The branch, master has been updated
via caf485a auth: Pass in the SMB username (for %U) into
generate_session_info
via 05f9495 s4:join python code - "msDS-KeyVersionNumber" does not
exist on Win2k
via 1e46ccb LDB:pyldb.c - use always the case insensitive comparison
for attribute names
from 2d66d16 wafsamba: Add tests for dict_concat.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit caf485a2bd0453b7d22600f9106a2026b1a50c79
Author: Andrew Bartlett <[email protected]>
Date: Mon Jan 30 21:49:33 2012 +1100
auth: Pass in the SMB username (for %U) into generate_session_info
This matches what Samba3 does.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Mon Feb 13 01:25:59 CET 2012 on sn-devel-104
commit 05f9495ff36c2335ff9c69ea408cd9328f6cc6e6
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Mon Jan 30 17:20:28 2012 +0100
s4:join python code - "msDS-KeyVersionNumber" does not exist on Win2k
No problem since "secretsdb_self_join()" then chooses 1 as a default
value.
Fix case sensitivity for "msDS-KeyVersionNumber".
Signed-off-by: Andrew Bartlett <[email protected]>
commit 1e46ccba5ada1be310be4bbf4a954df73cde6c3a
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Sat Feb 11 12:48:20 2012 +0100
LDB:pyldb.c - use always the case insensitive comparison for attribute names
We can make no assumptions about our users
Signed-off-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
auth/common_auth.h | 1 +
lib/ldb/pyldb.c | 4 ++--
source4/auth/ntlm/auth.c | 8 ++++++--
source4/auth/ntlm/auth_simple.c | 1 +
source4/auth/ntlmssp/ntlmssp_server.c | 1 +
source4/auth/unix_token.c | 7 ++++---
source4/scripting/python/samba/join.py | 8 ++++++--
source4/smb_server/smb/sesssetup.c | 4 +++-
8 files changed, 24 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/common_auth.h b/auth/common_auth.h
index 453c0c9..d9996e1 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -120,6 +120,7 @@ struct auth4_context {
NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
void *server_returned_info,
+ const char *original_user_name,
uint32_t session_info_flags,
struct auth_session_info
**session_info);
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index b253bcd..2f99d14 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -1051,7 +1051,7 @@ static struct ldb_message *PyDict_AsMessage(TALLOC_CTX
*mem_ctx,
while (PyDict_Next(py_obj, &dict_pos, &key, &value)) {
char *key_str = PyString_AsString(key);
- if (strcmp(key_str, "dn") != 0) {
+ if (ldb_attr_cmp(key_str, "dn") != 0) {
msg_el = PyObject_AsMessageElement(msg->elements, value,
mod_flags, key_str);
if (msg_el == NULL) {
@@ -2516,7 +2516,7 @@ static PyObject
*py_ldb_msg_getitem_helper(PyLdbMessageObject *self, PyObject *p
return NULL;
}
name = PyString_AsString(py_name);
- if (!strcmp(name, "dn"))
+ if (!ldb_attr_cmp(name, "dn"))
return pyldb_Dn_FromDn(msg->dn);
el = ldb_msg_find_element(msg, name);
if (el == NULL) {
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 6dd82e4..fdfdb63 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -36,7 +36,8 @@
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context
*auth_context,
void *server_returned_info,
- uint32_t session_info_flags,
+ const char
*original_user_name,
+ uint32_t session_info_flags,
struct auth_session_info
**session_info);
/***************************************************************************
@@ -140,6 +141,7 @@ static NTSTATUS auth_generate_session_info_principal(struct
auth4_context *auth_
nt_status = auth_generate_session_info_wrapper(mem_ctx,
auth_ctx,
user_info_dc,
+
user_info_dc->info->account_name,
session_info_flags, session_info);
talloc_free(user_info_dc);
@@ -466,6 +468,7 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct
tevent_req *req,
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context
*auth_context,
void *server_returned_info,
+ const char
*original_user_name,
uint32_t session_info_flags,
struct auth_session_info
**session_info)
{
@@ -494,7 +497,7 @@ static NTSTATUS
auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_SERVER_STATE;
}
status = auth_session_info_fill_unix(wbc_ctx,
auth_context->lp_ctx,
- *session_info);
+ original_user_name,
*session_info);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(*session_info);
}
@@ -542,6 +545,7 @@ static NTSTATUS auth_generate_session_info_pac(struct
auth4_context *auth_ctx,
status = auth_generate_session_info_wrapper(mem_ctx, auth_ctx,
user_info_dc,
+
user_info_dc->info->account_name,
session_info_flags,
session_info);
talloc_free(tmp_ctx);
return status;
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index 241906e..2e69991 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -96,6 +96,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX
*mem_ctx,
}
nt_status = auth_context->generate_session_info(tmp_ctx,
auth_context,
user_info_dc,
+ nt4_username,
flags,
session_info);
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c
b/source4/auth/ntlmssp/ntlmssp_server.c
index f463859..693613f 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -230,6 +230,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security
*gensec_security,
if (gensec_security->auth_context &&
gensec_security->auth_context->generate_session_info) {
nt_status =
gensec_security->auth_context->generate_session_info(mem_ctx,
gensec_security->auth_context,
gensec_ntlmssp->server_returned_info,
+
gensec_ntlmssp->ntlmssp_state->user,
session_info_flags,
session_info);
} else {
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index 24f3226..7a7d464 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -125,8 +125,9 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
/*
Fill in the auth_user_info_unix and auth_unix_token elements in a struct
session_info
*/
-NTSTATUS auth_session_info_fill_unix( struct wbc_context *wbc_ctx,
+NTSTATUS auth_session_info_fill_unix(struct wbc_context *wbc_ctx,
struct loadparm_context *lp_ctx,
+ const char *original_user_name,
struct auth_session_info *session_info)
{
char *su;
@@ -149,11 +150,11 @@ NTSTATUS auth_session_info_fill_unix( struct wbc_context
*wbc_ctx,
session_info->info->account_name);
NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->unix_name);
- len = strlen(session_info->info->account_name) + 1;
+ len = strlen(original_user_name) + 1;
session_info->unix_info->sanitized_username = su =
talloc_array(session_info->unix_info, char, len);
NT_STATUS_HAVE_NO_MEMORY(su);
- alpha_strcpy(su, session_info->info->account_name,
+ alpha_strcpy(su, original_user_name,
". _-$", len);
return NT_STATUS_OK;
diff --git a/source4/scripting/python/samba/join.py
b/source4/scripting/python/samba/join.py
index dc09b46..b695277 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -506,8 +506,12 @@ class dc_join(object):
domain_name=ctx.domain_name,
newpassword=ctx.acct_pass)
- res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE,
attrs=["msDS-keyVersionNumber"])
- ctx.key_version_number = int(res[0]["msDS-keyVersionNumber"][0])
+ res = ctx.samdb.search(base=ctx.acct_dn, scope=ldb.SCOPE_BASE,
+ attrs=["msDS-KeyVersionNumber"])
+ if "msDS-KeyVersionNumber" in res[0]:
+ ctx.key_version_number =
int(res[0]["msDS-KeyVersionNumber"][0])
+ else:
+ ctx.key_version_number = None
print("Enabling account")
m = ldb.Message()
diff --git a/source4/smb_server/smb/sesssetup.c
b/source4/smb_server/smb/sesssetup.c
index c84be7f..2943747 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -85,7 +85,8 @@ static void sesssetup_old_send(struct tevent_req *subreq)
/* This references user_info_dc into session_info */
status =
req->smb_conn->negotiate.auth_context->generate_session_info(req,
req->smb_conn->negotiate.auth_context,
-
user_info_dc, flags, &session_info);
+
user_info_dc, sess->old.in.user,
+
flags, &session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
/* allocate a new session */
@@ -217,6 +218,7 @@ static void sesssetup_nt1_send(struct tevent_req *subreq)
status = state->auth_context->generate_session_info(req,
state->auth_context,
user_info_dc,
+ sess->nt1.in.user,
flags,
&session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
--
Samba Shared Repository
