X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=blobdiff_plain;f=source4%2Fauth%2Fntlm%2Fauth_util.c;h=5084cc4a929b01ad6055ffafe84ebe2f4696eb99;hp=f7b01eb6ece165cffb6cd51fc69b44b32ee245f2;hb=ef3ac405bf436fa6fd7daf20e0c90856dae8237f;hpb=5a6f3fcf811e9199096d343c7d4c8c3af663157d diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c index f7b01eb6ece..5084cc4a929 100644 --- a/source4/auth/ntlm/auth_util.c +++ b/source4/auth/ntlm/auth_util.c @@ -38,264 +38,6 @@ NTSTATUS auth_get_challenge_not_implemented(struct auth_method_context *ctx, TAL return NT_STATUS_NOT_IMPLEMENTED; } -/**************************************************************************** - Create an auth_usersupplied_data structure after appropriate mapping. -****************************************************************************/ -static NTSTATUS map_user_info_cracknames(struct ldb_context *sam_ctx, - TALLOC_CTX *mem_ctx, - const char *default_domain, - const struct auth_usersupplied_info *user_info, - struct auth_usersupplied_info **user_info_mapped) -{ - char *domain; - char *account_name; - TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - WERROR werr; - struct drsuapi_DsNameInfo1 info1; - - DEBUG(5,("map_user_info_cracknames: Mapping user [%s]\\[%s] from workstation [%s]\n", - user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name)); - - account_name = talloc_strdup(tmp_ctx, user_info->client.account_name); - if (!account_name) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - /* use cracknames to work out what domain is being - asked for */ - if (strchr_m(user_info->client.account_name, '@') != NULL) { - werr = DsCrackNameOneName(sam_ctx, tmp_ctx, 0, - DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, - DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, - user_info->client.account_name, - &info1); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(2,("map_user_info: Failed cracknames of account '%s'\n", - user_info->client.account_name)); - talloc_free(tmp_ctx); - return werror_to_ntstatus(werr); - } - switch (info1.status) { - case DRSUAPI_DS_NAME_STATUS_OK: - break; - case DRSUAPI_DS_NAME_STATUS_NOT_FOUND: - DEBUG(2,("map_user_info: Cracknames of account '%s' -> NOT_FOUND\n", - user_info->client.account_name)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY: - DEBUG(2,("map_user_info: Cracknames of account '%s' -> DOMAIN_ONLY\n", - user_info->client.account_name)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE: - DEBUG(2,("map_user_info: Cracknames of account '%s' -> NOT_UNIQUE\n", - user_info->client.account_name)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR: - DEBUG(2,("map_user_info: Cracknames of account '%s' -> RESOLVE_ERROR\n", - user_info->client.account_name)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - default: - DEBUG(2,("map_user_info: Cracknames of account '%s' -> unknown error %u\n", - user_info->client.account_name, info1.status)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - } - /* info1.result_name is in DOMAIN\username - * form, which we need to split up into the - * user_info_mapped structure - */ - domain = talloc_strdup(tmp_ctx, info1.result_name); - if (domain == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - account_name = strchr_m(domain, '\\'); - if (account_name == NULL) { - DEBUG(2,("map_user_info: Cracknames of account '%s' gave invalid result '%s'\n", - user_info->client.account_name, info1.result_name)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - } - *account_name = 0; - account_name = talloc_strdup(tmp_ctx, account_name+1); - if (account_name == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - } else { - const char *domain_name = default_domain; - if (user_info->client.domain_name && *user_info->client.domain_name) { - domain_name = user_info->client.domain_name; - } - domain_name = talloc_asprintf(tmp_ctx, "%s\\", domain_name); - if (domain_name == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - werr = DsCrackNameOneName(sam_ctx, mem_ctx, 0, - DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, - DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, - domain_name, - &info1); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(2,("map_user_info: Failed cracknames of domain '%s'\n", - domain_name)); - talloc_free(tmp_ctx); - return werror_to_ntstatus(werr); - } - - /* we use the account_name as-is, but get the - * domain name from cracknames if possible */ - account_name = talloc_strdup(mem_ctx, user_info->client.account_name); - if (account_name == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - switch (info1.status) { - case DRSUAPI_DS_NAME_STATUS_OK: - case DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY: - domain = talloc_strdup(tmp_ctx, info1.result_name); - if (domain == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - if (domain[strlen_m(domain)-1] == '\\') { - domain[strlen_m(domain)-1] = 0; - } - break; - case DRSUAPI_DS_NAME_STATUS_NOT_FOUND: - /* the domain is unknown - use the - default domain */ - domain = talloc_strdup(tmp_ctx, default_domain); - break; - case DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE: - DEBUG(2,("map_user_info: Cracknames of domain '%s' -> NOT_UNIQUE\n", - domain_name)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - case DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR: - DEBUG(2,("map_user_info: Cracknames of domain '%s' -> RESOLVE_ERROR\n", - domain_name)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - default: - DEBUG(2,("map_user_info: Cracknames of account '%s' -> unknown error %u\n", - domain_name, info1.status)); - talloc_free(tmp_ctx); - return NT_STATUS_NO_SUCH_USER; - } - /* domain and account_name are filled in above */ - } - - *user_info_mapped = talloc_zero(mem_ctx, struct auth_usersupplied_info); - if (!*user_info_mapped) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - if (!talloc_reference(*user_info_mapped, user_info)) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - **user_info_mapped = *user_info; - (*user_info_mapped)->mapped_state = true; - (*user_info_mapped)->mapped.domain_name = talloc_strdup(*user_info_mapped, domain); - (*user_info_mapped)->mapped.account_name = talloc_strdup(*user_info_mapped, account_name); - talloc_free(tmp_ctx); - if (!(*user_info_mapped)->mapped.domain_name - || !(*user_info_mapped)->mapped.account_name) { - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - - -/**************************************************************************** - Create an auth_usersupplied_data structure after appropriate mapping. -****************************************************************************/ -NTSTATUS map_user_info(struct ldb_context *sam_ctx, - TALLOC_CTX *mem_ctx, - const char *default_domain, - const struct auth_usersupplied_info *user_info, - struct auth_usersupplied_info **user_info_mapped) -{ - char *domain; - char *account_name; - char *d; - TALLOC_CTX *tmp_ctx; - - if (sam_ctx != NULL) { - /* if possible, use cracknames to parse the - domain/account */ - return map_user_info_cracknames(sam_ctx, mem_ctx, default_domain, user_info, user_info_mapped); - } - - DEBUG(0,("map_user_info: Mapping user [%s]\\[%s] from workstation [%s] default_domain=%s\n", - user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name, - default_domain)); - - tmp_ctx = talloc_new(mem_ctx); - - account_name = talloc_strdup(tmp_ctx, user_info->client.account_name); - if (!account_name) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - - /* don't allow "" as a domain, fixes a Win9X bug where it - doesn't supply a domain for logon script 'net use' - commands. */ - - /* Split user@realm names into user and realm components. - * This is TODO to fix with proper userprincipalname - * support */ - if (user_info->client.domain_name && *user_info->client.domain_name) { - domain = talloc_strdup(tmp_ctx, user_info->client.domain_name); - } else if (strchr_m(user_info->client.account_name, '@')) { - d = strchr_m(account_name, '@'); - if (!d) { - talloc_free(tmp_ctx); - return NT_STATUS_INTERNAL_ERROR; - } - d[0] = '\0'; - d++; - domain = d; - } else { - domain = talloc_strdup(tmp_ctx, default_domain); - } - - if (domain == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - *user_info_mapped = talloc_zero(mem_ctx, struct auth_usersupplied_info); - if (!*user_info_mapped) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - if (!talloc_reference(*user_info_mapped, user_info)) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } - **user_info_mapped = *user_info; - (*user_info_mapped)->mapped_state = true; - (*user_info_mapped)->mapped.domain_name = talloc_strdup(*user_info_mapped, domain); - (*user_info_mapped)->mapped.account_name = talloc_strdup(*user_info_mapped, account_name); - talloc_free(tmp_ctx); - if (!(*user_info_mapped)->mapped.domain_name - || !(*user_info_mapped)->mapped.account_name) { - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - /**************************************************************************** Create an auth_usersupplied_data structure after appropriate mapping. ****************************************************************************/ @@ -320,7 +62,8 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_conte return nt_status; } user_info_in = user_info_temp2; - /* fall through */ + + FALL_THROUGH; } case AUTH_PASSWORD_HASH: { @@ -380,7 +123,8 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_conte } user_info_in = user_info_temp; - /* fall through */ + + FALL_THROUGH; } case AUTH_PASSWORD_RESPONSE: *user_info_encrypted = user_info_in; @@ -418,7 +162,8 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth4_context *auth_conte *user_info_temp->password.hash.nt = nt; user_info_in = user_info_temp; - /* fall through */ + + FALL_THROUGH; } case AUTH_PASSWORD_HASH: *user_info_encrypted = user_info_in;