Jeremy.
cli_ulogoff(cli);
if (NT_STATUS_IS_OK(nt_status)) {
- fstring real_username;
- struct passwd *pass;
+ char *real_username = NULL;
+ struct passwd *pass = NULL;
- if ( (pass = smb_getpwnam( NULL, user_info->mapped.account_name,
- real_username, True )) != NULL )
+ if ( (pass = smb_getpwnam(talloc_tos(), user_info->mapped.account_name,
+ &real_username, True )) != NULL )
{
nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
TALLOC_FREE(pass);
+ TALLOC_FREE(real_username);
}
else
{
const char *domain;
NTSTATUS result;
bool was_mapped;
- fstring internal_username;
- fstrcpy(internal_username, smb_name);
- was_mapped = map_username(internal_username);
+ char *internal_username = NULL;
+
+ was_mapped = map_username(talloc_tos(), smb_name, &internal_username);
+ if (!internal_username) {
+ return NT_STATUS_NO_MEMORY;
+ }
DEBUG(5, ("Mapping user [%s]\\[%s] from workstation [%s]\n",
client_domain, smb_name, workstation_name));
struct passwd **pwd,
bool *username_was_mapped)
{
- fstring dom_user, lower_username;
- fstring real_username;
+ char *orig_dom_user = NULL;
+ char *dom_user = NULL;
+ char *lower_username = NULL;
+ char *real_username = NULL;
struct passwd *passwd;
- fstrcpy( lower_username, username );
+ lower_username = talloc_strdup(mem_ctx, username);
+ if (!lower_username) {
+ return NT_STATUS_NO_MEMORY;
+ }
strlower_m( lower_username );
- fstr_sprintf(dom_user, "%s%c%s", domain, *lp_winbind_separator(),
- lower_username);
+ orig_dom_user = talloc_asprintf(mem_ctx,
+ "%s%c%s",
+ domain,
+ *lp_winbind_separator(),
+ lower_username);
+ if (!orig_dom_user) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* Get the passwd struct. Try to create the account if necessary. */
- *username_was_mapped = map_username(dom_user);
+ *username_was_mapped = map_username(mem_ctx, orig_dom_user, &dom_user);
+ if (!dom_user) {
+ return NT_STATUS_NO_MEMORY;
+ }
- passwd = smb_getpwnam( NULL, dom_user, real_username, True );
+ passwd = smb_getpwnam(mem_ctx, dom_user, &real_username, True );
if (!passwd) {
DEBUG(3, ("Failed to find authenticated user %s via "
"getpwnam(), denying access.\n", dom_user));
return NT_STATUS_NO_SUCH_USER;
}
+ if (!real_username) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
*pwd = passwd;
/* This is pointless -- there is no suport for differing
****************************************************************************/
struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
- fstring save_username, bool create )
+ char **p_save_username, bool create )
{
struct passwd *pw = NULL;
- char *p;
- fstring username;
+ char *p = NULL;
+ char *username = NULL;
/* we only save a copy of the username it has been mangled
by winbindd use default domain */
-
- save_username[0] = '\0';
+ *p_save_username = NULL;
/* don't call map_username() here since it has to be done higher
up the stack so we don't call it multiple times */
- fstrcpy( username, domuser );
+ username = talloc_strdup(mem_ctx, domuser);
+ if (!username) {
+ return NULL;
+ }
p = strchr_m( username, *lp_winbind_separator() );
/* code for a DOMAIN\user string */
if ( p ) {
- fstring strip_username;
-
pw = Get_Pwnam_alloc( mem_ctx, domuser );
- if ( pw ) {
+ if ( pw ) {
/* make sure we get the case of the username correct */
/* work around 'winbind use default domain = yes' */
*p = '\0';
domain = username;
- fstr_sprintf(save_username, "%s%c%s", domain, *lp_winbind_separator(), pw->pw_name);
+ *p_save_username = talloc_asprintf(mem_ctx,
+ "%s%c%s",
+ domain,
+ *lp_winbind_separator(),
+ pw->pw_name);
+ if (!*p_save_username) {
+ TALLOC_FREE(pw);
+ return NULL;
+ }
+ } else {
+ *p_save_username = talloc_strdup(mem_ctx, pw->pw_name);
}
- else
- fstrcpy( save_username, pw->pw_name );
- /* whew -- done! */
+ /* whew -- done! */
return pw;
}
/* remember that p and username are overlapping memory */
p++;
- fstrcpy( strip_username, p );
- fstrcpy( username, strip_username );
+ username = talloc_strdup(mem_ctx, p);
+ if (!username) {
+ return NULL;
+ }
}
/* just lookup a plain username */
/* one last check for a valid passwd struct */
- if ( pw )
- fstrcpy( save_username, pw->pw_name );
-
+ if (pw) {
+ *p_save_username = talloc_strdup(mem_ctx, pw->pw_name);
+ }
return pw;
}
char *realm = NULL;
char *user = NULL;
char *p;
- fstring fuser;
- fstring unixuser;
+ char *fuser = NULL;
+ char *unixuser = NULL;
struct passwd *pw = NULL;
DEBUG(3, ("Kerberos ticket principal name is [%s]\n", princ_name));
DEBUG(10, ("Domain is [%s] (using Winbind)\n", domain));
}
- /* We have to use fstring for this - map_username requires it. */
- fstr_sprintf(fuser, "%s%c%s", domain, *lp_winbind_separator(), user);
+ fuser = talloc_asprintf(mem_ctx,
+ "%s%c%s",
+ domain,
+ *lp_winbind_separator(),
+ user);
+ if (!fuser) {
+ return NT_STATUS_NO_MEMORY;
+ }
- *is_mapped = map_username(fuser);
+ *is_mapped = map_username(mem_ctx, fuser, &fuser);
+ if (!fuser) {
+ return NT_STATUS_NO_MEMORY;
+ }
- pw = smb_getpwnam(mem_ctx, fuser, unixuser, true);
+ pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
if (pw) {
+ if (!unixuser) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* if a real user check pam account restrictions */
/* only really perfomed if "obey pam restriction" is true */
/* do this before an eventual mapping to guest occurs */
if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) {
*mapped_to_guest = true;
- fstrcpy(fuser, lp_guestaccount());
- pw = smb_getpwnam(mem_ctx, fuser, unixuser, true);
+ fuser = talloc_strdup(mem_ctx, lp_guestaccount());
+ if (!fuser) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
}
/* extra sanity check that the guest account is valid */
}
}
+ if (!unixuser) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
*username = talloc_strdup(mem_ctx, unixuser);
if (!*username) {
return NT_STATUS_NO_MEMORY;
return s;
}
-static bool fetch_map_from_gencache(fstring user)
+static bool fetch_map_from_gencache(TALLOC_CTX *ctx,
+ const char *user_in,
+ char **p_user_out)
{
char *key, *value;
bool found;
return false;
}
- key = talloc_asprintf_strupper_m(talloc_tos(), "USERNAME_MAP/%s",
- user);
+ key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
+ user_in);
if (key == NULL) {
return false;
}
if (!found) {
return false;
}
- fstrcpy(user, value);
- SAFE_FREE(value);
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, value);
+ if (!*p_user_out) {
+ return false;
+ }
return true;
}
-static void store_map_in_gencache(const char *from, const char *to)
+static void store_map_in_gencache(TALLOC_CTX *ctx, const char *from, const char *to)
{
char *key;
int cache_time = lp_username_map_cache_time();
return;
}
- key = talloc_asprintf_strupper_m(talloc_tos(), "USERNAME_MAP/%s",
+ key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
from);
if (key == NULL) {
return;
try lower case.
****************************************************************************/
-bool user_in_netgroup(const char *user, const char *ngname)
+bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname)
{
#ifdef HAVE_NETGROUP
static char *my_yp_domain = NULL;
- fstring lowercase_user;
+ char *lowercase_user = NULL;
if (my_yp_domain == NULL) {
yp_get_default_domain(&my_yp_domain);
* Ok, innetgr is case sensitive. Try once more with lowercase
* just in case. Attempt to fix #703. JRA.
*/
- fstrcpy(lowercase_user, user);
+ lowercase_user = talloc_strdup(ctx, user);
+ if (!lowercase_user) {
+ return false;
+ }
strlower_m(lowercase_user);
if (strcmp(user,lowercase_user) == 0) {
and netgroup lists.
****************************************************************************/
-bool user_in_list(const char *user,const char **list)
+bool user_in_list(TALLOC_CTX *ctx, const char *user,const char **list)
{
if (!list || !*list)
return False;
* Old behaviour. Check netgroup list
* followed by UNIX list.
*/
- if(user_in_netgroup(user, *list +1))
+ if(user_in_netgroup(ctx, user, *list +1))
return True;
if(user_in_group(user, *list +1))
return True;
*/
if(user_in_group(user, *list +2))
return True;
- if(user_in_netgroup(user, *list +2))
+ if(user_in_netgroup(ctx, user, *list +2))
return True;
} else {
/*
* Search netgroup list followed by UNIX list.
*/
- if(user_in_netgroup(user, *list +2))
+ if(user_in_netgroup(ctx, user, *list +2))
return True;
if(user_in_group(user, *list +2))
return True;
/*
* Just search netgroup list.
*/
- if(user_in_netgroup(user, *list +1))
+ if(user_in_netgroup(ctx, user, *list +1))
return True;
}
}
return(False);
}
-bool map_username(fstring user)
+bool map_username(TALLOC_CTX *ctx, const char *user_in, char **p_user_out)
{
XFILE *f;
char *mapfile = lp_username_map();
bool mapped_user = False;
char *cmd = lp_username_map_script();
- if (!*user)
+ *p_user_out = NULL;
+
+ if (!user_in)
+ return false;
+
+ /* Initially make a copy of the incoming name. */
+ *p_user_out = talloc_strdup(ctx, user_in);
+ if (!*p_user_out) {
return false;
+ }
- if (strequal(user,get_last_to()))
+ if (strequal(user_in,get_last_to()))
return false;
- if (strequal(user,get_last_from())) {
- DEBUG(3,("Mapped user %s to %s\n",user,get_last_to()));
- fstrcpy(user,get_last_to());
+ if (strequal(user_in,get_last_from())) {
+ DEBUG(3,("Mapped user %s to %s\n",user_in,get_last_to()));
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, get_last_to());
return true;
}
- if (fetch_map_from_gencache(user)) {
+ if (fetch_map_from_gencache(ctx, user_in, p_user_out)) {
return true;
}
char *command = NULL;
int numlines, ret, fd;
- command = talloc_asprintf(talloc_tos(),
+ command = talloc_asprintf(ctx,
"%s \"%s\"",
cmd,
- user);
+ user_in);
if (!command) {
return false;
}
}
numlines = 0;
- qlines = fd_lines_load(fd, &numlines, 0, talloc_tos());
+ qlines = fd_lines_load(fd, &numlines, 0, ctx);
DEBUGADD(10,("Lines returned = [%d]\n", numlines));
close(fd);
/* should be either no lines or a single line with the mapped username */
if (numlines && qlines) {
- DEBUG(3,("Mapped user %s to %s\n", user, qlines[0] ));
- set_last_from_to(user, qlines[0]);
- store_map_in_gencache(user, qlines[0]);
- fstrcpy( user, qlines[0] );
+ DEBUG(3,("Mapped user %s to %s\n", user_in, qlines[0] ));
+ set_last_from_to(user_in, qlines[0]);
+ store_map_in_gencache(ctx, user_in, qlines[0]);
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, qlines[0]);
+ if (!*p_user_out) {
+ return false;
+ }
}
TALLOC_FREE(qlines);
/* skip lines like 'user = ' */
- dosuserlist = str_list_make_v3(talloc_tos(), dosname, NULL);
+ dosuserlist = str_list_make_v3(ctx, dosname, NULL);
if (!dosuserlist) {
DEBUG(0,("Bad username map entry. Unable to build user list. Ignoring.\n"));
continue;
}
if (strchr_m(dosname,'*') ||
- user_in_list(user, (const char **)dosuserlist)) {
- DEBUG(3,("Mapped user %s to %s\n",user,unixname));
+ user_in_list(ctx, user_in, (const char **)dosuserlist)) {
+ DEBUG(3,("Mapped user %s to %s\n",user_in,unixname));
mapped_user = True;
- set_last_from_to(user, unixname);
- store_map_in_gencache(user, unixname);
- fstrcpy( user, unixname );
+ set_last_from_to(user_in, unixname);
+ store_map_in_gencache(ctx, user_in, unixname);
+ TALLOC_FREE(*p_user_out);
+ *p_user_out = talloc_strdup(ctx, unixname);
+ if (!*p_user_out) {
+ TALLOC_FREE(dosuserlist);
+ x_fclose(f);
+ return false;
+ }
if ( return_if_mapped ) {
TALLOC_FREE(dosuserlist);
* that we don't scan the file again for the same user.
*/
- set_last_from_to(user, user);
- store_map_in_gencache(user, user);
+ set_last_from_to(user_in, user_in);
+ store_map_in_gencache(ctx, user_in, user_in);
return mapped_user;
}
const struct auth_serversupplied_info *get_server_info_system(void);
bool copy_current_user(struct current_user *dst, struct current_user *src);
struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
- fstring save_username, bool create );
+ char **p_save_username, bool create );
NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
/* The following definitions come from auth/user_util.c */
-bool map_username(fstring user);
+bool map_username(TALLOC_CTX *ctx, const char *user_in, char **p_user_out);
/* The following definitions come from auth/user_krb5.c */
struct PAC_LOGON_INFO;
void add_session_workgroup(struct smbd_server_connection *sconn,
const char *workgroup);
const char *get_session_workgroup(struct smbd_server_connection *sconn);
-bool user_in_netgroup(const char *user, const char *ngname);
-bool user_in_list(const char *user,const char **list);
+bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname);
+bool user_in_list(TALLOC_CTX *ctx, const char *user,const char **list);
bool authorise_login(struct smbd_server_connection *sconn,
int snum, fstring user, DATA_BLOB password,
bool *guest);
struct samr_ChangePasswordUser2 *r)
{
NTSTATUS status;
- fstring user_name;
+ char *user_name = NULL;
fstring wks;
DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
- fstrcpy(user_name, r->in.account->string);
+ if (!r->in.account->string) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
fstrcpy(wks, r->in.server->string);
DEBUG(5,("_samr_ChangePasswordUser2: user: %s wks: %s\n", user_name, wks));
* function.
*/
- (void)map_username(user_name);
+ (void)map_username(talloc_tos(), r->in.account->string, &user_name);
+ if (!user_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
/*
* UNIX username case mangling not required, pass_oem_change
struct samr_OemChangePasswordUser2 *r)
{
NTSTATUS status;
- fstring user_name;
+ char *user_name = NULL;
const char *wks = NULL;
DEBUG(5,("_samr_OemChangePasswordUser2: %d\n", __LINE__));
- fstrcpy(user_name, r->in.account->string);
+ if (!r->in.account->string) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (r->in.server && r->in.server->string) {
wks = r->in.server->string;
}
* function.
*/
- (void)map_username(user_name);
+ (void)map_username(talloc_tos(), r->in.account->string, &user_name);
+ if (!user_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
/*
* UNIX username case mangling not required, pass_oem_change
struct samr_ChangePasswordUser3 *r)
{
NTSTATUS status;
- fstring user_name;
+ char *user_name = NULL;
const char *wks = NULL;
enum samPwdChangeReason reject_reason;
struct samr_DomInfo1 *dominfo = NULL;
DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
- fstrcpy(user_name, r->in.account->string);
+ if (!r->in.account->string) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (r->in.server && r->in.server->string) {
wks = r->in.server->string;
}
* function.
*/
- (void)map_username(user_name);
+ (void)map_username(talloc_tos(), r->in.account->string, &user_name);
+ if (!user_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
/*
* UNIX username case mangling not required, pass_oem_change
* around to pass to str_list_sub_basic() */
if ( invalid && str_list_sub_basic(invalid, "", "") ) {
- ret = !user_in_list(user,
+ ret = !user_in_list(talloc_tos(), user,
(const char **)invalid);
}
}
* around to pass to str_list_sub_basic() */
if ( valid && str_list_sub_basic(valid, "", "") ) {
- ret = user_in_list(user,
+ ret = user_in_list(talloc_tos(), user,
(const char **)valid);
}
}
if (user_list &&
str_list_substitute(user_list, "%S",
lp_servicename(snum))) {
- ret = user_in_list(user,
+ ret = user_in_list(talloc_tos(), user,
(const char **)user_list);
}
TALLOC_FREE(user_list);
char *phome_dir = get_user_home_dir(talloc_tos(), service);
if(!phome_dir) {
+ char *service_out = NULL;
/*
* Try mapping the servicename, it may
* be a Windows to unix mapped user name.
*/
- if(map_username(service))
+ if(map_username(talloc_tos(), service, &service_out)) {
+ if (service_out == NULL) {
+ /* Out of memory. */
+ return -1;
+ }
+ fstrcpy(service, service_out);
phome_dir = get_user_home_dir(
talloc_tos(), service);
+ }
}
DEBUG(3,("checking for home directory %s gave %s\n",service,
/* Security = share. Try with
* current_user_info.smb_name as the username. */
if (*current_user_info.smb_name) {
- fstring unix_username;
- fstrcpy(unix_username,
- current_user_info.smb_name);
- map_username(unix_username);
+ char *unix_username = NULL;
+ (void)map_username(talloc_tos(),
+ current_user_info.smb_name,
+ &unix_username);
snum = find_service(unix_username);
- }
+ }
if (snum != -1) {
DEBUG(5, ("making a connection to 'homes' "
"service %s based on "
reload_services(sconn->msg_ctx, sconn->sock, True);
if (lp_security() == SEC_SHARE) {
+ char *sub_user_mapped = NULL;
/* In share level we should ignore any passwords */
data_blob_free(&lm_resp);
data_blob_free(&nt_resp);
data_blob_clear_free(&plaintext_password);
- map_username(sub_user);
+ (void)map_username(talloc_tos(), sub_user, &sub_user_mapped);
+ if (!sub_user_mapped) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
+ fstrcpy(sub_user, sub_user_mapped);
add_session_user(sconn, sub_user);
add_session_workgroup(sconn, domain);
/* Then force it to null for the benfit of the code below */
}
if (*prefix == '&') {
if (username) {
- if (user_in_netgroup(username, name)) {
+ if (user_in_netgroup(mem_ctx, username, name)) {
return True;
}
}
git.samba.org / amitay / samba.git / commitdiff