Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...
This adds a getpwnam_alloc and a getpwuid_alloc to the collection.
These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).
This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.
With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code. This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).
The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups. In this case we are getting
groups from the new group mapping DB. Do we still need to check for private
groups? I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.
I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided. As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).
The matching case for getpwent() is dealt with already, in lib/util_getent.c
Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup. (This picks
up the SPNEGO cases). The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.
TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.
Andrew Bartlett
(This used to be commit
1d86c7f94230bc53daebd4d2cd829da6292e05da)
lib/getsmbpass.o lib/interface.o lib/md4.o \
lib/interfaces.o lib/pidfile.o lib/replace.o \
lib/signal.o lib/system.o lib/time.o \
- lib/ufc.o lib/genrand.o lib/username.o lib/util_getent.o lib/access.o lib/smbrun.o \
- lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o lib/xfile.o lib/wins_srv.o \
+ lib/ufc.o lib/genrand.o lib/username.o \
+ lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \
+ lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \
+ lib/xfile.o lib/wins_srv.o \
lib/util_str.o lib/util_sid.o \
lib/util_unistr.o lib/util_file.o \
lib/util.o lib/util_sock.o lib/util_sec.o smbd/ssl.o \
pass = Get_Pwnam(user_info->internal_username.str);
- /** This call assumes a ASCII password, no charset transformation is
+ /** @todo This call assumes a ASCII password, no charset transformation is
done. We may need to revisit this **/
nt_status = pass_check(pass,
pass ? pass->pw_name : user_info->internal_username.str,
BOOL make_server_info_guest(auth_serversupplied_info **server_info)
{
- struct passwd *pass = sys_getpwnam(lp_guestaccount());
+ struct passwd *pass = getpwnam_alloc(lp_guestaccount());
if (pass) {
if (!make_server_info_pw(server_info, pass)) {
+ passwd_free(&pass);
return False;
}
(*server_info)->guest = True;
+ passwd_free(&pass);
return True;
}
- DEBUG(0,("make_server_info_guest: sys_getpwnam() failed on guest account!\n"));
+ DEBUG(0,("make_server_info_guest: getpwnam_alloc() failed on guest account!\n"));
return False;
}
return NT_STATUS_OK on correct match, appropriate error otherwise
****************************************************************************/
-NTSTATUS pass_check(struct passwd *pass, char *user, char *password,
+NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password,
int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker)
{
+ struct passwd *pass;
pstring pass2;
int level = lp_passwordlevel();
DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
-#else /* Not using PAM or Kerebos */
+#else /* Not using PAM */
DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
- if (!pass) {
+ if (!input_pass) {
DEBUG(3, ("Couldn't find user %s\n", user));
return NT_STATUS_NO_SUCH_USER;
}
+ pass = make_modifyable_passwd(input_pass);
+
#ifdef HAVE_GETSPNAM
{
struct spwd *spass;
}
#endif
+#ifdef HAVE_GETPWANAM
+ {
+ struct passwd_adjunct *pwret;
+ pwret = getpwanam(s);
+ if (pwret && pwret->pwa_passwd)
+ pstrcpy(pass->pw_passwd,pwret->pwa_passwd);
+ }
+#endif
+
#ifdef OSF1_ENH_SEC
{
struct pr_passwd *mypasswd;
this_salt[2] = 0;
#endif
+ /* Copy into global for the convenience of looping code */
fstrcpy(this_crypted, pass->pw_passwd);
if (!*this_crypted) {
if (!lp_null_passwords()) {
DEBUG(2, ("Disallowing %s with null password\n",
this_user));
+ passwd_free(&pass);
return NT_STATUS_LOGON_FAILURE;
}
if (!*password) {
DEBUG(3,
("Allowing access to %s with null password\n",
this_user));
+ passwd_free(&pass);
return NT_STATUS_OK;
}
}
+ passwd_free(&pass);
+
#endif /* defined(WITH_PAM) */
/* try it as it came to us */
* need to proceed as we know it hasn't been case modified by the
* client */
if (strhasupper(password) && strhaslower(password)) {
+ passwd_free(&pass);
return nt_status;
}
}
else (*uid) = u;
- if( (pwd=getpwnam(gr)) !=NULL) {
+ if( (pwd=getpwnam_alloc(gr)) !=NULL) {
(*uid)[*num_uids]=pwd->pw_uid;
(*num_uids)++;
}
+ passwd_free(&pwd);
gr = grp->gr_mem[++i];
}
DEBUG(10, ("got [%d] members\n", *num_uids));
gid_t gid; /* gid of a validated user */
userdom_struct user;
+ char *homedir;
+
BOOL guest;
/* following groups stuff added by ih */
static char *automount_path(const char *user_name)
{
static pstring server_path;
- struct passwd *pass;
/* use the passwd entry as the default */
/* this will be the default if WITH_AUTOMOUNT is not used or fails */
}
/****************************************************************************
- Get_Pwnam wrapper
-****************************************************************************/
-
-static struct passwd *_Get_Pwnam(const char *s)
-{
- struct passwd *ret;
-
- ret = sys_getpwnam(s);
- if (ret) {
-#ifdef HAVE_GETPWANAM
- struct passwd_adjunct *pwret;
- pwret = getpwanam(s);
- if (pwret && pwret->pwa_passwd)
- pstrcpy(ret->pw_passwd,pwret->pwa_passwd);
-#endif
- }
-
- return(ret);
-}
-
-
-/****************************************************************************
- * A wrapper for getpwnam(). The following variations are tried:
+ * A wrapper for sys_getpwnam(). The following variations are tried:
* - as transmitted
* - in all lower case if this differs from transmitted
* - in all upper case if this differs from transmitted
common case on UNIX systems */
strlower(user2);
DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
- ret = _Get_Pwnam(user2);
+ ret = sys_getpwnam(user2);
if(ret)
goto done;
/* Try as given, if username wasn't originally lowercase */
if(strcmp(user,user2) != 0) {
DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n",user));
- ret = _Get_Pwnam(user);
+ ret = sys_getpwnam(user);
if(ret)
goto done;
- }
+ }
/* Try as uppercase, if username wasn't originally uppercase */
strupper(user2);
if(strcmp(user,user2) != 0) {
DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n",user2));
- ret = _Get_Pwnam(user2);
+ ret = sys_getpwnam(user2);
if(ret)
goto done;
}
/* Try all combinations up to usernamelevel */
strlower(user2);
DEBUG(5,("Checking combinations of %d uppercase letters in %s\n",lp_usernamelevel(),user2));
- ret = uname_string_combinations(user2, _Get_Pwnam, lp_usernamelevel());
+ ret = uname_string_combinations(user2, sys_getpwnam, lp_usernamelevel());
done:
DEBUG(5,("Get_Pwnam %s find a valid username!\n",ret ? "did":"didn't"));
--- /dev/null
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.0.
+
+ Safe versions of getpw* calls
+
+ Copyright (C) Andrew Bartlett 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+struct passwd *make_modifyable_passwd(const struct passwd *from)
+{
+ struct passwd *ret = smb_xmalloc(sizeof(*ret));
+/* This is the assumed shape of the members by certain parts of the code...
+ fstring pw_name;
+ fstring pw_passwd;
+ fstring pw_gecos;
+ pstring pw_dir;
+ pstring pw_shell;
+*/
+ char *pw_name = smb_xmalloc(sizeof(fstring));
+ char *pw_passwd = smb_xmalloc(sizeof(fstring));
+ char *pw_gecos = smb_xmalloc(sizeof(fstring));
+ char *pw_dir = smb_xmalloc(sizeof(pstring));
+ char *pw_shell = smb_xmalloc(sizeof(pstring));
+
+ ZERO_STRUCTP(ret);
+
+ /*
+ * Now point the struct's members as the
+ * newly allocated buffers:
+ */
+
+ ret->pw_name = pw_name;
+ fstrcpy(ret->pw_name, from->pw_name);
+
+ ret->pw_passwd = pw_passwd;
+ fstrcpy(ret->pw_passwd, from->pw_passwd);
+
+ ret->pw_uid = from->pw_uid;
+ ret->pw_gid = from->pw_gid;
+
+ ret->pw_gecos = pw_gecos;
+ fstrcpy(ret->pw_gecos, from->pw_gecos);
+
+ ret->pw_dir = pw_dir;
+ pstrcpy(ret->pw_dir, from->pw_dir);
+
+ ret->pw_shell = pw_shell;
+ pstrcpy(ret->pw_shell, from->pw_shell);
+
+ return ret;
+}
+
+static struct passwd *alloc_copy_passwd(const struct passwd *from)
+{
+ struct passwd *ret = smb_xmalloc(sizeof(*ret));
+ ZERO_STRUCTP(ret);
+ ret->pw_name = smb_xstrdup(from->pw_name);
+ ret->pw_passwd = smb_xstrdup(from->pw_passwd);
+ ret->pw_uid = from->pw_uid;
+ ret->pw_gid = from->pw_gid;
+ ret->pw_gecos = smb_xstrdup(from->pw_gecos);
+ ret->pw_dir = smb_xstrdup(from->pw_dir);
+ ret->pw_shell = smb_xstrdup(from->pw_shell);
+ return ret;
+}
+
+void passwd_free (struct passwd **buf)
+{
+ if (!*buf) {
+ DEBUG(0, ("attempted double-free of allocated passwd\n"));
+ return;
+ }
+
+ SAFE_FREE((*buf)->pw_name);
+ SAFE_FREE((*buf)->pw_passwd);
+ SAFE_FREE((*buf)->pw_gecos);
+ SAFE_FREE((*buf)->pw_dir);
+ SAFE_FREE((*buf)->pw_shell);
+
+ SAFE_FREE(*buf);
+}
+
+struct passwd *getpwnam_alloc(const char *name)
+{
+ struct passwd *temp;
+
+ temp = getpwnam(name);
+
+ if (!temp) {
+#if 0
+ if (errno == ENOMEM) {
+ /* what now? */
+ }
+#endif
+ return NULL;
+ }
+
+ return alloc_copy_passwd(temp);
+}
+
+struct passwd *getpwuid_alloc(uid_t uid)
+{
+ struct passwd *temp;
+
+ temp = getpwuid(uid);
+
+ if (!temp) {
+#if 0
+ if (errno == ENOMEM) {
+ /* what now? */
+ }
+#endif
+ return NULL;
+ }
+
+ return alloc_copy_passwd(temp);
+}
/*
* Ensure this uid really does exist.
*/
- if(!(pass = sys_getpwuid(*puid)))
+ if(!(pass = getpwuid_alloc(*puid)))
return False;
DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
(unsigned int)*puid, pass->pw_name ));
+ passwd_free(&pass);
+
*name_type = SID_NAME_USER;
return True;
* Check for a local account - if we're adding only.
*/
- if(!(pwd = sys_getpwnam(user_name))) {
+ if(!(pwd = getpwnam_alloc(user_name))) {
slprintf(err_str, err_str_len - 1, "User %s does not \
exist in system password file (usually /etc/passwd). Cannot add \
account without a valid local system user.\n", user_name);
if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pass, pwd))){
slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
+ passwd_free(&pwd);
return False;
}
-
+
+ passwd_free(&pwd);
if (local_flags & LOCAL_TRUST_ACCOUNT) {
if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
* and then lokup the user by name in the sam.
*/
- if ((pw=sys_getpwuid(uid)) == NULL) {
+ if ((pw=getpwuid_alloc(uid)) == NULL) {
DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist in Unix accounts!\n", uid));
return False;
}
fstrcpy (name, pw->pw_name);
+ passwd_free(&pw);
+
return pdb_getsampwnam (user, name);
}
/* These values MAY be in LDAP, but they can also be retrieved through
* sys_getpw*() which is how we're doing it
*/
- sys_user = sys_getpwnam(username);
+ sys_user = getpwnam_alloc(username);
if (sys_user == NULL) {
DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username));
return False;
if (acct_ctrl == 0)
acct_ctrl |= ACB_NORMAL;
+ pdb_set_uid(sampass, sys_user->pw_uid);
+ pdb_set_gid(sampass, sys_user->pw_gid);
+
+ /* We are done with this now */
+ passwd_free(&sys_user);
pdb_set_acct_ctrl(sampass, acct_ctrl);
pdb_set_logon_time(sampass, logon_time);
pdb_set_hours_len(sampass, hours_len);
pdb_set_logon_divs(sampass, logon_divs);
- pdb_set_uid(sampass, sys_user->pw_uid);
- pdb_set_gid(sampass, sys_user->pw_gid);
pdb_set_user_rid(sampass, user_rid);
pdb_set_group_rid(sampass, group_rid);
struct smb_passwd
{
uid_t smb_userid; /* this is actually the unix uid_t */
- char *smb_name; /* username string */
+ const char *smb_name; /* username string */
const unsigned char *smb_passwd; /* Null if no password */
const unsigned char *smb_nt_passwd; /* Null if no password */
ZERO_STRUCTP(smb_pw);
smb_pw->smb_userid=uid;
- smb_pw->smb_name=(char*)pdb_get_username(sampass);
+ smb_pw->smb_name=(const char*)pdb_get_username(sampass);
smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
FIXME!!! This is where we should look up an internal
mapping of allocated uid for machine accounts as well
--jerry */
- pwfile = sys_getpwnam(pw_buf->smb_name);
+ pwfile = getpwnam_alloc(pw_buf->smb_name);
if (pwfile == NULL) {
DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s not in unix passwd database!\n", pw_buf->smb_name));
return False;
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
/*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */
}
+
+ passwd_free(&pwfile);
return True;
}
/* validate the account and fill in UNIX uid and gid. sys_getpwnam()
is used instaed of Get_Pwnam() as we do not need to try case
permutations */
- if ((pw=sys_getpwnam(pdb_get_username(user))) == NULL) {
+ if ((pw=getpwnam_alloc(pdb_get_username(user))) == NULL) {
DEBUG(0,("pdb_getsampwent: getpwnam(%s) return NULL. User does not exist!\n",
pdb_get_username(user)));
return False;
pdb_set_uid(user, uid);
pdb_set_gid(user, gid);
+ passwd_free(&pw);
+
/* 21 days from present */
pdb_set_pass_must_change_time(user, time(NULL)+1814400);
/* validate the account and fill in UNIX uid and gid. sys_getpwnam()
is used instead of Get_Pwnam() as we do not need to try case
permutations */
- if ((pw=sys_getpwnam(pdb_get_username(user)))) {
+ if ((pw=getpwnam_alloc(pdb_get_username(user)))) {
uid = pw->pw_uid;
gid = pw->pw_gid;
pdb_set_uid(user, uid);
return False;
}
+ passwd_free(&pw);
+
return True;
}
char *sep;
struct sys_grent *glist;
struct sys_grent *grp;
+ struct passwd *pw;
sep = lp_winbind_separator();
}
/* Don't return user private groups... */
- if (Get_Pwnam(smap.nt_name) != 0) {
+
+ /*
+ * We used to do a Get_Pwnam() here, but this has been
+ * trimmed back to the common case for private groups
+ * to save lookups and to use the _alloc interface.
+ *
+ * This also matches the group mapping code
+ */
+
+ if ((pw = getpwnam_alloc(smap.nt_name)) != 0) {
DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name ));
+ passwd_free(&pw);
continue;
}
(void)map_username(user_name);
/*
- * Do any UNIX username case mangling.
+ * UNIX username case mangling not required, pass_oem_change
+ * is case insensitive.
*/
- (void)Get_Pwnam_Modify( user_name);
if (!pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
q_u->nt_newpass.pass, q_u->nt_oldhash.hash))
uchar * ntdata, uchar * nthash)
{
fstring new_passwd;
+ const char *unix_user;
SAM_ACCOUNT *sampass = NULL;
BOOL ret = check_oem_password(user, lmdata, lmhash, ntdata, nthash,
&sampass, new_passwd, sizeof(new_passwd));
* available. JRA.
*/
- if ((ret) && lp_unix_password_sync())
- ret = chgpasswd(user, "", new_passwd, True);
+ unix_user = pdb_get_username(sampass);
+
+ if ((ret) && (unix_user) && (*unix_user) && lp_unix_password_sync())
+ ret = chgpasswd(unix_user, "", new_passwd, True);
if (ret)
ret = change_oem_password(sampass, new_passwd);
if (vuser == NULL)
return;
+ SAFE_FREE(vuser->homedir);
+
session_yield(vuser);
DLIST_REMOVE(validated_users, vuser);
fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account));
fstrcpy(vuser->user.full_name, pdb_get_fullname(server_info->sam_account));
+ {
+ /* Keep the homedir handy */
+ const char *homedir = pdb_get_homedir(server_info->sam_account);
+ if (homedir) {
+ vuser->homedir = smb_xstrdup(homedir);
+ }
+ }
+
DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n",
(unsigned int)vuser->uid,
(unsigned int)vuser->gid,
return -1;
}
+ /* Register a home dir service for this user */
+ if ((!vuser->guest) && vuser->homedir && *(vuser->homedir)
+ && (lp_servicenumber(vuser->user.unix_name) < 0)) {
+ add_home_service(vuser->user.unix_name, vuser->homedir);
+ }
+
return vuser->vuid;
}
if (server_info->guest) {
SSVAL(outbuf,smb_vwv2,1);
- } else {
- const char *home_dir = pdb_get_homedir(server_info->sam_account);
- const char *username = pdb_get_username(server_info->sam_account);
- if ((home_dir && *home_dir)
- && (lp_servicenumber(username) < 0)) {
- add_home_service(username, home_dir);
- }
}
/* register the name and uid as being validated, so further connections
BOOL change_to_guest(void)
{
static struct passwd *pass=NULL;
- static uid_t guest_uid = (uid_t)-1;
- static gid_t guest_gid = (gid_t)-1;
- static fstring guest_name;
if (!pass) {
- pass = sys_getpwnam(lp_guestaccount());
+ /* Don't need to free() this as its stored in a static */
+ pass = getpwnam_alloc(lp_guestaccount());
if (!pass)
return(False);
- guest_uid = pass->pw_uid;
- guest_gid = pass->pw_gid;
- fstrcpy(guest_name, pass->pw_name);
}
#ifdef AIX
/* MWW: From AIX FAQ patch to WU-ftpd: call initgroups before
setting IDs */
- initgroups(guest_name, guest_gid);
+ initgroups(pass->pw_name, pass->pw_gid);
#endif
- set_sec_ctx(guest_uid, guest_gid, 0, NULL, NULL);
+ set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
current_user.conn = NULL;
current_user.vuid = UID_FIELD_INVALID;
* Try and get the user from the UNIX password file.
*/
- pass = sys_getpwnam(user);
+ pass = getpwnam_alloc(user);
/*
* Validate the password they have given.
/* Save the users name */
C_user = strdup(user);
+ passwd_free(&pass);
return True;
}
}
cgi_setup_error("401 Bad Authorization", "",
"username or password incorrect");
+ passwd_free(&pass);
return False;
}
git.samba.org / tprouty / samba.git / commitdiff