diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch')
-rw-r--r-- | meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch | 1448 |
1 files changed, 0 insertions, 1448 deletions
diff --git a/meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch b/meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch deleted file mode 100644 index 6c08cccc6c..0000000000 --- a/meta-networking/recipes-connectivity/samba/samba-4.1.12/01-fix-force-user-sec-ads.patch +++ /dev/null @@ -1,1448 +0,0 @@ -From 80f3551d4f594438dcc93dd82a7953c4a913badd Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@samba.org> -Date: Mon, 16 Dec 2013 12:57:20 +0100 -Subject: [PATCH 1/7] s3-lib: Add winbind_lookup_usersids(). - -Pair-Programmed-With: Guenther Deschner <gd@samba.org> -Signed-off-by: Guenther Deschner <gd@samba.org> -Signed-off-by: Andreas Schneider <asn@samba.org> -Reviewed-by: Andrew Bartlett <abartlet@samba.org> - -(cherry picked from commit 241e98d8ee099f9cc5feb835085b4abd2b1ee663) ---- - source3/lib/winbind_util.c | 34 +++++ - source3/lib/winbind_util.h | 4 + - source3/passdb/ABI/pdb-0.1.0.sigs | 311 ++++++++++++++++++++++++++++++++++++++ - source3/wscript_build | 2 +- - 4 files changed, 350 insertions(+), 1 deletion(-) - create mode 100644 source3/passdb/ABI/pdb-0.1.0.sigs - -diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c -index b458ebe..f62682b 100644 ---- a/source3/lib/winbind_util.c -+++ b/source3/lib/winbind_util.c -@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, - return true; - } - -+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, -+ const struct dom_sid *user_sid, -+ uint32_t *p_num_sids, -+ struct dom_sid **p_sids) -+{ -+ wbcErr ret; -+ struct wbcDomainSid dom_sid; -+ struct wbcDomainSid *sid_list = NULL; -+ uint32_t num_sids; -+ -+ memcpy(&dom_sid, user_sid, sizeof(dom_sid)); -+ -+ ret = wbcLookupUserSids(&dom_sid, -+ false, -+ &num_sids, -+ &sid_list); -+ if (ret != WBC_ERR_SUCCESS) { -+ return false; -+ } -+ -+ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids); -+ if (*p_sids == NULL) { -+ wbcFreeMemory(sid_list); -+ return false; -+ } -+ -+ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids); -+ -+ *p_num_sids = num_sids; -+ wbcFreeMemory(sid_list); -+ -+ return true; -+} -+ - #else /* WITH_WINBIND */ - - struct passwd * winbind_getpwnam(const char * name) -diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h -index 541bb95..abbc5a9 100644 ---- a/source3/lib/winbind_util.h -+++ b/source3/lib/winbind_util.h -@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx, - size_t num_members, - uint32_t **pp_alias_rids, - size_t *p_num_alias_rids); -+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx, -+ const struct dom_sid *user_sid, -+ uint32_t *p_num_sids, -+ struct dom_sid **p_sids); - - #endif /* __LIB__WINBIND_UTIL_H__ */ -diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/pdb-0.1.0.sigs -new file mode 100644 -index 0000000..f4de9c4 ---- /dev/null -+++ b/source3/passdb/ABI/pdb-0.1.0.sigs -@@ -0,0 +1,311 @@ -+PDB_secrets_clear_domain_protection: bool (const char *) -+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *) -+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *) -+PDB_secrets_mark_domain_protected: bool (const char *) -+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *) -+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *) -+account_policy_get: bool (enum pdb_policy_type, uint32_t *) -+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *) -+account_policy_get_desc: const char *(enum pdb_policy_type) -+account_policy_name_to_typenum: enum pdb_policy_type (const char *) -+account_policy_names_list: void (TALLOC_CTX *, const char ***, int *) -+account_policy_set: bool (enum pdb_policy_type, uint32_t) -+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *) -+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t) -+algorithmic_pdb_rid_is_user: bool (uint32_t) -+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t) -+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t) -+algorithmic_rid_base: int (void) -+builtin_domain_name: const char *(void) -+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *) -+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t) -+create_builtin_administrators: NTSTATUS (const struct dom_sid *) -+create_builtin_users: NTSTATUS (const struct dom_sid *) -+decode_account_policy_name: const char *(enum pdb_policy_type) -+get_account_pol_db: struct db_context *(void) -+get_account_policy_attr: const char *(enum pdb_policy_type) -+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *) -+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **) -+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *) -+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int) -+get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *) -+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *) -+gid_to_sid: void (struct dom_sid *, gid_t) -+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *) -+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int) -+grant_all_privileges: bool (const struct dom_sid *) -+grant_privilege_by_name: bool (const struct dom_sid *, const char *) -+grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) -+groupdb_tdb_init: const struct mapping_backend *(void) -+init_account_policy: bool (void) -+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool) -+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t) -+initialize_password_db: bool (bool, struct tevent_context *) -+is_dc_trusted_domain_situation: bool (const char *) -+is_privileged_sid: bool (const struct dom_sid *) -+local_password_change: NTSTATUS (const char *, int, const char *, char **, char **) -+login_cache_delentry: bool (const struct samu *) -+login_cache_init: bool (void) -+login_cache_read: bool (struct samu *, struct login_cache *) -+login_cache_shutdown: bool (void) -+login_cache_write: bool (const struct samu *, const struct login_cache *) -+lookup_builtin_name: bool (const char *, uint32_t *) -+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **) -+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *) -+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) -+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *) -+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) -+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **) -+lookup_unix_group_name: bool (const char *, struct dom_sid *) -+lookup_unix_user_name: bool (const char *, struct dom_sid *) -+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **) -+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **) -+make_pdb_method: NTSTATUS (struct pdb_methods **) -+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *) -+max_algorithmic_gid: gid_t (void) -+max_algorithmic_uid: uid_t (void) -+my_sam_name: const char *(void) -+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) -+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *) -+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) -+pdb_add_sam_account: NTSTATUS (struct samu *) -+pdb_build_fields_present: uint32_t (struct samu *) -+pdb_capabilities: uint32_t (void) -+pdb_copy_sam_account: bool (struct samu *, struct samu *) -+pdb_create_alias: NTSTATUS (const char *, uint32_t *) -+pdb_create_builtin: NTSTATUS (uint32_t) -+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t) -+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *) -+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *) -+pdb_decode_acct_ctrl: uint32_t (const char *) -+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) -+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) -+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) -+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *) -+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *) -+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *) -+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) -+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) -+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) -+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) -+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) -+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) -+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) -+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *) -+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) -+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *) -+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t) -+pdb_del_trusted_domain: NTSTATUS (const char *) -+pdb_del_trusteddom_pw: bool (const char *) -+pdb_delete_alias: NTSTATUS (const struct dom_sid *) -+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t) -+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid) -+pdb_delete_sam_account: NTSTATUS (struct samu *) -+pdb_delete_secret: NTSTATUS (const char *) -+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *) -+pdb_element_is_changed: bool (const struct samu *, enum pdb_elements) -+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements) -+pdb_encode_acct_ctrl: char *(uint32_t, size_t) -+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) -+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *) -+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool) -+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *) -+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *) -+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***) -+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) -+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***) -+pdb_find_backend_entry: struct pdb_init_function_entry *(const char *) -+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *) -+pdb_get_acct_ctrl: uint32_t (const struct samu *) -+pdb_get_acct_desc: const char *(const struct samu *) -+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) -+pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *) -+pdb_get_backends: const struct pdb_init_function_entry *(void) -+pdb_get_bad_password_count: uint16_t (const struct samu *) -+pdb_get_bad_password_time: time_t (const struct samu *) -+pdb_get_code_page: uint16_t (const struct samu *) -+pdb_get_comment: const char *(const struct samu *) -+pdb_get_country_code: uint16_t (const struct samu *) -+pdb_get_dir_drive: const char *(const struct samu *) -+pdb_get_domain: const char *(const struct samu *) -+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *) -+pdb_get_fullname: const char *(const struct samu *) -+pdb_get_group_rid: uint32_t (struct samu *) -+pdb_get_group_sid: const struct dom_sid *(struct samu *) -+pdb_get_homedir: const char *(const struct samu *) -+pdb_get_hours: const uint8_t *(const struct samu *) -+pdb_get_hours_len: uint32_t (const struct samu *) -+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements) -+pdb_get_kickoff_time: time_t (const struct samu *) -+pdb_get_lanman_passwd: const uint8_t *(const struct samu *) -+pdb_get_logoff_time: time_t (const struct samu *) -+pdb_get_logon_count: uint16_t (const struct samu *) -+pdb_get_logon_divs: uint16_t (const struct samu *) -+pdb_get_logon_script: const char *(const struct samu *) -+pdb_get_logon_time: time_t (const struct samu *) -+pdb_get_munged_dial: const char *(const struct samu *) -+pdb_get_nt_passwd: const uint8_t *(const struct samu *) -+pdb_get_nt_username: const char *(const struct samu *) -+pdb_get_pass_can_change: bool (const struct samu *) -+pdb_get_pass_can_change_time: time_t (const struct samu *) -+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *) -+pdb_get_pass_last_set_time: time_t (const struct samu *) -+pdb_get_pass_must_change_time: time_t (const struct samu *) -+pdb_get_plaintext_passwd: const char *(const struct samu *) -+pdb_get_profile_path: const char *(const struct samu *) -+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *) -+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **) -+pdb_get_seq_num: bool (time_t *) -+pdb_get_tevent_context: struct tevent_context *(void) -+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **) -+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **) -+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *) -+pdb_get_unknown_6: uint32_t (const struct samu *) -+pdb_get_user_rid: uint32_t (const struct samu *) -+pdb_get_user_sid: const struct dom_sid *(const struct samu *) -+pdb_get_username: const char *(const struct samu *) -+pdb_get_workstations: const char *(const struct samu *) -+pdb_getgrgid: bool (GROUP_MAP *, gid_t) -+pdb_getgrnam: bool (GROUP_MAP *, const char *) -+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid) -+pdb_gethexhours: bool (const char *, unsigned char *) -+pdb_gethexpwd: bool (const char *, unsigned char *) -+pdb_getsampwnam: bool (struct samu *, const char *) -+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *) -+pdb_gid_to_sid: bool (gid_t, struct dom_sid *) -+pdb_group_rid_to_gid: gid_t (uint32_t) -+pdb_increment_bad_password_count: bool (struct samu *) -+pdb_is_password_change_time_max: bool (time_t) -+pdb_is_responsible_for_builtin: bool (void) -+pdb_is_responsible_for_our_sam: bool (void) -+pdb_is_responsible_for_unix_groups: bool (void) -+pdb_is_responsible_for_unix_users: bool (void) -+pdb_is_responsible_for_wellknown: bool (void) -+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *) -+pdb_new_rid: bool (uint32_t *) -+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) -+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid) -+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool) -+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t) -+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *) -+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid) -+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *) -+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *) -+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *) -+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **) -+pdb_search_groups: struct pdb_search *(TALLOC_CTX *) -+pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_type) -+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t) -+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t) -+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state) -+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *) -+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state) -+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state) -+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state) -+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state) -+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state) -+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) -+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) -+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state) -+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state) -+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state) -+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state) -+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) -+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state) -+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state) -+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state) -+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state) -+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state) -+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_pass_can_change: bool (struct samu *, bool) -+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state) -+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state) -+pdb_set_plaintext_passwd: bool (struct samu *, const char *) -+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state) -+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *) -+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *) -+pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *) -+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *) -+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state) -+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **) -+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state) -+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state) -+pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state) -+pdb_sethexhours: void (char *, const unsigned char *) -+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t) -+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *) -+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *) -+pdb_uid_to_sid: bool (uid_t, struct dom_sid *) -+pdb_update_autolock_flag: bool (struct samu *, bool *) -+pdb_update_bad_password_count: bool (struct samu *, bool *) -+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *) -+pdb_update_login_attempts: NTSTATUS (struct samu *, bool) -+pdb_update_sam_account: NTSTATUS (struct samu *) -+privilege_create_account: NTSTATUS (const struct dom_sid *) -+privilege_delete_account: NTSTATUS (const struct dom_sid *) -+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *) -+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *) -+revoke_all_privileges: bool (const struct dom_sid *) -+revoke_privilege_by_name: bool (const struct dom_sid *, const char *) -+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *) -+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *) -+samu_new: struct samu *(TALLOC_CTX *) -+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *) -+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***) -+sid_check_is_builtin: bool (const struct dom_sid *) -+sid_check_is_for_passdb: bool (const struct dom_sid *) -+sid_check_is_in_builtin: bool (const struct dom_sid *) -+sid_check_is_in_unix_groups: bool (const struct dom_sid *) -+sid_check_is_in_unix_users: bool (const struct dom_sid *) -+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *) -+sid_check_is_unix_groups: bool (const struct dom_sid *) -+sid_check_is_unix_users: bool (const struct dom_sid *) -+sid_check_is_wellknown_builtin: bool (const struct dom_sid *) -+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **) -+sid_check_object_is_for_passdb: bool (const struct dom_sid *) -+sid_to_gid: bool (const struct dom_sid *, gid_t *) -+sid_to_uid: bool (const struct dom_sid *, uid_t *) -+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *) -+smb_add_user_group: int (const char *, const char *) -+smb_create_group: int (const char *, gid_t *) -+smb_delete_group: int (const char *) -+smb_delete_user_group: int (const char *, const char *) -+smb_nscd_flush_group_cache: void (void) -+smb_nscd_flush_user_cache: void (void) -+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function) -+smb_set_primary_group: int (const char *, const char *) -+uid_to_sid: void (struct dom_sid *, uid_t) -+uid_to_unix_users_sid: void (uid_t, struct dom_sid *) -+unix_groups_domain_name: const char *(void) -+unix_users_domain_name: const char *(void) -+unixid_from_both: void (struct unixid *, uint32_t) -+unixid_from_gid: void (struct unixid *, uint32_t) -+unixid_from_uid: void (struct unixid *, uint32_t) -+wb_is_trusted_domain: wbcErr (const char *) -+winbind_allocate_gid: bool (gid_t *) -+winbind_allocate_uid: bool (uid_t *) -+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **) -+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *) -+winbind_getpwnam: struct passwd *(const char *) -+winbind_getpwsid: struct passwd *(const struct dom_sid *) -+winbind_gid_to_sid: bool (struct dom_sid *, gid_t) -+winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *) -+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **) -+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *) -+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **) -+winbind_ping: bool (void) -+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *) -+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *) -+winbind_uid_to_sid: bool (struct dom_sid *, uid_t) -diff --git a/source3/wscript_build b/source3/wscript_build -index e0432bf..6d6b6aa 100755 ---- a/source3/wscript_build -+++ b/source3/wscript_build -@@ -736,7 +736,7 @@ bld.SAMBA3_LIBRARY('pdb', - passdb/lookup_sid.h''', - abi_match=private_pdb_match, - abi_directory='passdb/ABI', -- vnum='0', -+ vnum='0.1.0', - vars=locals()) - - bld.SAMBA3_LIBRARY('smbldaphelper', --- -1.8.5.2 - - -From 91debcafd196a9e821efddce0a9d75c48f8e168d Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@samba.org> -Date: Fri, 13 Dec 2013 19:08:34 +0100 -Subject: [PATCH 2/7] s3-auth: Add passwd_to_SamInfo3(). - -First this function tries to contacts winbind if the user is a domain -user to get valid information about it. If winbind isn't running it will -try to create everything from the passwd struct. This is not always -reliable but works in most cases. It improves the current situation -which doesn't talk to winbind at all. - -Pair-Programmed-With: Guenther Deschner <gd@samba.org> -Signed-off-by: Guenther Deschner <gd@samba.org> -Signed-off-by: Andreas Schneider <asn@samba.org> -Reviewed-by: Andrew Bartlett <abartlet@samba.org> -(cherry picked from commit 1bb11c7744df6928cb8a096373ab920366b38770) ---- - source3/auth/proto.h | 4 ++ - source3/auth/server_info.c | 116 +++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 120 insertions(+) - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index 76661fc..8385e66 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -286,6 +286,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, - const char *login_server, - struct netr_SamInfo3 **_info3, - struct extra_auth_info *extra); -+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct netr_SamInfo3 **pinfo3); - struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, - struct netr_SamInfo3 *orig); - struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index d2b7d6e..46d8178 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -24,6 +24,7 @@ - #include "../libcli/security/security.h" - #include "rpc_client/util_netlogon.h" - #include "nsswitch/libwbclient/wbclient.h" -+#include "lib/winbind_util.h" - #include "passdb.h" - - #undef DBGC_CLASS -@@ -436,6 +437,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, - return NT_STATUS_OK; - } - -+NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct netr_SamInfo3 **pinfo3) -+{ -+ struct netr_SamInfo3 *info3; -+ NTSTATUS status; -+ TALLOC_CTX *tmp_ctx; -+ const char *domain_name = NULL; -+ const char *user_name = NULL; -+ struct dom_sid domain_sid; -+ struct dom_sid user_sid; -+ struct dom_sid group_sid; -+ enum lsa_SidType type; -+ uint32_t num_sids = 0; -+ struct dom_sid *user_sids = NULL; -+ bool ok; -+ -+ tmp_ctx = talloc_stackframe(); -+ -+ ok = lookup_name_smbconf(tmp_ctx, -+ unix_username, -+ LOOKUP_NAME_ALL, -+ &domain_name, -+ &user_name, -+ &user_sid, -+ &type); -+ if (!ok) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } -+ -+ if (type != SID_NAME_USER) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } -+ -+ ok = winbind_lookup_usersids(tmp_ctx, -+ &user_sid, -+ &num_sids, -+ &user_sids); -+ /* Check if winbind is running */ -+ if (ok) { -+ /* -+ * Winbind is running and the first element of the user_sids -+ * is the primary group. -+ */ -+ if (num_sids > 0) { -+ group_sid = user_sids[0]; -+ } -+ } else { -+ /* -+ * Winbind is not running, create the group_sid from the -+ * group id. -+ */ -+ gid_to_sid(&group_sid, pwd->pw_gid); -+ } -+ -+ /* Make sure we have a valid group sid */ -+ ok = !is_null_sid(&group_sid); -+ if (!ok) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } -+ -+ /* Construct a netr_SamInfo3 from the information we have */ -+ info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3); -+ if (!info3) { -+ status = NT_STATUS_NO_MEMORY; -+ goto done; -+ } -+ -+ info3->base.account_name.string = talloc_strdup(info3, unix_username); -+ if (info3->base.account_name.string == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto done; -+ } -+ -+ ZERO_STRUCT(domain_sid); -+ -+ sid_copy(&domain_sid, &user_sid); -+ sid_split_rid(&domain_sid, &info3->base.rid); -+ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); -+ -+ ok = sid_peek_check_rid(&domain_sid, &group_sid, -+ &info3->base.primary_gid); -+ if (!ok) { -+ DEBUG(1, ("The primary group domain sid(%s) does not " -+ "match the domain sid(%s) for %s(%s)\n", -+ sid_string_dbg(&group_sid), -+ sid_string_dbg(&domain_sid), -+ unix_username, -+ sid_string_dbg(&user_sid))); -+ status = NT_STATUS_INVALID_SID; -+ goto done; -+ } -+ -+ info3->base.acct_flags = ACB_NORMAL; -+ -+ if (num_sids) { -+ status = group_sids_to_info3(info3, user_sids, num_sids); -+ if (!NT_STATUS_IS_OK(status)) { -+ goto done; -+ } -+ } -+ -+ *pinfo3 = talloc_steal(mem_ctx, info3); -+ -+ status = NT_STATUS_OK; -+done: -+ talloc_free(tmp_ctx); -+ -+ return status; -+} -+ - #undef RET_NOMEM - - #define RET_NOMEM(ptr) do { \ --- -1.8.5.2 - - -From c7b7670dc5cd8dbf727258666b6417d67afafb33 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@samba.org> -Date: Fri, 13 Dec 2013 19:11:01 +0100 -Subject: [PATCH 3/7] s3-auth: Pass talloc context to make_server_info_pw(). - -Pair-Programmed-With: Guenther Deschner <gd@samba.org> -Signed-off-by: Guenther Deschner <gd@samba.org> -Signed-off-by: Andreas Schneider <asn@samba.org> -Reviewed-by: Andrew Bartlett <abartlet@samba.org> -(cherry picked from commit 1b59c9743cf3fbd66b0b8b52162b2cc8d922e5cf) ---- - source3/auth/auth_unix.c | 7 +++++-- - source3/auth/auth_util.c | 52 +++++++++++++++++++++++++++++------------------- - source3/auth/proto.h | 7 ++++--- - source3/auth/user_krb5.c | 5 +---- - 4 files changed, 42 insertions(+), 29 deletions(-) - -diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c -index c8b5435..7b483a2 100644 ---- a/source3/auth/auth_unix.c -+++ b/source3/auth/auth_unix.c -@@ -67,8 +67,11 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, - unbecome_root(); - - if (NT_STATUS_IS_OK(nt_status)) { -- if (pass) { -- make_server_info_pw(server_info, pass->pw_name, pass); -+ if (pass != NULL) { -+ nt_status = make_server_info_pw(mem_ctx, -+ pass->pw_name, -+ pass, -+ server_info); - } else { - /* we need to do somthing more useful here */ - nt_status = NT_STATUS_NO_SUCH_USER; -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index ceaa706..b225b0d 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -639,14 +639,15 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, - to a struct samu - ***************************************************************************/ - --NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, -- char *unix_username, -- struct passwd *pwd) -+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct auth_serversupplied_info **server_info) - { - NTSTATUS status; - struct samu *sampass = NULL; - char *qualified_name = NULL; -- TALLOC_CTX *mem_ctx = NULL; -+ TALLOC_CTX *tmp_ctx; - struct dom_sid u_sid; - enum lsa_SidType type; - struct auth_serversupplied_info *result; -@@ -664,27 +665,27 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, - * plaintext passwords were used with no SAM backend. - */ - -- mem_ctx = talloc_init("make_server_info_pw_tmp"); -- if (!mem_ctx) { -+ tmp_ctx = talloc_stackframe(); -+ if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - -- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", -+ qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s", - unix_users_domain_name(), - unix_username ); - if (!qualified_name) { -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - -- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, -+ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, - NULL, NULL, - &u_sid, &type)) { -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - } - -- TALLOC_FREE(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - - if (type != SID_NAME_USER) { - return NT_STATUS_NO_SUCH_USER; -@@ -707,7 +708,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, - /* set the user sid to be the calculated u_sid */ - pdb_set_user_sid(sampass, &u_sid, PDB_SET); - -- result = make_server_info(NULL); -+ result = make_server_info(mem_ctx); - if (result == NULL) { - TALLOC_FREE(sampass); - return NT_STATUS_NO_MEMORY; -@@ -992,25 +993,36 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx, - struct passwd *pwd; - NTSTATUS status; - struct auth_serversupplied_info *result; -+ TALLOC_CTX *tmp_ctx; - -- pwd = Get_Pwnam_alloc(talloc_tos(), username); -- if (pwd == NULL) { -- return NT_STATUS_NO_SUCH_USER; -+ tmp_ctx = talloc_stackframe(); -+ if (tmp_ctx == NULL) { -+ return NT_STATUS_NO_MEMORY; - } - -- status = make_server_info_pw(&result, pwd->pw_name, pwd); -+ pwd = Get_Pwnam_alloc(tmp_ctx, username); -+ if (pwd == NULL) { -+ status = NT_STATUS_NO_SUCH_USER; -+ goto done; -+ } - -+ status = make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result); - if (!NT_STATUS_IS_OK(status)) { -- return status; -+ goto done; - } - - result->nss_token = true; - result->guest = is_guest; - - /* Now turn the server_info into a session_info with the full token etc */ -- status = create_local_token(mem_ctx, result, NULL, pwd->pw_name, session_info); -- TALLOC_FREE(result); -- TALLOC_FREE(pwd); -+ status = create_local_token(mem_ctx, -+ result, -+ NULL, -+ pwd->pw_name, -+ session_info); -+ -+done: -+ talloc_free(tmp_ctx); - - return status; - } -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index 8385e66..7abca07 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -206,9 +206,10 @@ bool user_in_group_sid(const char *username, const struct dom_sid *group_sid); - bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *group_sid); - bool user_in_group(const char *username, const char *groupname); - struct passwd; --NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, -- char *unix_username, -- struct passwd *pwd); -+NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, -+ const char *unix_username, -+ const struct passwd *pwd, -+ struct auth_serversupplied_info **server_info); - NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx, - const char *username, - bool is_guest, -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c -index 974a8aa..7d44285 100644 ---- a/source3/auth/user_krb5.c -+++ b/source3/auth/user_krb5.c -@@ -242,7 +242,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, - */ - DEBUG(10, ("didn't find user %s in passdb, calling " - "make_server_info_pw\n", username)); -- status = make_server_info_pw(&tmp, username, pw); -+ status = make_server_info_pw(mem_ctx, username, pw, &tmp); - } - - TALLOC_FREE(sampass); -@@ -253,9 +253,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, - return status; - } - -- /* Steal tmp server info into the server_info pointer. */ -- server_info = talloc_move(mem_ctx, &tmp); -- - /* make_server_info_pw does not set the domain. Without this - * we end up with the local netbios name in substitutions for - * %D. */ --- -1.8.5.2 - - -From 4fbd13598e8bdc6acf41329f71de806de4265f36 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@samba.org> -Date: Fri, 13 Dec 2013 19:19:02 +0100 -Subject: [PATCH 4/7] s3-auth: Add passwd_to_SamInfo3(). - -Correctly lookup users which come from smb.conf. passwd_to_SamInfo3() -tries to contact winbind if the user is a domain user to get -valid information about it. If winbind isn't running it will try to -create everything from the passwd struct. This is not always reliable -but works in most cases. It improves the current situation which doesn't -talk to winbind at all. - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 - -Pair-Programmed-With: Guenther Deschner <gd@samba.org> -Signed-off-by: Andreas Schneider <asn@samba.org> -Reviewed-by: Andrew Bartlett <abartlet@samba.org> - -Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> -Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104 - -(cherry picked from commit 40e6456b5896e934fcd581c2cac2389984256e09) ---- - source3/auth/auth_util.c | 87 +++++++++------------------------------------- - source3/auth/server_info.c | 22 ++++++++++-- - 2 files changed, 36 insertions(+), 73 deletions(-) - -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index b225b0d..24190af 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -645,98 +645,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx, - struct auth_serversupplied_info **server_info) - { - NTSTATUS status; -- struct samu *sampass = NULL; -- char *qualified_name = NULL; -- TALLOC_CTX *tmp_ctx; -- struct dom_sid u_sid; -- enum lsa_SidType type; -+ TALLOC_CTX *tmp_ctx = NULL; - struct auth_serversupplied_info *result; - -- /* -- * The SID returned in server_info->sam_account is based -- * on our SAM sid even though for a pure UNIX account this should -- * not be the case as it doesn't really exist in the SAM db. -- * This causes lookups on "[in]valid users" to fail as they -- * will lookup this name as a "Unix User" SID to check against -- * the user token. Fix this by adding the "Unix User"\unix_username -- * SID to the sid array. The correct fix should probably be -- * changing the server_info->sam_account user SID to be a -- * S-1-22 Unix SID, but this might break old configs where -- * plaintext passwords were used with no SAM backend. -- */ -- - tmp_ctx = talloc_stackframe(); - if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - -- qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s", -- unix_users_domain_name(), -- unix_username ); -- if (!qualified_name) { -- TALLOC_FREE(tmp_ctx); -- return NT_STATUS_NO_MEMORY; -- } -- -- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL, -- NULL, NULL, -- &u_sid, &type)) { -- TALLOC_FREE(tmp_ctx); -- return NT_STATUS_NO_SUCH_USER; -- } -- -- TALLOC_FREE(tmp_ctx); -- -- if (type != SID_NAME_USER) { -- return NT_STATUS_NO_SUCH_USER; -- } -- -- if ( !(sampass = samu_new( NULL )) ) { -- return NT_STATUS_NO_MEMORY; -- } -- -- status = samu_set_unix( sampass, pwd ); -- if (!NT_STATUS_IS_OK(status)) { -- return status; -- } -- -- /* In pathological cases the above call can set the account -- * name to the DOMAIN\username form. Reset the account name -- * using unix_username */ -- pdb_set_username(sampass, unix_username, PDB_SET); -- -- /* set the user sid to be the calculated u_sid */ -- pdb_set_user_sid(sampass, &u_sid, PDB_SET); -- -- result = make_server_info(mem_ctx); -+ result = make_server_info(tmp_ctx); - if (result == NULL) { -- TALLOC_FREE(sampass); -- return NT_STATUS_NO_MEMORY; -+ status = NT_STATUS_NO_MEMORY; -+ goto done; - } - -- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(), -- &result->info3, &result->extra); -- TALLOC_FREE(sampass); -+ status = passwd_to_SamInfo3(result, -+ unix_username, -+ pwd, -+ &result->info3); - if (!NT_STATUS_IS_OK(status)) { -- DEBUG(10, ("Failed to convert samu to info3: %s\n", -- nt_errstr(status))); -- TALLOC_FREE(result); -- return status; -+ goto done; - } - - result->unix_name = talloc_strdup(result, unix_username); -- - if (result->unix_name == NULL) { -- TALLOC_FREE(result); -- return NT_STATUS_NO_MEMORY; -+ status = NT_STATUS_NO_MEMORY; -+ goto done; - } - - result->utok.uid = pwd->pw_uid; - result->utok.gid = pwd->pw_gid; - -- *server_info = result; -+ *server_info = talloc_steal(mem_ctx, result); -+ status = NT_STATUS_OK; -+done: -+ talloc_free(tmp_ctx); - -- return NT_STATUS_OK; -+ return status; - } - - static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, -diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c -index 46d8178..43711d5 100644 ---- a/source3/auth/server_info.c -+++ b/source3/auth/server_info.c -@@ -489,10 +489,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx, - } - } else { - /* -- * Winbind is not running, create the group_sid from the -- * group id. -+ * Winbind is not running, try to create the group_sid from the -+ * passwd group id. -+ */ -+ -+ /* -+ * This can lead to a primary group of S-1-22-2-XX which -+ * will be rejected by other Samba code. - */ - gid_to_sid(&group_sid, pwd->pw_gid); -+ -+ ZERO_STRUCT(domain_sid); -+ -+ /* -+ * If we are a unix group, set the group_sid to the -+ * 'Domain Users' RID of 513 which will always resolve to a -+ * name. -+ */ -+ if (sid_check_is_in_unix_groups(&group_sid)) { -+ sid_compose(&group_sid, -+ get_global_sam_sid(), -+ DOMAIN_RID_USERS); -+ } - } - - /* Make sure we have a valid group sid */ --- -1.8.5.2 - - -From 76bb5e0888f4131ab773d90160051a51c401c90d Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@samba.org> -Date: Tue, 18 Feb 2014 10:02:57 +0100 -Subject: [PATCH 5/7] s3-auth: Pass mem_ctx to make_server_info_sam(). - -Coverity-Id: 1168009 -BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 - -Signed-off-by: Andreas Schneider <asn@samba.org> - -Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd -Reviewed-by: Andrew Bartlett <abartlet@samba.org> -(cherry picked from commit 3dc72266005e87a291f5bf9847257e8c54314d39) ---- - source3/auth/check_samsec.c | 2 +- - source3/auth/proto.h | 5 ++-- - source3/auth/server_info_sam.c | 56 +++++++++++++++++++++++++++--------------- - source3/auth/user_krb5.c | 12 +++++---- - 4 files changed, 47 insertions(+), 28 deletions(-) - -diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c -index 7ed8cc2..b6cac60 100644 ---- a/source3/auth/check_samsec.c -+++ b/source3/auth/check_samsec.c -@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, - } - - become_root(); -- nt_status = make_server_info_sam(server_info, sampass); -+ nt_status = make_server_info_sam(mem_ctx, sampass, server_info); - unbecome_root(); - - TALLOC_FREE(sampass); -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index 7abca07..eac3e54 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -190,8 +190,9 @@ bool make_user_info_guest(const struct tsocket_address *remote_address, - struct auth_usersupplied_info **user_info); - - struct samu; --NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, -- struct samu *sampass); -+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, -+ struct samu *sampass, -+ struct auth_serversupplied_info **pserver_info); - NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, - const struct auth_serversupplied_info *server_info, - DATA_BLOB *session_key, -diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c -index 5d657f9..47087b1 100644 ---- a/source3/auth/server_info_sam.c -+++ b/source3/auth/server_info_sam.c -@@ -58,39 +58,51 @@ static bool is_our_machine_account(const char *username) - Make (and fill) a user_info struct from a struct samu - ***************************************************************************/ - --NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, -- struct samu *sampass) -+NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, -+ struct samu *sampass, -+ struct auth_serversupplied_info **pserver_info) - { - struct passwd *pwd; -- struct auth_serversupplied_info *result; -+ struct auth_serversupplied_info *server_info; - const char *username = pdb_get_username(sampass); -+ TALLOC_CTX *tmp_ctx; - NTSTATUS status; - -- if ( !(result = make_server_info(NULL)) ) { -+ tmp_ctx = talloc_stackframe(); -+ if (tmp_ctx == NULL) { - return NT_STATUS_NO_MEMORY; - } - -- if ( !(pwd = Get_Pwnam_alloc(result, username)) ) { -+ server_info = make_server_info(tmp_ctx); -+ if (server_info == NULL) { -+ return NT_STATUS_NO_MEMORY; -+ } -+ -+ pwd = Get_Pwnam_alloc(tmp_ctx, username); -+ if (pwd == NULL) { - DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", - pdb_get_username(sampass))); -- TALLOC_FREE(result); -- return NT_STATUS_NO_SUCH_USER; -+ status = NT_STATUS_NO_SUCH_USER; -+ goto out; - } - -- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(), -- &result->info3, &result->extra); -+ status = samu_to_SamInfo3(server_info, -+ sampass, -+ lp_netbios_name(), -+ &server_info->info3, -+ &server_info->extra); - if (!NT_STATUS_IS_OK(status)) { -- TALLOC_FREE(result); -- return status; -+ goto out; - } - -- result->unix_name = pwd->pw_name; -- /* Ensure that we keep pwd->pw_name, because we will free pwd below */ -- talloc_steal(result, pwd->pw_name); -- result->utok.gid = pwd->pw_gid; -- result->utok.uid = pwd->pw_uid; -+ server_info->unix_name = talloc_strdup(server_info, pwd->pw_name); -+ if (server_info->unix_name == NULL) { -+ status = NT_STATUS_NO_MEMORY; -+ goto out; -+ } - -- TALLOC_FREE(pwd); -+ server_info->utok.gid = pwd->pw_gid; -+ server_info->utok.uid = pwd->pw_uid; - - if (IS_DC && is_our_machine_account(username)) { - /* -@@ -110,9 +122,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, - } - - DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", -- pdb_get_username(sampass), result->unix_name)); -+ pdb_get_username(sampass), server_info->unix_name)); -+ -+ *pserver_info = talloc_steal(mem_ctx, server_info); - -- *server_info = result; -+ status = NT_STATUS_OK; -+out: -+ talloc_free(tmp_ctx); - -- return NT_STATUS_OK; -+ return status; - } -diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c -index 7d44285..e40c8ac 100644 ---- a/source3/auth/user_krb5.c -+++ b/source3/auth/user_krb5.c -@@ -223,9 +223,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, - * SID consistency with ntlmssp session setup - */ - struct samu *sampass; -- /* The stupid make_server_info_XX functions here -- don't take a talloc context. */ -- struct auth_serversupplied_info *tmp = NULL; - - sampass = samu_new(talloc_tos()); - if (sampass == NULL) { -@@ -235,14 +232,19 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, - if (pdb_getsampwnam(sampass, username)) { - DEBUG(10, ("found user %s in passdb, calling " - "make_server_info_sam\n", username)); -- status = make_server_info_sam(&tmp, sampass); -+ status = make_server_info_sam(mem_ctx, -+ sampass, -+ &server_info); - } else { - /* - * User not in passdb, make it up artificially - */ - DEBUG(10, ("didn't find user %s in passdb, calling " - "make_server_info_pw\n", username)); -- status = make_server_info_pw(mem_ctx, username, pw, &tmp); -+ status = make_server_info_pw(mem_ctx, -+ username, -+ pw, -+ &server_info); - } - - TALLOC_FREE(sampass); --- -1.8.5.2 - - -From f9c0adb6237c6e60c33ee6af21f55c0cdefa132c Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@samba.org> -Date: Tue, 18 Feb 2014 10:19:57 +0100 -Subject: [PATCH 6/7] s3-auth: Pass mem_ctx to auth_check_ntlm_password(). - -Coverity-Id: 1168009 -BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 - -Signed-off-by: Andreas Schneider <asn@samba.org> - -Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a -Reviewed-by: Andrew Bartlett <abartlet@samba.org> -(cherry picked from commit 4d792db03f18aa164b565c7fdc7b446c174fba28) ---- - source3/auth/auth.c | 50 ++++++++++++++++++----------- - source3/auth/auth_ntlmssp.c | 6 ++-- - source3/auth/proto.h | 8 +++-- - source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++-- - source3/torture/pdbtest.c | 5 ++- - 5 files changed, 48 insertions(+), 27 deletions(-) - -diff --git a/source3/auth/auth.c b/source3/auth/auth.c -index c3797cf..dc9af02 100644 ---- a/source3/auth/auth.c -+++ b/source3/auth/auth.c -@@ -160,18 +160,19 @@ static bool check_domain_match(const char *user, const char *domain) - * - **/ - --NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, -- const struct auth_usersupplied_info *user_info, -- struct auth_serversupplied_info **server_info) -+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, -+ const struct auth_context *auth_context, -+ const struct auth_usersupplied_info *user_info, -+ struct auth_serversupplied_info **pserver_info) - { - /* if all the modules say 'not for me' this is reasonable */ - NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; - const char *unix_username; - auth_methods *auth_method; -- TALLOC_CTX *mem_ctx; - -- if (!user_info || !auth_context || !server_info) -+ if (user_info == NULL || auth_context == NULL || pserver_info == NULL) { - return NT_STATUS_LOGON_FAILURE; -+ } - - DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", - user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name)); -@@ -205,17 +206,27 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, - return NT_STATUS_LOGON_FAILURE; - - for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) { -+ struct auth_serversupplied_info *server_info; -+ TALLOC_CTX *tmp_ctx; - NTSTATUS result; - -- mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name, -- user_info->mapped.domain_name, user_info->client.account_name); -+ tmp_ctx = talloc_named(mem_ctx, -+ 0, -+ "%s authentication for user %s\\%s", -+ auth_method->name, -+ user_info->mapped.domain_name, -+ user_info->client.account_name); - -- result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info); -+ result = auth_method->auth(auth_context, -+ auth_method->private_data, -+ tmp_ctx, -+ user_info, -+ &server_info); - - /* check if the module did anything */ - if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) { - DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name)); -- talloc_destroy(mem_ctx); -+ TALLOC_FREE(tmp_ctx); - continue; - } - -@@ -229,19 +240,20 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, - auth_method->name, user_info->client.account_name, nt_errstr(nt_status))); - } - -- talloc_destroy(mem_ctx); -- -- if ( NT_STATUS_IS_OK(nt_status)) -- { -- break; -+ if (NT_STATUS_IS_OK(nt_status)) { -+ *pserver_info = talloc_steal(mem_ctx, server_info); -+ TALLOC_FREE(tmp_ctx); -+ break; - } -+ -+ TALLOC_FREE(tmp_ctx); - } - - /* successful authentication */ - - if (NT_STATUS_IS_OK(nt_status)) { -- unix_username = (*server_info)->unix_name; -- if (!(*server_info)->guest) { -+ unix_username = (*pserver_info)->unix_name; -+ if (!(*pserver_info)->guest) { - const char *rhost; - - if (tsocket_address_is_inet(user_info->remote_host, "ip")) { -@@ -270,9 +282,9 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, - } - - if (NT_STATUS_IS_OK(nt_status)) { -- DEBUG((*server_info)->guest ? 5 : 2, -+ DEBUG((*pserver_info)->guest ? 5 : 2, - ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n", -- (*server_info)->guest ? "guest " : "", -+ (*pserver_info)->guest ? "guest " : "", - user_info->client.account_name, - user_info->mapped.account_name, - unix_username)); -@@ -286,7 +298,7 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, - DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", - user_info->client.account_name, user_info->mapped.account_name, - nt_errstr(nt_status))); -- ZERO_STRUCTP(server_info); -+ ZERO_STRUCTP(pserver_info); - - return nt_status; - } -diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c -index f99bd44..cb7726c 100644 ---- a/source3/auth/auth_ntlmssp.c -+++ b/source3/auth/auth_ntlmssp.c -@@ -134,8 +134,10 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context, - - mapped_user_info->flags = user_info->flags; - -- nt_status = auth_check_ntlm_password(auth_context, -- mapped_user_info, &server_info); -+ nt_status = auth_check_ntlm_password(mem_ctx, -+ auth_context, -+ mapped_user_info, -+ &server_info); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n", -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index eac3e54..15b1ba0 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -65,6 +65,8 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context, - * struct. When the return is other than NT_STATUS_OK the contents - * of that structure is undefined. - * -+ * @param mem_ctx The memory context to use to allocate server_info -+ * - * @param user_info Contains the user supplied components, including the passwords. - * Must be created with make_user_info() or one of its wrappers. - * -@@ -79,9 +81,9 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context, - * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. - * - **/ -- --NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, -- const struct auth_usersupplied_info *user_info, -+NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, -+ const struct auth_context *auth_context, -+ const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info); - - /* The following definitions come from auth/auth_builtin.c */ -diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c -index e5ca474..0c8c9a5 100644 ---- a/source3/rpc_server/netlogon/srv_netlog_nt.c -+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c -@@ -1650,8 +1650,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, - } /* end switch */ - - if ( NT_STATUS_IS_OK(status) ) { -- status = auth_check_ntlm_password(auth_context, -- user_info, &server_info); -+ status = auth_check_ntlm_password(p->mem_ctx, -+ auth_context, -+ user_info, -+ &server_info); - } - - TALLOC_FREE(auth_context); -diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c -index 17da455..14d58b9 100644 ---- a/source3/torture/pdbtest.c -+++ b/source3/torture/pdbtest.c -@@ -304,7 +304,10 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry) - return False; - } - -- status = auth_check_ntlm_password(auth_context, user_info, &server_info); -+ status = auth_check_ntlm_password(mem_ctx, -+ auth_context, -+ user_info, -+ &server_info); - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Failed to test authentication with auth module: %s\n", nt_errstr(status))); --- -1.8.5.2 - - -From a48bcd84c59b5b2cb8c3e0f5d68b35065bed81d7 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@samba.org> -Date: Tue, 18 Feb 2014 13:52:49 +0100 -Subject: [PATCH 7/7] s3-auth: Pass mem_ctx to do_map_to_guest_server_info(). - -Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a -Reviewed-by: Andrew Bartlett <abartlet@samba.org> - -Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> -Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104 - -(cherry picked from commit 79e2725f339e7c5336b4053348c4266268de6ca3) ---- - source3/auth/auth_ntlmssp.c | 7 ++++--- - source3/auth/auth_util.c | 12 +++++++----- - source3/auth/proto.h | 8 +++++--- - 3 files changed, 16 insertions(+), 11 deletions(-) - -diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c -index cb7726c..d4fe901 100644 ---- a/source3/auth/auth_ntlmssp.c -+++ b/source3/auth/auth_ntlmssp.c -@@ -151,10 +151,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context, - free_user_info(&mapped_user_info); - - if (!NT_STATUS_IS_OK(nt_status)) { -- nt_status = do_map_to_guest_server_info(nt_status, -- &server_info, -+ nt_status = do_map_to_guest_server_info(mem_ctx, -+ nt_status, - user_info->client.account_name, -- user_info->client.domain_name); -+ user_info->client.domain_name, -+ &server_info); - *server_returned_info = talloc_steal(mem_ctx, server_info); - return nt_status; - } -diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c -index 24190af..8cf5cb7 100644 ---- a/source3/auth/auth_util.c -+++ b/source3/auth/auth_util.c -@@ -1536,9 +1536,11 @@ bool is_trusted_domain(const char* dom_name) - on a logon error possibly map the error to success if "map to guest" - is set approriately - */ --NTSTATUS do_map_to_guest_server_info(NTSTATUS status, -- struct auth_serversupplied_info **server_info, -- const char *user, const char *domain) -+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx, -+ NTSTATUS status, -+ const char *user, -+ const char *domain, -+ struct auth_serversupplied_info **server_info) - { - user = user ? user : ""; - domain = domain ? domain : ""; -@@ -1548,13 +1550,13 @@ NTSTATUS do_map_to_guest_server_info(NTSTATUS status, - (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { - DEBUG(3,("No such user %s [%s] - using guest account\n", - user, domain)); -- return make_server_info_guest(NULL, server_info); -+ return make_server_info_guest(mem_ctx, server_info); - } - } else if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) { - if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) { - DEBUG(3,("Registered username %s for guest access\n", - user)); -- return make_server_info_guest(NULL, server_info); -+ return make_server_info_guest(mem_ctx, server_info); - } - } - -diff --git a/source3/auth/proto.h b/source3/auth/proto.h -index 15b1ba0..7b8959f 100644 ---- a/source3/auth/proto.h -+++ b/source3/auth/proto.h -@@ -264,9 +264,11 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info, - enum auth_password_state password_state); - void free_user_info(struct auth_usersupplied_info **user_info); - --NTSTATUS do_map_to_guest_server_info(NTSTATUS status, -- struct auth_serversupplied_info **server_info, -- const char *user, const char *domain); -+NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx, -+ NTSTATUS status, -+ const char *user, -+ const char *domain, -+ struct auth_serversupplied_info **server_info); - - /* The following definitions come from auth/auth_winbind.c */ - --- -1.8.5.2 - |