The branch, master has been updated via 78af473 s3-auth: Rename to init_system_session_info(). via caaebb4 s3-auth: Don't lookup the system user in pdb. from a66865d Use ENC_ values for proto_tree_add_item() calls.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 78af4738e7bd6f73469dd990d0f444a04afbc709 Author: Andreas Schneider <a...@samba.org> Date: Mon May 14 10:37:59 2012 +0200 s3-auth: Rename to init_system_session_info(). Autobuild-User: Andreas Schneider <a...@cryptomilk.org> Autobuild-Date: Tue May 15 13:56:00 CEST 2012 on sn-devel-104 commit caaebb455cf955f66c2f662c53998c480cb2d6c9 Author: Andreas Schneider <a...@samba.org> Date: Mon May 14 10:31:32 2012 +0200 s3-auth: Don't lookup the system user in pdb. This fixes bug #8944, ldapsam:trusted and ipasam. It is an additional fix for bug #8567 (0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9). ----------------------------------------------------------------------- Summary of changes: source3/auth/auth_util.c | 101 ++++++++++++++++++++++++++++++++++++++++-- source3/auth/proto.h | 2 +- source3/smbd/server.c | 2 +- source3/winbindd/winbindd.c | 2 +- 4 files changed, 99 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 6075232..f270ccd 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -771,6 +771,44 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info, return NT_STATUS_OK; } +static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, + struct passwd *pwd, + struct netr_SamInfo3 *info3) +{ + struct dom_sid domain_sid; + const char *tmp; + + /* Set account name */ + tmp = talloc_strdup(mem_ctx, pwd->pw_name); + if (tmp == NULL) { + return NT_STATUS_NO_MEMORY; + } + init_lsa_String(&info3->base.account_name, tmp); + + /* Set domain name */ + tmp = talloc_strdup(mem_ctx, get_global_sam_name()); + if (tmp == NULL) { + return NT_STATUS_NO_MEMORY; + } + init_lsa_StringLarge(&info3->base.logon_domain, tmp); + + /* Domain sid */ + sid_copy(&domain_sid, get_global_sam_sid()); + + info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid); + if (info3->base.domain_sid == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* Admin rid */ + info3->base.rid = DOMAIN_RID_ADMINISTRATOR; + + /* Primary gid */ + info3->base.primary_gid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM); + + return NT_STATUS_OK; +} + static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, struct netr_SamInfo3 *info3) { @@ -898,6 +936,60 @@ done: it. ****************************************************************************/ +static NTSTATUS make_system_session_info_from_pw(TALLOC_CTX *mem_ctx, + struct passwd *pwd, + struct auth_session_info **session_info) +{ + struct auth_serversupplied_info *server_info; + const char *domain = lp_netbios_name(); + struct netr_SamInfo3 info3; + TALLOC_CTX *tmp_ctx; + NTSTATUS status; + + tmp_ctx = talloc_stackframe(); + if (tmp_ctx == NULL) { + return NT_STATUS_NO_MEMORY; + } + + ZERO_STRUCT(info3); + + status = get_system_info3(tmp_ctx, pwd, &info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Failed creating system info3 with %s\n", + nt_errstr(status))); + goto done; + } + + status = make_server_info_info3(tmp_ctx, + pwd->pw_name, + domain, + &server_info, + &info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("make_server_info_info3 failed with %s\n", + nt_errstr(status))); + goto done; + } + + server_info->nss_token = true; + + /* Now turn the server_info into a session_info with the full token etc */ + status = create_local_token(mem_ctx, server_info, NULL, pwd->pw_name, session_info); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("create_local_token failed: %s\n", + nt_errstr(status))); + goto done; + } + + talloc_free(server_info); + talloc_steal(mem_ctx, *session_info); + + status = NT_STATUS_OK; +done: + TALLOC_FREE(tmp_ctx); + return status; +} + static NTSTATUS make_session_info_from_pw(TALLOC_CTX *mem_ctx, struct passwd *pwd, bool is_guest, @@ -937,10 +1029,9 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_SUCH_USER; } - status = make_session_info_from_pw(mem_ctx, - pwd, - false, - session_info); + status = make_system_session_info_from_pw(mem_ctx, + pwd, + session_info); TALLOC_FREE(pwd); if (!NT_STATUS_IS_OK(status)) { return status; @@ -1156,7 +1247,7 @@ NTSTATUS make_session_info_guest(TALLOC_CTX *mem_ctx, static struct auth_session_info *system_info = NULL; -NTSTATUS init_system_info(void) +NTSTATUS init_system_session_info(void) { if (system_info != NULL) return NT_STATUS_OK; diff --git a/source3/auth/proto.h b/source3/auth/proto.h index d383f38..a35a804 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -218,7 +218,7 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx, struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx, const struct auth_session_info *src); bool init_guest_info(void); -NTSTATUS init_system_info(void); +NTSTATUS init_system_session_info(void); bool session_info_set_session_key(struct auth_session_info *info, DATA_BLOB session_key); NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 363203e..d6c7874 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1424,7 +1424,7 @@ extern void build_options(bool screen); exit(1); } - status = init_system_info(); + status = init_system_session_info(); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("ERROR: failed to setup system user info: %s.\n", nt_errstr(status))); diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index a3b2142..22056e2 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -1474,7 +1474,7 @@ int main(int argc, char **argv, char **envp) winbindd_register_handlers(!Fork); - status = init_system_info(); + status = init_system_session_info(); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("ERROR: failed to setup system user info: %s.\n", nt_errstr(status))); -- Samba Shared Repository