The branch, master has been updated
via 6830b796ac8 s3:/winbindd: remove parse_domain_user_fstr
via 5640d7ab6c9 s3/winbindd: use parse_domain_user instead of
parse_domain_user_fstr
via b4bdd341a71 s3/winbindd: replace use of parse_domain_user_fstr with
parse_domain_user
via 89fb5eee53c s3/winbindd: replace parse_domain_user_fn with
parse_domain_user
via b5427ef86bb s3/winbindd: use parse_domain_user instead of
parse_domain_user_fstr
via 9d5652ec021 s3/winbindd: use parse_domain_user instead of
parse_domain_user_fstr
via f734b1b2fca s3/winbindd: use parse_domain_user_fstr instead of
parse_domain_user
via d4341d48842 s3/winbindd: Add new parse_domain_user function
via 87a919082b9 s3/winbindd: rename parse_domain_user to
parse_domain_user_fstr
via c6fe21e138d s3/winbindd: remove canonicalize_username_fstr
via d1beafe7ccf s3/winbindd: in winbindd_pam_chauthtok_send use
canonicalize_username
via be6ed28f02f s3/winbindd: in winbindd_pam_auth_send use
canonicalize_username
via 85e8d33a33c s3/winbindd: in winbindd_pam_logoff_send use
canonicalize_username
via aa3febfddc7 s3/winbindd: in winbindd_ccache_save use
canonicalize_username
via 2e06bf9feb3 s3/winbindd: Add new canonicalize_username function
via 7e1f210b9af s3/winbindd: rename canonicalize_username to
canonicalize_username_fstr
via 9267d9b2683 s3/winbind: Ensure parse_domain_user() can't write
beyond the end of domain[]
from 3f4f80edba2 smb2_server: monitor connections with TEVENT_FD_ERROR
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6830b796ac8937c8171f8f834c17f0cb7acf68b5
Author: Noel Power <[email protected]>
Date: Mon Oct 23 15:12:39 2023 +0100
s3:/winbindd: remove parse_domain_user_fstr
Last caller of parse_domain_user_fstr has been removed so
we can safely remove the function
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Noel Power <[email protected]>
Autobuild-Date(master): Tue Oct 24 13:47:16 UTC 2023 on atb-devel-224
commit 5640d7ab6c9ba3928a7ee79503977ffcb263c3da
Author: Noel Power <[email protected]>
Date: Mon Oct 23 15:09:25 2023 +0100
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In canonicalize_username replace use of parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit b4bdd341a71e26008d1b69663bb625f491fd08c9
Author: Noel Power <[email protected]>
Date: Fri Oct 20 12:36:35 2023 +0100
s3/winbindd: replace use of parse_domain_user_fstr with parse_domain_user
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 89fb5eee53c969f8375238e52dbe04f3d9568fe5
Author: Noel Power <[email protected]>
Date: Fri Oct 20 12:22:10 2023 +0100
s3/winbindd: replace parse_domain_user_fn with parse_domain_user
In winbindd_getgrnam_send use parse_domain_user instead of
parse_domain_user_fstr
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit b5427ef86bb1912ef5509141342e1a5c5ab074d7
Author: Noel Power <[email protected]>
Date: Fri Oct 20 12:10:37 2023 +0100
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
In winbindd_ccache_ntlm_auth replace use of parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 9d5652ec021f7bcdeac95a31810ddcf8eaf6c9f4
Author: Noel Power <[email protected]>
Date: Fri Oct 20 12:09:17 2023 +0100
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
in winbindd_getpwnam_send replace parse_domain_user_fstr with
parse_domain_user
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit f734b1b2fcad1d77a1aab83f999f86c8eb3f15f6
Author: Noel Power <[email protected]>
Date: Fri Oct 20 11:53:10 2023 +0100
s3/winbindd: use parse_domain_user_fstr instead of parse_domain_user
in winbindd_getgroups_send replace parse_domain_user_fstr
with parse_domain_user
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit d4341d4884244b6dbc7cce8f0ef150964fcacc86
Author: Noel Power <[email protected]>
Date: Fri Oct 20 11:46:56 2023 +0100
s3/winbindd: Add new parse_domain_user function
Adds a new parse_domain_user function which doesn't use fstrings
but instead uses talloc allocated out strings (created from passed in
ctx)
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 87a919082b9981b6dfac1b99f8982c01a19931d5
Author: Noel Power <[email protected]>
Date: Sat Oct 21 21:35:06 2023 +0100
s3/winbindd: rename parse_domain_user to parse_domain_user_fstr
prepare to port parse_domain_user function to not use fstrings.
rename function parse_domain_user (and all callers) to use
parse_domain_user_fstr
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit c6fe21e138db6615b99eb5e708e54f7082edb5f7
Author: Noel Power <[email protected]>
Date: Sat Oct 21 12:41:39 2023 +0100
s3/winbindd: remove canonicalize_username_fstr
not longer any callers to canonicalize_username_fstr so it
can be removed
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit d1beafe7ccf583492ead32742296093c5126ad30
Author: Noel Power <[email protected]>
Date: Sat Oct 21 21:29:34 2023 +0100
s3/winbindd: in winbindd_pam_chauthtok_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit be6ed28f02f1b62bbb4248e8cd9afcc54b04133a
Author: Noel Power <[email protected]>
Date: Sat Oct 21 12:24:01 2023 +0100
s3/winbindd: in winbindd_pam_auth_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 85e8d33a33c244c3c01833e4bf7397bd0c64c274
Author: Noel Power <[email protected]>
Date: Sat Oct 21 12:13:19 2023 +0100
s3/winbindd: in winbindd_pam_logoff_send use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit aa3febfddc7c070a1f4cc3c1d744af472d9d995e
Author: Noel Power <[email protected]>
Date: Sat Oct 21 12:06:10 2023 +0100
s3/winbindd: in winbindd_ccache_save use canonicalize_username
replace use of canonicalize_username_fstr with canonicalize_username
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 2e06bf9feb3d6f14fa981c9b79f6fb89311f781f
Author: Noel Power <[email protected]>
Date: Sat Oct 21 11:47:30 2023 +0100
s3/winbindd: Add new canonicalize_username function
Add a mew canonicalize_username replacement function for
canonicalize_username_fstr which doesn't use fstrings but instead
uses talloc allocated strings
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 7e1f210b9afbe76a3825cb606e7ef2be4044bcad
Author: Noel Power <[email protected]>
Date: Sat Oct 21 11:17:46 2023 +0100
s3/winbindd: rename canonicalize_username to canonicalize_username_fstr
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 9267d9b2683cb66c6b0252aabca13f8d0c95c4aa
Author: Noel Power <[email protected]>
Date: Sun Oct 22 11:30:19 2023 +0100
s3/winbind: Ensure parse_domain_user() can't write beyond the end of
domain[]
fail if we try to write beyond the fstring boundry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15467
Signed-off-by: Noel Power <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_ccache_access.c | 52 +++++++++----
source3/winbindd/winbindd_getgrnam.c | 19 +++--
source3/winbindd/winbindd_getgroups.c | 14 ++--
source3/winbindd/winbindd_getpwnam.c | 15 ++--
source3/winbindd/winbindd_pam.c | 112 +++++++++++++++++++--------
source3/winbindd/winbindd_pam_auth.c | 19 +++--
source3/winbindd/winbindd_pam_chauthtok.c | 17 ++--
source3/winbindd/winbindd_pam_logoff.c | 20 +++--
source3/winbindd/winbindd_proto.h | 50 ++++++++++--
source3/winbindd/winbindd_util.c | 124 ++++++++++++++++++++++--------
10 files changed, 318 insertions(+), 124 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_ccache_access.c
b/source3/winbindd/winbindd_ccache_access.c
index f18a1d25f88..cc395ad3bda 100644
--- a/source3/winbindd/winbindd_ccache_access.c
+++ b/source3/winbindd/winbindd_ccache_access.c
@@ -26,6 +26,7 @@
#include "winbindd.h"
#include "auth/gensec/gensec.h"
#include "auth_generic.h"
+#include "lib/util/string_wrappers.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
@@ -183,7 +184,10 @@ static bool check_client_uid(struct winbindd_cli_state
*state, uid_t uid)
bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- fstring name_namespace, name_domain, name_user;
+ char *name_namespace = NULL;
+ char *name_domain = NULL;
+ char *name_user = NULL;
+ char *auth_user = NULL;
NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
struct WINBINDD_MEMORY_CREDS *entry;
DATA_BLOB initial, challenge, auth;
@@ -199,16 +203,21 @@ bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state
*state)
/* Parse domain and username */
- ok = canonicalize_username(state->request->data.ccache_ntlm_auth.user,
- name_namespace,
- name_domain,
- name_user);
+ auth_user = state->request->data.ccache_ntlm_auth.user;
+ ok = canonicalize_username(state,
+ &auth_user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and
user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
return false;
}
+ fstrcpy(state->request->data.ccache_ntlm_auth.user, auth_user);
+ TALLOC_FREE(auth_user);
+
domain = find_auth_domain(state->request->flags, name_domain);
if (domain == NULL) {
@@ -239,11 +248,15 @@ bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state
*state)
goto process_result;
}
+ TALLOC_FREE(name_namespace);
+ TALLOC_FREE(name_domain);
+ TALLOC_FREE(name_user);
/* Parse domain and username */
- ok = parse_domain_user(state->request->data.ccache_ntlm_auth.user,
- name_namespace,
- name_domain,
- name_user);
+ ok = parse_domain_user(state,
+ state->request->data.ccache_ntlm_auth.user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse "
"domain and user from name [%s]\n",
@@ -306,13 +319,19 @@ bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state
*state)
data_blob_free(&auth);
process_result:
+ TALLOC_FREE(name_namespace);
+ TALLOC_FREE(name_domain);
+ TALLOC_FREE(name_user);
return NT_STATUS_IS_OK(result);
}
bool winbindd_ccache_save(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- fstring name_namespace, name_domain, name_user;
+ char *name_namespace = NULL;
+ char *name_domain = NULL;
+ char *name_user = NULL;
+ char *save_user = NULL;
NTSTATUS status;
bool ok;
@@ -328,10 +347,13 @@ bool winbindd_ccache_save(struct winbindd_cli_state
*state)
/* Parse domain and username */
- ok = canonicalize_username(state->request->data.ccache_save.user,
- name_namespace,
- name_domain,
- name_user);
+
+ save_user = state->request->data.ccache_save.user;
+ ok = canonicalize_username(state,
+ &save_user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
DEBUG(5,("winbindd_ccache_save: cannot parse domain and user "
"from name [%s]\n",
@@ -339,6 +361,8 @@ bool winbindd_ccache_save(struct winbindd_cli_state *state)
return false;
}
+ fstrcpy(state->request->data.ccache_save.user, save_user);
+
/*
* The domain is checked here only for compatibility
* reasons. We used to do the winbindd memory ccache for
diff --git a/source3/winbindd/winbindd_getgrnam.c
b/source3/winbindd/winbindd_getgrnam.c
index 89a1ba83218..6b277c2dc97 100644
--- a/source3/winbindd/winbindd_getgrnam.c
+++ b/source3/winbindd/winbindd_getgrnam.c
@@ -24,7 +24,9 @@
struct winbindd_getgrnam_state {
struct tevent_context *ev;
- fstring name_namespace, name_domain, name_group;
+ char *name_namespace;
+ char *name_domain;
+ char *name_group;
struct dom_sid sid;
const char *domname;
const char *name;
@@ -73,10 +75,10 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX
*mem_ctx,
/* Parse domain and groupname */
- ok = parse_domain_user(tmp,
- state->name_namespace,
- state->name_domain,
- state->name_group);
+ ok = parse_domain_user(state, tmp,
+ &state->name_namespace,
+ &state->name_domain,
+ &state->name_group);
if (!ok) {
DBG_INFO("Could not parse domain user: %s\n", tmp);
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
@@ -88,7 +90,12 @@ struct tevent_req *winbindd_getgrnam_send(TALLOC_CTX
*mem_ctx,
if ( !*(state->name_domain) || strequal(state->name_domain,
get_global_sam_name()) ) {
- fstrcpy(state->name_domain, get_global_sam_name());
+ TALLOC_FREE(state->name_domain);
+ state->name_domain = talloc_strdup(state,
+ get_global_sam_name());
+ if (tevent_req_nomem(state->name_domain, req)) {
+ return tevent_req_post(req, ev);
+ }
}
subreq = wb_lookupname_send(state, ev,
diff --git a/source3/winbindd/winbindd_getgroups.c
b/source3/winbindd/winbindd_getgroups.c
index c2603cc7026..c1c108e4155 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -24,9 +24,9 @@
struct winbindd_getgroups_state {
struct tevent_context *ev;
- fstring namespace;
- fstring domname;
- fstring username;
+ char *namespace;
+ char *domname;
+ char *username;
struct dom_sid sid;
enum lsa_SidType type;
uint32_t num_sids;
@@ -76,10 +76,10 @@ struct tevent_req *winbindd_getgroups_send(TALLOC_CTX
*mem_ctx,
domuser = mapped_user;
}
- ok = parse_domain_user(domuser,
- state->namespace,
- state->domname,
- state->username);
+ ok = parse_domain_user(state, domuser,
+ &state->namespace,
+ &state->domname,
+ &state->username);
if (!ok) {
D_WARNING("Could not parse domain user: %s\n", domuser);
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
diff --git a/source3/winbindd/winbindd_getpwnam.c
b/source3/winbindd/winbindd_getpwnam.c
index 6dd0d847595..2bf15c0fe7d 100644
--- a/source3/winbindd/winbindd_getpwnam.c
+++ b/source3/winbindd/winbindd_getpwnam.c
@@ -24,9 +24,9 @@
struct winbindd_getpwnam_state {
struct tevent_context *ev;
- fstring namespace;
- fstring domname;
- fstring username;
+ char *namespace;
+ char *domname;
+ char *username;
struct dom_sid sid;
enum lsa_SidType type;
struct winbindd_pw pw;
@@ -72,10 +72,11 @@ struct tevent_req *winbindd_getpwnam_send(TALLOC_CTX
*mem_ctx,
domuser = mapped_user;
}
- ok = parse_domain_user(domuser,
- state->namespace,
- state->domname,
- state->username);
+ ok = parse_domain_user(state,
+ domuser,
+ &state->namespace,
+ &state->domname,
+ &state->username);
if (!ok) {
D_WARNING("Could not parse domain user: %s\n", domuser);
tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 5f06465bc3e..6c890c8acd5 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -737,7 +737,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX
*mem_ctx,
const char *cc = NULL;
const char *principal_s = NULL;
char *realm = NULL;
- fstring name_namespace, name_domain, name_user;
+ char *name_namespace = NULL;
+ char *name_domain = NULL;
+ char *name_user = NULL;
time_t ticket_lifetime = 0;
time_t renewal_until = 0;
time_t time_offset = 0;
@@ -790,7 +792,11 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX
*mem_ctx,
/* 3rd step:
* do kerberos auth and setup ccache as the user */
- ok = parse_domain_user(user, name_namespace, name_domain, name_user);
+ ok = parse_domain_user(mem_ctx,
+ user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -1110,7 +1116,9 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct
winbindd_domain *domain,
TALLOC_CTX *tmp_ctx = NULL;
NTSTATUS result = NT_STATUS_LOGON_FAILURE;
uint16_t max_allowed_bad_attempts;
- fstring name_namespace, name_domain, name_user;
+ char *name_namespace = NULL;
+ char *name_domain = NULL;
+ char *name_user = NULL;
struct dom_sid sid;
enum lsa_SidType type;
uchar new_nt_pass[NT_HASH_LEN];
@@ -1142,7 +1150,11 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct
winbindd_domain *domain,
/* Parse domain and username */
- ok = parse_domain_user(user, name_namespace, name_domain, name_user);
+ ok = parse_domain_user(tmp_ctx,
+ user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
DBG_DEBUG("parse_domain_user failed\n");
result = NT_STATUS_NO_SUCH_USER;
@@ -1444,7 +1456,9 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct
winbindd_domain *domain,
{
struct netr_SamInfo6 *info6 = NULL;
struct winbindd_domain *contact_domain;
- fstring name_namespace, name_domain, name_user;
+ char *name_namespace = NULL;
+ char *name_domain = NULL;
+ char *name_user = NULL;
NTSTATUS result;
bool ok;
@@ -1452,10 +1466,11 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct
winbindd_domain *domain,
/* Parse domain and username */
- ok = parse_domain_user(user,
- name_namespace,
- name_domain,
- name_user);
+ ok = parse_domain_user(mem_ctx,
+ user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
@@ -2028,7 +2043,9 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
uint16_t *_validation_level,
union netr_Validation **_validation)
{
- fstring name_namespace, name_domain, name_user;
+ char *name_namespace = NULL;
+ char *name_domain = NULL;
+ char *name_user = NULL;
NTSTATUS result;
uint8_t authoritative = 1;
uint32_t flags = 0;
@@ -2040,7 +2057,11 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
/* Parse domain and username */
- ok = parse_domain_user(user, name_namespace, name_domain, name_user);
+ ok = parse_domain_user(mem_ctx,
+ user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -2219,7 +2240,9 @@ NTSTATUS _wbint_PamAuth(struct pipes_struct *p,
struct winbindd_domain *domain = wb_child_domain();
NTSTATUS result = NT_STATUS_LOGON_FAILURE;
NTSTATUS krb5_result = NT_STATUS_OK;
- fstring name_namespace, name_domain, name_user;
+ char *name_namespace = NULL;
+ char *name_domain = NULL;
+ char *name_user = NULL;
char *mapped_user = NULL;
const char *domain_user = NULL;
uint16_t validation_level = UINT16_MAX;
@@ -2277,10 +2300,11 @@ NTSTATUS _wbint_PamAuth(struct pipes_struct *p,
mapped_user = discard_const(r->in.info->username);
}
- ok = parse_domain_user(mapped_user,
- name_namespace,
- name_domain,
- name_user);
+ ok = parse_domain_user(p->mem_ctx,
+ mapped_user,
+ &name_namespace,
+ &name_domain,
+ &name_user);
if (!ok) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
@@ -2935,7 +2959,9 @@ NTSTATUS _wbint_PamAuthChangePassword(struct pipes_struct
*p,
struct userPwdChangeFailureInformation *reject = NULL;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- fstring namespace, domain, user;
+ char *namespace = NULL;
+ char *domain = NULL;
+ char *user = NULL;
struct dcerpc_binding_handle *b = NULL;
bool ok;
pid_t client_pid;
@@ -2956,10 +2982,11 @@ NTSTATUS _wbint_PamAuthChangePassword(struct
pipes_struct *p,
DBG_NOTICE("[%"PRIu32"]: dual pam chauthtok %s\n",
client_pid, r->in.user);
- ok = parse_domain_user(r->in.user,
- namespace,
- domain,
- user);
+ ok = parse_domain_user(p->mem_ctx,
+ r->in.user,
+ &namespace,
+ &domain,
+ &user);
if (!ok) {
goto done;
}
@@ -3221,11 +3248,14 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct
pipes_struct *p,
struct wbint_PamAuthCrapChangePassword *r)
{
NTSTATUS result;
- fstring namespace, domain, user;
+ char *namespace = NULL;
+ char *domain = NULL;
+ char *user = NULL;
struct policy_handle dom_pol;
struct winbindd_domain *contact_domain = wb_child_domain();
struct rpc_pipe_client *cli = NULL;
struct dcerpc_binding_handle *b = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
pid_t client_pid;
ZERO_STRUCT(dom_pol);
@@ -3241,10 +3271,6 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct
pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
- domain[0] = '\0';
- namespace[0] = '\0';
- user[0] = '\0';
-
DBG_NOTICE("[%"PRIu32"]: pam change pswd auth crap domain: %s "
"user: %s\n", client_pid, r->in.domain, r->in.user);
@@ -3256,14 +3282,22 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct
pipes_struct *p,
}
if (r->in.domain != NULL && strlen(r->in.domain) > 0) {
- fstrcpy(domain, r->in.domain);
+ user = talloc_strdup(frame, "");
+ namespace = talloc_strdup(frame, "");
+ domain = talloc_strdup(frame, r->in.domain);
+ if (domain == NULL || user == NULL || namespace == NULL) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
} else {
bool ok;
- ok = parse_domain_user(r->in.user,
- namespace,
- domain,
- user);
+ ok = parse_domain_user(frame,
+ r->in.user,
+ &namespace,
+ &domain,
+ &user);
if (!ok) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
@@ -3278,7 +3312,12 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct
pipes_struct *p,
}
if (!*domain && lp_winbind_use_default_domain()) {
- fstrcpy(domain,lp_workgroup());
+ TALLOC_FREE(domain);
+ domain = talloc_strdup(frame, lp_workgroup());
+ if (domain == NULL) {
+ result = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
}
if (!is_allowed_domain(domain)) {
@@ -3291,7 +3330,12 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct
pipes_struct *p,
}
if(!*user) {
- fstrcpy(user, r->in.user);
+ TALLOC_FREE(user);
+ user = talloc_strdup(frame, r->in.user);
+ if (user == NULL) {
+ result = NT_STATUS_NO_SUCH_USER;
+ goto done;
+ }
}
/* Get sam handle */
@@ -3337,7 +3381,7 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct
pipes_struct *p,
domain, user,
nt_errstr(result),
nt_status_to_pam(result)));
-
+ TALLOC_FREE(frame);
return result;
}
diff --git a/source3/winbindd/winbindd_pam_auth.c
b/source3/winbindd/winbindd_pam_auth.c
index a59f33ef631..431da098f0b 100644
--- a/source3/winbindd/winbindd_pam_auth.c
+++ b/source3/winbindd/winbindd_pam_auth.c
@@ -70,9 +70,9 @@ static NTSTATUS fake_password_policy(struct winbindd_response
*r,
struct winbindd_pam_auth_state {
struct wbint_PamAuth *r;
- fstring name_namespace;
- fstring name_domain;
- fstring name_user;
+ char *name_namespace;
+ char *name_domain;
+ char *name_user;
};
static void winbindd_pam_auth_done(struct tevent_req *subreq);
@@ -86,6 +86,7 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX *mem_ctx,
struct winbindd_pam_auth_state *state;
struct winbindd_domain *domain;
char *mapped = NULL;
+ char *auth_user = NULL;
NTSTATUS status;
bool ok;
--
Samba Shared Repository
