[SCM] Samba Shared Repository - branch v3-6-test updated
Jeremy Allison
jra at samba.org
Tue Nov 9 17:38:49 MST 2010
The branch, v3-6-test has been updated
via 067b040 Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC
via db45088 Ensure we check the return from make_user_info before dereferencing the value returned by it.
via dc7a475 Remove fstring from map_username. Create a more sane interface than the called-parameter-is-modified.
from 9878988 s3: Quieten a bogus error message
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 067b0401e01112c9794684bf21b7c4a40971de9e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 9 16:39:24 2010 -0800
Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC
Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.
Jeremy.
commit db45088ebdd0922bbaa8bf3b277b752d6637cad1
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 9 13:24:03 2010 -0800
Ensure we check the return from make_user_info before dereferencing the value returned by it.
Jeremy.
(cherry picked from commit eb425e9597dc14729d9df697b7767286901f8d9f)
commit dc7a475e98ff2e81bdf3439cc22925034c51380e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Nov 9 16:32:45 2010 -0800
Remove fstring from map_username. Create a more sane interface than the called-parameter-is-modified.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_ntlmssp.c | 4 +-
source3/auth/auth_server.c | 16 ++++-
source3/auth/auth_util.c | 88 ++++++++++++++++++--------
source3/auth/user_util.c | 101 +++++++++++++++++++-----------
source3/include/proto.h | 12 ++--
source3/lib/dummysmbd.c | 2 +-
source3/lib/util_str.c | 4 +
source3/modules/vfs_xattr_tdb.c | 7 +-
source3/param/loadparm.c | 12 +---
source3/printing/nt_printing.c | 29 +++++----
source3/rpc_server/srv_samr_nt.c | 33 +++++++---
source3/rpc_server/srv_srvsvc_nt.c | 103 ++++++++++++++++++++----------
source3/smbd/lanman.c | 7 +-
source3/smbd/msdfs.c | 8 ++-
source3/smbd/password.c | 6 +-
source3/smbd/service.c | 121 ++++++++++++++++++++++++-----------
source3/smbd/sesssetup.c | 50 ++++++++++++---
source3/smbd/share_access.c | 2 +-
source3/smbd/smb2_sesssetup.c | 31 +++++++--
source3/smbd/smb2_tcon.c | 12 +++-
20 files changed, 436 insertions(+), 212 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index c212bb3..ac73814 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -133,12 +133,12 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
NULL, NULL, NULL,
True);
- user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
-
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
+ user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+
nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state->auth_context,
user_info, &auth_ntlmssp_state->server_info);
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 8f0f98b..4174f2f 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -424,12 +424,17 @@ use this machine as the password server.\n"));
cli_ulogoff(cli);
if (NT_STATUS_IS_OK(nt_status)) {
- fstring real_username;
- struct passwd *pass;
+ char *real_username = NULL;
+ struct passwd *pass = NULL;
- if ( (pass = smb_getpwnam( NULL, user_info->mapped.account_name,
- real_username, True )) != NULL )
+ if ( (pass = smb_getpwnam( talloc_tos(), user_info->mapped.account_name,
+ &real_username, True )) != NULL )
{
+ if (!real_username) {
+ nt_status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
/* if a real user check pam account restrictions */
/* only really perfomed if "obey pam restriction" is true */
nt_status = smb_pam_accountcheck(pass->pw_name);
@@ -440,6 +445,7 @@ use this machine as the password server.\n"));
nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
}
TALLOC_FREE(pass);
+ TALLOC_FREE(real_username);
}
else
{
@@ -447,6 +453,8 @@ use this machine as the password server.\n"));
}
}
+ out:
+
if (locally_made_cli) {
cli_shutdown(cli);
}
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 2fb488d..daf2734 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -94,9 +94,12 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
const char *domain;
NTSTATUS result;
bool was_mapped;
- fstring internal_username;
- fstrcpy(internal_username, smb_name);
- was_mapped = map_username(internal_username);
+ char *internal_username = NULL;
+
+ was_mapped = map_username(talloc_tos(), smb_name, &internal_username);
+ if (!internal_username) {
+ return NT_STATUS_NO_MEMORY;
+ }
DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n",
client_domain, smb_name, workstation_name));
@@ -904,27 +907,45 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
struct passwd **pwd,
bool *username_was_mapped)
{
- fstring dom_user, lower_username;
- fstring real_username;
+ char *orig_dom_user = NULL;
+ char *dom_user = NULL;
+ char *lower_username = NULL;
+ char *real_username = NULL;
struct passwd *passwd;
- fstrcpy( lower_username, username );
+ lower_username = talloc_strdup(mem_ctx, username);
+ if (!lower_username) {
+ return NT_STATUS_NO_MEMORY;
+ }
strlower_m( lower_username );
- fstr_sprintf(dom_user, "%s%c%s", domain, *lp_winbind_separator(),
- lower_username);
+ orig_dom_user = talloc_asprintf(mem_ctx,
+ "%s%c%s",
+ domain,
+ *lp_winbind_separator(),
+ lower_username);
+ if (!orig_dom_user) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* Get the passwd struct. Try to create the account if necessary. */
- *username_was_mapped = map_username(dom_user);
+ *username_was_mapped = map_username(mem_ctx, orig_dom_user, &dom_user);
+ if (!dom_user) {
+ return NT_STATUS_NO_MEMORY;
+ }
- passwd = smb_getpwnam( NULL, dom_user, real_username, True );
+ passwd = smb_getpwnam(mem_ctx, dom_user, &real_username, True );
if (!passwd) {
DEBUG(3, ("Failed to find authenticated user %s via "
"getpwnam(), denying access.\n", dom_user));
return NT_STATUS_NO_SUCH_USER;
}
+ if (!real_username) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
*pwd = passwd;
/* This is pointless -- there is no suport for differing
@@ -944,32 +965,33 @@ static NTSTATUS check_account(TALLOC_CTX *mem_ctx, const char *domain,
the username if we fallback to the username only.
****************************************************************************/
-struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
- fstring save_username, bool create )
+struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
+ char **p_save_username, bool create )
{
struct passwd *pw = NULL;
- char *p;
- fstring username;
+ char *p = NULL;
+ char *username = NULL;
/* we only save a copy of the username it has been mangled
by winbindd use default domain */
- save_username[0] = '\0';
+ *p_save_username = NULL;
/* don't call map_username() here since it has to be done higher
up the stack so we don't call it multiple times */
- fstrcpy( username, domuser );
+ username = talloc_strdup(mem_ctx, domuser);
+ if (!username) {
+ return NULL;
+ }
p = strchr_m( username, *lp_winbind_separator() );
/* code for a DOMAIN\user string */
if ( p ) {
- fstring strip_username;
-
pw = Get_Pwnam_alloc( mem_ctx, domuser );
- if ( pw ) {
+ if ( pw ) {
/* make sure we get the case of the username correct */
/* work around 'winbind use default domain = yes' */
@@ -980,12 +1002,20 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
*p = '\0';
domain = username;
- fstr_sprintf(save_username, "%s%c%s", domain, *lp_winbind_separator(), pw->pw_name);
+ *p_save_username = talloc_asprintf(mem_ctx,
+ "%s%c%s",
+ domain,
+ *lp_winbind_separator(),
+ pw->pw_name);
+ if (!*p_save_username) {
+ TALLOC_FREE(pw);
+ return NULL;
+ }
+ } else {
+ *p_save_username = talloc_strdup(mem_ctx, pw->pw_name);
}
- else
- fstrcpy( save_username, pw->pw_name );
- /* whew -- done! */
+ /* whew -- done! */
return pw;
}
@@ -993,8 +1023,10 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
/* remember that p and username are overlapping memory */
p++;
- fstrcpy( strip_username, p );
- fstrcpy( username, strip_username );
+ username = talloc_strdup(mem_ctx, p);
+ if (!username) {
+ return NULL;
+ }
}
/* just lookup a plain username */
@@ -1017,9 +1049,9 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
/* one last check for a valid passwd struct */
- if ( pw )
- fstrcpy( save_username, pw->pw_name );
-
+ if (pw) {
+ *p_save_username = talloc_strdup(mem_ctx, pw->pw_name);
+ }
return pw;
}
diff --git a/source3/auth/user_util.c b/source3/auth/user_util.c
index 3d7123c..9ae81fd 100644
--- a/source3/auth/user_util.c
+++ b/source3/auth/user_util.c
@@ -78,7 +78,9 @@ static char *skip_space(char *s)
return s;
}
-static bool fetch_map_from_gencache(fstring user)
+static bool fetch_map_from_gencache(TALLOC_CTX *ctx,
+ const char *user_in,
+ char **p_user_out)
{
char *key, *value;
bool found;
@@ -87,8 +89,8 @@ static bool fetch_map_from_gencache(fstring user)
return false;
}
- key = talloc_asprintf_strupper_m(talloc_tos(), "USERNAME_MAP/%s",
- user);
+ key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
+ user_in);
if (key == NULL) {
return false;
}
@@ -97,12 +99,15 @@ static bool fetch_map_from_gencache(fstring user)
if (!found) {
return false;
}
- fstrcpy(user, value);
- SAFE_FREE(value);
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, value);
+ if (!*p_user_out) {
+ return false;
+ }
return true;
}
-static void store_map_in_gencache(const char *from, const char *to)
+static void store_map_in_gencache(TALLOC_CTX *ctx, const char *from, const char *to)
{
char *key;
int cache_time = lp_username_map_cache_time();
@@ -111,7 +116,7 @@ static void store_map_in_gencache(const char *from, const char *to)
return;
}
- key = talloc_asprintf_strupper_m(talloc_tos(), "USERNAME_MAP/%s",
+ key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
from);
if (key == NULL) {
return;
@@ -125,11 +130,11 @@ static void store_map_in_gencache(const char *from, const char *to)
try lower case.
****************************************************************************/
-bool user_in_netgroup(const char *user, const char *ngname)
+bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname)
{
#ifdef HAVE_NETGROUP
static char *my_yp_domain = NULL;
- fstring lowercase_user;
+ char *lowercase_user = NULL;
if (my_yp_domain == NULL) {
yp_get_default_domain(&my_yp_domain);
@@ -152,7 +157,10 @@ bool user_in_netgroup(const char *user, const char *ngname)
* Ok, innetgr is case sensitive. Try once more with lowercase
* just in case. Attempt to fix #703. JRA.
*/
- fstrcpy(lowercase_user, user);
+ lowercase_user = talloc_strdup(ctx, user);
+ if (!lowercase_user) {
+ return false;
+ }
strlower_m(lowercase_user);
if (strcmp(user,lowercase_user) == 0) {
@@ -176,7 +184,7 @@ bool user_in_netgroup(const char *user, const char *ngname)
and netgroup lists.
****************************************************************************/
-bool user_in_list(const char *user,const char **list)
+bool user_in_list(TALLOC_CTX *ctx, const char *user,const char **list)
{
if (!list || !*list)
return False;
@@ -204,7 +212,7 @@ bool user_in_list(const char *user,const char **list)
* Old behaviour. Check netgroup list
* followed by UNIX list.
*/
- if(user_in_netgroup(user, *list +1))
+ if(user_in_netgroup(ctx, user, *list +1))
return True;
if(user_in_group(user, *list +1))
return True;
@@ -216,7 +224,7 @@ bool user_in_list(const char *user,const char **list)
*/
if(user_in_group(user, *list +2))
return True;
- if(user_in_netgroup(user, *list +2))
+ if(user_in_netgroup(ctx, user, *list +2))
return True;
} else {
@@ -235,7 +243,7 @@ bool user_in_list(const char *user,const char **list)
/*
* Search netgroup list followed by UNIX list.
*/
- if(user_in_netgroup(user, *list +2))
+ if(user_in_netgroup(ctx, user, *list +2))
return True;
if(user_in_group(user, *list +2))
return True;
@@ -243,7 +251,7 @@ bool user_in_list(const char *user,const char **list)
/*
* Just search netgroup list.
*/
- if(user_in_netgroup(user, *list +1))
+ if(user_in_netgroup(ctx, user, *list +1))
return True;
}
}
@@ -253,7 +261,7 @@ bool user_in_list(const char *user,const char **list)
return(False);
}
-bool map_username(fstring user)
+bool map_username(TALLOC_CTX *ctx, const char *user_in, char **p_user_out)
{
XFILE *f;
char *mapfile = lp_username_map();
@@ -262,19 +270,28 @@ bool map_username(fstring user)
bool mapped_user = False;
char *cmd = lp_username_map_script();
- if (!*user)
+ *p_user_out = NULL;
+
+ if (!user_in)
+ return false;
+
+ /* Initially make a copy of the incoming name. */
+ *p_user_out = talloc_strdup(ctx, user_in);
+ if (!*p_user_out) {
return false;
+ }
- if (strequal(user,get_last_to()))
+ if (strequal(user_in,get_last_to()))
return false;
- if (strequal(user,get_last_from())) {
- DEBUG(3,("Mapped user %s to %s\n",user,get_last_to()));
- fstrcpy(user,get_last_to());
+ if (strequal(user_in,get_last_from())) {
+ DEBUG(3,("Mapped user %s to %s\n",user_in,get_last_to()));
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, get_last_to());
return true;
}
- if (fetch_map_from_gencache(user)) {
+ if (fetch_map_from_gencache(ctx, user_in, p_user_out)) {
return true;
}
@@ -285,10 +302,10 @@ bool map_username(fstring user)
char *command = NULL;
int numlines, ret, fd;
- command = talloc_asprintf(talloc_tos(),
+ command = talloc_asprintf(ctx,
"%s \"%s\"",
cmd,
- user);
+ user_in);
if (!command) {
return false;
}
@@ -306,17 +323,21 @@ bool map_username(fstring user)
}
numlines = 0;
- qlines = fd_lines_load(fd, &numlines, 0, talloc_tos());
+ qlines = fd_lines_load(fd, &numlines, 0, ctx);
DEBUGADD(10,("Lines returned = [%d]\n", numlines));
close(fd);
/* should be either no lines or a single line with the mapped username */
if (numlines && qlines) {
- DEBUG(3,("Mapped user %s to %s\n", user, qlines[0] ));
- set_last_from_to(user, qlines[0]);
- store_map_in_gencache(user, qlines[0]);
- fstrcpy( user, qlines[0] );
+ DEBUG(3,("Mapped user %s to %s\n", user_in, qlines[0] ));
+ set_last_from_to(user_in, qlines[0]);
+ store_map_in_gencache(ctx, user_in, qlines[0]);
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, qlines[0]);
+ if (!*p_user_out) {
+ return false;
+ }
}
TALLOC_FREE(qlines);
@@ -367,20 +388,26 @@ bool map_username(fstring user)
/* skip lines like 'user = ' */
- dosuserlist = str_list_make_v3(talloc_tos(), dosname, NULL);
+ dosuserlist = str_list_make_v3(ctx, dosname, NULL);
if (!dosuserlist) {
DEBUG(0,("Bad username map entry. Unable to build user list. Ignoring.\n"));
continue;
}
if (strchr_m(dosname,'*') ||
- user_in_list(user, (const char **)dosuserlist)) {
- DEBUG(3,("Mapped user %s to %s\n",user,unixname));
+ user_in_list(ctx, user_in, (const char **)dosuserlist)) {
+ DEBUG(3,("Mapped user %s to %s\n",user_in,unixname));
mapped_user = True;
- set_last_from_to(user, unixname);
- store_map_in_gencache(user, unixname);
- fstrcpy( user, unixname );
+ set_last_from_to(user_in, unixname);
+ store_map_in_gencache(ctx, user_in, unixname);
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, unixname);
+ if (!*p_user_out) {
+ TALLOC_FREE(dosuserlist);
+ x_fclose(f);
+ return false;
+ }
if ( return_if_mapped ) {
TALLOC_FREE(dosuserlist);
@@ -399,8 +426,8 @@ bool map_username(fstring user)
* that we don't scan the file again for the same user.
*/
- set_last_from_to(user, user);
- store_map_in_gencache(user, user);
+ set_last_from_to(user_in, user_in);
+ store_map_in_gencache(ctx, user_in, user_in);
return mapped_user;
}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 010c3d1..5272e96 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -142,8 +142,8 @@ NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
NTSTATUS make_server_info_system(TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info **server_info);
bool copy_current_user(struct current_user *dst, struct current_user *src);
-struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
- fstring save_username, bool create );
+struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
+ char **p_save_username, bool create );
NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
@@ -4828,7 +4828,7 @@ const struct mangle_fns *posix_mangle_init(void);
/* The following definitions come from smbd/map_username.c */
--
Samba Shared Repository
More information about the samba-cvs
mailing list