[SCM] Samba Shared Repository - branch v3-devel updated -
release-3-2-0pre2-3756-gb5bb784
Günther Deschner
gd at samba.org
Tue Aug 19 13:20:29 GMT 2008
The branch, v3-devel has been updated
via b5bb7844952a87b123551b478b60bfe232afc308 (commit)
from 661b7fdffda40a9ca7cb36627dbaf91cb4357cd0 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel
- Log -----------------------------------------------------------------
commit b5bb7844952a87b123551b478b60bfe232afc308
Author: Günther Deschner <gd at samba.org>
Date: Tue Aug 19 01:18:24 2008 +0200
winbindd: kill some trailing/leading whitespace.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/winbindd/winbindd_pam.c | 318 ++++++++++++++++++++--------------------
1 files changed, 159 insertions(+), 159 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c
index 0f9f1e1..01cdc4d 100644
--- a/source/winbindd/winbindd_pam.c
+++ b/source/winbindd/winbindd_pam.c
@@ -310,8 +310,8 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
TALLOC_FREE(frame);
- status = sid_array_from_info3(mem_ctx, info3,
- &token->user_sids,
+ status = sid_array_from_info3(mem_ctx, info3,
+ &token->user_sids,
&token->num_sids,
true, false);
if (!NT_STATUS_IS_OK(status)) {
@@ -338,13 +338,13 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
}
-
+
/* Do not distinguish this error from a wrong username/pw */
return NT_STATUS_LOGON_FAILURE;
}
-struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
+struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
const char *domain_name)
{
struct winbindd_domain *domain;
@@ -353,7 +353,7 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
domain = find_domain_from_name_noinit(domain_name);
if (domain == NULL) {
DEBUG(3, ("Authentication for domain [%s] refused "
- "as it is not a trusted domain\n",
+ "as it is not a trusted domain\n",
domain_name));
}
return domain;
@@ -370,12 +370,12 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
if (state->request.flags & WBFLAG_PAM_CONTACT_TRUSTDOM) {
domain = find_domain_from_name_noinit(domain_name);
if (domain == NULL) {
- DEBUG(3, ("Authentication for domain [%s] skipped "
- "as it is not a trusted domain\n",
+ DEBUG(3, ("Authentication for domain [%s] skipped "
+ "as it is not a trusted domain\n",
domain_name));
} else {
return domain;
- }
+ }
}
return find_our_domain();
@@ -387,7 +387,7 @@ static void set_auth_errors(struct winbindd_response *resp, NTSTATUS result)
fstrcpy(resp->data.auth.nt_status_string, nt_errstr(result));
/* we might have given a more useful error above */
- if (*resp->data.auth.error_string == '\0')
+ if (*resp->data.auth.error_string == '\0')
fstrcpy(resp->data.auth.error_string,
get_friendly_nt_error_msg(result));
resp->data.auth.pam_error = nt_status_to_pam(result);
@@ -402,9 +402,9 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(5,("fillup_password_policy: No inbound trust to "
- "contact domain %s\n", domain->name));
+ "contact domain %s\n", domain->name));
return NT_STATUS_NOT_SUPPORTED;
- }
+ }
methods = domain->methods;
@@ -427,8 +427,8 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
return NT_STATUS_OK;
}
-static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
+static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
uint16 *lockout_threshold)
{
struct winbindd_methods *methods;
@@ -449,8 +449,8 @@ static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain
return NT_STATUS_OK;
}
-static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
+static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
uint32 *password_properties)
{
struct winbindd_methods *methods;
@@ -473,7 +473,7 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
#ifdef HAVE_KRB5
-static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
+static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
const char *type,
uid_t uid,
bool *internal_ccache)
@@ -532,11 +532,11 @@ static void setup_return_cc_name(struct winbindd_cli_state *state, const char *c
if (!strequal(type, "FILE") &&
!strequal(type, "WRFILE")) {
- DEBUG(10,("won't return krbccname for a %s type ccache\n",
+ DEBUG(10,("won't return krbccname for a %s type ccache\n",
type));
return;
}
-
+
fstrcpy(state->response.data.auth.krb5ccname, cc);
}
@@ -582,8 +582,8 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
ZERO_STRUCTP(info3);
*info3 = NULL;
-
- /* 1st step:
+
+ /* 1st step:
* prepare a krb5_cc_cache string for the user */
uid = get_uid_from_state(state);
@@ -593,31 +593,31 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
cc = generate_krb5_ccache(state->mem_ctx,
state->request.data.auth.krb5_cc_type,
- state->request.data.auth.uid,
+ state->request.data.auth.uid,
&internal_ccache);
if (cc == NULL) {
return NT_STATUS_NO_MEMORY;
}
- /* 2nd step:
+ /* 2nd step:
* get kerberos properties */
-
+
if (domain->private_data) {
ads = (ADS_STRUCT *)domain->private_data;
- time_offset = ads->auth.time_offset;
+ time_offset = ads->auth.time_offset;
}
- /* 3rd step:
+ /* 3rd step:
* do kerberos auth and setup ccache as the user */
parse_domain_user(state->request.data.auth.user, name_domain, name_user);
realm = domain->alt_name;
strupper_m(realm);
-
- principal_s = talloc_asprintf(state->mem_ctx, "%s@%s", name_user, realm);
+
+ principal_s = talloc_asprintf(state->mem_ctx, "%s@%s", name_user, realm);
if (principal_s == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -665,7 +665,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
* environment */
if (!internal_ccache) {
-
+
setup_return_cc_name(state, cc);
result = add_ccache_to_list(principal_s,
@@ -676,11 +676,11 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
uid,
time(NULL),
ticket_lifetime,
- renewal_until,
+ renewal_until,
False);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n",
+ DEBUG(10,("winbindd_raw_kerberos_login: failed to add ccache to list: %s\n",
nt_errstr(result)));
}
} else {
@@ -836,7 +836,7 @@ void winbindd_pam_auth(struct winbindd_cli_state *state)
}
/* Parse domain and username */
-
+
ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
if (!canonicalize_username(state->request.data.auth.user,
@@ -869,7 +869,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
struct netr_SamInfo3 **info3)
{
NTSTATUS result = NT_STATUS_LOGON_FAILURE;
- uint16 max_allowed_bad_attempts;
+ uint16 max_allowed_bad_attempts;
fstring name_domain, name_user;
DOM_SID sid;
enum lsa_SidType type;
@@ -890,7 +890,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
DEBUG(10,("winbindd_dual_pam_auth_cached\n"));
/* Parse domain and username */
-
+
parse_domain_user(state->request.data.auth.user, name_domain, name_user);
@@ -908,10 +908,10 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
return NT_STATUS_LOGON_FAILURE;
}
- result = winbindd_get_creds(domain,
- state->mem_ctx,
- &sid,
- &my_info3,
+ result = winbindd_get_creds(domain,
+ state->mem_ctx,
+ &sid,
+ &my_info3,
&cached_nt_pass,
&cached_salt);
if (!NT_STATUS_IS_OK(result)) {
@@ -947,31 +947,31 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
/* User *DOES* know the password, update logon_time and reset
* bad_pw_count */
-
+
my_info3->base.user_flags |= NETLOGON_CACHED_ACCOUNT;
-
+
if (my_info3->base.acct_flags & ACB_AUTOLOCK) {
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
-
+
if (my_info3->base.acct_flags & ACB_DISABLED) {
return NT_STATUS_ACCOUNT_DISABLED;
}
-
+
if (my_info3->base.acct_flags & ACB_WSTRUST) {
return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
}
-
+
if (my_info3->base.acct_flags & ACB_SVRTRUST) {
return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
}
-
+
if (my_info3->base.acct_flags & ACB_DOMTRUST) {
return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
}
if (!(my_info3->base.acct_flags & ACB_NORMAL)) {
- DEBUG(0,("winbindd_dual_pam_auth_cached: whats wrong with that one?: 0x%08x\n",
+ DEBUG(0,("winbindd_dual_pam_auth_cached: whats wrong with that one?: 0x%08x\n",
my_info3->base.acct_flags));
return NT_STATUS_LOGON_FAILURE;
}
@@ -988,7 +988,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
/* return NT_STATUS_PASSWORD_EXPIRED; */
goto success;
}
-
+
#ifdef HAVE_KRB5
if ((state->request.flags & WBFLAG_PAM_KRB5) &&
((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
@@ -1113,7 +1113,7 @@ failed:
my_info3);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(0,("winbindd_dual_pam_auth_cached: failed to update creds %s\n",
+ DEBUG(0,("winbindd_dual_pam_auth_cached: failed to update creds %s\n",
nt_errstr(result)));
}
@@ -1121,7 +1121,7 @@ failed:
}
NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
- struct winbindd_cli_state *state,
+ struct winbindd_cli_state *state,
struct netr_SamInfo3 **info3)
{
struct winbindd_domain *contact_domain;
@@ -1129,38 +1129,38 @@ NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
NTSTATUS result;
DEBUG(10,("winbindd_dual_pam_auth_kerberos\n"));
-
+
/* Parse domain and username */
-
+
parse_domain_user(state->request.data.auth.user, name_domain, name_user);
/* what domain should we contact? */
-
+
if ( IS_DC ) {
if (!(contact_domain = find_domain_from_name(name_domain))) {
- DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
- state->request.data.auth.user, name_domain, name_user, name_domain));
+ DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
+ state->request.data.auth.user, name_domain, name_user, name_domain));
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
-
+
} else {
if (is_myname(name_domain)) {
DEBUG(3, ("Authentication for domain %s (local domain to this server) not supported at this stage\n", name_domain));
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
-
+
contact_domain = find_domain_from_name(name_domain);
if (contact_domain == NULL) {
- DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
- state->request.data.auth.user, name_domain, name_user, name_domain));
+ DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
+ state->request.data.auth.user, name_domain, name_user, name_domain));
contact_domain = find_our_domain();
}
}
- if (contact_domain->initialized &&
+ if (contact_domain->initialized &&
contact_domain->active_directory) {
goto try_login;
}
@@ -1212,13 +1212,13 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
*info3 = NULL;
DEBUG(10,("winbindd_dual_pam_auth_samlogon\n"));
-
+
/* Parse domain and username */
-
+
parse_domain_user(state->request.data.auth.user, name_domain, name_user);
/* do password magic */
-
+
generate_random_buffer(chal, 8);
if (lp_client_ntlmv2_auth()) {
@@ -1226,17 +1226,17 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
DATA_BLOB names_blob;
DATA_BLOB nt_response;
DATA_BLOB lm_response;
- server_chal = data_blob_talloc(state->mem_ctx, chal, 8);
-
+ server_chal = data_blob_talloc(state->mem_ctx, chal, 8);
+
/* note that the 'workgroup' here is a best guess - we don't know
the server's domain at this point. The 'server name' is also
- dodgy...
+ dodgy...
*/
names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
-
- if (!SMBNTLMv2encrypt(name_user, name_domain,
- state->request.data.auth.pass,
- &server_chal,
+
+ if (!SMBNTLMv2encrypt(name_user, name_domain,
+ state->request.data.auth.pass,
+ &server_chal,
&names_blob,
&lm_response, &nt_response, NULL)) {
data_blob_free(&names_blob);
@@ -1255,35 +1255,35 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
data_blob_free(&nt_response);
} else {
- if (lp_client_lanman_auth()
- && SMBencrypt(state->request.data.auth.pass,
- chal,
+ if (lp_client_lanman_auth()
+ && SMBencrypt(state->request.data.auth.pass,
+ chal,
local_lm_response)) {
- lm_resp = data_blob_talloc(state->mem_ctx,
- local_lm_response,
+ lm_resp = data_blob_talloc(state->mem_ctx,
+ local_lm_response,
sizeof(local_lm_response));
} else {
lm_resp = data_blob_null;
}
- SMBNTencrypt(state->request.data.auth.pass,
+ SMBNTencrypt(state->request.data.auth.pass,
chal,
local_nt_response);
- nt_resp = data_blob_talloc(state->mem_ctx,
- local_nt_response,
+ nt_resp = data_blob_talloc(state->mem_ctx,
+ local_nt_response,
sizeof(local_nt_response));
}
-
+
/* what domain should we contact? */
-
+
if ( IS_DC ) {
if (!(contact_domain = find_domain_from_name(name_domain))) {
- DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
- state->request.data.auth.user, name_domain, name_user, name_domain));
+ DEBUG(3, ("Authentication for domain for [%s] -> [%s]\\[%s] failed as %s is not a trusted domain\n",
+ state->request.data.auth.user, name_domain, name_user, name_domain));
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
-
+
} else {
if (is_myname(name_domain)) {
DEBUG(3, ("Authentication for domain %s (local domain to this server) not supported at this stage\n", name_domain));
@@ -1312,7 +1312,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
/* It is really important to try SamLogonEx here,
* because in a clustered environment, we want to use
* one machine account from multiple physical
- * computers.
+ * computers.
*
* With a normal SamLogon call, we must keep the
* credentials chain updated and intact between all
@@ -1326,7 +1326,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
* When using SamLogonEx, the credentials are not
* supplied, but the session key is implied by the
* wrapping SamLogon context.
- *
+ *
* -- abartlet 21 April 2008
*/
@@ -1364,12 +1364,12 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
retry = True;
continue;
}
-
+
/* if we get access denied, a possible cause was that we had
and open connection to the DC, but someone changed our
machine account password out from underneath us using 'net
rpc changetrustpw' */
-
+
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
DEBUG(3,("winbindd_pam_auth: sam_logon returned "
"ACCESS_DENIED. Maybe the trust account "
@@ -1378,15 +1378,15 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
name_domain));
invalidate_cm_connection(&contact_domain->conn);
retry = True;
- }
-
+ }
+
} while ( (attempts < 2) && retry );
/* handle the case where a NT4 DC does not fill in the acct_flags in
* the samlogon reply info3. When accurate info3 is required by the
* caller, we look up the account flags ourselve - gd */
- if ((state->request.flags & WBFLAG_PAM_INFO3_TEXT) &&
+ if ((state->request.flags & WBFLAG_PAM_INFO3_TEXT) &&
NT_STATUS_IS_OK(result) && (my_info3->base.acct_flags == 0)) {
struct rpc_pipe_client *samr_pipe;
@@ -1395,11 +1395,11 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
NTSTATUS status_tmp;
uint32 acct_flags;
- status_tmp = cm_connect_sam(contact_domain, state->mem_ctx,
--
Samba Shared Repository
More information about the samba-cvs
mailing list