[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Mon Jun 7 07:32:29 MDT 2010


The branch, master has been updated
       via  9a747d5... s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP
       via  edba46c... s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
       via  0af2dc4... s3:named pipe proxy Improve error messages when named pipes fail to forward
       via  4a7f45b... s3:smbd Give the kerberos session key a parent
       via  d25e9ab... named_pipe_auth Always lower case the incoming pipe name
       via  8f1cec5... s3:smbd Fix segfault if register_existing_vuid() fails
       via  fc956cf... s3:auth Rename user_info->domain -> user_info->mapped.domain_name
       via  deabae1... s3:auth Rename user_info->client_domain -> user_info->client.domain_name
       via  e21935f... s3:auth fix header comment for internal_username -> mapped.account_name
       via  7a021df... s3:auth Rename user_info->internal_username -> user_info->mapped.account_name
       via  2315945... s3:auth Rename user_info->smb_name -> user_info->client.account_name
      from  0dc88d2... s4:samba_dsdb LDB module - fix typos

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9a747d500fad699038ecf75615c680a9fd9e4cc7
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Jun 2 22:52:56 2010 +1000

    s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP
    
    This allows the right hooks to be called in GENSEC when s3compat
    implements the auth_ntlmssp interface.  Otherwise, we can't do the
    signing or sealing as we have not negoitated it's use.
    
    Andrew Bartlett

commit edba46ce94c335411ab337eeb4ef6f88fb3aae80
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Jun 2 22:35:53 2010 +1000

    s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
    
    It's nicer to have an NTSTATUS return, and in s3compat there may be a
    reason other than 'no memory' why this can fail.
    
    Andrew Bartlett

commit 0af2dc43ade4f819ebbb192e3f5493838f99d89b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Jun 3 21:05:57 2010 +1000

    s3:named pipe proxy Improve error messages when named pipes fail to forward
    
    I hope this helps the next person who needs to debug this.
    
    Andrew Bartlett

commit 4a7f45b7e1cef13bc28d7ee50dd4b5519bdec397
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Jun 3 21:15:33 2010 +1000

    s3:smbd Give the kerberos session key a parent
    
    I can't see what would free this, so this should prevent a memory leak.
    
    Andrew Bartlett

commit d25e9ab9a1b8c07a65034d36818819019e170e8d
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Jun 3 20:59:25 2010 +1000

    named_pipe_auth Always lower case the incoming pipe name
    
    Windows connects to an upper case NETLOGON pipe, and we can't find the
    socket to connect to until we lower case the name.
    
    Andrew Bartlett

commit 8f1cec5faf4e26de8b9797777059e99f2a66558b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jun 1 19:19:01 2010 +1000

    s3:smbd Fix segfault if register_existing_vuid() fails
    
    The register_existing_vuid() call will handle both the ntlmssp_end and
    vuid invalidation internally, so we don't want to do it again.
    
    Andrew Bartlett

commit fc956cfcbb53103ed46a3729364e88536d569dc9
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jun 1 21:11:14 2010 +1000

    s3:auth Rename user_info->domain -> user_info->mapped.domain_name
    
    This is closer to the structure I want for a common struct
    auth_usersupplied_info.
    
    Andrew Bartlett

commit deabae191b34bdd350c7fe6c0c9ad05defa8d08c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jun 1 21:08:38 2010 +1000

    s3:auth Rename user_info->client_domain -> user_info->client.domain_name
    
    This is closer to the structure I want for a common struct
    auth_usersupplied_info.
    
    Andrew Bartlett

commit e21935fc74e8bd64bbd231d6388ea424708c3acd
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jun 1 21:01:23 2010 +1000

    s3:auth fix header comment for internal_username -> mapped.account_name

commit 7a021df96deaf6dbe9f1abdfc16f6276e4a192fa
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jun 1 20:30:56 2010 +1000

    s3:auth Rename user_info->internal_username -> user_info->mapped.account_name
    
    This is closer to the structure I want for a common struct
    auth_usersupplied_info.
    
    Andrew Bartlett

commit 23159453d3e61e2ad47fe6f86f3763280a11ea0c
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jun 1 20:27:03 2010 +1000

    s3:auth Rename user_info->smb_name -> user_info->client.account_name
    
    This is closer to the structure I want for a common struct
    auth_usersupplied_info.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 libcli/named_pipe_auth/npa_tstream.c |    8 ++++++-
 source3/auth/auth.c                  |   28 ++++++++++++------------
 source3/auth/auth_builtin.c          |   10 ++++----
 source3/auth/auth_domain.c           |   38 +++++++++++++++++-----------------
 source3/auth/auth_netlogond.c        |   10 ++++----
 source3/auth/auth_ntlmssp.c          |   20 ++++++++++++++---
 source3/auth/auth_sam.c              |   10 ++++----
 source3/auth/auth_script.c           |   10 ++++----
 source3/auth/auth_server.c           |   18 ++++++++--------
 source3/auth/auth_unix.c             |    6 ++--
 source3/auth/auth_wbc.c              |   14 ++++++------
 source3/auth/auth_winbind.c          |   16 +++++++-------
 source3/auth/check_samsec.c          |    8 +++---
 source3/auth/user_info.c             |   28 ++++++++++++------------
 source3/include/auth.h               |    7 +++--
 source3/include/proto.h              |    7 ++++-
 source3/rpc_server/srv_pipe.c        |   28 ++++++++++++++++++++++--
 source3/rpc_server/srv_pipe_hnd.c    |    9 +++++--
 source3/smbd/sesssetup.c             |   20 +++++++++++++----
 source3/smbd/smb2_sesssetup.c        |    7 +++--
 20 files changed, 180 insertions(+), 122 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/named_pipe_auth/npa_tstream.c b/libcli/named_pipe_auth/npa_tstream.c
index 0834c7d..c96e30f 100644
--- a/libcli/named_pipe_auth/npa_tstream.c
+++ b/libcli/named_pipe_auth/npa_tstream.c
@@ -73,6 +73,11 @@ struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
 	struct tevent_req *subreq;
 	int ret;
 	enum ndr_err_code ndr_err;
+	char *lower_case_npipe = strlower_talloc(talloc_tos(), npipe);
+
+	if (!lower_case_npipe) {
+		return NULL;
+	}
 
 	req = tevent_req_create(mem_ctx, &state,
 				struct tstream_npa_connect_state);
@@ -84,7 +89,8 @@ struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
 
 	state->unix_path = talloc_asprintf(state, "%s/%s",
 					   directory,
-					   npipe);
+					   lower_case_npipe);
+	talloc_free(lower_case_npipe);
 	if (tevent_req_nomem(state->unix_path, req)) {
 		goto post;
 	}
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 4fabbdd..a52dab9 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -214,10 +214,10 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 		return NT_STATUS_LOGON_FAILURE;
 
 	DEBUG(3, ("check_ntlm_password:  Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", 
-		  user_info->client_domain, user_info->smb_name, user_info->workstation_name));
+		  user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
 
 	DEBUG(3, ("check_ntlm_password:  mapped user is: [%s]\\[%s]@[%s]\n", 
-		  user_info->domain, user_info->internal_username, user_info->workstation_name));
+		  user_info->mapped.domain_name, user_info->mapped.account_name, user_info->workstation_name));
 
 	if (auth_context->challenge.length != 8) {
 		DEBUG(0, ("check_ntlm_password:  Invalid challenge stored for this auth context - cannot continue\n"));
@@ -241,14 +241,14 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 #endif
 
 	/* This needs to be sorted:  If it doesn't match, what should we do? */
-  	if (!check_domain_match(user_info->smb_name, user_info->domain))
+	if (!check_domain_match(user_info->client.account_name, user_info->mapped.domain_name))
 		return NT_STATUS_LOGON_FAILURE;
 
 	for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
 		NTSTATUS result;
 
-		mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name, 
-					    user_info->domain, user_info->smb_name);
+		mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
+					    user_info->mapped.domain_name, user_info->client.account_name);
 
 		result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
 
@@ -263,10 +263,10 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 
 		if (NT_STATUS_IS_OK(nt_status)) {
 			DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] succeeded\n", 
-				  auth_method->name, user_info->smb_name));
+				  auth_method->name, user_info->client.account_name));
 		} else {
 			DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n", 
-				  auth_method->name, user_info->smb_name, nt_errstr(nt_status)));
+				  auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
 		}
 
 		talloc_destroy(mem_ctx);
@@ -298,10 +298,10 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 
 		if (NT_STATUS_IS_OK(nt_status)) {
 			DEBUG((*server_info)->guest ? 5 : 2, 
-			      ("check_ntlm_password:  %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n", 
-			       (*server_info)->guest ? "guest " : "", 
-			       user_info->smb_name, 
-			       user_info->internal_username, 
+			      ("check_ntlm_password:  %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
+			       (*server_info)->guest ? "guest " : "",
+			       user_info->client.account_name,
+			       user_info->mapped.account_name,
 			       unix_username));
 		}
 
@@ -310,10 +310,10 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 
 	/* failed authentication; check for guest lapping */
 
-	DEBUG(2, ("check_ntlm_password:  Authentication for user [%s] -> [%s] FAILED with error %s\n", 
-		  user_info->smb_name, user_info->internal_username, 
+	DEBUG(2, ("check_ntlm_password:  Authentication for user [%s] -> [%s] FAILED with error %s\n",
+		  user_info->client.account_name, user_info->mapped.account_name,
 		  nt_errstr(nt_status)));
-	ZERO_STRUCTP(server_info); 
+	ZERO_STRUCTP(server_info);
 
 	return nt_status;
 }
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index 9e8fec9..bf6d701 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -40,10 +40,10 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context,
 	/* mark this as 'not for me' */
 	NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
-	if (!(user_info->internal_username 
-	      && *user_info->internal_username)) {
+	if (!(user_info->mapped.account_name
+	      && *user_info->mapped.account_name)) {
 		nt_status = make_server_info_guest(NULL, server_info);
 	}
 
@@ -91,9 +91,9 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_
 	fstring user;
 	long error_num;
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
-	fstrcpy(user, user_info->smb_name);
+	fstrcpy(user, user_info->client.account_name);
 
 	if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) {
 		strupper_m(user);
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 9d63e59..f25fb4a 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -308,8 +308,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 						      mem_ctx,
 						      user_info->logon_parameters,/* flags such as 'allow workstation logon' */ 
 						      dc_name,                    /* server name */
-						      user_info->smb_name,        /* user name logging on. */
-						      user_info->client_domain,   /* domain name */
+						      user_info->client.account_name,        /* user name logging on. */
+						      user_info->client.domain_name,   /* domain name */
 						      user_info->workstation_name,/* workstation name */
 						      chal,                       /* 8 byte challenge. */
 						      user_info->lm_resp,         /* lanman 24 byte response */
@@ -324,8 +324,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0,("domain_client_validate: unable to validate password "
                          "for user %s in domain %s to Domain controller %s. "
-                         "Error was %s.\n", user_info->smb_name,
-                         user_info->client_domain, dc_name, 
+                         "Error was %s.\n", user_info->client.account_name,
+                         user_info->client.domain_name, dc_name,
                          nt_errstr(nt_status)));
 
 		/* map to something more useful */
@@ -334,7 +334,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 		}
 	} else {
 		nt_status = make_server_info_info3(mem_ctx,
-						user_info->smb_name,
+						user_info->client.account_name,
 						domain,
 						server_info,
 						info3);
@@ -355,7 +355,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 			}
 		}
 
-		netsamlogon_cache_store(user_info->smb_name, info3);
+		netsamlogon_cache_store(user_info->client.account_name, info3);
 		TALLOC_FREE(info3);
 	}
 
@@ -393,7 +393,7 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
 	/* 
 	 * Check that the requested domain is not our own machine name.
@@ -401,7 +401,7 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
 	 * password file.
 	 */
 
-	if(strequal(get_global_sam_name(), user_info->domain)) {
+	if(strequal(get_global_sam_name(), user_info->mapped.domain_name)) {
 		DEBUG(3,("check_ntdomain_security: Requested domain was for this machine.\n"));
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
@@ -410,7 +410,7 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
 
 	if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) {
 		DEBUG(5,("check_ntdomain_security: unable to locate a DC for domain %s\n",
-			user_info->domain));
+			user_info->mapped.domain_name));
 		return NT_STATUS_NO_LOGON_SERVERS;
 	}
 
@@ -463,15 +463,15 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
 	/* 
 	 * Check that the requested domain is not our own machine name or domain name.
 	 */
 
-	if( strequal(get_global_sam_name(), user_info->domain)) {
+	if( strequal(get_global_sam_name(), user_info->mapped.domain_name)) {
 		DEBUG(3,("check_trustdomain_security: Requested domain [%s] was for this machine.\n",
-			user_info->domain));
+			user_info->mapped.domain_name));
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
@@ -480,7 +480,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
 	   The logic is that if we know nothing about the domain, that
 	   user is not known to us and does not exist */
 
-	if ( !is_trusted_domain( user_info->domain ) )
+	if ( !is_trusted_domain( user_info->mapped.domain_name ) )
 		return NT_STATUS_NOT_IMPLEMENTED;
 
 	/*
@@ -488,16 +488,16 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
 	 * No need to become_root() as secrets_init() is done at startup.
 	 */
 
-	if (!pdb_get_trusteddom_pw(user_info->domain, &trust_password,
+	if (!pdb_get_trusteddom_pw(user_info->mapped.domain_name, &trust_password,
 				   NULL, NULL)) {
 		DEBUG(0, ("check_trustdomain_security: could not fetch trust "
 			  "account password for domain %s\n",
-			  user_info->domain));
+			  user_info->mapped.domain_name));
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	}
 
 #ifdef DEBUG_PASSWORD
-	DEBUG(100, ("Trust password for domain %s is %s\n", user_info->domain,
+	DEBUG(100, ("Trust password for domain %s is %s\n", user_info->mapped.domain_name,
 		    trust_password));
 #endif
 	E_md4hash(trust_password, trust_md4_password);
@@ -514,15 +514,15 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
 	/* use get_dc_name() for consistency even through we know that it will be 
 	   a netbios name */
 
-	if ( !get_dc_name(user_info->domain, NULL, dc_name, &dc_ss) ) {
+	if ( !get_dc_name(user_info->mapped.domain_name, NULL, dc_name, &dc_ss) ) {
 		DEBUG(5,("check_trustdomain_security: unable to locate a DC for domain %s\n",
-			user_info->domain));
+			user_info->mapped.domain_name));
 		return NT_STATUS_NO_LOGON_SERVERS;
 	}
 
 	nt_status = domain_client_validate(mem_ctx,
 					user_info,
-					user_info->domain,
+					user_info->mapped.domain_name,
 					(uchar *)auth_context->challenge.data,
 					server_info,
 					dc_name,
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index 28ef933..6bd7c3d 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -83,8 +83,8 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
 		user_info->logon_parameters,           /* flags such as 'allow
 					                * workstation logon' */
 		global_myname(),                       /* server name */
-		user_info->smb_name,                   /* user name logging on. */
-		user_info->client_domain,              /* domain name */
+		user_info->client.account_name,                   /* user name logging on. */
+		user_info->client.domain_name,              /* domain name */
 		user_info->workstation_name,           /* workstation name */
 		(uchar *)auth_context->challenge.data, /* 8 byte challenge. */
 		user_info->lm_resp,                    /* lanman 24 byte response */
@@ -170,7 +170,7 @@ static NTSTATUS check_netlogond_security(const struct auth_context *auth_context
 	struct named_mutex *mutex = NULL;
 	const char *ncalrpcsock;
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
 	ncalrpcsock = lp_parm_const_string(
 		GLOBAL_SECTION_SNUM, "auth_netlogond", "socket", NULL);
@@ -281,8 +281,8 @@ static NTSTATUS check_netlogond_security(const struct auth_context *auth_context
 
  okay:
 
-	status = make_server_info_info3(mem_ctx, user_info->smb_name,
-					user_info->domain, server_info,
+	status = make_server_info_info3(mem_ctx, user_info->client.account_name,
+					user_info->mapped.domain_name, server_info,
 					info3);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("make_server_info_info3 failed: %s\n",
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index e0e0003..7184fa6 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -74,8 +74,19 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
 	return auth_ntlmssp_state->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
 }
 
-struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
-							  struct auth_ntlmssp_state *auth_ntlmssp_state)
+void auth_ntlmssp_want_sign(struct auth_ntlmssp_state *auth_ntlmssp_state)
+{
+
+}
+
+void auth_ntlmssp_want_seal(struct auth_ntlmssp_state *auth_ntlmssp_state)
+{
+
+}
+
+NTSTATUS auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
+				  struct auth_ntlmssp_state *auth_ntlmssp_state,
+				  struct auth_serversupplied_info **_server_info)
 {
 	struct auth_serversupplied_info *server_info = auth_ntlmssp_state->server_info;
 	data_blob_free(&server_info->user_session_key);
@@ -85,10 +96,11 @@ struct auth_serversupplied_info *auth_ntlmssp_server_info(TALLOC_CTX *mem_ctx,
 			auth_ntlmssp_state->ntlmssp_state->session_key.data,
 			auth_ntlmssp_state->ntlmssp_state->session_key.length);
 	if (auth_ntlmssp_state->ntlmssp_state->session_key.length && !server_info->user_session_key.data) {
-		return NULL;
+		return NT_STATUS_NO_MEMORY;
 	}
 	auth_ntlmssp_state->server_info = NULL;
-	return talloc_steal(mem_ctx, server_info);
+	*_server_info = talloc_steal(mem_ctx, server_info);
+	return NT_STATUS_OK;
 }
 
 struct ntlmssp_state *auth_ntlmssp_get_ntlmssp_state(struct auth_ntlmssp_state *auth_ntlmssp_state)
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 324295f..ffbe5b4 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -72,10 +72,10 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context,
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
-	is_local_name = is_myname(user_info->domain);
-	is_my_domain  = strequal(user_info->domain, lp_workgroup());
+	is_local_name = is_myname(user_info->mapped.domain_name);
+	is_my_domain  = strequal(user_info->mapped.domain_name, lp_workgroup());
 
 	/* check whether or not we service this domain/workgroup name */
 
@@ -84,7 +84,7 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context,
 		case ROLE_DOMAIN_MEMBER:
 			if ( !is_local_name ) {
 				DEBUG(6,("check_samstrict_security: %s is not one of my local names (%s)\n",
-					user_info->domain, (lp_server_role() == ROLE_DOMAIN_MEMBER 
+					user_info->mapped.domain_name, (lp_server_role() == ROLE_DOMAIN_MEMBER
 					? "ROLE_DOMAIN_MEMBER" : "ROLE_STANDALONE") ));
 				return NT_STATUS_NOT_IMPLEMENTED;
 			}
@@ -92,7 +92,7 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context,
 		case ROLE_DOMAIN_BDC:
 			if ( !is_local_name && !is_my_domain ) {
 				DEBUG(6,("check_samstrict_security: %s is not one of my local names or domain name (DC)\n",
-					user_info->domain));
+					user_info->mapped.domain_name));
 				return NT_STATUS_NOT_IMPLEMENTED;
 			}
 		default: /* name is ok */
diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c
index 81c80eb..2b83f80 100644
--- a/source3/auth/auth_script.c
+++ b/source3/auth/auth_script.c
@@ -62,8 +62,8 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
 		return NT_STATUS_INVALID_PARAMETER;
 	}		
 
-	secret_str_len = strlen(user_info->domain) + 1 +
-			strlen(user_info->smb_name) + 1 +
+	secret_str_len = strlen(user_info->mapped.domain_name) + 1 +
+			strlen(user_info->client.account_name) + 1 +
 			16 + 1 + /* 8 bytes of challenge going to 16 */
 			48 + 1 + /* 24 bytes of challenge going to 48 */
 			48 + 1;
@@ -73,9 +73,9 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	safe_strcpy( secret_str, user_info->domain, secret_str_len - 1);
+	safe_strcpy( secret_str, user_info->mapped.domain_name, secret_str_len - 1);
 	safe_strcat( secret_str, "\n", secret_str_len - 1);
-	safe_strcat( secret_str, user_info->smb_name, secret_str_len - 1);
+	safe_strcat( secret_str, user_info->client.account_name, secret_str_len - 1);
 	safe_strcat( secret_str, "\n", secret_str_len - 1);
 
 	for (i = 0; i < 8; i++) {
@@ -109,7 +109,7 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co
 
 	if (ret) {
 		DEBUG(1,("script_check_user_credentials: failed to authenticate %s\\%s\n",
-			user_info->domain, user_info->smb_name ));
+			user_info->mapped.domain_name, user_info->client.account_name ));
 		/* auth failed. */
 		return NT_STATUS_NO_SUCH_USER;
 	}
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 35b7fe6..c4d02e2 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -281,7 +281,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
 	NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
 	bool locally_made_cli = False;
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
 	cli = state->cli;
 
@@ -348,7 +348,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
 						      sizeof(badpass), 
 						      (char *)badpass,
 						      sizeof(badpass),
-						      user_info->domain))) {
+						      user_info->mapped.domain_name))) {
 
 			/*
 			 * We connected to the password server so we
@@ -395,19 +395,19 @@ use this machine as the password server.\n"));
 	if (!user_info->encrypted) {
 		/* Plaintext available */
 		nt_status = cli_session_setup(
-			cli, user_info->smb_name, 
-			(char *)user_info->plaintext_password.data, 
-			user_info->plaintext_password.length, 
-			NULL, 0, user_info->domain);
+			cli, user_info->client.account_name,
+			(char *)user_info->plaintext_password.data,
+			user_info->plaintext_password.length,
+			NULL, 0, user_info->mapped.domain_name);
 
 	} else {
 		nt_status = cli_session_setup(
-			cli, user_info->smb_name, 
+			cli, user_info->client.account_name,
 			(char *)user_info->lm_resp.data, 
 			user_info->lm_resp.length, 
 			(char *)user_info->nt_resp.data, 
 			user_info->nt_resp.length, 
-			user_info->domain);
+			user_info->mapped.domain_name);
 	}
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
@@ -427,7 +427,7 @@ use this machine as the password server.\n"));
 		fstring real_username;
 		struct passwd *pass;
 
-		if ( (pass = smb_getpwnam( NULL, user_info->internal_username, 
+		if ( (pass = smb_getpwnam( NULL, user_info->mapped.account_name,
 			real_username, True )) != NULL ) 
 		{
 			/* if a real user check pam account restrictions */
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index 2bc2b06..c94ec2f 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -91,15 +91,15 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
 	NTSTATUS nt_status;
 	struct passwd *pass = NULL;
 
-	DEBUG(10, ("Check auth for: [%s]\n", user_info->internal_username));
+	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
 	become_root();
-	pass = Get_Pwnam_alloc(talloc_tos(), user_info->internal_username);
+	pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
 
 	/** @todo This call assumes a ASCII password, no charset transformation is 
 	    done.  We may need to revisit this **/
 	nt_status = pass_check(pass,
-				pass ? pass->pw_name : user_info->internal_username, 
+				pass ? pass->pw_name : user_info->mapped.account_name,
 				(char *)user_info->plaintext_password.data,
 				user_info->plaintext_password.length-1,
 				lp_update_encrypted() ? 
diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c
index 7d46c85..05097ee 100644


-- 
Samba Shared Repository


More information about the samba-cvs mailing list