[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Wed Sep 8 22:19:36 MDT 2010
The branch, master has been updated
via eedf476 s3: Remove "mem_ctx" from a few functions
via eaf7785 s3: Remove "mem_ctx" from wcache_save_creds()
via d38e1d1 s3: Remove "mem_ctx" from lookup_cached_name()
via c7d6e6f s3: Remove a nested if-statement
via 6f19165 s3: Fill in workstation in winbindd_pam_auth_crap_send
via f506871 s3: Fill in domain in winbindd_pam_auth_crap_send
via c2048db s3: Remove redundant flag checks
via 4e4228b s3: Remove unused arg "user_sid" from winbindd_store_creds
via 7372a50 s3: Remove unused winbindd_update_creds_by_sid
via a0de3fc s3: Remove unused winbindd_dual_show_sequence()
from bec9baf Don't rely on the underlying ACL modules to enforce share level security when setting ACLs, check at the call level as well.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit eedf476c248319efa2fcf552dc330b10423a1bb0
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 19:12:21 2010 -0700
s3: Remove "mem_ctx" from a few functions
commit eaf778593f7e56774913ec4348b1c59a9488676c
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 19:09:21 2010 -0700
s3: Remove "mem_ctx" from wcache_save_creds()
commit d38e1d13eab1a8d8aa8c660a40f6803aa62c3d68
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 19:03:15 2010 -0700
s3: Remove "mem_ctx" from lookup_cached_name()
commit c7d6e6f57174a684c5b84b31993b1d92311d4b80
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 19:01:11 2010 -0700
s3: Remove a nested if-statement
commit 6f1916524bb1f7d38130ba273e3bebe0c93f3a74
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 18:09:07 2010 -0700
s3: Fill in workstation in winbindd_pam_auth_crap_send
commit f50687153861efcbac2cbd281ab24141ea83167b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 18:07:31 2010 -0700
s3: Fill in domain in winbindd_pam_auth_crap_send
commit c2048db59d52051c045386a0075a11aea2f5bef7
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 17:56:55 2010 -0700
s3: Remove redundant flag checks
We're checking these in the parent already (winbindd_pam_auth_send and
winbindd_pam_auth_crap_send). No point in doing it in the child as well
commit 4e4228bd5d970350516162cc716ec2e083ead56f
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 16:58:21 2010 -0700
s3: Remove unused arg "user_sid" from winbindd_store_creds
All callers have passed in NULL
commit 7372a50a0333b362745c89b7f0c17f77db156dec
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 16:54:50 2010 -0700
s3: Remove unused winbindd_update_creds_by_sid
commit a0de3fc690d30a8fd4b0ebc1bc35670a8ba3109d
Author: Volker Lendecke <vl at samba.org>
Date: Wed Sep 8 10:04:53 2010 -0700
s3: Remove unused winbindd_dual_show_sequence()
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_cache.c | 4 +--
source3/winbindd/winbindd_creds.c | 27 +++-------------
source3/winbindd/winbindd_domain.c | 4 --
source3/winbindd/winbindd_misc.c | 19 -----------
source3/winbindd/winbindd_pam.c | 48 +++++------------------------
source3/winbindd/winbindd_pam_auth_crap.c | 6 +++
source3/winbindd/winbindd_proto.h | 16 +--------
7 files changed, 22 insertions(+), 102 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 5d12c2b..9c48c71 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1359,7 +1359,6 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
/* Store creds for a SID - only writes out new salted ones. */
NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
const uint8 nt_pass[NT_HASH_LEN])
{
@@ -3194,8 +3193,7 @@ bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
return NT_STATUS_IS_OK(status);
}
-bool lookup_cached_name(TALLOC_CTX *mem_ctx,
- const char *domain_name,
+bool lookup_cached_name(const char *domain_name,
const char *name,
struct dom_sid *sid,
enum lsa_SidType *type)
diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c
index 00b38e3..b1910b6 100644
--- a/source3/winbindd/winbindd_creds.c
+++ b/source3/winbindd/winbindd_creds.c
@@ -54,11 +54,9 @@ NTSTATUS winbindd_get_creds(struct winbindd_domain *domain,
NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const char *user,
const char *pass,
- struct netr_SamInfo3 *info3,
- const struct dom_sid *user_sid)
+ struct netr_SamInfo3 *info3)
{
NTSTATUS status;
uchar nt_pass[NT_HASH_LEN];
@@ -70,18 +68,13 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
info3->base.rid);
info3->base.user_flags |= NETLOGON_CACHED_ACCOUNT;
- } else if (user_sid != NULL) {
-
- sid_copy(&cred_sid, user_sid);
-
} else if (user != NULL) {
/* do lookup ourself */
enum lsa_SidType type;
- if (!lookup_cached_name(mem_ctx,
- domain->name,
+ if (!lookup_cached_name(domain->name,
user,
&cred_sid,
&type)) {
@@ -118,7 +111,7 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
dump_data_pw("nt_pass", nt_pass, NT_HASH_LEN);
- status = wcache_save_creds(domain, mem_ctx, &cred_sid, nt_pass);
+ status = wcache_save_creds(domain, &cred_sid, nt_pass);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -134,28 +127,18 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
}
NTSTATUS winbindd_update_creds_by_info3(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const char *user,
const char *pass,
struct netr_SamInfo3 *info3)
{
- return winbindd_store_creds(domain, mem_ctx, user, pass, info3, NULL);
-}
-
-NTSTATUS winbindd_update_creds_by_sid(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- const char *pass)
-{
- return winbindd_store_creds(domain, mem_ctx, NULL, pass, NULL, sid);
+ return winbindd_store_creds(domain, user, pass, info3);
}
NTSTATUS winbindd_update_creds_by_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const char *user,
const char *pass)
{
- return winbindd_store_creds(domain, mem_ctx, user, pass, NULL, NULL);
+ return winbindd_store_creds(domain, user, pass, NULL);
}
diff --git a/source3/winbindd/winbindd_domain.c b/source3/winbindd/winbindd_domain.c
index d82db19..cd33708 100644
--- a/source3/winbindd/winbindd_domain.c
+++ b/source3/winbindd/winbindd_domain.c
@@ -39,10 +39,6 @@ static const struct winbindd_child_dispatch_table domain_dispatch_table[] = {
.struct_cmd = WINBINDD_INIT_CONNECTION,
.struct_fn = winbindd_dual_init_connection,
},{
- .name = "SHOW_SEQUENCE",
- .struct_cmd = WINBINDD_SHOW_SEQUENCE,
- .struct_fn = winbindd_dual_show_sequence,
- },{
.name = "PAM_AUTH",
.struct_cmd = WINBINDD_PAM_AUTH,
.struct_fn = winbindd_dual_pam_auth,
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index e6be280..84e8c38 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -209,25 +209,6 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *
return WINBINDD_OK;
}
-/* This is the child-only version of --sequence. It only allows for a single
- * domain (ie "our" one) to be displayed. */
-
-enum winbindd_result winbindd_dual_show_sequence(struct winbindd_domain *domain,
- struct winbindd_cli_state *state)
-{
- DEBUG(3, ("[%5lu]: show sequence\n", (unsigned long)state->pid));
-
- /* Ensure null termination */
- state->request->domain_name[sizeof(state->request->domain_name)-1]='\0';
-
- domain->methods->sequence_number(domain, &domain->sequence_number);
-
- state->response->data.sequence_number =
- domain->sequence_number;
-
- return WINBINDD_OK;
-}
-
struct domain_info_state {
struct winbindd_domain *domain;
struct winbindd_cli_state *cli;
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 86d9e6d..e71e152 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -838,8 +838,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
parse_domain_user(state->request->data.auth.user, name_domain, name_user);
- if (!lookup_cached_name(state->mem_ctx,
- name_domain,
+ if (!lookup_cached_name(name_domain,
name_user,
&sid,
&type)) {
@@ -1005,7 +1004,6 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
my_info3->base.bad_password_count = 0;
result = winbindd_update_creds_by_info3(domain,
- state->mem_ctx,
state->request->data.auth.user,
state->request->data.auth.pass,
my_info3);
@@ -1053,7 +1051,6 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
failed:
result = winbindd_update_creds_by_info3(domain,
- state->mem_ctx,
state->request->data.auth.user,
NULL,
my_info3);
@@ -1429,11 +1426,6 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid,
state->request->data.auth.user));
- if (!check_request_flags(state->request->flags)) {
- result = NT_STATUS_INVALID_PARAMETER_MIX;
- goto done;
- }
-
/* Parse domain and username */
name_map_status = normalize_name_unmap(state->mem_ctx,
@@ -1617,18 +1609,15 @@ process_result:
goto done;
}
- if ((state->request->flags & WBFLAG_PAM_CACHED_LOGIN)) {
+ if ((state->request->flags & WBFLAG_PAM_CACHED_LOGIN)
+ && lp_winbind_offline_logon()) {
- if (lp_winbind_offline_logon()) {
- result = winbindd_store_creds(domain,
- state->mem_ctx,
+ result = winbindd_store_creds(domain,
state->request->data.auth.user,
state->request->data.auth.pass,
- info3, NULL);
- }
+ info3);
}
-
if (state->request->flags & WBFLAG_PAM_GET_PWD_POLICY) {
struct winbindd_domain *our_domain = find_our_domain();
@@ -1693,33 +1682,13 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
state->request->data.auth_crap.user[sizeof(state->request->data.auth_crap.user)-1]=0;
state->request->data.auth_crap.domain[sizeof(state->request->data.auth_crap.domain)-1]=0;
- if (!check_request_flags(state->request->flags)) {
- result = NT_STATUS_INVALID_PARAMETER_MIX;
- goto done;
- }
-
name_user = state->request->data.auth_crap.user;
-
- if (*state->request->data.auth_crap.domain) {
- name_domain = state->request->data.auth_crap.domain;
- } else if (lp_winbind_use_default_domain()) {
- name_domain = lp_workgroup();
- } else {
- DEBUG(5,("no domain specified with username (%s) - failing auth\n",
- name_user));
- result = NT_STATUS_NO_SUCH_USER;
- goto done;
- }
+ name_domain = state->request->data.auth_crap.domain;
+ workstation = state->request->data.auth_crap.workstation;
DEBUG(3, ("[%5lu]: pam auth crap domain: %s user: %s\n", (unsigned long)state->pid,
name_domain, name_user));
- if (*state->request->data.auth_crap.workstation) {
- workstation = state->request->data.auth_crap.workstation;
- } else {
- workstation = global_myname();
- }
-
if (state->request->data.auth_crap.lm_resp_len > sizeof(state->request->data.auth_crap.lm_resp)
|| state->request->data.auth_crap.nt_resp_len > sizeof(state->request->data.auth_crap.nt_resp)) {
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
@@ -1961,8 +1930,7 @@ done:
if (NT_STATUS_IS_OK(result) && (state->request->flags & WBFLAG_PAM_CACHED_LOGIN)) {
if (lp_winbind_offline_logon()) {
result = winbindd_update_creds_by_name(contact_domain,
- state->mem_ctx, user,
- newpass);
+ user, newpass);
/* Again, this happens when we login from gdm or xdm
* and the password expires, *BUT* cached crendentials
* doesn't exist. winbindd_update_creds_by_name()
diff --git a/source3/winbindd/winbindd_pam_auth_crap.c b/source3/winbindd/winbindd_pam_auth_crap.c
index dc2dc3e..d9f0273 100644
--- a/source3/winbindd/winbindd_pam_auth_crap.c
+++ b/source3/winbindd/winbindd_pam_auth_crap.c
@@ -78,6 +78,12 @@ struct tevent_req *winbindd_pam_auth_crap_send(
return tevent_req_post(req, ev);
}
+ fstrcpy(request->data.auth_crap.domain, domain->name);
+
+ if (request->data.auth_crap.workstation[0] == '\0') {
+ fstrcpy(request->data.auth_crap.workstation, global_myname());
+ }
+
subreq = wb_domain_request_send(state, winbind_event_context(), domain,
request);
if (tevent_req_nomem(subreq, req)) {
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index d9b8180..7d36be1 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -90,7 +90,6 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
const uint8 **cached_nt_pass,
const uint8 **cached_salt);
NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
const uint8 nt_pass[NT_HASH_LEN]);
void wcache_invalidate_samlogon(struct winbindd_domain *domain,
@@ -115,8 +114,7 @@ NTSTATUS wcache_lookup_groupmem(struct winbindd_domain *domain,
bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
char **domain_name, char **name,
enum lsa_SidType *type);
-bool lookup_cached_name(TALLOC_CTX *mem_ctx,
- const char *domain_name,
+bool lookup_cached_name(const char *domain_name,
const char *name,
struct dom_sid *sid,
enum lsa_SidType *type);
@@ -231,22 +229,14 @@ NTSTATUS winbindd_get_creds(struct winbindd_domain *domain,
const uint8 *cached_nt_pass[NT_HASH_LEN],
const uint8 *cred_salt[NT_HASH_LEN]);
NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const char *user,
const char *pass,
- struct netr_SamInfo3 *info3,
- const struct dom_sid *user_sid);
+ struct netr_SamInfo3 *info3);
NTSTATUS winbindd_update_creds_by_info3(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const char *user,
const char *pass,
struct netr_SamInfo3 *info3);
-NTSTATUS winbindd_update_creds_by_sid(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- const char *pass);
NTSTATUS winbindd_update_creds_by_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
const char *user,
const char *pass);
@@ -343,8 +333,6 @@ void winbindd_list_trusted_domains(struct winbindd_cli_state *state);
enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
struct winbindd_cli_state *state);
void winbindd_show_sequence(struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_show_sequence(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
void winbindd_domain_info(struct winbindd_cli_state *state);
void winbindd_ping(struct winbindd_cli_state *state);
void winbindd_info(struct winbindd_cli_state *state);
--
Samba Shared Repository
More information about the samba-cvs
mailing list