svn commit: samba r17897 - in branches/SAMBA_3_0/source/nsswitch: .

jra at samba.org jra at samba.org
Mon Aug 28 23:01:31 GMT 2006 

Author: jra
Date: 2006-08-28 23:01:30 +0000 (Mon, 28 Aug 2006)
New Revision: 17897

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17897

Log:
Store the uid in the memory creds. Don't request the
krb5 refresh creds when doing cached NTLM auth, request
the memory creds instead.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/nsswitch/winbindd_ccache_access.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h
   branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ccache_access.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_ccache_access.c	2006-08-28 18:25:55 UTC (rev 17896)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_ccache_access.c	2006-08-28 23:01:30 UTC (rev 17897)
@@ -29,7 +29,7 @@
 #define DBGC_CLASS DBGC_WINBIND
 
 static BOOL client_can_access_ccache_entry(uid_t client_uid,
-					struct WINBINDD_CCACHE_ENTRY *entry)
+					struct WINBINDD_MEMORY_CREDS *entry)
 {
 	if (client_uid == entry->uid || client_uid == 0) {
 		DEBUG(10, ("Access granted to uid %d\n", client_uid));
@@ -190,7 +190,7 @@
 						struct winbindd_cli_state *state)
 {
 	NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
-	struct WINBINDD_CCACHE_ENTRY *entry;
+	struct WINBINDD_MEMORY_CREDS *entry;
 	DATA_BLOB initial, challenge, auth;
 	fstring name_domain, name_user;
 	uint32 initial_blob_len, challenge_blob_len, extra_len;
@@ -229,15 +229,15 @@
 		goto process_result;
 	}
 
-	entry = get_ccache_by_username(state->request.data.ccache_ntlm_auth.user);
-	if (entry == NULL || entry->cred_ptr == NULL) {
+	entry = find_memory_creds_by_name(state->request.data.ccache_ntlm_auth.user);
+	if (entry == NULL || entry->nt_hash == NULL || entry->lm_hash == NULL) {
 		DEBUG(10,("winbindd_dual_ccache_ntlm_auth: could not find "
 			"credentials for user %s\n", 
 			state->request.data.ccache_ntlm_auth.user));
 		goto process_result;
 	}
 
-	DEBUG(10,("winbindd_dual_ccache_ntlm_auth: found ccache [%s]\n", entry->ccname));
+	DEBUG(10,("winbindd_dual_ccache_ntlm_auth: found ccache [%s]\n", entry->username));
 
 	if (!client_can_access_ccache_entry(state->request.data.ccache_ntlm_auth.uid, entry)) {
 		goto process_result;
@@ -258,7 +258,7 @@
 		result = NT_STATUS_NO_MEMORY;
 	} else {
 		result = do_ntlm_auth_with_hashes(name_user, name_domain,
-						entry->cred_ptr->lm_hash, entry->cred_ptr->nt_hash,
+						entry->lm_hash, entry->nt_hash,
 						initial, challenge, &auth);
 	}
 

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c	2006-08-28 18:25:55 UTC (rev 17896)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c	2006-08-28 23:01:30 UTC (rev 17897)
@@ -35,7 +35,7 @@
  Find an entry by name.
 ****************************************************************/
 
-struct WINBINDD_CCACHE_ENTRY *get_ccache_by_username(const char *username)
+static struct WINBINDD_CCACHE_ENTRY *get_ccache_by_username(const char *username)
 {
 	struct WINBINDD_CCACHE_ENTRY *entry;
 
@@ -307,7 +307,7 @@
  Find an entry on the list by name.
 ***********************************************************/
 
-static struct WINBINDD_MEMORY_CREDS *find_memory_creds_by_name(const char *username)
+struct WINBINDD_MEMORY_CREDS *find_memory_creds_by_name(const char *username)
 {
 	struct WINBINDD_MEMORY_CREDS *p;
 
@@ -411,7 +411,7 @@
  Store credentials in memory in a list.
 *************************************************************/
 
-static NTSTATUS winbindd_add_memory_creds_internal(const char *username, const char *pass, BOOL store_pass)
+static NTSTATUS winbindd_add_memory_creds_internal(const char *username, uid_t uid, const char *pass, BOOL store_pass)
 {
 	/* Shortcut to ensure we don't store if no mlock. */
 #if !defined(HAVE_MLOCK) || !defined(HAVE_MUNLOCK)
@@ -420,8 +420,20 @@
 	NTSTATUS status;
 	struct WINBINDD_MEMORY_CREDS *memcredp = find_memory_creds_by_name(username);
 
+	if (uid == (uid_t)-1) {
+		DEBUG(0,("winbindd_add_memory_creds_internal: invalid uid for user %s.\n",
+			username ));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
 	if (memcredp) {
 		/* Already exists. Increment the reference count and replace stored creds. */
+		if (uid != memcredp->uid) {
+			DEBUG(0,("winbindd_add_memory_creds_internal: uid %u for user %s doesn't "
+				"match stored uid %u. Replacing.\n",
+				(unsigned int)uid, username, (unsigned int)memcredp->uid ));
+			memcredp->uid = uid;
+		}
 		memcredp->ref_count++;
 		DEBUG(10,("winbindd_add_memory_creds_internal: ref count for user %s is now %d\n",
 			username, memcredp->ref_count ));
@@ -440,9 +452,11 @@
 
 	status = store_memory_creds(memcredp, pass, store_pass);
 	if (!NT_STATUS_IS_OK(status)) {
+		talloc_destroy(memcredp);
 		return status;
 	}
 
+	memcredp->uid = uid;
 	memcredp->ref_count = 1;
 	DLIST_ADD(memory_creds_list, memcredp);
 
@@ -460,7 +474,7 @@
  and associate the new credentials with the struct WINBINDD_CCACHE_ENTRY.
 *************************************************************/
 
-NTSTATUS winbindd_add_memory_creds(const char *username, const char *pass)
+NTSTATUS winbindd_add_memory_creds(const char *username, uid_t uid, const char *pass)
 {
 	struct WINBINDD_CCACHE_ENTRY *entry = get_ccache_by_username(username);
 	BOOL store_pass = False;
@@ -470,7 +484,7 @@
 		store_pass = True;
 	}
 
-	status = winbindd_add_memory_creds_internal(username, pass, store_pass);
+	status = winbindd_add_memory_creds_internal(username, uid, pass, store_pass);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h	2006-08-28 18:25:55 UTC (rev 17896)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h	2006-08-28 23:01:30 UTC (rev 17897)
@@ -459,6 +459,7 @@
 struct WINBINDD_MEMORY_CREDS {
 	struct WINBINDD_MEMORY_CREDS *next, *prev;
 	const char *username; /* lookup key. */
+	uid_t uid;
 	int ref_count;
 	size_t len;
 	unsigned char *nt_hash; /* Base pointer for the following 2 */

Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-08-28 18:25:55 UTC (rev 17896)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c	2006-08-28 23:01:30 UTC (rev 17897)
@@ -1271,6 +1271,7 @@
 
 			/* Store in-memory creds for single-signon using ntlm_auth. */
 			result = winbindd_add_memory_creds(state->request.data.auth.user,
+							get_uid_from_state(state),
 							state->request.data.auth.pass);
 
 			if (!NT_STATUS_IS_OK(result)) {

More information about the samba-cvs mailing list