[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Fri Jan 28 15:39:03 MST 2011
The branch, master has been updated
via c52c753 s3: inline get_uid_from_state
via e099c91 s3: Lift winbindd_cli_state from fillup_password_policy
via fe516a3 s3: Do not use state->mem_ctx in fillup_password_policy
via 2d174d4 s3: Lift winbindd_cli_state from winbindd_dual_pam_auth_samlogon
via 5d4bfc9 s3: Lift winbindd_cli_state from winbindd_raw_kerberos_login
from f2900a8 We need to reply to SMB2_GETINFO_FILE with a class of SMB2_FILE_STANDARD_INFO on an IPC$ share.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c52c75338f91b9a4813b695110a621e5b7c21488
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jan 28 19:07:40 2011 +0100
s3: inline get_uid_from_state
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Fri Jan 28 23:38:16 CET 2011 on sn-devel-104
commit e099c91ef9ebdde09fb372d4a48a299f51cd919c
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jan 28 19:05:37 2011 +0100
s3: Lift winbindd_cli_state from fillup_password_policy
commit fe516a3fb76b389ba7dc70ec8c16522d8dc93d27
Author: Volker Lendecke <vl at samba.org>
Date: Fri Jan 28 19:04:04 2011 +0100
s3: Do not use state->mem_ctx in fillup_password_policy
commit 2d174d49cd34acccacae919ed6b207ec74f26296
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 11 11:54:18 2010 +0100
s3: Lift winbindd_cli_state from winbindd_dual_pam_auth_samlogon
commit 5d4bfc949bfecd8c738e0bde041f0e7b9c3b4247
Author: Volker Lendecke <vl at samba.org>
Date: Sat Dec 11 10:41:38 2010 +0100
s3: Lift winbindd_cli_state from winbindd_raw_kerberos_login
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 121 ++++++++++++++++++++++-----------------
1 files changed, 68 insertions(+), 53 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index bd3adc0..57a453e 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -388,27 +388,31 @@ static void fill_in_password_policy(struct winbindd_response *r,
}
static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
- struct winbindd_cli_state *state)
+ struct winbindd_response *response)
{
+ TALLOC_CTX *frame = talloc_stackframe();
struct winbindd_methods *methods;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ NTSTATUS status;
struct samr_DomInfo1 password_policy;
if ( !winbindd_can_contact_domain( domain ) ) {
DEBUG(5,("fillup_password_policy: No inbound trust to "
"contact domain %s\n", domain->name));
- return NT_STATUS_NOT_SUPPORTED;
+ status = NT_STATUS_NOT_SUPPORTED;
+ goto done;
}
methods = domain->methods;
- status = methods->password_policy(domain, state->mem_ctx, &password_policy);
+ status = methods->password_policy(domain, talloc_tos(), &password_policy);
if (NT_STATUS_IS_ERR(status)) {
- return status;
+ goto done;
}
- fill_in_password_policy(state->response, &password_policy);
+ fill_in_password_policy(response, &password_policy);
+done:
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
@@ -511,19 +515,19 @@ uid_t get_uid_from_request(struct winbindd_request *request)
return uid;
}
-static uid_t get_uid_from_state(struct winbindd_cli_state *state)
-{
- return get_uid_from_request(state->request);
-}
-
/**********************************************************************
Authenticate a user with a clear text password using Kerberos and fill up
ccache if required
**********************************************************************/
-static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
- struct winbindd_cli_state *state,
- struct netr_SamInfo3 **info3)
+static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ const char *user,
+ const char *pass,
+ const char *krb5_cc_type,
+ uid_t uid,
+ struct netr_SamInfo3 **info3,
+ fstring krb5ccname)
{
#ifdef HAVE_KRB5
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -535,7 +539,6 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
fstring name_domain, name_user;
time_t ticket_lifetime = 0;
time_t renewal_until = 0;
- uid_t uid = -1;
ADS_STRUCT *ads;
time_t time_offset = 0;
const char *user_ccache_file;
@@ -546,13 +549,12 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
/* 1st step:
* prepare a krb5_cc_cache string for the user */
- uid = get_uid_from_state(state);
if (uid == -1) {
DEBUG(0,("no valid uid\n"));
}
- cc = generate_krb5_ccache(state->mem_ctx,
- state->request->data.auth.krb5_cc_type,
+ cc = generate_krb5_ccache(mem_ctx,
+ krb5_cc_type,
uid,
&user_ccache_file);
if (cc == NULL) {
@@ -572,17 +574,17 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
/* 3rd step:
* do kerberos auth and setup ccache as the user */
- parse_domain_user(state->request->data.auth.user, name_domain, name_user);
+ parse_domain_user(user, name_domain, name_user);
realm = domain->alt_name;
strupper_m(realm);
- principal_s = talloc_asprintf(state->mem_ctx, "%s@%s", name_user, realm);
+ principal_s = talloc_asprintf(mem_ctx, "%s@%s", name_user, realm);
if (principal_s == NULL) {
return NT_STATUS_NO_MEMORY;
}
- service = talloc_asprintf(state->mem_ctx, "%s/%s@%s", KRB5_TGS_NAME, realm, realm);
+ service = talloc_asprintf(mem_ctx, "%s/%s@%s", KRB5_TGS_NAME, realm, realm);
if (service == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -597,9 +599,9 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
}
- result = kerberos_return_pac(state->mem_ctx,
+ result = kerberos_return_pac(mem_ctx,
principal_s,
- state->request->data.auth.pass,
+ pass,
time_offset,
&ticket_lifetime,
&renewal_until,
@@ -629,13 +631,12 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
if (user_ccache_file != NULL) {
- fstrcpy(state->response->data.auth.krb5ccname,
- user_ccache_file);
+ fstrcpy(krb5ccname, user_ccache_file);
result = add_ccache_to_list(principal_s,
cc,
service,
- state->request->data.auth.user,
+ user,
realm,
uid,
time(NULL),
@@ -676,10 +677,10 @@ failed:
"%s\n", error_message(krb5_ret)));
}
- if (!NT_STATUS_IS_OK(remove_ccache(state->request->data.auth.user))) {
+ if (!NT_STATUS_IS_OK(remove_ccache(user))) {
DEBUG(3,("winbindd_raw_kerberos_login: "
"could not remove ccache for user %s\n",
- state->request->data.auth.user));
+ user));
}
return result;
@@ -917,7 +918,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
const char *service = NULL;
const char *user_ccache_file;
- uid = get_uid_from_state(state);
+ uid = get_uid_from_request(state->request);
if (uid == -1) {
DEBUG(0,("winbindd_dual_pam_auth_cached: invalid uid\n"));
return NT_STATUS_INVALID_PARAMETER;
@@ -1089,7 +1090,13 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
return NT_STATUS_INVALID_LOGON_TYPE;
}
try_login:
- result = winbindd_raw_kerberos_login(contact_domain, state, info3);
+ result = winbindd_raw_kerberos_login(
+ state->mem_ctx, contact_domain,
+ state->request->data.auth.user,
+ state->request->data.auth.pass,
+ state->request->data.auth.krb5_cc_type,
+ get_uid_from_request(state->request),
+ info3, state->response->data.auth.krb5ccname);
done:
return result;
}
@@ -1242,8 +1249,11 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
return result;
}
-static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
- struct winbindd_cli_state *state,
+static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
+ struct winbindd_domain *domain,
+ const char *user,
+ const char *pass,
+ uint32_t request_flags,
struct netr_SamInfo3 **info3)
{
@@ -1261,7 +1271,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
/* Parse domain and username */
- parse_domain_user(state->request->data.auth.user, name_domain, name_user);
+ parse_domain_user(user, name_domain, name_user);
/* do password magic */
@@ -1276,10 +1286,11 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
machine. The 'server name' must match the
'workstation' passed to the actual SamLogon call.
*/
- names_blob = NTLMv2_generate_names_blob(state->mem_ctx, global_myname(), lp_workgroup());
+ names_blob = NTLMv2_generate_names_blob(
+ mem_ctx, global_myname(), lp_workgroup());
- if (!SMBNTLMv2encrypt(state->mem_ctx, name_user, name_domain,
- state->request->data.auth.pass,
+ if (!SMBNTLMv2encrypt(mem_ctx, name_user, name_domain,
+ pass,
&server_chal,
&names_blob,
&lm_resp, &nt_resp, NULL, NULL)) {
@@ -1291,12 +1302,9 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
data_blob_free(&names_blob);
} else {
lm_resp = data_blob_null;
- SMBNTencrypt(state->request->data.auth.pass,
- chal,
- local_nt_response);
+ SMBNTencrypt(pass, chal, local_nt_response);
- nt_resp = data_blob_talloc(state->mem_ctx,
- local_nt_response,
+ nt_resp = data_blob_talloc(mem_ctx, local_nt_response,
sizeof(local_nt_response));
}
@@ -1304,7 +1312,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
DATA_BLOB chal_blob = data_blob_const(chal, sizeof(chal));
result = winbindd_dual_auth_passdb(
- state->mem_ctx, name_domain, name_user,
+ mem_ctx, name_domain, name_user,
&chal_blob, &lm_resp, &nt_resp, info3);
goto done;
}
@@ -1312,7 +1320,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
/* check authentication loop */
result = winbind_samlogon_retry_loop(domain,
- state->mem_ctx,
+ mem_ctx,
0,
domain->dcname,
name_user,
@@ -1330,7 +1338,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
* the samlogon reply info3. When accurate info3 is required by the
* caller, we look up the account flags ourselve - gd */
- if ((state->request->flags & WBFLAG_PAM_INFO3_TEXT) &&
+ if ((request_flags & WBFLAG_PAM_INFO3_TEXT) &&
NT_STATUS_IS_OK(result) && (my_info3->base.acct_flags == 0)) {
struct rpc_pipe_client *samr_pipe;
@@ -1339,7 +1347,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
NTSTATUS status_tmp;
uint32 acct_flags;
- status_tmp = cm_connect_sam(domain, state->mem_ctx,
+ status_tmp = cm_connect_sam(domain, mem_ctx,
&samr_pipe, &samr_domain_handle);
if (!NT_STATUS_IS_OK(status_tmp)) {
@@ -1348,7 +1356,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
goto done;
}
- status_tmp = rpccli_samr_OpenUser(samr_pipe, state->mem_ctx,
+ status_tmp = rpccli_samr_OpenUser(samr_pipe, mem_ctx,
&samr_domain_handle,
MAXIMUM_ALLOWED_ACCESS,
my_info3->base.rid,
@@ -1360,7 +1368,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
goto done;
}
- status_tmp = rpccli_samr_QueryUserInfo(samr_pipe, state->mem_ctx,
+ status_tmp = rpccli_samr_QueryUserInfo(samr_pipe, mem_ctx,
&user_pol,
16,
&info);
@@ -1368,14 +1376,14 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(status_tmp)) {
DEBUG(3, ("could not query user info on SAMR pipe: %s\n",
nt_errstr(status_tmp)));
- rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
+ rpccli_samr_Close(samr_pipe, mem_ctx, &user_pol);
goto done;
}
acct_flags = info->info16.acct_flags;
if (acct_flags == 0) {
- rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
+ rpccli_samr_Close(samr_pipe, mem_ctx, &user_pol);
goto done;
}
@@ -1383,7 +1391,7 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
DEBUG(10,("successfully retrieved acct_flags 0x%x\n", acct_flags));
- rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
+ rpccli_samr_Close(samr_pipe, mem_ctx, &user_pol);
}
*info3 = my_info3;
@@ -1504,7 +1512,12 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
sam_logon:
/* Check for Samlogon authentication */
if (domain->online) {
- result = winbindd_dual_pam_auth_samlogon(domain, state, &info3);
+ result = winbindd_dual_pam_auth_samlogon(
+ state->mem_ctx, domain,
+ state->request->data.auth.user,
+ state->request->data.auth.pass,
+ state->request->flags,
+ &info3);
if (NT_STATUS_IS_OK(result)) {
DEBUG(10,("winbindd_dual_pam_auth_samlogon succeeded\n"));
@@ -1617,7 +1630,8 @@ process_result:
result = NT_STATUS_NOT_SUPPORTED;
if (our_domain == domain ) {
- result = fillup_password_policy(our_domain, state);
+ result = fillup_password_policy(
+ our_domain, state->response);
}
if (!NT_STATUS_IS_OK(result)
@@ -1893,7 +1907,8 @@ done:
NTSTATUS policy_ret;
- policy_ret = fillup_password_policy(contact_domain, state);
+ policy_ret = fillup_password_policy(
+ contact_domain, state->response);
/* failure of this is non critical, it will just provide no
* additional information to the client why the change has
--
Samba Shared Repository
More information about the samba-cvs
mailing list