The branch, master has been updated
via c28be406746 auth:creds: Guess the username first via getpwuid(my_id)
via 711d01ff205 auth:creds: Remove trailing spaces
from a7f6c60cb03 s3:winbindd: fix "allow trusted domains = no" regression
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c28be4067463e582e378df402f812e510883d606
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 10 12:06:51 2021 +0100
auth:creds: Guess the username first via getpwuid(my_id)
If we have a container, we often don't have USER or LOGNAME set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14883
Tested-by: Anoop C S <anoo...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Wed Nov 10 19:11:53 UTC 2021 on sn-devel-184
commit 711d01ff205fe536688598bbdb7d1766c17ece2a
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 10 12:01:20 2021 +0100
auth:creds: Remove trailing spaces
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 125 +++++++++++++++++++++++------------------
1 file changed, 69 insertions(+), 56 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 02a3cf3b354..67644e806e4 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
User credentials handling
@@ -6,17 +6,17 @@
Copyright (C) Jelmer Vernooij 2005
Copyright (C) Tim Potter 2001
Copyright (C) Andrew Bartlett <abart...@samba.org> 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -30,12 +30,13 @@
#include "tevent.h"
#include "param/param.h"
#include "system/filesys.h"
+#include "system/passwd.h"
/**
* Create a new credentials structure
- * @param mem_ctx TALLOC_CTX parent for credentials structure
+ * @param mem_ctx TALLOC_CTX parent for credentials structure
*/
-_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
+_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
{
struct cli_credentials *cred = talloc_zero(mem_ctx, struct
cli_credentials);
if (cred == NULL) {
@@ -101,7 +102,7 @@ _PUBLIC_ void *_cli_credentials_callback_data(struct
cli_credentials *cred)
/**
* Create a new anonymous credential
- * @param mem_ctx TALLOC_CTX parent for credentials structure
+ * @param mem_ctx TALLOC_CTX parent for credentials structure
*/
_PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
{
@@ -184,11 +185,11 @@ _PUBLIC_ uint32_t
cli_credentials_get_gensec_features(struct cli_credentials *cr
_PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
{
if (cred->machine_account_pending) {
- cli_credentials_set_machine_account(cred,
+ cli_credentials_set_machine_account(cred,
cred->machine_account_pending_lp_ctx);
}
- if (cred->username_obtained == CRED_CALLBACK &&
+ if (cred->username_obtained == CRED_CALLBACK &&
!cred->callback_running) {
cred->callback_running = true;
cred->username = cred->username_cb(cred);
@@ -222,7 +223,7 @@ cli_credentials_get_username_and_obtained(struct
cli_credentials *cred,
return cli_credentials_get_username(cred);
}
-_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred,
const char *val, enum credentials_obtained
obtained)
{
if (obtained >= cred->username_obtained) {
@@ -247,7 +248,7 @@ _PUBLIC_ bool cli_credentials_set_username_callback(struct
cli_credentials *cred
return false;
}
-_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
const char *bind_dn)
{
cred->bind_dn = talloc_strdup(cred, bind_dn);
@@ -279,7 +280,7 @@ _PUBLIC_ char
*cli_credentials_get_principal_and_obtained(struct cli_credentials
cred->machine_account_pending_lp_ctx);
}
- if (cred->principal_obtained == CRED_CALLBACK &&
+ if (cred->principal_obtained == CRED_CALLBACK &&
!cred->callback_running) {
cred->callback_running = true;
cred->principal = cred->principal_cb(cred);
@@ -320,7 +321,7 @@ _PUBLIC_ char
*cli_credentials_get_principal_and_obtained(struct cli_credentials
if (effective_realm != NULL && strlen(effective_realm) != 0) {
*obtained = effective_obtained;
- return talloc_asprintf(mem_ctx, "%s@%s",
+ return talloc_asprintf(mem_ctx, "%s@%s",
effective_username,
effective_realm);
}
@@ -341,8 +342,8 @@ _PUBLIC_ char *cli_credentials_get_principal(struct
cli_credentials *cred, TALLO
return cli_credentials_get_principal_and_obtained(cred, mem_ctx,
&obtained);
}
-_PUBLIC_ bool cli_credentials_set_principal(struct cli_credentials *cred,
- const char *val,
+_PUBLIC_ bool cli_credentials_set_principal(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained)
{
if (obtained >= cred->principal_obtained) {
@@ -377,7 +378,7 @@ _PUBLIC_ bool cli_credentials_set_principal_callback(struct
cli_credentials *cre
* function to determine if authentication has been explicitly
* requested */
-_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials
*cred)
+_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials
*cred)
{
uint32_t gensec_features = 0;
@@ -436,7 +437,7 @@ _PUBLIC_ const char *cli_credentials_get_password(struct
cli_credentials *cred)
cred->machine_account_pending_lp_ctx);
}
- if (cred->password_obtained == CRED_CALLBACK &&
+ if (cred->password_obtained == CRED_CALLBACK &&
!cred->callback_running &&
!cred->password_will_be_nt_hash) {
cred->callback_running = true;
@@ -474,8 +475,8 @@ cli_credentials_get_password_and_obtained(struct
cli_credentials *cred,
/* Set a password on the credentials context, including an indication
* of 'how' the password was obtained */
-_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
- const char *val,
+_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained)
{
if (obtained >= cred->password_obtained) {
@@ -562,8 +563,8 @@ _PUBLIC_ const char
*cli_credentials_get_old_password(struct cli_credentials *cr
return cred->old_password;
}
-_PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
- const char *val,
+_PUBLIC_ bool cli_credentials_set_old_password(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained)
{
cred->old_password = talloc_strdup(cred, val);
@@ -711,7 +712,7 @@ _PUBLIC_ struct samr_Password
*cli_credentials_get_old_nt_hash(struct cli_creden
/**
* Obtain the 'short' or 'NetBIOS' domain for this credentials context.
* @param cred credentials context
- * @retval The domain set on this context.
+ * @retval The domain set on this context.
* @note Return value will never be NULL except by programmer error.
*/
_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
@@ -721,7 +722,7 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct
cli_credentials *cred)
cred->machine_account_pending_lp_ctx);
}
- if (cred->domain_obtained == CRED_CALLBACK &&
+ if (cred->domain_obtained == CRED_CALLBACK &&
!cred->callback_running) {
cred->callback_running = true;
cred->domain = cred->domain_cb(cred);
@@ -736,8 +737,8 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct
cli_credentials *cred)
}
-_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
- const char *val,
+_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained)
{
if (obtained >= cred->domain_obtained) {
@@ -746,7 +747,7 @@ _PUBLIC_ bool cli_credentials_set_domain(struct
cli_credentials *cred,
* calculations */
cred->domain = strupper_talloc(cred, val);
cred->domain_obtained = obtained;
- /* setting domain does not mean we have to invalidate ccache
+ /* setting domain does not mean we have to invalidate ccache
* because domain in not used for Kerberos operations.
* If ccache invalidation is required, one will anyway specify
* a password to kinit, and that will force invalidation of the
ccache
@@ -772,17 +773,17 @@ bool cli_credentials_set_domain_callback(struct
cli_credentials *cred,
/**
* Obtain the Kerberos realm for this credentials context.
* @param cred credentials context
- * @retval The realm set on this context.
+ * @retval The realm set on this context.
* @note Return value will never be NULL except by programmer error.
*/
_PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred)
-{
+{
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
cred->machine_account_pending_lp_ctx);
}
- if (cred->realm_obtained == CRED_CALLBACK &&
+ if (cred->realm_obtained == CRED_CALLBACK &&
!cred->callback_running) {
cred->callback_running = true;
cred->realm = cred->realm_cb(cred);
@@ -800,8 +801,8 @@ _PUBLIC_ const char *cli_credentials_get_realm(struct
cli_credentials *cred)
* Set the realm for this credentials context, and force it to
* uppercase for the sanity of our local kerberos libraries
*/
-_PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred,
- const char *val,
+_PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained)
{
if (obtained >= cred->realm_obtained) {
@@ -830,12 +831,12 @@ bool cli_credentials_set_realm_callback(struct
cli_credentials *cred,
* Obtain the 'short' or 'NetBIOS' workstation name for this credentials
context.
*
* @param cred credentials context
- * @retval The workstation name set on this context.
+ * @retval The workstation name set on this context.
* @note Return value will never be NULL except by programmer error.
*/
_PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials
*cred)
{
- if (cred->workstation_obtained == CRED_CALLBACK &&
+ if (cred->workstation_obtained == CRED_CALLBACK &&
!cred->callback_running) {
cred->callback_running = true;
cred->workstation = cred->workstation_cb(cred);
@@ -848,8 +849,8 @@ _PUBLIC_ const char *cli_credentials_get_workstation(struct
cli_credentials *cre
return cred->workstation;
}
-_PUBLIC_ bool cli_credentials_set_workstation(struct cli_credentials *cred,
- const char *val,
+_PUBLIC_ bool cli_credentials_set_workstation(struct cli_credentials *cred,
+ const char *val,
enum credentials_obtained obtained)
{
if (obtained >= cred->workstation_obtained) {
@@ -893,7 +894,7 @@ _PUBLIC_ void cli_credentials_parse_string(struct
cli_credentials *credentials,
return;
}
- uname = talloc_strdup(credentials, data);
+ uname = talloc_strdup(credentials, data);
uname_free = uname;
if ((p = strchr_m(uname,'%'))) {
@@ -980,10 +981,10 @@ _PUBLIC_ char *cli_credentials_get_unparsed_name(struct
cli_credentials *credent
} else {
cli_credentials_get_ntlm_username_domain(credentials, mem_ctx,
&username, &domain);
if (domain && domain[0]) {
- name = talloc_asprintf(mem_ctx, "%s\\%s",
+ name = talloc_asprintf(mem_ctx, "%s\\%s",
domain, username);
} else {
- name = talloc_asprintf(mem_ctx, "%s",
+ name = talloc_asprintf(mem_ctx, "%s",
username);
}
}
@@ -1149,9 +1150,9 @@ _PUBLIC_ bool cli_credentials_set_conf(struct
cli_credentials *cred,
}
/**
- * Guess defaults for credentials from environment variables,
+ * Guess defaults for credentials from environment variables,
* and from the configuration file
- *
+ *
* @param cred Credentials structure to fill in
*/
_PUBLIC_ bool cli_credentials_guess(struct cli_credentials *cred,
@@ -1159,6 +1160,7 @@ _PUBLIC_ bool cli_credentials_guess(struct
cli_credentials *cred,
{
const char *error_string;
const char *env = NULL;
+ struct passwd *pwd = NULL;
bool ok;
if (lp_ctx != NULL) {
@@ -1168,6 +1170,17 @@ _PUBLIC_ bool cli_credentials_guess(struct
cli_credentials *cred,
}
}
+ pwd = getpwuid(getuid());
+ if (pwd != NULL) {
+ size_t len = strlen(pwd->pw_name);
+
+ if (len > 0 && len <= 1024) {
+ (void)cli_credentials_parse_string(cred,
+ pwd->pw_name,
+ CRED_GUESS_ENV);
+ }
+ }
+
env = getenv("LOGNAME");
if (env != NULL) {
size_t len = strlen(env);
@@ -1258,7 +1271,7 @@ _PUBLIC_ void cli_credentials_set_netlogon_creds(
}
/**
- * Return attached NETLOGON credentials
+ * Return attached NETLOGON credentials
*/
_PUBLIC_ struct netlogon_creds_CredentialState
*cli_credentials_get_netlogon_creds(struct cli_credentials *cred)
@@ -1266,7 +1279,7 @@ _PUBLIC_ struct netlogon_creds_CredentialState
*cli_credentials_get_netlogon_cre
return cred->netlogon_creds;
}
-/**
+/**
* Set NETLOGON secure channel type
*/
@@ -1285,7 +1298,7 @@ _PUBLIC_ time_t
cli_credentials_get_password_last_changed_time(struct cli_creden
return cred->password_last_changed_time;
}
-/**
+/**
* Set NETLOGON secure channel type
*/
@@ -1307,7 +1320,7 @@ _PUBLIC_ enum netr_SchannelType
cli_credentials_get_secure_channel_type(struct c
/**
* Fill in a credentials structure as the anonymous user
*/
-_PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred)
+_PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred)
{
cli_credentials_set_username(cred, "", CRED_SPECIFIED);
cli_credentials_set_domain(cred, "", CRED_SPECIFIED);
@@ -1328,7 +1341,7 @@ _PUBLIC_ void cli_credentials_set_anonymous(struct
cli_credentials *cred)
_PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
{
const char *username;
-
+
/* if bind dn is set it's not anonymous */
if (cred->bind_dn) {
return false;
@@ -1345,7 +1358,7 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct
cli_credentials *cred)
}
username = cli_credentials_get_username(cred);
-
+
/* Yes, it is deliberate that we die if we have a NULL pointer
* here - anonymous is "", not NULL, which is 'never specified,
* never guessed', ie programmer bug */
@@ -1357,7 +1370,7 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct
cli_credentials *cred)
}
/**
- * Mark the current password for a credentials struct as wrong. This will
+ * Mark the current password for a credentials struct as wrong. This will
* cause the password to be prompted again (if a callback is set).
*
* This will decrement the number of times the password can be tried.
@@ -1384,9 +1397,9 @@ _PUBLIC_ bool cli_credentials_wrong_password(struct
cli_credentials *cred)
return true;
}
-_PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials
*cred, TALLOC_CTX *mem_ctx,
- const char **username,
- const char **domain)
+_PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials
*cred, TALLOC_CTX *mem_ctx,
+ const char **username,
+ const char **domain)
{
if (cred->principal_obtained >= cred->username_obtained) {
*domain = talloc_strdup(mem_ctx, "");
@@ -1401,11 +1414,11 @@ _PUBLIC_ void
cli_credentials_get_ntlm_username_domain(struct cli_credentials *c
* Read a named file, and parse it for username, domain, realm and password
*
* @param credentials Credentials structure on which to set the password
- * @param file a named file to read the details from
+ * @param file a named file to read the details from
* @param obtained This enum describes how 'specified' this password is
*/
-_PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const
char *file, enum credentials_obtained obtained)
+_PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const
char *file, enum credentials_obtained obtained)
{
uint16_t len = 0;
char *ptr, *val, *param;
@@ -1505,7 +1518,7 @@ _PUBLIC_ bool cli_credentials_parse_file(struct
cli_credentials *cred, const cha
* Read a named file, and parse it for a password
*
* @param credentials Credentials structure on which to set the password
- * @param file a named file to read the password from
+ * @param file a named file to read the password from
* @param obtained This enum describes how 'specified' this password is
*/
@@ -1523,7 +1536,7 @@ _PUBLIC_ bool cli_credentials_parse_password_file(struct
cli_credentials *creden
ret = cli_credentials_parse_password_fd(credentials, fd, obtained);
close(fd);
-
+
return ret;
}
@@ -1532,11 +1545,11 @@ _PUBLIC_ bool
cli_credentials_parse_password_file(struct cli_credentials *creden
* Read a file descriptor, and parse it for a password (eg from a file or
stdin)
*
* @param credentials Credentials structure on which to set the password
- * @param fd open file descriptor to read the password from
+ * @param fd open file descriptor to read the password from
* @param obtained This enum describes how 'specified' this password is
*/
-_PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials
*credentials,
+_PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials
*credentials,
int fd, enum credentials_obtained
obtained)
{
char *p;
--
Samba Shared Repository
