From b5fcb34d6cd20c852208d2b8b785b2870c6d65db Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Dec 2009 12:46:22 +0100 Subject: s3:check_sam_security: untangle assignment from statement Michael --- source3/auth/auth_sam.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index f0500b3611..942f9ca6c4 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -305,7 +305,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, /* the returned struct gets kept on the server_info, by means of a steal further down */ - if ( !(sampass = samu_new( mem_ctx )) ) { + sampass = samu_new(mem_ctx); + if (sampass == NULL) { return NT_STATUS_NO_MEMORY; } -- cgit From 7ac18c743b50b8cd63284326bd648675db63c557 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Dec 2009 15:35:50 +0100 Subject: s3:auth:sam_password_ok: enhance readability (imho) by adding some pointers and removing bool variables and several checks. Michael --- source3/auth/auth_sam.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 942f9ca6c4..381ad5b83c 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -40,9 +40,12 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, { uint32 acct_ctrl; const uint8 *lm_pw, *nt_pw; - struct samr_Password lm_hash, nt_hash, client_lm_hash, client_nt_hash; + struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash; + struct samr_Password *lm_hash = NULL; + struct samr_Password *nt_hash = NULL; + struct samr_Password *client_lm_hash = NULL; + struct samr_Password *client_nt_hash = NULL; const char *username = pdb_get_username(sampass); - bool got_lm = false, got_nt = false; *user_sess_key = data_blob(NULL, 0); *lm_sess_key = data_blob(NULL, 0); @@ -60,32 +63,36 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, lm_pw = pdb_get_lanman_passwd(sampass); nt_pw = pdb_get_nt_passwd(sampass); + if (lm_pw) { - memcpy(lm_hash.hash, lm_pw, sizeof(lm_hash.hash)); + memcpy(_lm_hash.hash, lm_pw, sizeof(_lm_hash.hash)); + lm_hash = &_lm_hash; } if (nt_pw) { - memcpy(nt_hash.hash, nt_pw, sizeof(nt_hash.hash)); + memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash)); + nt_hash = &_nt_hash; } - if (user_info->lm_interactive_pwd.data && sizeof(client_lm_hash.hash) == user_info->lm_interactive_pwd.length) { - memcpy(client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(lm_hash.hash)); - got_lm = true; + if (user_info->lm_interactive_pwd.data && sizeof(_client_lm_hash.hash) == user_info->lm_interactive_pwd.length) { + memcpy(_client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(_lm_hash.hash)); + client_lm_hash = &_client_lm_hash; } - if (user_info->nt_interactive_pwd.data && sizeof(client_nt_hash.hash) == user_info->nt_interactive_pwd.length) { - memcpy(client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(nt_hash.hash)); - got_nt = true; + if (user_info->nt_interactive_pwd.data && sizeof(_client_nt_hash.hash) == user_info->nt_interactive_pwd.length) { + memcpy(_client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(_nt_hash.hash)); + client_nt_hash = &_client_nt_hash; } - if (got_lm || got_nt) { + + if (client_lm_hash || client_nt_hash) { *user_sess_key = data_blob(mem_ctx, 16); if (!user_sess_key->data) { return NT_STATUS_NO_MEMORY; } SMBsesskeygen_ntv1(nt_pw, user_sess_key->data); return hash_password_check(mem_ctx, lp_lanman_auth(), - got_lm ? &client_lm_hash : NULL, - got_nt ? &client_nt_hash : NULL, + client_lm_hash, + client_nt_hash, username, - lm_pw ? &lm_hash: NULL, - nt_pw ? &nt_hash : NULL); + lm_hash, + nt_hash); } else { return ntlm_password_check(mem_ctx, lp_lanman_auth(), lp_ntlm_auth(), @@ -95,8 +102,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, username, user_info->smb_name, user_info->client_domain, - lm_pw ? &lm_hash: NULL, - nt_pw ? &nt_hash : NULL, + lm_hash, + nt_hash, user_sess_key, lm_sess_key); } } -- cgit From 0172587d8d56e1163c27014e1e092580d0158e10 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Dec 2009 15:37:23 +0100 Subject: s3:auth:sam_password_ok: fix allocation of a data blob. data_blob(mem_ctx, 16) does not use mem_ctx as a talloc ctx but copies 16 bytes from mem_ctx into the newly allocated data blob. This can not have been intentional. A blank uint8_t array of length 16 is allocated by passing NULL instead of mem_ctx. And using data_blob_talloc(mem_ctx, NULL, 16) adds the allocated blank 16 byte array to mem_ctx - so this is what must have been intended. Michael --- source3/auth/auth_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 381ad5b83c..42ede64141 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -82,7 +82,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } if (client_lm_hash || client_nt_hash) { - *user_sess_key = data_blob(mem_ctx, 16); + *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16); if (!user_sess_key->data) { return NT_STATUS_NO_MEMORY; } -- cgit From c0f404a2e46187424915a073142a0a218b48ec2c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 4 Jan 2010 15:37:24 +0100 Subject: s3:auth: use data_blob_null instead of data_blob(NULL, 0) in sam_password_ok() This way it is more explicit that there is no allocated data here that may leak. Michael --- source3/auth/auth_sam.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 42ede64141..a9f1600d17 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -47,8 +47,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, struct samr_Password *client_nt_hash = NULL; const char *username = pdb_get_username(sampass); - *user_sess_key = data_blob(NULL, 0); - *lm_sess_key = data_blob(NULL, 0); + *user_sess_key = data_blob_null; + *lm_sess_key = data_blob_null; acct_ctrl = pdb_get_acct_ctrl(sampass); if (acct_ctrl & ACB_PWNOTREQ) { -- cgit From 36348594505a5e7934d20d3b614f51023ae5740a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 4 Jan 2010 18:15:24 +0100 Subject: s3:auth:sam_password_ok: take username, acct_ctrl and nt/lm hashes, not sampass This is in preparation to extending check_sam_security to also check against the password history before updating the bad password count. This way, sam_password_ok can more easily be reused for that purpose. Michael --- source3/auth/auth_sam.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index a9f1600d17..add74f611a 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -33,24 +33,23 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, TALLOC_CTX *mem_ctx, - struct samu *sampass, + const char *username, + uint32_t acct_ctrl, + const uint8_t *lm_pw, + const uint8_t *nt_pw, const auth_usersupplied_info *user_info, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { - uint32 acct_ctrl; - const uint8 *lm_pw, *nt_pw; struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash; struct samr_Password *lm_hash = NULL; struct samr_Password *nt_hash = NULL; struct samr_Password *client_lm_hash = NULL; struct samr_Password *client_nt_hash = NULL; - const char *username = pdb_get_username(sampass); *user_sess_key = data_blob_null; *lm_sess_key = data_blob_null; - acct_ctrl = pdb_get_acct_ctrl(sampass); if (acct_ctrl & ACB_PWNOTREQ) { if (lp_null_passwords()) { DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username)); @@ -61,9 +60,6 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, } } - lm_pw = pdb_get_lanman_passwd(sampass); - nt_pw = pdb_get_nt_passwd(sampass); - if (lm_pw) { memcpy(_lm_hash.hash, lm_pw, sizeof(_lm_hash.hash)); lm_hash = &_lm_hash; @@ -304,6 +300,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, DATA_BLOB user_sess_key = data_blob_null; DATA_BLOB lm_sess_key = data_blob_null; bool updated_autolock = False, updated_badpw = False; + uint32_t acct_ctrl; + const char *username; + const uint8_t *nt_pw; + const uint8_t *lm_pw; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; @@ -330,16 +330,22 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_NO_SUCH_USER; } + acct_ctrl = pdb_get_acct_ctrl(sampass); + username = pdb_get_username(sampass); + nt_pw = pdb_get_nt_passwd(sampass); + lm_pw = pdb_get_lanman_passwd(sampass); + /* see if autolock flag needs to be updated */ - if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) + if (acct_ctrl & ACB_NORMAL) pdb_update_autolock_flag(sampass, &updated_autolock); /* Quit if the account was locked out. */ - if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { - DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass))); + if (acct_ctrl & ACB_AUTOLOCK) { + DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); return NT_STATUS_ACCOUNT_LOCKED_OUT; } - nt_status = sam_password_ok(auth_context, mem_ctx, sampass, + nt_status = sam_password_ok(auth_context, mem_ctx, + username, acct_ctrl, lm_pw, nt_pw, user_info, &user_sess_key, &lm_sess_key); /* Notify passdb backend of login success/failure. If not @@ -349,7 +355,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, if (!NT_STATUS_IS_OK(nt_status)) { if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && - pdb_get_acct_ctrl(sampass) &ACB_NORMAL && + acct_ctrl & ACB_NORMAL && NT_STATUS_IS_OK(update_login_attempts_status)) { pdb_increment_bad_password_count(sampass); @@ -370,7 +376,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return nt_status; } - if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && + if ((acct_ctrl & ACB_NORMAL) && (pdb_get_bad_password_count(sampass) > 0)){ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); -- cgit From de4fb80beec59999dd9ce074d4fff0b310fb08da Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 6 Jan 2010 12:32:51 +0100 Subject: s3:auth:check_sam_security: null out sampass after it has been stolen. So that a later talloc_free would not harm. I could have used talloc_move instead of talloc steal in make_server_info_sam(), but this would have required a change of the signature. Michael --- source3/auth/auth_sam.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index add74f611a..3573de1375 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -402,6 +402,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, become_root(); nt_status = make_server_info_sam(server_info, sampass); unbecome_root(); + sampass = NULL; if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); -- cgit From 970317c413eae52af9976e5652362412dd3038e3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 6 Jan 2010 12:36:56 +0100 Subject: s3:auth:check_sam_security: create (and use) a common exit point for use after sam_password_ok() has been called. Michael --- source3/auth/auth_sam.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 3573de1375..dd4a465e7d 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -370,10 +370,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, DEBUG(1, ("Failed to modify entry.\n")); unbecome_root(); } - data_blob_free(&user_sess_key); - data_blob_free(&lm_sess_key); - TALLOC_FREE(sampass); - return nt_status; + goto done; } if ((acct_ctrl & ACB_NORMAL) && @@ -393,10 +390,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, nt_status = sam_account_ok(mem_ctx, sampass, user_info); if (!NT_STATUS_IS_OK(nt_status)) { - TALLOC_FREE(sampass); - data_blob_free(&user_sess_key); - data_blob_free(&lm_sess_key); - return nt_status; + goto done; } become_root(); @@ -406,9 +400,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); - data_blob_free(&user_sess_key); - data_blob_free(&lm_sess_key); - return nt_status; + goto done; } (*server_info)->user_session_key = @@ -423,6 +415,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, (*server_info)->nss_token |= user_info->was_mapped; +done: + TALLOC_FREE(sampass); + data_blob_free(&user_sess_key); + data_blob_free(&lm_sess_key); return nt_status; } -- cgit From 5ad1b7e0c5aa7c8e0a0d55c2456e9d6354dc9bcc Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 6 Jan 2010 13:40:58 +0100 Subject: s3:auth:check_sam_security: fix a leading tab/ws mixup Michael --- source3/auth/auth_sam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index dd4a465e7d..7835b18183 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -385,7 +385,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass))) DEBUG(1, ("Failed to modify entry.\n")); unbecome_root(); - } + } nt_status = sam_account_ok(mem_ctx, sampass, user_info); -- cgit From 7248873b48ac28c40809c949da0e7325ca63aef0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 6 Jan 2010 13:53:10 +0100 Subject: s3:auth:check_sam_security: improve calling and logging of pdb_update_sam_account Log what went wrongl, and also call pdb_update_sam_account inside become_root/unbecome_root: do the logging outside. Michael --- source3/auth/auth_sam.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 7835b18183..e7b9f2b019 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -365,10 +365,16 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, &updated_badpw); } if (updated_autolock || updated_badpw){ + NTSTATUS status; + become_root(); - if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass))) - DEBUG(1, ("Failed to modify entry.\n")); + status = pdb_update_sam_account(sampass); unbecome_root(); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to modify entry: %s\n", + nt_errstr(status))); + } } goto done; } @@ -381,10 +387,16 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, } if (updated_autolock || updated_badpw){ + NTSTATUS status; + become_root(); - if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass))) - DEBUG(1, ("Failed to modify entry.\n")); + status = pdb_update_sam_account(sampass); unbecome_root(); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, ("Failed to modify entry: %s\n", + nt_errstr(status))); + } } nt_status = sam_account_ok(mem_ctx, sampass, user_info); -- cgit From 46111dc4e437f9cd4df1dbf2ecfe6a56eaf1ae39 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 6 Jan 2010 16:35:44 +0100 Subject: s3:auth:check_sam_security: introduce a bool var to control pad_pw_count incrementation This is a preparatory patch for the last part in fixing bug #4347 . Michael --- source3/auth/auth_sam.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index e7b9f2b019..4c3f552ee6 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -354,10 +354,16 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status)); if (!NT_STATUS_IS_OK(nt_status)) { + bool increment_bad_pw_count = false; + if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && acct_ctrl & ACB_NORMAL && NT_STATUS_IS_OK(update_login_attempts_status)) - { + { + increment_bad_pw_count = true; + } + + if (increment_bad_pw_count) { pdb_increment_bad_password_count(sampass); updated_badpw = True; } else { -- cgit From dc689827114c46b3ca2a75082421dc2d98001ce7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 6 Jan 2010 17:29:04 +0100 Subject: s3:auth: don't update the bad pw count if pw is among last 2 history entries This conforms to the behaviour of Windows 2003: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx This is supposed to fixes Bug #4347 . Michael --- source3/auth/auth_sam.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 73 insertions(+), 1 deletion(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 4c3f552ee6..ef0cd97c52 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -281,6 +281,75 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/** + * Check whether the given password is one of the last two + * password history entries. If so, the bad pwcount should + * not be incremented even thought the actual password check + * failed. + */ +static bool need_to_increment_bad_pw_count( + const struct auth_context *auth_context, + struct samu* sampass, + const auth_usersupplied_info *user_info) +{ + uint8_t i; + const uint8_t *pwhistory; + uint32_t pwhistory_len; + uint32_t policy_pwhistory_len; + uint32_t acct_ctrl; + const char *username; + TALLOC_CTX *mem_ctx = talloc_stackframe(); + bool result = true; + + pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, + &policy_pwhistory_len); + if (policy_pwhistory_len == 0) { + goto done; + } + + pwhistory = pdb_get_pw_history(sampass, &pwhistory_len); + if (!pwhistory || pwhistory_len == 0) { + goto done; + } + + acct_ctrl = pdb_get_acct_ctrl(sampass); + username = pdb_get_username(sampass); + + for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) { + static const uint8_t zero16[SALTED_MD5_HASH_LEN]; + const uint8_t *salt; + const uint8_t *nt_pw; + NTSTATUS status; + DATA_BLOB user_sess_key = data_blob_null; + DATA_BLOB lm_sess_key = data_blob_null; + + salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN]; + nt_pw = salt + PW_HISTORY_SALT_LEN; + + if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) { + /* skip zero password hash */ + continue; + } + + if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) { + /* skip nonzero salt (old format entry) */ + continue; + } + + status = sam_password_ok(auth_context, mem_ctx, + username, acct_ctrl, NULL, nt_pw, + user_info, &user_sess_key, &lm_sess_key); + if (NT_STATUS_IS_OK(status)) { + result = false; + break; + } + } + +done: + TALLOC_FREE(mem_ctx); + return result; +} + /**************************************************************************** check if a username/password is OK assuming the password is a 24 byte SMB hash supplied in the user_info structure @@ -360,7 +429,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, acct_ctrl & ACB_NORMAL && NT_STATUS_IS_OK(update_login_attempts_status)) { - increment_bad_pw_count = true; + increment_bad_pw_count = + need_to_increment_bad_pw_count(auth_context, + sampass, + user_info); } if (increment_bad_pw_count) { -- cgit From 9bb4766bbaaec58989f1f544b7e2367691a09c53 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 10 Jan 2010 14:16:04 +0100 Subject: s3: Remove the typedef for "auth_usersupplied_info" --- source3/auth/auth_builtin.c | 6 +++--- source3/auth/auth_compat.c | 4 ++-- source3/auth/auth_domain.c | 6 +++--- source3/auth/auth_netlogond.c | 4 ++-- source3/auth/auth_ntlmssp.c | 2 +- source3/auth/auth_sam.c | 10 +++++----- source3/auth/auth_script.c | 2 +- source3/auth/auth_server.c | 2 +- source3/auth/auth_unix.c | 2 +- source3/auth/auth_util.c | 18 +++++++++--------- source3/auth/auth_wbc.c | 2 +- source3/auth/auth_winbind.c | 2 +- 12 files changed, 30 insertions(+), 30 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index 3741f29779..dbd7937e37 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -34,7 +34,7 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { /* mark this as 'not for me' */ @@ -77,7 +77,7 @@ static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *o static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { NTSTATUS nt_status; @@ -130,7 +130,7 @@ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, co static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { return NT_STATUS_NOT_IMPLEMENTED; diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c index 77a994828f..dc046d5c0d 100644 --- a/source3/auth/auth_compat.c +++ b/source3/auth/auth_compat.c @@ -38,7 +38,7 @@ return True if the password is correct, False otherwise NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info) { struct auth_context *plaintext_auth_context = NULL; - auth_usersupplied_info *user_info = NULL; + struct auth_usersupplied_info *user_info = NULL; uint8_t chal[8]; NTSTATUS nt_status; if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) { @@ -74,7 +74,7 @@ static NTSTATUS pass_check_smb(struct auth_context *actx, NTSTATUS nt_status; auth_serversupplied_info *server_info = NULL; if (encrypted) { - auth_usersupplied_info *user_info = NULL; + struct auth_usersupplied_info *user_info = NULL; if (actx == NULL) { return NT_STATUS_INTERNAL_ERROR; } diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index c527360321..bbe0ba5d40 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -251,7 +251,7 @@ machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli))); ************************************************************************/ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, const char *domain, uchar chal[8], auth_serversupplied_info **server_info, @@ -372,7 +372,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; @@ -441,7 +441,7 @@ static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char static NTSTATUS check_trustdomain_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index ebfed83d41..f3b66e4948 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -27,7 +27,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, const struct auth_context *auth_context, const char *ncalrpc_sockname, uint8_t schannel_key[16], - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, struct netr_SamInfo3 **pinfo3, NTSTATUS *schannel_bind_result) { @@ -153,7 +153,7 @@ static char *mymachinepw(TALLOC_CTX *mem_ctx) static NTSTATUS check_netlogond_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { TALLOC_CTX *frame = talloc_stackframe(); diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 4243a24ca7..88f0e69443 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -85,7 +85,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, { AUTH_NTLMSSP_STATE *auth_ntlmssp_state = (AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context; - auth_usersupplied_info *user_info = NULL; + struct auth_usersupplied_info *user_info = NULL; NTSTATUS nt_status; bool username_was_mapped; diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index ef0cd97c52..01f82517d6 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -37,7 +37,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, uint32_t acct_ctrl, const uint8_t *lm_pw, const uint8_t *nt_pw, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, DATA_BLOB *user_sess_key, DATA_BLOB *lm_sess_key) { @@ -168,7 +168,7 @@ static bool logon_hours_ok(struct samu *sampass) static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, struct samu *sampass, - const auth_usersupplied_info *user_info) + const struct auth_usersupplied_info *user_info) { uint32 acct_ctrl = pdb_get_acct_ctrl(sampass); char *workstation_list; @@ -290,7 +290,7 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, static bool need_to_increment_bad_pw_count( const struct auth_context *auth_context, struct samu* sampass, - const auth_usersupplied_info *user_info) + const struct auth_usersupplied_info *user_info) { uint8_t i; const uint8_t *pwhistory; @@ -359,7 +359,7 @@ return an NT_STATUS constant. static NTSTATUS check_sam_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { struct samu *sampass=NULL; @@ -532,7 +532,7 @@ Check SAM security (above) but with a few extra checks. static NTSTATUS check_samstrict_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { bool is_local_name, is_my_domain; diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c index 6cbace71e8..353f3be78f 100644 --- a/source3/auth/auth_script.c +++ b/source3/auth/auth_script.c @@ -40,7 +40,7 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, "auth_script", "script", NULL); diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 287b50b080..3f0ab9dc72 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -270,7 +270,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { struct server_security_state *state = talloc_get_type_abort( diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 58c765226d..6f2f9f10a9 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -85,7 +85,7 @@ static bool update_smbpassword_file(const char *user, const char *password) static NTSTATUS check_unix_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { NTSTATUS nt_status; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 8167a80a4f..eebc21b93c 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -107,7 +107,7 @@ static int _smb_create_user(const char *domain, const char *unix_username, const Create an auth_usersupplied_data structure ****************************************************************************/ -static NTSTATUS make_user_info(auth_usersupplied_info **user_info, +static NTSTATUS make_user_info(struct auth_usersupplied_info **user_info, const char *smb_name, const char *internal_username, const char *client_domain, @@ -121,7 +121,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name)); - *user_info = SMB_MALLOC_P(auth_usersupplied_info); + *user_info = SMB_MALLOC_P(struct auth_usersupplied_info); if (*user_info == NULL) { DEBUG(0,("malloc failed for user_info (size %lu)\n", (unsigned long)sizeof(*user_info))); return NT_STATUS_NO_MEMORY; @@ -188,7 +188,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, Create an auth_usersupplied_data structure after appropriate mapping. ****************************************************************************/ -NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, +NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, @@ -252,7 +252,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, Decrypt and encrypt the passwords. ****************************************************************************/ -bool make_user_info_netlogon_network(auth_usersupplied_info **user_info, +bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, @@ -290,7 +290,7 @@ bool make_user_info_netlogon_network(auth_usersupplied_info **user_info, Decrypt and encrypt the passwords. ****************************************************************************/ -bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, +bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, @@ -402,7 +402,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, Create an auth_usersupplied_data structure ****************************************************************************/ -bool make_user_info_for_reply(auth_usersupplied_info **user_info, +bool make_user_info_for_reply(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const uint8 chal[8], @@ -460,7 +460,7 @@ bool make_user_info_for_reply(auth_usersupplied_info **user_info, Create an auth_usersupplied_data structure ****************************************************************************/ -NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, +NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, DATA_BLOB lm_resp, DATA_BLOB nt_resp) @@ -478,7 +478,7 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, Create a guest user_info blob, for anonymous authenticaion. ****************************************************************************/ -bool make_user_info_guest(auth_usersupplied_info **user_info) +bool make_user_info_guest(struct auth_usersupplied_info **user_info) { NTSTATUS nt_status; @@ -2114,7 +2114,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, Free a user_info struct ***************************************************************************/ -void free_user_info(auth_usersupplied_info **user_info) +void free_user_info(struct auth_usersupplied_info **user_info) { DEBUG(5,("attempting to free (and zero) a user_info structure\n")); if (*user_info != NULL) { diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c index 580c8b550d..d86ea49c89 100644 --- a/source3/auth/auth_wbc.c +++ b/source3/auth/auth_wbc.c @@ -47,7 +47,7 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { NTSTATUS nt_status; diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index d1b00a3268..01f60f8df7 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -30,7 +30,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, - const auth_usersupplied_info *user_info, + const struct auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { NTSTATUS nt_status; -- cgit From 081573091bc3f2b4f85164db51878e570377d4e8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 10 Jan 2010 14:24:22 +0100 Subject: s3: Remove the typedef for "auth_serversupplied_info" --- source3/auth/auth_builtin.c | 6 +++--- source3/auth/auth_compat.c | 6 ++++-- source3/auth/auth_domain.c | 6 +++--- source3/auth/auth_netlogond.c | 2 +- source3/auth/auth_sam.c | 4 ++-- source3/auth/auth_script.c | 2 +- source3/auth/auth_server.c | 2 +- source3/auth/auth_unix.c | 2 +- source3/auth/auth_util.c | 36 ++++++++++++++++++------------------ source3/auth/auth_wbc.c | 2 +- source3/auth/auth_winbind.c | 2 +- 11 files changed, 36 insertions(+), 34 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index dbd7937e37..f8f048a6f2 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -35,7 +35,7 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { /* mark this as 'not for me' */ NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; @@ -78,7 +78,7 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; fstring user; @@ -131,7 +131,7 @@ static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_c void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { return NT_STATUS_NOT_IMPLEMENTED; } diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c index dc046d5c0d..e90036f3ff 100644 --- a/source3/auth/auth_compat.c +++ b/source3/auth/auth_compat.c @@ -35,7 +35,9 @@ SMB hash return True if the password is correct, False otherwise ****************************************************************************/ -NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info) +NTSTATUS check_plaintext_password(const char *smb_name, + DATA_BLOB plaintext_password, + struct auth_serversupplied_info **server_info) { struct auth_context *plaintext_auth_context = NULL; struct auth_usersupplied_info *user_info = NULL; @@ -72,7 +74,7 @@ static NTSTATUS pass_check_smb(struct auth_context *actx, { NTSTATUS nt_status; - auth_serversupplied_info *server_info = NULL; + struct auth_serversupplied_info *server_info = NULL; if (encrypted) { struct auth_usersupplied_info *user_info = NULL; if (actx == NULL) { diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index bbe0ba5d40..a07aa617c4 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -254,7 +254,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, const char *domain, uchar chal[8], - auth_serversupplied_info **server_info, + struct auth_serversupplied_info **server_info, const char *dc_name, struct sockaddr_storage *dc_ss) @@ -373,7 +373,7 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; const char *domain = lp_workgroup(); @@ -442,7 +442,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; unsigned char trust_md4_password[16]; diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index f3b66e4948..bfd12281c4 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -154,7 +154,7 @@ static NTSTATUS check_netlogond_security(const struct auth_context *auth_context void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { TALLOC_CTX *frame = talloc_stackframe(); struct netr_SamInfo3 *info3 = NULL; diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 01f82517d6..834ca977da 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -360,7 +360,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { struct samu *sampass=NULL; bool ret; @@ -533,7 +533,7 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { bool is_local_name, is_my_domain; diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c index 353f3be78f..be1ae81501 100644 --- a/source3/auth/auth_script.c +++ b/source3/auth/auth_script.c @@ -41,7 +41,7 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, "auth_script", "script", NULL); char *secret_str; diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 3f0ab9dc72..ec92787dce 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -271,7 +271,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { struct server_security_state *state = talloc_get_type_abort( my_private_data, struct server_security_state); diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index 6f2f9f10a9..3e2df9a123 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -86,7 +86,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; struct passwd *pass = NULL; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index eebc21b93c..9db358d965 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -33,7 +33,7 @@ auth_serversupplied_info struct. ****************************************************************************/ -static void sort_sid_array_for_smbd(auth_serversupplied_info *result, +static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result, const DOM_SID *pgroup_sid) { unsigned int i; @@ -494,7 +494,7 @@ bool make_user_info_guest(struct auth_usersupplied_info **user_info) return NT_STATUS_IS_OK(nt_status) ? True : False; } -static int server_info_dtor(auth_serversupplied_info *server_info) +static int server_info_dtor(struct auth_serversupplied_info *server_info) { TALLOC_FREE(server_info->sam_account); ZERO_STRUCTP(server_info); @@ -505,11 +505,11 @@ static int server_info_dtor(auth_serversupplied_info *server_info) Make a server_info struct. Free with TALLOC_FREE(). ***************************************************************************/ -static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) +static struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) { struct auth_serversupplied_info *result; - result = TALLOC_ZERO_P(mem_ctx, auth_serversupplied_info); + result = TALLOC_ZERO_P(mem_ctx, struct auth_serversupplied_info); if (result == NULL) { DEBUG(0, ("talloc failed\n")); return NULL; @@ -562,12 +562,12 @@ static bool is_our_machine_account(const char *username) Make (and fill) a user_info struct from a struct samu ***************************************************************************/ -NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, +NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, struct samu *sampass) { struct passwd *pwd; gid_t *gids; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; const char *username = pdb_get_username(sampass); NTSTATUS status; @@ -701,7 +701,7 @@ static NTSTATUS log_nt_token(NT_USER_TOKEN *token) * server_info->sids (the info3/sam groups). Find the unix gids. */ -NTSTATUS create_local_token(auth_serversupplied_info *server_info) +NTSTATUS create_local_token(struct auth_serversupplied_info *server_info) { NTSTATUS status; size_t i; @@ -1140,7 +1140,7 @@ bool user_in_group(const char *username, const char *groupname) to a struct samu ***************************************************************************/ -NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, +NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, char *unix_username, struct passwd *pwd) { @@ -1151,7 +1151,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, TALLOC_CTX *mem_ctx = NULL; DOM_SID u_sid; enum lsa_SidType type; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; if ( !(sampass = samu_new( NULL )) ) { return NT_STATUS_NO_MEMORY; @@ -1261,7 +1261,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, the guest gid, then create one. ***************************************************************************/ -static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info) +static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **server_info) { NTSTATUS status; struct samu *sampass = NULL; @@ -1355,9 +1355,9 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, - const auth_serversupplied_info *src) + const struct auth_serversupplied_info *src) { - auth_serversupplied_info *dst; + struct auth_serversupplied_info *dst; dst = make_server_info(mem_ctx); if (dst == NULL) { @@ -1433,7 +1433,7 @@ bool server_info_set_session_key(struct auth_serversupplied_info *info, return (info->user_session_key.data != NULL); } -static auth_serversupplied_info *guest_info = NULL; +static struct auth_serversupplied_info *guest_info = NULL; bool init_guest_info(void) { @@ -1444,7 +1444,7 @@ bool init_guest_info(void) } NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { *server_info = copy_serverinfo(mem_ctx, guest_info); return (*server_info != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; @@ -1620,7 +1620,7 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser, NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, const char *sent_nt_username, const char *domain, - auth_serversupplied_info **server_info, + struct auth_serversupplied_info **server_info, struct netr_SamInfo3 *info3) { char zeros[16]; @@ -1637,7 +1637,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, uid_t uid = (uid_t)-1; gid_t gid = (gid_t)-1; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; /* Here is where we should check the list of @@ -1873,7 +1873,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, const char *sent_nt_username, const char *domain, const struct wbcAuthUserInfo *info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { char zeros[16]; @@ -1890,7 +1890,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, uid_t uid = (uid_t)-1; gid_t gid = (gid_t)-1; - auth_serversupplied_info *result; + struct auth_serversupplied_info *result; result = make_server_info(NULL); if (result == NULL) { diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c index d86ea49c89..85b05efb36 100644 --- a/source3/auth/auth_wbc.c +++ b/source3/auth/auth_wbc.c @@ -48,7 +48,7 @@ static NTSTATUS check_wbc_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; wbcErr wbc_status; diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 01f60f8df7..74723e6af4 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -31,7 +31,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, - auth_serversupplied_info **server_info) + struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; wbcErr wbc_status; -- cgit From 3ea64e0ad86c35e5f0018ac60571e7a31a968543 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 10 Jan 2010 17:39:27 +0100 Subject: s3: Replace most calls to sid_append_rid() by sid_compose() --- source3/auth/auth_util.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 9db358d965..de552cf57e 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1274,8 +1274,7 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser return NT_STATUS_NO_MEMORY; } - sid_copy(&guest_sid, get_global_sam_sid()); - sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST); + sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST); become_root(); ret = pdb_getsampwsid(sampass, &guest_sid); @@ -1645,13 +1644,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, matches. */ - sid_copy(&user_sid, info3->base.domain_sid); - if (!sid_append_rid(&user_sid, info3->base.rid)) { + if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { return NT_STATUS_INVALID_PARAMETER; } - sid_copy(&group_sid, info3->base.domain_sid); - if (!sid_append_rid(&group_sid, info3->base.primary_gid)) { + if (!sid_compose(&group_sid, info3->base.domain_sid, + info3->base.primary_gid)) { return NT_STATUS_INVALID_PARAMETER; } -- cgit From 444ecac2d28e02c6cc6da8ed97010fc475e834e5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 12 Jan 2010 12:25:32 +0100 Subject: s3:auth: add comment to nulling out stolen sampass Adding this comment makes me think, I could also have changed make_server_info_sam() talloc_move instead of talloc_steal, but that would have changed the signature... Well the comment is a first step. :-) Michael --- source3/auth/auth_sam.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/auth') diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 834ca977da..1dd8fc950e 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -486,6 +486,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, become_root(); nt_status = make_server_info_sam(server_info, sampass); unbecome_root(); + /* + * sampass has been stolen to server_info. + * So NULL it out to prevent segfaults. + */ sampass = NULL; if (!NT_STATUS_IS_OK(nt_status)) { -- cgit