svn commit: samba r17400 - in branches/SAMBA_3_0_RELEASE/source: .
auth nsswitch smbd utils
jerry at samba.org
jerry at samba.org
Fri Aug 4 17:09:13 GMT 2006
Author: jerry
Date: 2006-08-04 17:09:13 +0000 (Fri, 04 Aug 2006)
New Revision: 17400
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17400
Log:
grabbing latest changes from SAMBA_3_0_23 to help in testing
Modified:
branches/SAMBA_3_0_RELEASE/source/VERSION
branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c
branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.h
branches/SAMBA_3_0_RELEASE/source/smbd/msdfs.c
branches/SAMBA_3_0_RELEASE/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/source/VERSION
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/VERSION 2006-08-04 12:15:53 UTC (rev 17399)
+++ branches/SAMBA_3_0_RELEASE/source/VERSION 2006-08-04 17:09:13 UTC (rev 17400)
@@ -37,7 +37,7 @@
# e.g. SAMBA_VERSION_REVISION=a #
# -> "2.2.8a" #
########################################################
-SAMBA_VERSION_REVISION=a
+SAMBA_VERSION_REVISION=b
########################################################
# For 'pre' releases the version will be #
Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-08-04 12:15:53 UTC (rev 17399)
+++ branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-08-04 17:09:13 UTC (rev 17400)
@@ -29,7 +29,6 @@
static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
const DOM_SID *user_sid,
- const DOM_SID *group_sid,
BOOL is_guest,
int num_groupsids,
const DOM_SID *groupsids);
@@ -509,7 +508,7 @@
uid_to_sid(&u_sid, pw->pw_uid);
gid_to_sid(&g_sid, pw->pw_gid);
- token = create_local_nt_token(NULL, &u_sid, &g_sid, False,
+ token = create_local_nt_token(NULL, &u_sid, False,
1, &global_sid_Builtin_Administrators);
return token;
}
@@ -803,7 +802,6 @@
static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
const DOM_SID *user_sid,
- const DOM_SID *group_sid,
BOOL is_guest,
int num_groupsids,
const DOM_SID *groupsids)
@@ -830,8 +828,12 @@
add_sid_to_array(result, user_sid,
&result->user_sids, &result->num_sids);
- add_sid_to_array(result, group_sid,
- &result->user_sids, &result->num_sids);
+
+ /* For guest, num_groupsids may be zero. */
+ if (num_groupsids) {
+ add_sid_to_array(result, &groupsids[0],
+ &result->user_sids, &result->num_sids);
+ }
/* Add in BUILTIN sids */
@@ -850,9 +852,11 @@
/* Now the SIDs we got from authentication. These are the ones from
* the info3 struct or from the pdb_enum_group_memberships, depending
- * on who authenticated the user. */
+ * on who authenticated the user.
+ * Note that we start the for loop at "1" here, we already added the
+ * first group sid as primary above. */
- for (i=0; i<num_groupsids; i++) {
+ for (i=1; i<num_groupsids; i++) {
add_sid_to_array_unique(result, &groupsids[i],
&result->user_sids, &result->num_sids);
}
@@ -955,8 +959,8 @@
return NT_STATUS_NO_MEMORY;
}
- if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
- server_info->was_mapped) {
+ if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
+ (server_info->was_mapped)) {
status = create_token_from_username(server_info,
server_info->unix_name,
server_info->guest,
@@ -969,7 +973,6 @@
server_info->ptok = create_local_nt_token(
server_info,
pdb_get_user_sid(server_info->sam_account),
- pdb_get_group_sid(server_info->sam_account),
server_info->guest,
server_info->num_sids, server_info->sids);
status = server_info->ptok ?
@@ -1072,7 +1075,6 @@
/* This is a passdb user, so ask passdb */
struct samu *sam_acct = NULL;
- const DOM_SID *gr_sid = NULL;
if ( !(sam_acct = samu_new( tmp_ctx )) ) {
result = NT_STATUS_NO_MEMORY;
@@ -1086,20 +1088,6 @@
goto unix_user;
}
- gr_sid = pdb_get_group_sid(sam_acct);
- if (!gr_sid) {
- goto unix_user;
- }
-
- sid_copy(&primary_group_sid, gr_sid);
-
- if (!sid_to_gid(&primary_group_sid, gid)) {
- DEBUG(1, ("sid_to_gid(%s) failed\n",
- sid_string_static(&primary_group_sid)));
- DEBUGADD(1, ("Fall back to unix user %s\n", username));
- goto unix_user;
- }
-
result = pdb_enum_group_memberships(tmp_ctx, sam_acct,
&group_sids, &gids,
&num_group_sids);
@@ -1110,6 +1098,10 @@
goto unix_user;
}
+ /* see the smb_panic() in pdb_default_enum_group_memberships */
+ SMB_ASSERT(num_group_sids > 0);
+
+ *gid = gids[0];
*found_username = talloc_strdup(mem_ctx,
pdb_get_username(sam_acct));
@@ -1138,9 +1130,6 @@
goto done;
}
- *gid = pass->pw_gid;
- gid_to_sid(&primary_group_sid, pass->pw_gid);
-
if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
&gids, &num_group_sids)) {
DEBUG(1, ("getgroups_unix_user for user %s failed\n",
@@ -1158,6 +1147,11 @@
for (i=0; i<num_group_sids; i++) {
gid_to_sid(&group_sids[i], gids[i]);
}
+
+ /* In getgroups_unix_user we always set the primary gid */
+ SMB_ASSERT(num_group_sids > 0);
+
+ *gid = gids[0];
*found_username = talloc_strdup(mem_ctx, pass->pw_name);
} else {
@@ -1181,13 +1175,13 @@
goto done;
}
- num_group_sids = 0;
- group_sids = NULL;
+ num_group_sids = 1;
+ group_sids = &primary_group_sid;
*found_username = talloc_strdup(mem_ctx, username);
}
- *token = create_local_nt_token(mem_ctx, &user_sid, &primary_group_sid,
+ *token = create_local_nt_token(mem_ctx, &user_sid,
is_guest, num_group_sids, group_sids);
if ((*token == NULL) || (*found_username == NULL)) {
Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c 2006-08-04 12:15:53 UTC (rev 17399)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.c 2006-08-04 17:09:13 UTC (rev 17400)
@@ -209,12 +209,15 @@
{
va_list args;
char *var;
+ int ret;
va_start(args, format);
vasprintf(&var, format, args);
va_end(args);
- return _make_remark(pamh, type, var);
+ ret = _make_remark(pamh, type, var);
+ SAFE_FREE(var);
+ return ret;
}
static int pam_winbind_request(pam_handle_t * pamh, int ctrl,
@@ -482,15 +485,29 @@
/* save the CIFS homedir for pam_cifs / pam_mount */
if (response.data.auth.info3.home_dir[0] != '\0') {
- char *buf;
- if (!asprintf(&buf, "%s", response.data.auth.info3.home_dir)) {
- return PAM_BUF_ERR;
+ int ret2 = pam_set_data(pamh, PAM_WINBIND_HOMEDIR,
+ (void *) strdup(response.data.auth.info3.home_dir),
+ _pam_winbind_cleanup_func);
+ if (ret2) {
+ _pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s",
+ pam_strerror(pamh, ret2));
}
- pam_set_data( pamh, PAM_WINBIND_HOMEDIR, (void *)buf, _pam_winbind_cleanup_func);
}
+ /* save the logon script path for other PAM modules */
+ if (response.data.auth.info3.logon_script[0] != '\0') {
+
+ int ret2 = pam_set_data(pamh, PAM_WINBIND_LOGONSCRIPT,
+ (void *) strdup(response.data.auth.info3.logon_script),
+ _pam_winbind_cleanup_func);
+ if (ret2) {
+ _pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s",
+ pam_strerror(pamh, ret2));
+ }
+ }
+
return ret;
}
Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.h
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.h 2006-08-04 12:15:53 UTC (rev 17399)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/pam_winbind.h 2006-08-04 17:09:13 UTC (rev 17400)
@@ -108,6 +108,7 @@
#define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
#define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
+#define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
#define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"
#define SECONDS_PER_DAY 86400
Modified: branches/SAMBA_3_0_RELEASE/source/smbd/msdfs.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/smbd/msdfs.c 2006-08-04 12:15:53 UTC (rev 17399)
+++ branches/SAMBA_3_0_RELEASE/source/smbd/msdfs.c 2006-08-04 17:09:13 UTC (rev 17400)
@@ -505,13 +505,10 @@
parse_dfs_path(pathname, &dp);
/* Verify hostname in path */
- if ( !strequal(get_local_machine_name(), dp.hostname) ) {
- /* Hostname mismatch, check if one of our IP addresses */
- if (!ismyip(*interpret_addr2(dp.hostname))) {
- DEBUG(3, ("get_referred_path: Invalid hostname %s in path %s\n",
- dp.hostname, pathname));
- return False;
- }
+ if (!is_myname_or_ipaddr(dp.hostname)) {
+ DEBUG(3, ("get_referred_path: Invalid hostname %s in path %s\n",
+ dp.hostname, pathname));
+ return False;
}
pstrcpy(jucn->service_name, dp.servicename);
@@ -878,13 +875,10 @@
parse_dfs_path(pathname,&dp);
/* check if path is dfs : validate first token */
- if ( !strequal(get_local_machine_name(),dp.hostname) ) {
- /* Hostname mismatch, check if one of our IP addresses */
- if (!ismyip(*interpret_addr2(dp.hostname))) {
- DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n",
- dp.hostname, pathname));
- return False;
- }
+ if (!is_myname_or_ipaddr(dp.hostname)) {
+ DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n",
+ dp.hostname, pathname));
+ return False;
}
/* Check for a non-DFS share */
Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_ads.c
===================================================================
--- branches/SAMBA_3_0_RELEASE/source/utils/net_ads.c 2006-08-04 12:15:53 UTC (rev 17399)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_ads.c 2006-08-04 17:09:13 UTC (rev 17400)
@@ -1169,7 +1169,7 @@
int net_ads_join(int argc, const char **argv)
{
- ADS_STRUCT *ads;
+ ADS_STRUCT *ads = NULL;
ADS_STATUS status;
char *machine_account = NULL;
const char *short_domain_name = NULL;
@@ -1184,24 +1184,23 @@
if ( check_ads_config() != 0 ) {
d_fprintf(stderr, "Invalid configuration. Exiting....\n");
- return -1;
+ goto fail;
}
if ( (ads = ads_startup(True)) == NULL ) {
- return -1;
+ goto fail;
}
if (strcmp(ads->config.realm, lp_realm()) != 0) {
d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf "
"(%s) DO NOT match. Aborting join\n", ads->config.realm,
lp_realm());
- ads_destroy(&ads);
- return -1;
+ goto fail;
}
if (!(ctx = talloc_init("net_ads_join"))) {
DEBUG(0, ("Could not initialise talloc context\n"));
- return -1;
+ goto fail;
}
/* process additional command line args */
@@ -1214,12 +1213,12 @@
else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) {
if ( (create_in_ou = get_string_param(argv[i])) == NULL ) {
d_fprintf(stderr, "Please supply a valid OU path\n");
- return -1;
+ goto fail;
}
}
else {
d_fprintf(stderr, "Bad option: %s\n", argv[i]);
- return -1;
+ goto fail;
}
}
@@ -1231,8 +1230,7 @@
if ( !ADS_ERR_OK(status) ) {
d_fprintf( stderr, "Failed to pre-create the machine object "
"in OU %s.\n", argv[0]);
- ads_destroy( &ads );
- return -1;
+ goto fail;
}
}
@@ -1243,7 +1241,7 @@
if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password ) != 0 ) {
d_fprintf(stderr, "Failed to join domain!\n");
- return -1;
+ goto fail;
}
/* Check the short name of the domain */
@@ -1274,15 +1272,14 @@
if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1)
|| (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) )
{
- ads_destroy(&ads);
- return -1;
+ goto fail;
}
/* Verify that everything is ok */
if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap_ip) != 0 ) {
d_fprintf(stderr, "Failed to verify membership in domain!\n");
- return -1;
+ goto fail;
}
/* create the dNSHostName & servicePrincipalName values */
@@ -1306,13 +1303,12 @@
netdom_store_machine_account( lp_workgroup(), domain_sid, "" );
netdom_store_machine_account( short_domain_name, domain_sid, "" );
- return -1;
+ goto fail;
}
if ( !net_derive_salting_principal( ctx, ads ) ) {
DEBUG(1,("Failed to determine salting principal\n"));
- ads_destroy(&ads);
- return -1;
+ goto fail;
}
if ( createupn ) {
@@ -1343,6 +1339,10 @@
ads_destroy(&ads);
return 0;
+
+fail:
+ ads_destroy(&ads);
+ return -1;
}
/*******************************************************************
More information about the samba-cvs
mailing list