[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue May 15 05:57:03 MDT 2012
The branch, master has been updated
via 78af473 s3-auth: Rename to init_system_session_info().
via caaebb4 s3-auth: Don't lookup the system user in pdb.
from a66865d Use ENC_ values for proto_tree_add_item() calls.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 78af4738e7bd6f73469dd990d0f444a04afbc709
Author: Andreas Schneider <asn at samba.org>
Date: Mon May 14 10:37:59 2012 +0200
s3-auth: Rename to init_system_session_info().
Autobuild-User: Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date: Tue May 15 13:56:00 CEST 2012 on sn-devel-104
commit caaebb455cf955f66c2f662c53998c480cb2d6c9
Author: Andreas Schneider <asn at samba.org>
Date: Mon May 14 10:31:32 2012 +0200
s3-auth: Don't lookup the system user in pdb.
This fixes bug #8944, ldapsam:trusted and ipasam. It is an additional
fix for bug #8567 (0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9).
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_util.c | 101 ++++++++++++++++++++++++++++++++++++++++--
source3/auth/proto.h | 2 +-
source3/smbd/server.c | 2 +-
source3/winbindd/winbindd.c | 2 +-
4 files changed, 99 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 6075232..f270ccd 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -771,6 +771,44 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
return NT_STATUS_OK;
}
+static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
+ struct passwd *pwd,
+ struct netr_SamInfo3 *info3)
+{
+ struct dom_sid domain_sid;
+ const char *tmp;
+
+ /* Set account name */
+ tmp = talloc_strdup(mem_ctx, pwd->pw_name);
+ if (tmp == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ init_lsa_String(&info3->base.account_name, tmp);
+
+ /* Set domain name */
+ tmp = talloc_strdup(mem_ctx, get_global_sam_name());
+ if (tmp == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ init_lsa_StringLarge(&info3->base.logon_domain, tmp);
+
+ /* Domain sid */
+ sid_copy(&domain_sid, get_global_sam_sid());
+
+ info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid);
+ if (info3->base.domain_sid == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Admin rid */
+ info3->base.rid = DOMAIN_RID_ADMINISTRATOR;
+
+ /* Primary gid */
+ info3->base.primary_gid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM);
+
+ return NT_STATUS_OK;
+}
+
static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
struct netr_SamInfo3 *info3)
{
@@ -898,6 +936,60 @@ done:
it.
****************************************************************************/
+static NTSTATUS make_system_session_info_from_pw(TALLOC_CTX *mem_ctx,
+ struct passwd *pwd,
+ struct auth_session_info **session_info)
+{
+ struct auth_serversupplied_info *server_info;
+ const char *domain = lp_netbios_name();
+ struct netr_SamInfo3 info3;
+ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ZERO_STRUCT(info3);
+
+ status = get_system_info3(tmp_ctx, pwd, &info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed creating system info3 with %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ status = make_server_info_info3(tmp_ctx,
+ pwd->pw_name,
+ domain,
+ &server_info,
+ &info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("make_server_info_info3 failed with %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ server_info->nss_token = true;
+
+ /* Now turn the server_info into a session_info with the full token etc */
+ status = create_local_token(mem_ctx, server_info, NULL, pwd->pw_name, session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("create_local_token failed: %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ talloc_free(server_info);
+ talloc_steal(mem_ctx, *session_info);
+
+ status = NT_STATUS_OK;
+done:
+ TALLOC_FREE(tmp_ctx);
+ return status;
+}
+
static NTSTATUS make_session_info_from_pw(TALLOC_CTX *mem_ctx,
struct passwd *pwd,
bool is_guest,
@@ -937,10 +1029,9 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_SUCH_USER;
}
- status = make_session_info_from_pw(mem_ctx,
- pwd,
- false,
- session_info);
+ status = make_system_session_info_from_pw(mem_ctx,
+ pwd,
+ session_info);
TALLOC_FREE(pwd);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -1156,7 +1247,7 @@ NTSTATUS make_session_info_guest(TALLOC_CTX *mem_ctx,
static struct auth_session_info *system_info = NULL;
-NTSTATUS init_system_info(void)
+NTSTATUS init_system_session_info(void)
{
if (system_info != NULL)
return NT_STATUS_OK;
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index d383f38..a35a804 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -218,7 +218,7 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
const struct auth_session_info *src);
bool init_guest_info(void);
-NTSTATUS init_system_info(void);
+NTSTATUS init_system_session_info(void);
bool session_info_set_session_key(struct auth_session_info *info,
DATA_BLOB session_key);
NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 363203e..d6c7874 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1424,7 +1424,7 @@ extern void build_options(bool screen);
exit(1);
}
- status = init_system_info();
+ status = init_system_session_info();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
nt_errstr(status)));
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index a3b2142..22056e2 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1474,7 +1474,7 @@ int main(int argc, char **argv, char **envp)
winbindd_register_handlers(!Fork);
- status = init_system_info();
+ status = init_system_session_info();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
nt_errstr(status)));
--
Samba Shared Repository
More information about the samba-cvs
mailing list