diff options
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/auth.h | 2 | ||||
| -rw-r--r-- | source4/auth/auth_sam.c | 194 | ||||
| -rw-r--r-- | source4/auth/auth_util.c | 235 | ||||
| -rw-r--r-- | source4/auth/config.m4 | 1 |
4 files changed, 207 insertions, 225 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h index bf6e1b77e1..db50e24959 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -64,6 +64,8 @@ typedef struct auth_usersupplied_info typedef struct auth_serversupplied_info { + TALLOC_CTX *mem_ctx; + BOOL guest; /* NT group information taken from the info3 structure */ diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 028fda74fe..6f61820ae5 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -33,17 +33,14 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, TALLOC_CTX *mem_ctx, - SAM_ACCOUNT *sampass, + const char *username, + uint16 acct_flags, + const uint8 lm_pw[16], const uint8 nt_pw[16], const auth_usersupplied_info *user_info, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { - uint16 acct_ctrl; - const uint8 *lm_pw, *nt_pw; - const char *username = pdb_get_username(sampass); - - acct_ctrl = pdb_get_acct_ctrl(sampass); - if (acct_ctrl & ACB_PWNOTREQ) { + if (acct_flags & ACB_PWNOTREQ) { if (lp_null_passwords()) { DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username)); return NT_STATUS_OK; @@ -53,9 +50,6 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } } - lm_pw = pdb_get_lanman_passwd(sampass); - nt_pw = pdb_get_nt_passwd(sampass); - return ntlm_password_check(mem_ctx, &auth_context->challenge, &user_info->lm_resp, &user_info->nt_resp, &user_info->lm_interactive_pwd, &user_info->nt_interactive_pwd, @@ -72,49 +66,51 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, ****************************************************************************/ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, - SAM_ACCOUNT *sampass, + const char *username, + uint16 acct_flags, + struct ldb_message **msgs, const auth_usersupplied_info *user_info) { - uint16 acct_ctrl = pdb_get_acct_ctrl(sampass); char *workstation_list; time_t kickoff_time; - DEBUG(4,("sam_account_ok: Checking SMB password for user %s\n",pdb_get_username(sampass))); + DEBUG(4,("sam_account_ok: Checking SMB password for user %s\n", username)); /* Quit if the account was disabled. */ - if (acct_ctrl & ACB_DISABLED) { - DEBUG(1,("sam_account_ok: Account for user '%s' was disabled.\n", pdb_get_username(sampass))); + if (acct_flags & ACB_DISABLED) { + DEBUG(1,("sam_account_ok: Account for user '%s' was disabled.\n", username)); return NT_STATUS_ACCOUNT_DISABLED; } /* Quit if the account was locked out. */ - if (acct_ctrl & ACB_AUTOLOCK) { - DEBUG(1,("sam_account_ok: Account for user %s was locked out.\n", pdb_get_username(sampass))); + if (acct_flags & ACB_AUTOLOCK) { + DEBUG(1,("sam_account_ok: Account for user %s was locked out.\n", username)); return NT_STATUS_ACCOUNT_LOCKED_OUT; } +#if 0 /* Test account expire time */ kickoff_time = pdb_get_kickoff_time(sampass); if (kickoff_time != 0 && time(NULL) > kickoff_time) { - DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", pdb_get_username(sampass))); + DEBUG(1,("sam_account_ok: Account for user '%s' has expired.\n", username)); DEBUG(3,("sam_account_ok: Account expired at '%ld' unix time.\n", (long)kickoff_time)); return NT_STATUS_ACCOUNT_EXPIRED; } - if (!(pdb_get_acct_ctrl(sampass) & ACB_PWNOEXP)) { + if (!(acct_flags & ACB_PWNOEXP)) { time_t must_change_time = pdb_get_pass_must_change_time(sampass); time_t last_set_time = pdb_get_pass_last_set_time(sampass); /* check for immediate expiry "must change at next logon" */ if (must_change_time == 0 && last_set_time != 0) { - DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass))); + DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", username)); return NT_STATUS_PASSWORD_MUST_CHANGE; } /* check for expired password */ if (must_change_time < time(NULL) && must_change_time != 0) { - DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", pdb_get_username(sampass))); + DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n", username)); DEBUG(1,("sam_account_ok: Password expired at '%s' (%ld) unix time.\n", timestring(mem_ctx, must_change_time), (long)must_change_time)); return NT_STATUS_PASSWORD_EXPIRED; } @@ -144,19 +140,19 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, if (invalid_ws) return NT_STATUS_INVALID_WORKSTATION; } - - if (acct_ctrl & ACB_DOMTRUST) { - DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", pdb_get_username(sampass))); +#endif + if (acct_flags & ACB_DOMTRUST) { + DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", username)); return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; } - if (acct_ctrl & ACB_SVRTRUST) { - DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", pdb_get_username(sampass))); + if (acct_flags & ACB_SVRTRUST) { + DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", username)); return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT; } - if (acct_ctrl & ACB_WSTRUST) { - DEBUG(4,("sam_account_ok: Wksta trust account %s denied by server\n", pdb_get_username(sampass))); + if (acct_flags & ACB_WSTRUST) { + DEBUG(4,("sam_account_ok: Wksta trust account %s denied by server\n", username)); return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; } @@ -175,60 +171,156 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { - SAM_ACCOUNT *sampass=NULL; + struct ldb_message **msgs; + void *sam_ctx; + uint16 acct_flags; + char *username = user_info->internal_username.str; BOOL ret; NTSTATUS nt_status; DATA_BLOB user_sess_key = data_blob(NULL, 0); DATA_BLOB lm_sess_key = data_blob(NULL, 0); + const uint8 *lm_pwd, *nt_pwd; + const char *unicodePwd; + struct samr_Hash lmPwdHash_u, ntPwdHash_u; + struct samr_Hash *lmPwdHash, *ntPwdHash; + uint_t num_lm, num_nt; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; } - - /* Can't use the talloc version here, because the returned struct gets - kept on the server_info */ - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) { - return nt_status; + + sam_ctx = samdb_connect(); + if (sam_ctx == NULL) { + return NT_STATUS_INVALID_SYSTEM_SERVICE; } - - /* get the account information */ - - become_root(); - ret = pdb_getsampwnam(sampass, user_info->internal_username.str); - unbecome_root(); - - if (ret == False) { - DEBUG(3,("check_sam_security: Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str)); - pdb_free_sam(&sampass); + /* pull all the user attributes */ + ret = samdb_search(sam_ctx, mem_ctx, NULL, &msgs, NULL, + "(&(sAMAccountName=%s)(objectclass=user))", + username); + + if (ret == 0) { + DEBUG(3,("check_sam_security: Couldn't find user [%s] in passdb file.\n", + username)); return NT_STATUS_NO_SUCH_USER; } + if (ret > 1) { + DEBUG(1,("Found %d records matching user [%s]\n", ret, username)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + acct_flags = samdb_result_acct_flags(msgs[0], "sAMAcctFlags"); + /* Quit if the account was locked out. */ - if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { - DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass))); + if (acct_flags & ACB_AUTOLOCK) { + DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", + username)); return NT_STATUS_ACCOUNT_LOCKED_OUT; } - nt_status = sam_password_ok(auth_context, mem_ctx, sampass, + unicodePwd = samdb_result_string(msgs[0], "unicodePwd", NULL); + + if (unicodePwd) { + BOOL lm_hash_ok; + /* compute the new nt and lm hashes */ + lm_hash_ok = E_deshash(unicodePwd, lmPwdHash_u.hash); + E_md4hash(unicodePwd, ntPwdHash_u.hash); + + if (lm_hash_ok) { + lm_pwd = lmPwdHash_u.hash; + } else { + lm_pwd = NULL; + } + + nt_pwd = ntPwdHash_u.hash; + + } else { + num_lm = samdb_result_hashes(mem_ctx, msgs[0], "lmPwdHash", &lmPwdHash); + if (num_lm == 0) { + lm_pwd = NULL; + } else if (num_lm > 1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } else { + lm_pwd = lmPwdHash[0].hash; + } + + num_nt = samdb_result_hashes(mem_ctx, msgs[0], "ntPwdHash", &ntPwdHash); + if (num_nt == 0) { + nt_pwd = NULL; + } else if (num_nt > 1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } else { + nt_pwd = ntPwdHash[0].hash; + } + } + + nt_status = sam_password_ok(auth_context, mem_ctx, + username, acct_flags, + lm_pwd, nt_pwd, user_info, &user_sess_key, &lm_sess_key); if (!NT_STATUS_IS_OK(nt_status)) { - pdb_free_sam(&sampass); return nt_status; } - nt_status = sam_account_ok(mem_ctx, sampass, user_info); + nt_status = sam_account_ok(mem_ctx, username, acct_flags, msgs, user_info); if (!NT_STATUS_IS_OK(nt_status)) { - pdb_free_sam(&sampass); return nt_status; } - if (!NT_STATUS_IS_OK(nt_status = make_server_info_sam(server_info, sampass))) { + if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, username))) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); return nt_status; } + { + struct ldb_message **group_msgs; + char *dn = msgs[0]->dn; + int group_ret; + const char *group_attrs[3] = { "sAMAccountType", "objectSid", NULL }; + /* find list of sids */ + struct dom_sid **groupSIDs = NULL; + struct dom_sid *user_sid; + struct dom_sid *group_sid; + const char *sidstr; + int i; + + group_ret = samdb_search(sam_ctx, + mem_ctx, NULL, &group_msgs, group_attrs, + "(&(member=%s)(sAMAccountType=*))", + dn); + + if (!(groupSIDs = talloc_realloc_p((*server_info)->mem_ctx, groupSIDs, + struct dom_sid *, group_ret))) { + talloc_destroy((*server_info)->mem_ctx); + return NT_STATUS_NO_MEMORY; + } + + /* Need to unroll some nested groups, but not aliases */ + for (i = 0; i < group_ret; i++) { + sidstr = ldb_msg_find_string(group_msgs[i], "objectSid", NULL); + groupSIDs[i] = dom_sid_parse_talloc((*server_info)->mem_ctx, sidstr); + } + + sidstr = ldb_msg_find_string(msgs[0], "objectSid", NULL); + user_sid = dom_sid_parse_talloc((*server_info)->mem_ctx, sidstr); + group_sid = dom_sid_parse_talloc((*server_info)->mem_ctx, sidstr); + group_sid->sub_auths[group_sid->num_auths-1] + = samdb_result_uint(msgs[0], "primaryGroupID", 0); + + if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token((*server_info)->mem_ctx, + user_sid, group_sid, + group_ret, groupSIDs, + False, &(*server_info)->ptok))) { + DEBUG(1,("check_sam_security: create_nt_user_token failed with '%s'\n", nt_errstr(nt_status))); + free_server_info(server_info); + return nt_status; + } + } + + (*server_info)->guest = False; + (*server_info)->user_session_key = user_sess_key; (*server_info)->lm_session_key = lm_sess_key; diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 6becf8c8b5..fda8c18fa4 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -26,40 +26,11 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -extern DOM_SID global_sid_World; -extern DOM_SID global_sid_Network; -extern DOM_SID global_sid_Builtin_Guests; -extern DOM_SID global_sid_Authenticated_Users; - -/**************************************************************************** - Create a SAM_ACCOUNT - either by looking in the pdb, or by faking it up from - unix info. -****************************************************************************/ - -NTSTATUS auth_get_sam_account(const char *user, SAM_ACCOUNT **account) -{ - BOOL pdb_ret; - NTSTATUS nt_status; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(account))) { - return nt_status; - } - - become_root(); - pdb_ret = pdb_getsampwnam(*account, user); - unbecome_root(); - - if (!pdb_ret) { - - struct passwd *pass = Get_Pwnam(user); - if (!pass) - return NT_STATUS_NO_SUCH_USER; - - if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*account, pass))) { - return nt_status; - } - } - return NT_STATUS_OK; -} +extern struct dom_sid *global_sid_World; +extern struct dom_sid *global_sid_Anonymous; +extern struct dom_sid *global_sid_Network; +extern struct dom_sid *global_sid_Builtin_Guests; +extern struct dom_sid *global_sid_Authenticated_Users; /**************************************************************************** Create an auth_usersupplied_data structure @@ -428,11 +399,11 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token) } DEBUGC(dbg_class, dbg_lev, ("NT user token of user %s\n", - sid_to_string(sid_str, &token->user_sids[0]) )); + sid_to_string(sid_str, token->user_sids[0]) )); DEBUGADDC(dbg_class, dbg_lev, ("contains %lu SIDs\n", (unsigned long)token->num_sids)); for (i = 0; i < token->num_sids; i++) DEBUGADDC(dbg_class, dbg_lev, ("SID[%3lu]: %s\n", (unsigned long)i, - sid_to_string(sid_str, &token->user_sids[i]))); + sid_to_string(sid_str, token->user_sids[i]))); } /**************************************************************************** @@ -454,33 +425,30 @@ void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, int Create the SID list for this user. ****************************************************************************/ -static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *group_sid, - int n_groupSIDs, DOM_SID *groupSIDs, - BOOL is_guest, NT_USER_TOKEN **token) +NTSTATUS create_nt_user_token(TALLOC_CTX *mem_ctx, + struct dom_sid *user_sid, struct dom_sid *group_sid, + int n_groupSIDs, struct dom_sid **groupSIDs, + BOOL is_guest, struct nt_user_token **token) { NTSTATUS nt_status = NT_STATUS_OK; - NT_USER_TOKEN *ptoken; + struct nt_user_token *ptoken; int i; int sid_ndx; - if ((ptoken = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) { + if (!(ptoken = talloc_p(mem_ctx, struct nt_user_token))) { DEBUG(0, ("create_nt_token: Out of memory allocating token\n")); nt_status = NT_STATUS_NO_MEMORY; return nt_status; } - ZERO_STRUCTP(ptoken); - - ptoken->num_sids = n_groupSIDs + 5; + ptoken->num_sids = 0; - if ((ptoken->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptoken->num_sids )) == NULL) { + if (!(ptoken->user_sids = talloc_array_p(mem_ctx, struct dom_sid*, n_groupSIDs + 5))) { DEBUG(0, ("create_nt_token: Out of memory allocating SIDs\n")); nt_status = NT_STATUS_NO_MEMORY; return nt_status; } - memset((char*)ptoken->user_sids,0,sizeof(DOM_SID) * ptoken->num_sids); - /* * Note - user SID *MUST* be first in token ! * se_access_check depends on this. @@ -488,9 +456,10 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro * Primary group SID is second in token. Convention. */ - sid_copy(&ptoken->user_sids[PRIMARY_USER_SID_INDEX], user_sid); - if (group_sid) - sid_copy(&ptoken->user_sids[PRIMARY_GROUP_SID_INDEX], group_sid); + ptoken->user_sids[PRIMARY_USER_SID_INDEX] = user_sid; + ptoken->num_sids++; + ptoken->user_sids[PRIMARY_GROUP_SID_INDEX] = group_sid; + ptoken->num_sids++; /* * Finally add the "standard" SIDs. @@ -498,29 +467,31 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro * don't really support) is the addition of Authenticated_Users. */ - sid_copy(&ptoken->user_sids[2], &global_sid_World); - sid_copy(&ptoken->user_sids[3], &global_sid_Network); + ptoken->user_sids[2] = global_sid_World; + ptoken->user_sids[3] = global_sid_Network; + + if (is_guest) { + ptoken->user_sids[4] = global_sid_Builtin_Guests; + ptoken->num_sids++; + } else { + ptoken->user_sids[4] = global_sid_Authenticated_Users; + ptoken->num_sids++; + } - if (is_guest) - sid_copy(&ptoken->user_sids[4], &global_sid_Builtin_Guests); - else - sid_copy(&ptoken->user_sids[4], &global_sid_Authenticated_Users); - sid_ndx = 5; /* next available spot */ for (i = 0; i < n_groupSIDs; i++) { size_t check_sid_idx; for (check_sid_idx = 1; check_sid_idx < ptoken->num_sids; check_sid_idx++) { - if (sid_equal(&ptoken->user_sids[check_sid_idx], - &groupSIDs[i])) { + if (sid_equal(ptoken->user_sids[check_sid_idx], + groupSIDs[i])) { break; } } if (check_sid_idx >= ptoken->num_sids) /* Not found already */ { - sid_copy(&ptoken->user_sids[sid_ndx++], &groupSIDs[i]); - } else { - ptoken->num_sids--; + ptoken->user_sids[sid_ndx++] = groupSIDs[i]; + ptoken->num_sids++; } } @@ -535,65 +506,18 @@ static NTSTATUS create_nt_user_token(const DOM_SID *user_sid, const DOM_SID *gro Make a user_info struct ***************************************************************************/ -static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass) +NTSTATUS make_server_info(auth_serversupplied_info **server_info, const char *username) { - *server_info = malloc(sizeof(**server_info)); + TALLOC_CTX *mem_ctx = talloc_init("auth subsystem: server_info for %s", username); + *server_info = talloc_p(mem_ctx, auth_serversupplied_info); if (!*server_info) { DEBUG(0,("make_server_info: malloc failed!\n")); + talloc_destroy(mem_ctx); return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(*server_info); - - return NT_STATUS_OK; -} - -/*************************************************************************** - Make (and fill) a user_info struct from a SAM_ACCOUNT -***************************************************************************/ - -NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, - SAM_ACCOUNT *sampass) -{ - NTSTATUS nt_status = NT_STATUS_OK; - const DOM_SID *user_sid = pdb_get_user_sid(sampass); - const DOM_SID *group_sid = pdb_get_group_sid(sampass); - NT_USER_TOKEN *token; - BOOL is_guest; - uint32 rid; - - if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sampass))) { - return nt_status; - } - - is_guest = (sid_peek_rid(user_sid, &rid) && rid == DOMAIN_USER_RID_GUEST); - - if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token(user_sid, group_sid, - 0, NULL, is_guest, - &token))) - { - DEBUG(4,("create_nt_user_token failed\n")); - free_server_info(server_info); - return nt_status; - } - - (*server_info)->ptok = token; + (*server_info)->mem_ctx = mem_ctx; - return nt_status; -} - -/*************************************************************************** - Make (and fill) a user_info struct from a 'struct passwd' by conversion - to a SAM_ACCOUNT -***************************************************************************/ - -NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, const struct passwd *pwd) -{ - NTSTATUS nt_status; - SAM_ACCOUNT *sampass = NULL; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sampass, pwd))) { - return nt_status; - } - return make_server_info_sam(server_info, sampass); + return NT_STATUS_OK; } /*************************************************************************** @@ -603,35 +527,29 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, const struc NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info) { NTSTATUS nt_status; - SAM_ACCOUNT *sampass = NULL; - DOM_SID guest_sid; + static const char zeros[16]; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) { - return nt_status; - } + nt_status = make_server_info(server_info, ""); - sid_copy(&guest_sid, get_global_sam_sid()); - sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST); - - become_root(); - if (!pdb_getsampwsid(sampass, &guest_sid)) { - unbecome_root(); - return NT_STATUS_NO_SUCH_USER; + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; } - unbecome_root(); - - nt_status = make_server_info_sam(server_info, sampass); - - if (NT_STATUS_IS_OK(nt_status)) { - static const char zeros[16]; - (*server_info)->guest = True; - - /* annoying, but the Guest really does have a session key, - and it is all zeros! */ - (*server_info)->user_session_key = data_blob(zeros, sizeof(zeros)); - (*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros)); + + (*server_info)->guest = True; + + if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token((*server_info)->mem_ctx, + global_sid_Anonymous, global_sid_Builtin_Guests, + 0, NULL, + True, &(*server_info)->ptok))) { + DEBUG(1,("check_sam_security: create_nt_user_token failed with '%s'\n", nt_errstr(nt_status))); + free_server_info(server_info); + return nt_status; } - + + /* annoying, but the Guest really does have a session key, + and it is all zeros! */ + (*server_info)->user_session_key = data_blob(zeros, sizeof(zeros)); + (*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros)); return nt_status; } @@ -666,14 +584,11 @@ void free_user_info(auth_usersupplied_info **user_info) void free_server_info(auth_serversupplied_info **server_info) { - DEBUG(5,("attempting to free (and zero) a server_info structure\n")); - if (*server_info != NULL) { - - /* call pam_end here, unless we know we are keeping it */ - delete_nt_token( &(*server_info)->ptok ); - ZERO_STRUCT(**server_info); + DEBUG(5,("attempting to free a server_info structure\n")); + if (!*server_info) { + talloc_destroy((*server_info)->mem_ctx); } - SAFE_FREE(*server_info); + *server_info = NULL; } /*************************************************************************** @@ -714,32 +629,6 @@ void delete_nt_token(NT_USER_TOKEN **pptoken) SAFE_FREE(*pptoken); } -/**************************************************************************** - Duplicate a SID token. -****************************************************************************/ - -struct nt_user_token *dup_nt_token(NT_USER_TOKEN *ptoken) -{ - NT_USER_TOKEN *token; - - if (!ptoken) - return NULL; - - if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) - return NULL; - - ZERO_STRUCTP(token); - - if ((token->user_sids = (DOM_SID *)memdup( ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids )) == NULL) { - SAFE_FREE(token); - return NULL; - } - - token->num_sids = ptoken->num_sids; - - return token; -} - /** * Squash an NT_STATUS in line with security requirements. * In an attempt to avoid giving the whole game away when users diff --git a/source4/auth/config.m4 b/source4/auth/config.m4 index b84ec5d475..8fc1f5edeb 100644 --- a/source4/auth/config.m4 +++ b/source4/auth/config.m4 @@ -2,7 +2,6 @@ dnl # AUTH Server subsystem SMB_MODULE(auth_sam,AUTH,STATIC,[auth/auth_sam.o]) SMB_MODULE(auth_builtin,AUTH,STATIC,[auth/auth_builtin.o]) -SMB_MODULE(auth_unix,AUTH,STATIC,[auth/auth_unix.o]) SMB_SUBSYSTEM(AUTH,auth/auth.o, [auth/auth_ntlmssp.o |