[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Feb 18 17:29:04 MST 2014
The branch, master has been updated
via 79e2725 s3-auth: Pass mem_ctx to do_map_to_guest_server_info().
via 4d792db s3-auth: Pass mem_ctx to auth_check_ntlm_password().
via 3dc7226 s3-auth: Pass mem_ctx to make_server_info_sam().
from 0d9bb86 build: find FILE_OFFSET_BITS via array
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 79e2725f339e7c5336b4053348c4266268de6ca3
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 18 13:52:49 2014 +0100
s3-auth: Pass mem_ctx to do_map_to_guest_server_info().
Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104
commit 4d792db03f18aa164b565c7fdc7b446c174fba28
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 18 10:19:57 2014 +0100
s3-auth: Pass mem_ctx to auth_check_ntlm_password().
Coverity-Id: 1168009
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
Signed-off-by: Andreas Schneider <asn at samba.org>
Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3dc72266005e87a291f5bf9847257e8c54314d39
Author: Andreas Schneider <asn at samba.org>
Date: Tue Feb 18 10:02:57 2014 +0100
s3-auth: Pass mem_ctx to make_server_info_sam().
Coverity-Id: 1168009
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
Signed-off-by: Andreas Schneider <asn at samba.org>
Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth.c | 50 +++++++++++++++---------
source3/auth/auth_ntlmssp.c | 13 ++++--
source3/auth/auth_util.c | 12 +++--
source3/auth/check_samsec.c | 2 +-
source3/auth/proto.h | 21 ++++++----
source3/auth/server_info_sam.c | 56 +++++++++++++++++---------
source3/auth/user_krb5.c | 12 +++--
source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++-
source3/torture/pdbtest.c | 5 ++-
9 files changed, 111 insertions(+), 66 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 0fc8b63..7718142 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -160,18 +160,19 @@ static bool check_domain_match(const char *user, const char *domain)
*
**/
-NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
+ const struct auth_context *auth_context,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **pserver_info)
{
/* if all the modules say 'not for me' this is reasonable */
NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
const char *unix_username;
auth_methods *auth_method;
- TALLOC_CTX *mem_ctx;
- if (!user_info || !auth_context || !server_info)
+ if (user_info == NULL || auth_context == NULL || pserver_info == NULL) {
return NT_STATUS_LOGON_FAILURE;
+ }
DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
@@ -205,17 +206,27 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
return NT_STATUS_LOGON_FAILURE;
for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
+ struct auth_serversupplied_info *server_info;
+ TALLOC_CTX *tmp_ctx;
NTSTATUS result;
- mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
- user_info->mapped.domain_name, user_info->client.account_name);
+ tmp_ctx = talloc_named(mem_ctx,
+ 0,
+ "%s authentication for user %s\\%s",
+ auth_method->name,
+ user_info->mapped.domain_name,
+ user_info->client.account_name);
- result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
+ result = auth_method->auth(auth_context,
+ auth_method->private_data,
+ tmp_ctx,
+ user_info,
+ &server_info);
/* check if the module did anything */
if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) {
DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name));
- talloc_destroy(mem_ctx);
+ TALLOC_FREE(tmp_ctx);
continue;
}
@@ -229,19 +240,20 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
}
- talloc_destroy(mem_ctx);
-
- if ( NT_STATUS_IS_OK(nt_status))
- {
- break;
+ if (NT_STATUS_IS_OK(nt_status)) {
+ *pserver_info = talloc_steal(mem_ctx, server_info);
+ TALLOC_FREE(tmp_ctx);
+ break;
}
+
+ TALLOC_FREE(tmp_ctx);
}
/* successful authentication */
if (NT_STATUS_IS_OK(nt_status)) {
- unix_username = (*server_info)->unix_name;
- if (!(*server_info)->guest) {
+ unix_username = (*pserver_info)->unix_name;
+ if (!(*pserver_info)->guest) {
const char *rhost;
if (tsocket_address_is_inet(user_info->remote_host, "ip")) {
@@ -270,9 +282,9 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
}
if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG((*server_info)->guest ? 5 : 2,
+ DEBUG((*pserver_info)->guest ? 5 : 2,
("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
- (*server_info)->guest ? "guest " : "",
+ (*pserver_info)->guest ? "guest " : "",
user_info->client.account_name,
user_info->mapped.account_name,
unix_username));
@@ -286,7 +298,7 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
user_info->client.account_name, user_info->mapped.account_name,
nt_errstr(nt_status)));
- ZERO_STRUCTP(server_info);
+ ZERO_STRUCTP(pserver_info);
return nt_status;
}
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index f99bd44..d4fe901 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -134,8 +134,10 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
mapped_user_info->flags = user_info->flags;
- nt_status = auth_check_ntlm_password(auth_context,
- mapped_user_info, &server_info);
+ nt_status = auth_check_ntlm_password(mem_ctx,
+ auth_context,
+ mapped_user_info,
+ &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
@@ -149,10 +151,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
free_user_info(&mapped_user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
- nt_status = do_map_to_guest_server_info(nt_status,
- &server_info,
+ nt_status = do_map_to_guest_server_info(mem_ctx,
+ nt_status,
user_info->client.account_name,
- user_info->client.domain_name);
+ user_info->client.domain_name,
+ &server_info);
*server_returned_info = talloc_steal(mem_ctx, server_info);
return nt_status;
}
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 2b6b13f..fb9e8c8 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1536,9 +1536,11 @@ bool is_trusted_domain(const char* dom_name)
on a logon error possibly map the error to success if "map to guest"
is set approriately
*/
-NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
- struct auth_serversupplied_info **server_info,
- const char *user, const char *domain)
+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
+ NTSTATUS status,
+ const char *user,
+ const char *domain,
+ struct auth_serversupplied_info **server_info)
{
user = user ? user : "";
domain = domain ? domain : "";
@@ -1548,13 +1550,13 @@ NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
(lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
DEBUG(3,("No such user %s [%s] - using guest account\n",
user, domain));
- return make_server_info_guest(NULL, server_info);
+ return make_server_info_guest(mem_ctx, server_info);
}
} else if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
DEBUG(3,("Registered username %s for guest access\n",
user));
- return make_server_info_guest(NULL, server_info);
+ return make_server_info_guest(mem_ctx, server_info);
}
}
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 7ed8cc2..b6cac60 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
}
become_root();
- nt_status = make_server_info_sam(server_info, sampass);
+ nt_status = make_server_info_sam(mem_ctx, sampass, server_info);
unbecome_root();
TALLOC_FREE(sampass);
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 7abca07..7b8959f 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -65,6 +65,8 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
* struct. When the return is other than NT_STATUS_OK the contents
* of that structure is undefined.
*
+ * @param mem_ctx The memory context to use to allocate server_info
+ *
* @param user_info Contains the user supplied components, including the passwords.
* Must be created with make_user_info() or one of its wrappers.
*
@@ -79,9 +81,9 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
* @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
*
**/
-
-NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
- const struct auth_usersupplied_info *user_info,
+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
+ const struct auth_context *auth_context,
+ const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info);
/* The following definitions come from auth/auth_builtin.c */
@@ -190,8 +192,9 @@ bool make_user_info_guest(const struct tsocket_address *remote_address,
struct auth_usersupplied_info **user_info);
struct samu;
-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
- struct samu *sampass);
+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
+ struct samu *sampass,
+ struct auth_serversupplied_info **pserver_info);
NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
const struct auth_serversupplied_info *server_info,
DATA_BLOB *session_key,
@@ -261,9 +264,11 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
enum auth_password_state password_state);
void free_user_info(struct auth_usersupplied_info **user_info);
-NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
- struct auth_serversupplied_info **server_info,
- const char *user, const char *domain);
+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
+ NTSTATUS status,
+ const char *user,
+ const char *domain,
+ struct auth_serversupplied_info **server_info);
/* The following definitions come from auth/auth_winbind.c */
diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
index 5d657f9..47087b1 100644
--- a/source3/auth/server_info_sam.c
+++ b/source3/auth/server_info_sam.c
@@ -58,39 +58,51 @@ static bool is_our_machine_account(const char *username)
Make (and fill) a user_info struct from a struct samu
***************************************************************************/
-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
- struct samu *sampass)
+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
+ struct samu *sampass,
+ struct auth_serversupplied_info **pserver_info)
{
struct passwd *pwd;
- struct auth_serversupplied_info *result;
+ struct auth_serversupplied_info *server_info;
const char *username = pdb_get_username(sampass);
+ TALLOC_CTX *tmp_ctx;
NTSTATUS status;
- if ( !(result = make_server_info(NULL)) ) {
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
}
- if ( !(pwd = Get_Pwnam_alloc(result, username)) ) {
+ server_info = make_server_info(tmp_ctx);
+ if (server_info == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ pwd = Get_Pwnam_alloc(tmp_ctx, username);
+ if (pwd == NULL) {
DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
pdb_get_username(sampass)));
- TALLOC_FREE(result);
- return NT_STATUS_NO_SUCH_USER;
+ status = NT_STATUS_NO_SUCH_USER;
+ goto out;
}
- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(),
- &result->info3, &result->extra);
+ status = samu_to_SamInfo3(server_info,
+ sampass,
+ lp_netbios_name(),
+ &server_info->info3,
+ &server_info->extra);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
- return status;
+ goto out;
}
- result->unix_name = pwd->pw_name;
- /* Ensure that we keep pwd->pw_name, because we will free pwd below */
- talloc_steal(result, pwd->pw_name);
- result->utok.gid = pwd->pw_gid;
- result->utok.uid = pwd->pw_uid;
+ server_info->unix_name = talloc_strdup(server_info, pwd->pw_name);
+ if (server_info->unix_name == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
- TALLOC_FREE(pwd);
+ server_info->utok.gid = pwd->pw_gid;
+ server_info->utok.uid = pwd->pw_uid;
if (IS_DC && is_our_machine_account(username)) {
/*
@@ -110,9 +122,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
}
DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
- pdb_get_username(sampass), result->unix_name));
+ pdb_get_username(sampass), server_info->unix_name));
+
+ *pserver_info = talloc_steal(mem_ctx, server_info);
- *server_info = result;
+ status = NT_STATUS_OK;
+out:
+ talloc_free(tmp_ctx);
- return NT_STATUS_OK;
+ return status;
}
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 2650e27..6b8fad2 100644
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -223,9 +223,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
* SID consistency with ntlmssp session setup
*/
struct samu *sampass;
- /* The stupid make_server_info_XX functions here
- don't take a talloc context. */
- struct auth_serversupplied_info *tmp = NULL;
sampass = samu_new(talloc_tos());
if (sampass == NULL) {
@@ -235,14 +232,19 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
if (pdb_getsampwnam(sampass, username)) {
DEBUG(10, ("found user %s in passdb, calling "
"make_server_info_sam\n", username));
- status = make_server_info_sam(&tmp, sampass);
+ status = make_server_info_sam(mem_ctx,
+ sampass,
+ &server_info);
} else {
/*
* User not in passdb, make it up artificially
*/
DEBUG(10, ("didn't find user %s in passdb, calling "
"make_server_info_pw\n", username));
- status = make_server_info_pw(mem_ctx, username, pw, &tmp);
+ status = make_server_info_pw(mem_ctx,
+ username,
+ pw,
+ &server_info);
}
TALLOC_FREE(sampass);
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index e3e7a3e..f600f74 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1646,8 +1646,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
} /* end switch */
if ( NT_STATUS_IS_OK(status) ) {
- status = auth_check_ntlm_password(auth_context,
- user_info, &server_info);
+ status = auth_check_ntlm_password(p->mem_ctx,
+ auth_context,
+ user_info,
+ &server_info);
}
TALLOC_FREE(auth_context);
diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
index df2c326..990917f 100644
--- a/source3/torture/pdbtest.c
+++ b/source3/torture/pdbtest.c
@@ -304,7 +304,10 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry)
return False;
}
- status = auth_check_ntlm_password(auth_context, user_info, &server_info);
+ status = auth_check_ntlm_password(mem_ctx,
+ auth_context,
+ user_info,
+ &server_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to test authentication with auth module: %s\n", nt_errstr(status)));
--
Samba Shared Repository
More information about the samba-cvs
mailing list