From 9be2e63315393f6e94cdd01a507b16768b0d90db Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 23 Dec 2004 03:00:55 +0000 Subject: r4339: - rename auth_guest to auth_anonymous - don't use static const strings in the server_info - fix segfault when auth_sam gets "" as username metze (This used to be commit 7fcbd483d4977cf6483f34ddd28e6c0182897ba2) --- source4/auth/auth_builtin.c | 71 +++++++++++++++++++++++++++++++++++++++------ source4/auth/auth_sam.c | 8 +++-- source4/auth/auth_util.c | 51 -------------------------------- source4/param/loadparm.c | 2 +- 4 files changed, 69 insertions(+), 63 deletions(-) (limited to 'source4') diff --git a/source4/auth/auth_builtin.c b/source4/auth/auth_builtin.c index 56c465cfae..f3169231e8 100644 --- a/source4/auth/auth_builtin.c +++ b/source4/auth/auth_builtin.c @@ -21,19 +21,72 @@ #include "includes.h" #include "auth/auth.h" +#include "librpc/gen_ndr/ndr_samr.h" +#include "librpc/gen_ndr/ndr_security.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH +/*************************************************************************** + Make (and fill) a user_info struct for a anonymous login. +***************************************************************************/ +static NTSTATUS make_server_info_anonymous(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info) +{ + *server_info = talloc_p(mem_ctx, struct auth_serversupplied_info); + if (!*server_info) { + return NT_STATUS_NO_MEMORY; + } + + (*server_info)->guest = True; + + (*server_info)->user_sid = dom_sid_parse_talloc((*server_info), SID_NT_ANONYMOUS); + + /* is this correct? */ + (*server_info)->primary_group_sid = dom_sid_parse_talloc((*server_info), SID_BUILTIN_GUESTS); + + (*server_info)->n_domain_groups = 0; + (*server_info)->domain_groups = NULL; + + /* annoying, but the Guest really does have a session key, + and it is all zeros! */ + (*server_info)->user_session_key = data_blob_talloc(*server_info, NULL, 16); + (*server_info)->lm_session_key = data_blob_talloc(*server_info, NULL, 16); + + data_blob_clear(&(*server_info)->user_session_key); + data_blob_clear(&(*server_info)->lm_session_key); + + (*server_info)->account_name = talloc_strdup((*server_info), "ANONYMOUS LOGON"); + (*server_info)->domain = talloc_strdup((*server_info), "NT AUTHORITY"); + (*server_info)->full_name = talloc_strdup((*server_info), "Anonymous Logon"); + (*server_info)->logon_script = talloc_strdup((*server_info), ""); + (*server_info)->profile_path = talloc_strdup((*server_info), ""); + (*server_info)->home_directory = talloc_strdup((*server_info), ""); + (*server_info)->home_drive = talloc_strdup((*server_info), ""); + + (*server_info)->last_logon = 0; + (*server_info)->last_logoff = 0; + (*server_info)->acct_expiry = 0; + (*server_info)->last_password_change = 0; + (*server_info)->allow_password_change = 0; + (*server_info)->force_password_change = 0; + + (*server_info)->logon_count = 0; + (*server_info)->bad_password_count = 0; + + (*server_info)->acct_flags = ACB_NORMAL; + + return NT_STATUS_OK; +} + /** - * Return a guest logon for guest users (username = "") + * Return a anonymous logon for anonymous users (username = "") * * Typically used as the first module in the auth chain, this allows * guest logons to be dealt with in one place. Non-guest logons 'fail' * and pass onto the next module. **/ -static NTSTATUS check_guest_security(const struct auth_context *auth_context, +static NTSTATUS check_anonymous_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, @@ -44,8 +97,8 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, if (!(user_info->internal_username.str && *user_info->internal_username.str)) { - nt_status = make_server_info_guest(discard_const(auth_context), - server_info); + nt_status = make_server_info_anonymous(discard_const(auth_context), + server_info); } return nt_status; @@ -53,15 +106,15 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, /* Guest modules initialisation */ -static NTSTATUS auth_init_guest(struct auth_context *auth_context, +static NTSTATUS auth_init_anonymous(struct auth_context *auth_context, const char *options, struct auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) return NT_STATUS_NO_MEMORY; - (*auth_method)->auth = check_guest_security; - (*auth_method)->name = "guest"; + (*auth_method)->auth = check_anonymous_security; + (*auth_method)->name = "anonymous"; return NT_STATUS_OK; } @@ -175,8 +228,8 @@ NTSTATUS auth_builtin_init(void) NTSTATUS ret; struct auth_operations ops; - ops.name = "guest"; - ops.init = auth_init_guest; + ops.name = "anonymous"; + ops.init = auth_init_anonymous; ret = auth_register(&ops); if (!NT_STATUS_IS_OK(ret)) { DEBUG(0,("Failed to register '%s' auth backend!\n", diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 501b5ca080..236a68fe9d 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -500,14 +500,18 @@ static NTSTATUS check_sam_security_internals(const struct auth_context *auth_con const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - NTSTATUS nt_status; - + /* mark this as 'not for me' */ + NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; const char *username = user_info->internal_username.str; struct ldb_message **msgs; struct ldb_message **domain_msgs; void *sam_ctx; DATA_BLOB user_sess_key, lm_sess_key; + if (!username || !*username) { + return nt_status; + } + sam_ctx = samdb_connect(mem_ctx); if (sam_ctx == NULL) { return NT_STATUS_INVALID_SYSTEM_SERVICE; diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 2b6d5324ee..9af4410a93 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -430,57 +430,6 @@ NTSTATUS make_server_info(const TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -/*************************************************************************** - Make (and fill) a user_info struct for a guest login. -***************************************************************************/ -NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info) -{ - NTSTATUS nt_status; - - nt_status = make_server_info(mem_ctx, server_info, ""); - - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - (*server_info)->guest = True; - - (*server_info)->user_sid = dom_sid_parse_talloc((*server_info), SID_NT_ANONYMOUS); - (*server_info)->primary_group_sid = dom_sid_parse_talloc((*server_info), SID_BUILTIN_GUESTS); - (*server_info)->n_domain_groups = 0; - (*server_info)->domain_groups = NULL; - - /* annoying, but the Guest really does have a session key, - and it is all zeros! */ - (*server_info)->user_session_key = data_blob_talloc(*server_info, NULL, 16); - (*server_info)->lm_session_key = data_blob_talloc(*server_info, NULL, 16); - - data_blob_clear(&(*server_info)->user_session_key); - data_blob_clear(&(*server_info)->lm_session_key); - - (*server_info)->account_name = ""; - (*server_info)->domain = ""; - (*server_info)->full_name = "Anonymous"; - (*server_info)->logon_script = ""; - (*server_info)->profile_path = ""; - (*server_info)->home_directory = ""; - (*server_info)->home_drive = ""; - - (*server_info)->last_logon = 0; - (*server_info)->last_logoff = 0; - (*server_info)->acct_expiry = 0; - (*server_info)->last_password_change = 0; - (*server_info)->allow_password_change = 0; - (*server_info)->force_password_change = 0; - - (*server_info)->logon_count = 0; - (*server_info)->bad_password_count = 0; - - (*server_info)->acct_flags = ACB_NORMAL; - - return nt_status; -} - /*************************************************************************** Make a server_info struct from the info3 returned by a domain logon ***************************************************************************/ diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 035ac3422a..059b7b1cb2 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -924,7 +924,7 @@ static void init_globals(void) do_parameter("dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg IOXIDResolver IRemoteActivation"); do_parameter("server services", "smb rpc"); - do_parameter("auth methods", "guest sam_ignoredomain"); + do_parameter("auth methods", "anonymous sam_ignoredomain"); do_parameter("smb passwd file", dyn_SMB_PASSWD_FILE); do_parameter("private dir", dyn_PRIVATE_DIR); do_parameter_var("sam database", "tdb://%s/sam.ldb", dyn_PRIVATE_DIR); -- cgit