[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2326-gb121a5a

Volker Lendecke vlendec at samba.org
Wed May 7 12:47:11 GMT 2008 

The branch, v3-3-test has been updated
       via  b121a5acb2ef0bb3067d953b028696175432f10d (commit)
       via  1843ea64ab1df5ced5926aedbeb27c8320b0c70b (commit)
       via  27a9bbc645416265eebdfc866925855021bd407c (commit)
      from  4bef77a4566590b3e20470f538f20848ed49f264 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit b121a5acb2ef0bb3067d953b028696175432f10d
Author: Volker Lendecke <vl at samba.org>
Date:   Tue May 6 17:37:00 2008 +0200

    Rename server_info->was_mapped to server_info->nss_token
    
    "nss_token" from my point of view much better reflects what this flag actually
    represents

commit 1843ea64ab1df5ced5926aedbeb27c8320b0c70b
Author: Volker Lendecke <vl at samba.org>
Date:   Tue May 6 15:16:45 2008 +0200

    Use talloc_tos() for a temporary getpwnam_alloc in make_connection_snum

commit 27a9bbc645416265eebdfc866925855021bd407c
Author: Volker Lendecke <vl at samba.org>
Date:   Wed May 7 14:20:15 2008 +0200

    Use talloc_stackframe() in find_forced_group

-----------------------------------------------------------------------

Summary of changes:
 source/auth/auth_domain.c  |    4 +---
 source/auth/auth_ntlmssp.c |    2 +-
 source/auth/auth_sam.c     |    2 +-
 source/auth/auth_util.c    |    6 +++---
 source/auth/auth_winbind.c |    4 +---
 source/include/auth.h      |    6 +++++-
 source/smbd/service.c      |   18 ++++++------------
 source/smbd/sesssetup.c    |    4 +---
 8 files changed, 19 insertions(+), 27 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c
index f526677..f483718 100644
--- a/source/auth/auth_domain.c
+++ b/source/auth/auth_domain.c
@@ -270,9 +270,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 						info3);
 
 		if (NT_STATUS_IS_OK(nt_status)) {
-			if (user_info->was_mapped) {
-				(*server_info)->was_mapped = user_info->was_mapped;
-			}
+			(*server_info)->nss_token |= user_info->was_mapped;
 
 			if ( ! (*server_info)->guest) {
 				/* if a real user check pam account restrictions */
diff --git a/source/auth/auth_ntlmssp.c b/source/auth/auth_ntlmssp.c
index b6c26a1..0d46b14 100644
--- a/source/auth/auth_ntlmssp.c
+++ b/source/auth/auth_ntlmssp.c
@@ -122,7 +122,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 		return nt_status;
 	}
 
-	auth_ntlmssp_state->server_info->was_mapped |= username_was_mapped;
+	auth_ntlmssp_state->server_info->nss_token |= username_was_mapped;
 
 	nt_status = create_local_token(auth_ntlmssp_state->server_info);
 
diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index 4d25d31..5e393f7 100644
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -367,7 +367,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 				 lm_sess_key.length);
 	data_blob_free(&lm_sess_key);
 
-	(*server_info)->was_mapped |= user_info->was_mapped;
+	(*server_info)->nss_token |= user_info->was_mapped;
 
 	return nt_status;
 }
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 5116425..5e9da4e 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -634,7 +634,7 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 	 */
 
 	if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
-	    (server_info->was_mapped)) {
+	    (server_info->nss_token)) {
 		status = create_token_from_username(server_info,
 						    server_info->unix_name,
 						    server_info->guest,
@@ -1626,7 +1626,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 			sizeof(info3->base.LMSessKey.key));
 	}
 
-	result->was_mapped = username_was_mapped;
+	result->nss_token |= username_was_mapped;
 
 	*server_info = result;
 
@@ -1859,7 +1859,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
 			sizeof(info->lm_session_key));
 	}
 
-	result->was_mapped = username_was_mapped;
+	result->nss_token |= username_was_mapped;
 
 	*server_info = result;
 
diff --git a/source/auth/auth_winbind.c b/source/auth/auth_winbind.c
index 20faa95..d1b00a3 100644
--- a/source/auth/auth_winbind.c
+++ b/source/auth/auth_winbind.c
@@ -120,9 +120,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 		return nt_status;
 	}
 
-	if (user_info->was_mapped) {
-		(*server_info)->was_mapped = user_info->was_mapped;
-	}
+	(*server_info)->nss_token |= user_info->was_mapped;
 
         return nt_status;
 }
diff --git a/source/include/auth.h b/source/include/auth.h
index df2bed8..56b8144 100644
--- a/source/include/auth.h
+++ b/source/include/auth.h
@@ -67,7 +67,11 @@ typedef struct auth_serversupplied_info {
 	
 	void *pam_handle;
 
-	bool was_mapped;	/* Did the username map match? */
+	/*
+	 * This is a token from /etc/passwd and /etc/group
+	 */
+	bool nss_token;
+
 	char *unix_name;
 
 	/*
diff --git a/source/smbd/service.c b/source/smbd/service.c
index ff69fc4..f589f06 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -561,7 +561,7 @@ static NTSTATUS find_forced_group(bool force_user,
 				  gid_t *pgid)
 {
 	NTSTATUS result = NT_STATUS_NO_SUCH_GROUP;
-	TALLOC_CTX *mem_ctx;
+	TALLOC_CTX *frame = talloc_stackframe();
 	DOM_SID group_sid;
 	enum lsa_SidType type;
 	char *groupname;
@@ -571,13 +571,7 @@ static NTSTATUS find_forced_group(bool force_user,
 	ZERO_STRUCTP(pgroup_sid);
 	*pgid = (gid_t)-1;
 
-	mem_ctx = talloc_new(NULL);
-	if (mem_ctx == NULL) {
-		DEBUG(0, ("talloc_new failed\n"));
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	groupname = talloc_strdup(mem_ctx, lp_force_group(snum));
+	groupname = talloc_strdup(talloc_tos(), lp_force_group(snum));
 	if (groupname == NULL) {
 		DEBUG(1, ("talloc_strdup failed\n"));
 		result = NT_STATUS_NO_MEMORY;
@@ -589,10 +583,10 @@ static NTSTATUS find_forced_group(bool force_user,
 		groupname += 1;
 	}
 
-	groupname = talloc_string_sub(mem_ctx, groupname,
+	groupname = talloc_string_sub(talloc_tos(), groupname,
 				      "%S", lp_servicename(snum));
 
-	if (!lookup_name_smbconf(mem_ctx, groupname,
+	if (!lookup_name_smbconf(talloc_tos(), groupname,
 			 LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
 			 NULL, NULL, &group_sid, &type)) {
 		DEBUG(10, ("lookup_name_smbconf(%s) failed\n",
@@ -641,7 +635,7 @@ static NTSTATUS find_forced_group(bool force_user,
 
 	result = NT_STATUS_OK;
  done:
-	TALLOC_FREE(mem_ctx);
+	TALLOC_FREE(frame);
 	return result;
 }
 
@@ -689,7 +683,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 		char *found_username = NULL;
 
 		guest = True;
-		pass = getpwnam_alloc(NULL, guestname);
+		pass = getpwnam_alloc(talloc_tos(), guestname);
 		if (!pass) {
 			DEBUG(0,("make_connection_snum: Invalid guest "
 				 "account %s??\n",guestname));
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index b9219ab..9076949 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -530,9 +530,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
 		}
 	}
 
-	if (username_was_mapped) {
-		server_info->was_mapped = username_was_mapped;
-	}
+	server_info->nss_token |= username_was_mapped;
 
 	/* we need to build the token for the user. make_server_info_guest()
 	   already does this */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list