Changeset 140 for branches/samba-3.0/source/auth
- Timestamp:
- Jul 11, 2008, 1:13:42 AM (17 years ago)
- Location:
- branches/samba-3.0/source/auth
- Files:
-
- 2 edited
-
auth_sam.c (modified) (1 diff)
-
auth_util.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/auth/auth_sam.c
r44 r140 168 168 time_t last_set_time = pdb_get_pass_last_set_time(sampass); 169 169 170 /* check for immediate expiry "must change at next logon" */ 171 if (last_set_time == 0) { 170 /* check for immediate expiry "must change at next logon" 171 * for a user account. */ 172 if (((acct_ctrl & (ACB_WSTRUST|ACB_SVRTRUST)) == 0) && (last_set_time == 0)) { 172 173 DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n", pdb_get_username(sampass))); 173 174 return NT_STATUS_PASSWORD_MUST_CHANGE; -
branches/samba-3.0/source/auth/auth_util.c
r124 r140 547 547 548 548 /*************************************************************************** 549 Is the incoming username our own machine account ? 550 If so, the connection is almost certainly from winbindd. 551 ***************************************************************************/ 552 553 static BOOL is_our_machine_account(const char *username) 554 { 555 BOOL ret; 556 char *truncname = NULL; 557 size_t ulen = strlen(username); 558 559 if (ulen == 0 || username[ulen-1] != '$') { 560 return False; 561 } 562 truncname = SMB_STRDUP(username); 563 if (!truncname) { 564 return False; 565 } 566 truncname[ulen-1] = '\0'; 567 ret = strequal(truncname, global_myname()); 568 SAFE_FREE(truncname); 569 return ret; 570 } 571 572 /*************************************************************************** 549 573 Make (and fill) a user_info struct from a struct samu 550 574 ***************************************************************************/ … … 553 577 struct samu *sampass) 554 578 { 555 NTSTATUS status;556 579 struct passwd *pwd; 557 580 gid_t *gids; … … 560 583 size_t num_gids; 561 584 DOM_SID unix_group_sid; 562 563 564 if ( !(pwd = getpwnam_alloc(NULL, pdb_get_username(sampass))) ) {585 const char *username = pdb_get_username(sampass); 586 587 if ( !(pwd = getpwnam_alloc(NULL, username)) ) { 565 588 DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", 566 pdb_get_username(sampass)));589 username)); 567 590 return NT_STATUS_NO_SUCH_USER; 568 591 } … … 580 603 TALLOC_FREE(pwd); 581 604 582 status = pdb_enum_group_memberships(result, sampass, 605 if (IS_DC && is_our_machine_account(username)) { 606 /* 607 * Ensure for a connection from our own 608 * machine account (from winbindd on a DC) 609 * there are no supplementary groups. 610 * Prevents loops in calling gid_to_sid(). 611 */ 612 result->sids = NULL; 613 gids = NULL; 614 result->num_sids = 0; 615 616 /* 617 * This is a hack of monstrous proportions. 618 * If we know it's winbindd talking to us, 619 * we know we must never recurse into it, 620 * so turn off contacting winbindd for this 621 * entire process. This will get fixed when 622 * winbindd doesn't need to talk to smbd on 623 * a PDC. JRA. 624 */ 625 626 winbind_off(); 627 628 DEBUG(10, ("make_server_info_sam: our machine account %s " 629 "setting supplementary group list empty and " 630 "turning off winbindd requests.\n", 631 username)); 632 } else { 633 NTSTATUS status = pdb_enum_group_memberships(result, sampass, 583 634 &result->sids, &gids, 584 635 &result->num_sids); 585 636 586 if (!NT_STATUS_IS_OK(status)) { 587 DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", 588 nt_errstr(status))); 589 result->sam_account = NULL; /* Don't free on error exit. */ 590 TALLOC_FREE(result); 591 return status; 592 } 593 637 if (!NT_STATUS_IS_OK(status)) { 638 DEBUG(10, ("pdb_enum_group_memberships failed: %s\n", 639 nt_errstr(status))); 640 result->sam_account = NULL; /* Don't free on error exit. */ 641 TALLOC_FREE(result); 642 return status; 643 } 644 } 645 594 646 /* Add the "Unix Group" SID for each gid to catch mapped groups 595 647 and their Unix equivalent. This is to solve the backwards
Note:
See TracChangeset
for help on using the changeset viewer.
