The branch, master has been updated
via 6651b07 samdb: Fix a typo
via 65e4e81 auth4: Reduce indentation level by an early error return
via 6d4acc8 auth4: Only use CrackNames if we're a DC
via 5a6f3fc auth4: Fix map_user_info_cracknames for domain==NULL
from 41827cc auth3: Simplify get_system_info3
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6651b07e58ef30ea0b5aa536b51818f2e6e8770e
Author: Volker Lendecke <v...@samba.org>
Date: Sun Feb 26 13:06:05 2017 +0100
samdb: Fix a typo
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Tue Feb 28 13:55:42 CET 2017 on sn-devel-144
commit 65e4e8160a26bf85fad72f48e8a16f861c7ebf25
Author: Volker Lendecke <v...@samba.org>
Date: Thu Feb 23 20:48:32 2017 +0100
auth4: Reduce indentation level by an early error return
Just cosmetics for easier readability, no code change
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 6d4acc8cd6aecc393a1d456be0814cc88c6dab5a
Author: Volker Lendecke <v...@samba.org>
Date: Sun Feb 26 11:25:20 2017 +0100
auth4: Only use CrackNames if we're a DC
DsCrackNameOneName on a member does not really have a big user database. We
should delegate as much responsibility as possible to our DC.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 5a6f3fcf811e9199096d343c7d4c8c3af663157d
Author: Volker Lendecke <v...@samba.org>
Date: Sun Feb 26 09:16:02 2017 +0100
auth4: Fix map_user_info_cracknames for domain==NULL
DsCrackNameOneName directly fails for DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT
if the name passed in does not contain a \. The only caller of
map_user_info_cracknames (auth_check_password_send) passes in
lpcfg_workgroup(), which does not contain a \. Add in the \ also for
the default_domain case.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/auth/ntlm/auth.c | 50 ++++++++++++++++++++++++-----------------
source4/auth/ntlm/auth_util.c | 10 ++++-----
source4/dsdb/samdb/cracknames.c | 2 +-
3 files changed, 36 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index eeb2336..a1276df 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -191,29 +191,33 @@ _PUBLIC_ NTSTATUS auth_check_password_wrapper(struct
auth4_context *auth_ctx,
DATA_BLOB *user_session_key,
DATA_BLOB *lm_session_key)
{
struct auth_user_info_dc *user_info_dc;
- NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info,
&user_info_dc);
+ NTSTATUS status;
- if (NT_STATUS_IS_OK(status)) {
- *server_returned_info = user_info_dc;
+ status = auth_check_password(auth_ctx, mem_ctx, user_info,
+ &user_info_dc);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- if (user_session_key) {
- DEBUG(10, ("Got NT session key of length %u\n",
-
(unsigned)user_info_dc->user_session_key.length));
- *user_session_key = user_info_dc->user_session_key;
- talloc_steal(mem_ctx, user_session_key->data);
- user_info_dc->user_session_key = data_blob_null;
- }
+ *server_returned_info = user_info_dc;
- if (lm_session_key) {
- DEBUG(10, ("Got LM session key of length %u\n",
-
(unsigned)user_info_dc->lm_session_key.length));
- *lm_session_key = user_info_dc->lm_session_key;
- talloc_steal(mem_ctx, lm_session_key->data);
- user_info_dc->lm_session_key = data_blob_null;
- }
+ if (user_session_key) {
+ DEBUG(10, ("Got NT session key of length %u\n",
+ (unsigned)user_info_dc->user_session_key.length));
+ *user_session_key = user_info_dc->user_session_key;
+ talloc_steal(mem_ctx, user_session_key->data);
+ user_info_dc->user_session_key = data_blob_null;
}
- return status;
+ if (lm_session_key) {
+ DEBUG(10, ("Got LM session key of length %u\n",
+ (unsigned)user_info_dc->lm_session_key.length));
+ *lm_session_key = user_info_dc->lm_session_key;
+ talloc_steal(mem_ctx, lm_session_key->data);
+ user_info_dc->lm_session_key = data_blob_null;
+ }
+
+ return NT_STATUS_OK;
}
struct auth_check_password_state {
@@ -280,8 +284,14 @@ _PUBLIC_ struct tevent_req
*auth_check_password_send(TALLOC_CTX *mem_ctx,
state->user_info = user_info;
if (!user_info->mapped_state) {
- nt_status = map_user_info(auth_ctx->sam_ctx, req,
lpcfg_workgroup(auth_ctx->lp_ctx),
- user_info, &user_info_tmp);
+ int server_role = lpcfg_server_role(auth_ctx->lp_ctx);
+
+ nt_status = map_user_info(
+ auth_ctx->sam_ctx, req,
+ server_role == ROLE_ACTIVE_DIRECTORY_DC,
+ lpcfg_workgroup(auth_ctx->lp_ctx),
+ user_info, &user_info_tmp);
+
if (tevent_req_nterror(req, nt_status)) {
return tevent_req_post(req, ev);
}
diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c
index 3e5a0da..e3d196c 100644
--- a/source4/auth/ntlm/auth_util.c
+++ b/source4/auth/ntlm/auth_util.c
@@ -128,12 +128,11 @@ static NTSTATUS map_user_info_cracknames(struct
ldb_context *sam_ctx,
return NT_STATUS_NO_MEMORY;
}
} else {
- char *domain_name;
+ const char *domain_name = default_domain;
if (user_info->client.domain_name &&
*user_info->client.domain_name) {
- domain_name = talloc_asprintf(tmp_ctx, "%s\\",
user_info->client.domain_name);
- } else {
- domain_name = talloc_strdup(tmp_ctx, default_domain);
+ domain_name = user_info->client.domain_name;
}
+ domain_name = talloc_asprintf(tmp_ctx, "%s\\", domain_name);
if (domain_name == NULL) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
@@ -222,6 +221,7 @@ static NTSTATUS map_user_info_cracknames(struct ldb_context
*sam_ctx,
****************************************************************************/
NTSTATUS map_user_info(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
+ bool is_ad_dc,
const char *default_domain,
const struct auth_usersupplied_info *user_info,
struct auth_usersupplied_info **user_info_mapped)
@@ -231,7 +231,7 @@ NTSTATUS map_user_info(struct ldb_context *sam_ctx,
char *d;
TALLOC_CTX *tmp_ctx;
- if (sam_ctx != NULL) {
+ if (is_ad_dc) {
/* if possible, use cracknames to parse the
domain/account */
return map_user_info_cracknames(sam_ctx, mem_ctx,
default_domain, user_info, user_info_mapped);
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index ad4ef5c..596343a 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -679,7 +679,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx,
return WERR_NOT_ENOUGH_MEMORY;
}
- /* Ensure we reject compleate junk first */
+ /* Ensure we reject complete junk first */
ret = krb5_parse_name(smb_krb5_context->krb5_context, name,
&principal);
if (ret) {
info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
--
Samba Shared Repository
