[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Thu Feb 6 11:45:03 UTC 2020
The branch, master has been updated
via f705629a171 smbd: avoid double chdir() in chdir_current_service()
via 8bfa0d58671 s3/lib: RIP smb_user_name
via 92499287edb s3/auth: use set_current_user_info() in auth3_check_password_send()
via dc4b1e39ce1 s3/auth: use set_current_user_info() in auth3_generate_session_info_pac()
via 1484fb0c663 s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base()
via dbe7d13988d smbd: remove sub_set_smb_name()/reload_services()
via d1b2254f45e s4/auth: use talloc_alpha_strcpy() in auth_session_info_fill_unix()
via a6054e2b352 s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx()
via f8e218acd31 s3/lib: use talloc_alpha_strcpy() in sub_set_smb_name()
via e3cd8e46b3a s3/lib: use talloc_alpha_strcpy() in set_remote_machine_name()
via 1a8e6271c61 s3/lib: use talloc_alpha_strcpy() in set_local_machine_name()
via 2b230321da2 s3:auth: use talloc_alpha_strcpy() in auth3_session_info_create()
via 5e35d30b68d s3/auth: use talloc_alpha_strcpy() in create_local_token()
via 276d280d27e lib/util: add talloc_alpha_strcpy()
via e6e722abde8 smbd: setting current_user stuff here is redundant
from 52722746a5e wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f705629a171c1411131164f3adff36175154c093
Author: Ralph Boehme <slow at samba.org>
Date: Wed Jan 22 10:52:39 2020 +0100
smbd: avoid double chdir() in chdir_current_service()
Since 8e81090789e4cc3ba9e5aa792d4e52971909c894 we're doing chdir() twice, first
into conn->connectpath, then into conn->origpath.
Before commit 8e81090789e4cc3ba9e5aa792d4e52971909c894 if
chdir(conn->connectpath) succeeded, we wouldn't do the second chdir().
While at it, simplify the logging logic: if chdir() fails in this core function,
just always log is as error including the unix token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14256
RN: smbd does a chdir() twice per request
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 11:44:07 UTC 2020 on sn-devel-184
commit 8bfa0d58671e42509b5b4408ec4076cc4cb046f1
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jan 18 08:11:52 2020 +0100
s3/lib: RIP smb_user_name
This has been replaced in previous commits by consistently using
current_user_info.smb_name.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 92499287edb4b6b7eb4cb711597a08542361a1b5
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jan 18 08:09:22 2020 +0100
s3/auth: use set_current_user_info() in auth3_check_password_send()
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_user_info_map() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit dc4b1e39ce1f2201a2d6ae2d4cffef2448f69a62
Author: Ralph Boehme <slow at samba.org>
Date: Sat Jan 18 08:06:45 2020 +0100
s3/auth: use set_current_user_info() in auth3_generate_session_info_pac()
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_session_info_krb5() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1484fb0c6636308958f0d8d7c81429e0743f5cbd
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 21:56:27 2020 +0100
s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base()
Note that we're now sanitizing the username we got from the client, as we do
everywhere else.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit dbe7d13988d5eb88f13144def8f4d69f1259fef6
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 21:55:35 2020 +0100
smbd: remove sub_set_smb_name()/reload_services()
This means switching auth backend based on %U include, ie
passdb backend = tdbsam
include = smb.conf.%U
and smb.conf.SOMEUSER contains
passdb backend = smbpasswd
won't work anymore.
We're still calling set_current_user_info() and reload_services() later on
in this function, so everything else still works as before.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d1b2254f45ec6b4aa7dc846dd4b9be0b2f48d7a5
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:31:06 2020 +0100
s4/auth: use talloc_alpha_strcpy() in auth_session_info_fill_unix()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a6054e2b3523b51b379e3e311978912868c1d7fb
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:30:36 2020 +0100
s3/rpc_server: use talloc_alpha_strcpy() in _winreg_InitiateSystemShutdownEx()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f8e218acd31381e821da9bf6c8d3379225c35cb7
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:30:18 2020 +0100
s3/lib: use talloc_alpha_strcpy() in sub_set_smb_name()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e3cd8e46b3a32968a3d2c43ffb15daa57a068e55
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:30:01 2020 +0100
s3/lib: use talloc_alpha_strcpy() in set_remote_machine_name()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1a8e6271c61400565b665584edace2e7cce8eb84
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:28:54 2020 +0100
s3/lib: use talloc_alpha_strcpy() in set_local_machine_name()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2b230321da2a74c17fdbaf478f4963eca5d769a3
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:28:34 2020 +0100
s3:auth: use talloc_alpha_strcpy() in auth3_session_info_create()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5e35d30b68d071e50e71073f23b17c93715a7bc0
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:28:13 2020 +0100
s3/auth: use talloc_alpha_strcpy() in create_local_token()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 276d280d27e1bfa959da4d9f4e061dba87bb5dfc
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 19:15:22 2020 +0100
lib/util: add talloc_alpha_strcpy()
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e6e722abde82252b01e30691c0fe4aef579b3584
Author: Ralph Boehme <slow at samba.org>
Date: Fri Jan 17 14:42:22 2020 +0100
smbd: setting current_user stuff here is redundant
This is already handled by set_sec_ctx() below, we just have to pass in the
values instead of setting it here in this function before calling set_sec_ctx().
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/util/charset/charset.h | 3 +
lib/util/util_str_common.c | 22 ++++++
source3/auth/auth_generic.c | 14 ++--
source3/auth/auth_ntlmssp.c | 32 +++++++--
source3/auth/auth_util.c | 21 +++---
source3/lib/substitute.c | 102 +++-------------------------
source3/rpc_server/netlogon/srv_netlog_nt.c | 16 ++++-
source3/rpc_server/winreg/srv_winreg_nt.c | 11 ++-
source3/smbd/service.c | 67 ++++++++----------
source3/smbd/sesssetup.c | 4 --
source3/smbd/uid.c | 8 +--
source4/auth/unix_token.c | 13 ++--
12 files changed, 134 insertions(+), 179 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h
index ff466c34bb9..ef7911a6254 100644
--- a/lib/util/charset/charset.h
+++ b/lib/util/charset/charset.h
@@ -112,6 +112,9 @@ size_t strlen_m(const char *s);
size_t strlen_m_term(const char *s);
size_t strlen_m_term_null(const char *s);
char *alpha_strcpy(char *dest, const char *src, const char *other_safe_chars, size_t maxlength);
+char *talloc_alpha_strcpy(TALLOC_CTX *mem_ctx,
+ const char *src,
+ const char *other_safe_chars);
void string_replace_m(char *s, char oldc, char newc);
bool strcsequal(const char *s1,const char *s2);
bool strequal_m(const char *s1, const char *s2);
diff --git a/lib/util/util_str_common.c b/lib/util/util_str_common.c
index 0933e183c80..1e93a46fbad 100644
--- a/lib/util/util_str_common.c
+++ b/lib/util/util_str_common.c
@@ -159,3 +159,25 @@ char *alpha_strcpy(char *dest,
return dest;
}
+
+char *talloc_alpha_strcpy(TALLOC_CTX *mem_ctx,
+ const char *src,
+ const char *other_safe_chars)
+{
+ char *dest = NULL;
+ size_t slen;
+
+ if (src == NULL) {
+ return NULL;
+ }
+
+ slen = strlen(src);
+
+ dest = talloc_zero_size(mem_ctx, slen + 1);
+ if (dest == NULL) {
+ return NULL;
+ }
+
+ alpha_strcpy(dest, src, other_safe_chars, slen + 1);
+ return dest;
+}
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 9243a0ba02d..0e9500ac08d 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -159,12 +159,6 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
}
}
- /* setup the string used by %U */
- sub_set_smb_name(username);
-
- /* reload services so that the new %U is taken into account */
- lp_load_with_shares(get_dyn_CONFIGFILE());
-
status = make_session_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw,
info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
@@ -176,6 +170,14 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
goto done;
}
+ /* setup the string used by %U */
+ set_current_user_info((*session_info)->unix_info->sanitized_username,
+ (*session_info)->unix_info->unix_name,
+ (*session_info)->info->domain_name);
+
+ /* reload services so that the new %U is taken into account */
+ lp_load_with_shares(get_dyn_CONFIGFILE());
+
DEBUG(5, (__location__ "OK: user: %s domain: %s client: %s\n",
ntuser, ntdomain, rhost));
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 3e39be30588..8d213f194cf 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -150,6 +150,7 @@ struct tevent_req *auth3_check_password_send(
auth4_context->private_data, struct auth_context);
struct auth_usersupplied_info *mapped_user_info = NULL;
struct auth_serversupplied_info *server_info = NULL;
+ char *sanitized_username = NULL;
NTSTATUS nt_status;
bool username_was_mapped;
@@ -169,12 +170,6 @@ struct tevent_req *auth3_check_password_send(
set_remote_machine_name(user_info->workstation_name, True);
- /* setup the string used by %U */
- /* sub_set_smb_name checks for weird internally */
- sub_set_smb_name(user_info->client.account_name);
-
- lp_load_with_shares(get_dyn_CONFIGFILE());
-
nt_status = make_user_info_map(talloc_tos(),
&mapped_user_info,
user_info->client.account_name,
@@ -196,6 +191,15 @@ struct tevent_req *auth3_check_password_send(
mapped_user_info->flags = user_info->flags;
+ sanitized_username = talloc_alpha_strcpy(
+ state,
+ user_info->client.account_name,
+ SAFE_NETBIOS_CHARS "$");
+ if (sanitized_username == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return tevent_req_post(req, ev);
+ }
+
nt_status = auth_check_ntlm_password(state,
auth_context,
mapped_user_info,
@@ -224,6 +228,15 @@ struct tevent_req *auth3_check_password_send(
&server_info);
if (!tevent_req_nterror(req, nt_status)) {
state->authoritative = 1;
+
+ /* setup the string used by %U */
+ set_current_user_info(
+ sanitized_username,
+ server_info->unix_name,
+ server_info->info3->base.logon_domain.string);
+
+ lp_load_with_shares(get_dyn_CONFIGFILE());
+
tevent_req_done(req);
}
state->server_info = server_info;
@@ -232,6 +245,13 @@ struct tevent_req *auth3_check_password_send(
server_info->nss_token |= username_was_mapped;
+ /* setup the string used by %U */
+ set_current_user_info(sanitized_username,
+ server_info->unix_name,
+ server_info->info3->base.logon_domain.string);
+
+ lp_load_with_shares(get_dyn_CONFIGFILE());
+
/* Clear out the session keys, and pass them to the caller.
* They will not be used in this form again - instead the
* NTLMSSP code will decide on the final correct session key,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 3e0fcea2410..9427c05f573 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -478,7 +478,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
struct dom_sid tmp_sid;
struct auth_session_info *session_info;
struct unixid *ids;
- fstring tmp;
/* Ensure we can't possible take a code path leading to a
* null defref. */
@@ -494,9 +493,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
}
/* This is a potentially untrusted username for use in %U */
- alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
session_info->unix_info->sanitized_username =
- talloc_strdup(session_info->unix_info, tmp);
+ talloc_alpha_strcpy(session_info->unix_info,
+ smb_username,
+ SAFE_NETBIOS_CHARS "$");
if (session_info->unix_info->sanitized_username == NULL) {
TALLOC_FREE(session_info);
return NT_STATUS_NO_MEMORY;
@@ -535,9 +535,14 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
}
/* This is a potentially untrusted username for use in %U */
- alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
session_info->unix_info->sanitized_username =
- talloc_strdup(session_info->unix_info, tmp);
+ talloc_alpha_strcpy(session_info->unix_info,
+ smb_username,
+ SAFE_NETBIOS_CHARS "$");
+ if (session_info->unix_info->sanitized_username == NULL) {
+ TALLOC_FREE(session_info);
+ return NT_STATUS_NO_MEMORY;
+ }
if (session_key) {
data_blob_free(&session_info->session_key);
@@ -767,7 +772,6 @@ NTSTATUS auth3_session_info_create(TALLOC_CTX *mem_ctx,
uint32_t num_gids = 0;
gid_t *gids = NULL;
struct dom_sid tmp_sid = { 0, };
- fstring tmp = { 0, };
NTSTATUS status;
size_t i;
bool ok;
@@ -1083,9 +1087,10 @@ NTSTATUS auth3_session_info_create(TALLOC_CTX *mem_ctx,
}
/* This is a potentially untrusted username for use in %U */
- alpha_strcpy(tmp, original_user_name, ". _-$", sizeof(tmp));
session_info->unix_info->sanitized_username =
- talloc_strdup(session_info->unix_info, tmp);
+ talloc_alpha_strcpy(session_info->unix_info,
+ original_user_name,
+ SAFE_NETBIOS_CHARS "$");
if (session_info->unix_info->sanitized_username == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index b5e08e0aa55..7d1e55f568b 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -44,7 +44,6 @@ bool set_local_machine_name(const char *local_name, bool perm)
{
static bool already_perm = false;
char *tmp_local_machine = NULL;
- size_t len;
if (already_perm) {
return true;
@@ -57,15 +56,12 @@ bool set_local_machine_name(const char *local_name, bool perm)
trim_char(tmp_local_machine,' ',' ');
TALLOC_FREE(local_machine);
- len = strlen(tmp_local_machine);
- local_machine = (char *)TALLOC_ZERO(NULL, len+1);
- if (!local_machine) {
- TALLOC_FREE(tmp_local_machine);
+ local_machine = talloc_alpha_strcpy(NULL,
+ tmp_local_machine,
+ SAFE_NETBIOS_CHARS);
+ if (local_machine == NULL) {
return false;
}
- /* alpha_strcpy includes the space for the terminating nul. */
- alpha_strcpy(local_machine,tmp_local_machine,
- SAFE_NETBIOS_CHARS,len+1);
if (!strlower_m(local_machine)) {
TALLOC_FREE(tmp_local_machine);
return false;
@@ -98,7 +94,6 @@ bool set_remote_machine_name(const char *remote_name, bool perm)
{
static bool already_perm = False;
char *tmp_remote_machine;
- size_t len;
if (already_perm) {
return true;
@@ -111,16 +106,12 @@ bool set_remote_machine_name(const char *remote_name, bool perm)
trim_char(tmp_remote_machine,' ',' ');
TALLOC_FREE(remote_machine);
- len = strlen(tmp_remote_machine);
- remote_machine = (char *)TALLOC_ZERO(NULL, len+1);
- if (!remote_machine) {
- TALLOC_FREE(tmp_remote_machine);
+ remote_machine = talloc_alpha_strcpy(NULL,
+ tmp_remote_machine,
+ SAFE_NETBIOS_CHARS);
+ if (remote_machine == NULL) {
return false;
}
-
- /* alpha_strcpy includes the space for the terminating nul. */
- alpha_strcpy(remote_machine,tmp_remote_machine,
- SAFE_NETBIOS_CHARS,len+1);
if (!strlower_m(remote_machine)) {
TALLOC_FREE(tmp_remote_machine);
return false;
@@ -137,69 +128,6 @@ const char *get_remote_machine_name(void)
return remote_machine ? remote_machine : "";
}
-/*******************************************************************
- Setup the string used by %U substitution.
-********************************************************************/
-
-static char *smb_user_name;
-
-void sub_set_smb_name(const char *name)
-{
- char *tmp;
- size_t len;
- bool is_machine_account = false;
-
- /* don't let anonymous logins override the name */
- if (!name || !*name) {
- return;
- }
-
- tmp = talloc_strdup(NULL, name);
- if (!tmp) {
- return;
- }
- trim_char(tmp, ' ', ' ');
- if (!strlower_m(tmp)) {
- TALLOC_FREE(tmp);
- return;
- }
-
- len = strlen(tmp);
-
- if (len == 0) {
- TALLOC_FREE(tmp);
- return;
- }
-
- /* long story but here goes....we have to allow usernames
- ending in '$' as they are valid machine account names.
- So check for a machine account and re-add the '$'
- at the end after the call to alpha_strcpy(). --jerry */
-
- if (tmp[len-1] == '$') {
- is_machine_account = True;
- }
-
- TALLOC_FREE(smb_user_name);
- smb_user_name = (char *)TALLOC_ZERO(NULL, len+1);
- if (!smb_user_name) {
- TALLOC_FREE(tmp);
- return;
- }
-
- /* alpha_strcpy includes the space for the terminating nul. */
- alpha_strcpy(smb_user_name, tmp,
- SAFE_NETBIOS_CHARS,
- len+1);
-
- TALLOC_FREE(tmp);
-
- if (is_machine_account) {
- len = strlen(smb_user_name);
- smb_user_name[len-1] = '$';
- }
-}
-
static char sub_peeraddr[INET6_ADDRSTRLEN];
static const char *sub_peername = NULL;
static char sub_sockaddr[INET6_ADDRSTRLEN];
@@ -232,11 +160,6 @@ void sub_set_socket_ids(const char *peeraddr, const char *peername,
strlcpy(sub_sockaddr, sockaddr, sizeof(sub_sockaddr));
}
-static const char *get_smb_user_name(void)
-{
- return smb_user_name ? smb_user_name : "";
-}
-
/*******************************************************************
Setup the strings used by substitutions. Called per packet. Ensure
%U name is set correctly also.
@@ -262,11 +185,6 @@ void set_current_user_info(const char *smb_name, const char *unix_name,
fstrcpy(current_user_info.unix_name, unix_name);
fstrcpy(current_user_info.domain, domain);
- /* The following is safe as current_user_info.smb_name
- * has already been sanitised in register_existing_vuid. */
-
- sub_set_smb_name(current_user_info.smb_name);
-
last_smb_name = smb_name;
last_unix_name = unix_name;
last_domain = domain;
@@ -278,10 +196,6 @@ void set_current_user_info(const char *smb_name, const char *unix_name,
const char *get_current_username(void)
{
- if (current_user_info.smb_name[0] == '\0' ) {
- return get_smb_user_name();
- }
-
return current_user_info.smb_name;
}
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index 52b17c10e61..3f1347a31ed 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1517,6 +1517,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
NTSTATUS status = NT_STATUS_OK;
union netr_LogonLevel *logon = r->in.logon;
const char *nt_username, *nt_domain, *nt_workstation;
+ char *sanitized_username = NULL;
struct auth_usersupplied_info *user_info = NULL;
struct auth_serversupplied_info *server_info = NULL;
struct auth_context *auth_context = NULL;
@@ -1603,8 +1604,6 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
} /* end switch */
DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
- fstrcpy(current_user_info.smb_name, nt_username);
- sub_set_smb_name(nt_username);
DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
r->in.validation_level, nt_username));
@@ -1745,6 +1744,19 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
return NT_STATUS_LOGON_FAILURE;
}
+ sanitized_username = talloc_alpha_strcpy(talloc_tos(),
+ nt_username,
+ SAFE_NETBIOS_CHARS "$");
+ if (sanitized_username == NULL) {
+ TALLOC_FREE(server_info);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ set_current_user_info(sanitized_username,
+ server_info->unix_name,
+ server_info->info3->base.logon_domain.string);
+ TALLOC_FREE(sanitized_username);
+
/* This is the point at which, if the login was successful, that
the SAM Local Security Authority should record that the user is
logged in to the domain. */
diff --git a/source3/rpc_server/winreg/srv_winreg_nt.c b/source3/rpc_server/winreg/srv_winreg_nt.c
index 6c3270d886a..05dc051e247 100644
--- a/source3/rpc_server/winreg/srv_winreg_nt.c
+++ b/source3/rpc_server/winreg/srv_winreg_nt.c
@@ -522,7 +522,6 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
char *shutdown_script = NULL;
- char *msg = NULL;
char *chkmsg = NULL;
fstring str_timeout;
fstring str_reason;
@@ -542,14 +541,12 @@ WERROR _winreg_InitiateSystemShutdownEx(struct pipes_struct *p,
/* pull the message string and perform necessary sanity checks on it */
if ( r->in.message && r->in.message->string ) {
- if ( (msg = talloc_strdup(p->mem_ctx, r->in.message->string )) == NULL ) {
+ chkmsg = talloc_alpha_strcpy(p->mem_ctx,
+ r->in.message->string,
+ NULL);
+ if (chkmsg == NULL) {
return WERR_NOT_ENOUGH_MEMORY;
}
- chkmsg = talloc_array(p->mem_ctx, char, strlen(msg)+1);
- if (!chkmsg) {
- return WERR_NOT_ENOUGH_MEMORY;
- }
- alpha_strcpy(chkmsg, msg, NULL, strlen(msg)+1);
}
fstr_sprintf(str_timeout, "%d", r->in.timeout);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 1abc23ad422..03125a30dad 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -146,55 +146,46 @@ bool chdir_current_service(connection_struct *conn)
const struct smb_filename origpath_fname = {
.base_name = conn->origpath,
};
+ int saved_errno = 0;
+ char *utok_str = NULL;
int ret;
conn->lastused_count++;
ret = vfs_ChDir(conn, &connectpath_fname);
- if (ret != 0) {
- int saved_errno = errno;
-
- if (saved_errno == EACCES) {
- char *str = utok_string(
- talloc_tos(),
- conn->session_info->unix_token);
- DBG_WARNING("vfs_ChDir(%s) got "
- "permission denied, current "
- "token: %s\n",
- conn->connectpath, str);
- TALLOC_FREE(str);
- } else {
- DBG_ERR("vfs_ChDir(%s) failed: "
- "%s!\n",
- conn->connectpath,
- strerror(saved_errno));
- }
+ if (ret == 0) {
+ return true;
+ }
+ saved_errno = errno;
+
+ utok_str = utok_string(talloc_tos(),
+ conn->session_info->unix_token);
+ if (utok_str == NULL) {
+ errno = saved_errno;
return false;
}
+ DBG_ERR("vfs_ChDir(%s) failed: %s. Current token: %s\n",
+ conn->connectpath,
+ strerror(saved_errno),
+ utok_str);
+
ret = vfs_ChDir(conn, &origpath_fname);
- if (ret != 0) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list