbindd_sid.c @@ -74,7 +74,8 @@ enum winbindd_result winbindd_lookupname(struct winbindd_cli_state *state) DEBUG(3, ("[%5d]: lookupname %s\n", state->pid, state->request.data.name)); - parse_domain_user(state->request.data.name, name_domain, name_user); + if (!parse_domain_user(state->request.data.name, name_domain, name_user)) + return WINBINDD_ERROR; snprintf(name, sizeof(name), "%s\\%s", name_domain, name_user); diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index c8d9ce299f..52122a4f29 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -65,7 +65,10 @@ static BOOL winbindd_fill_pwent(char *domain_name, char *name, defaults are /tmp for the home directory and /bin/false for shell. */ - parse_domain_user(name, name_domain, name_user); + if (!parse_domain_user(name, name_domain, name_user)) { + DEBUG(1, ("error parsing domain user for %s\n", name_user )); + return False; + } /* The substitution of %U and %D in the 'template homedir' is done by lp_string() calling standard_sub_basic(). */ @@ -113,13 +116,8 @@ enum winbindd_result winbindd_getpwnam_from_user(struct winbindd_cli_state *stat /* Parse domain and username */ - parse_domain_user(state->request.data.username, name_domain, - name_user); - - /* Reject names that don't have a domain - i.e name_domain contains - the entire name. */ - - if (strequal(name_domain, "")) + if (!parse_domain_user(state->request.data.username, name_domain, + name_user)) return WINBINDD_ERROR; if ((domain = find_domain_from_name(name_domain)) == NULL) { diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c index d91b6cc95f..d49e0b5bc2 100644 --- a/source3/nsswitch/winbindd_util.c +++ b/source3/nsswitch/winbindd_util.c @@ -640,27 +640,16 @@ BOOL check_domain_env(char *domain_env, char *domain) /* Parse a string of the form DOMAIN/user into a domain and a user */ -void parse_domain_user(const char *domuser, fstring domain, fstring user) +BOOL parse_domain_user(const char *domuser, fstring domain, fstring user) { - char *p; - char *sep = lp_winbind_separator(); + char *p = strchr(domuser,*lp_winbind_separator()); - if (!sep) - sep = "\\"; - - p = strchr(domuser,*sep); - - if (!p) - p = strchr(domuser,'\\'); - - if (!p) { - fstrcpy(domain,""); - fstrcpy(user, domuser); - return; - } + if (!p) + return False; fstrcpy(user, p+1); fstrcpy(domain, domuser); domain[PTR_DIFF(p, domuser)] = 0; strupper(domain); + return True; } |