Changeset 740 for vendor/current/source3/smbd/sesssetup.c
- Timestamp:
- Nov 14, 2012, 12:59:34 PM (13 years ago)
- File:
-
- 1 edited
-
vendor/current/source3/smbd/sesssetup.c (modified) (44 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/smbd/sesssetup.c
r597 r740 24 24 25 25 #include "includes.h" 26 #include "../lib/tsocket/tsocket.h" 27 #include "smbd/smbd.h" 26 28 #include "smbd/globals.h" 27 29 #include "../libcli/auth/spnego.h" 30 #include "../libcli/auth/ntlmssp.h" 31 #include "ntlmssp_wrap.h" 32 #include "../librpc/gen_ndr/krb5pac.h" 33 #include "libads/kerberos_proto.h" 34 #include "../lib/util/asn1.h" 35 #include "auth.h" 36 #include "messages.h" 37 #include "smbprofile.h" 28 38 29 39 /* For split krb5 SPNEGO blobs. */ … … 40 50 is set approriately 41 51 */ 42 staticNTSTATUS do_map_to_guest(NTSTATUS status,43 44 52 NTSTATUS do_map_to_guest(NTSTATUS status, 53 struct auth_serversupplied_info **server_info, 54 const char *user, const char *domain) 45 55 { 56 user = user ? user : ""; 57 domain = domain ? domain : ""; 58 46 59 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { 47 60 if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || … … 128 141 ****************************************************************************/ 129 142 130 static NTSTATUS check_guest_password( auth_serversupplied_info **server_info)143 static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_info) 131 144 { 132 145 struct auth_context *auth_context; 133 auth_usersupplied_info *user_info = NULL;146 struct auth_usersupplied_info *user_info = NULL; 134 147 135 148 NTSTATUS nt_status; 136 unsigned char chal[8]; 137 138 ZERO_STRUCT(chal); 149 static unsigned char chal[8] = { 0, }; 139 150 140 151 DEBUG(3,("Got anonymous request\n")); 141 152 142 if (!NT_STATUS_IS_OK(nt_status = make_auth_context_fixed(&auth_context,143 chal))) {153 nt_status = make_auth_context_fixed(talloc_tos(), &auth_context, chal); 154 if (!NT_STATUS_IS_OK(nt_status)) { 144 155 return nt_status; 145 156 } 146 157 147 158 if (!make_user_info_guest(&user_info)) { 148 (auth_context->free)(&auth_context);159 TALLOC_FREE(auth_context); 149 160 return NT_STATUS_NO_MEMORY; 150 161 } … … 153 164 user_info, 154 165 server_info); 155 (auth_context->free)(&auth_context);166 TALLOC_FREE(auth_context); 156 167 free_user_info(&user_info); 157 168 return nt_status; … … 236 247 TALLOC_CTX *mem_ctx; 237 248 DATA_BLOB ticket; 238 char *client, *p, *domain;239 fstring netbios_domain_name;240 249 struct passwd *pw; 241 fstring user;242 250 int sess_vuid = req->vuid; 243 251 NTSTATUS ret = NT_STATUS_OK; 244 struct PAC_DATA *pac_data = NULL;245 252 DATA_BLOB ap_rep, ap_rep_wrapped, response; 246 auth_serversupplied_info *server_info = NULL;253 struct auth_serversupplied_info *server_info = NULL; 247 254 DATA_BLOB session_key = data_blob_null; 248 255 uint8 tok_id[2]; 249 256 DATA_BLOB nullblob = data_blob_null; 250 fstring real_username;251 257 bool map_domainuser_to_guest = False; 252 258 bool username_was_mapped; 253 259 struct PAC_LOGON_INFO *logon_info = NULL; 254 struct smbd_server_connection *sconn = smbd_server_conn; 260 struct smbd_server_connection *sconn = req->sconn; 261 char *principal; 262 char *user; 263 char *domain; 264 char *real_username; 255 265 256 266 ZERO_STRUCT(ticket); … … 268 278 } 269 279 270 if (!spnego_parse_krb5_wrap( *secblob, &ticket, tok_id)) {280 if (!spnego_parse_krb5_wrap(mem_ctx, *secblob, &ticket, tok_id)) { 271 281 talloc_destroy(mem_ctx); 272 282 reply_nterror(req, nt_status_squash(NT_STATUS_LOGON_FAILURE)); … … 275 285 276 286 ret = ads_verify_ticket(mem_ctx, lp_realm(), 0, &ticket, 277 & client, &pac_data, &ap_rep,287 &principal, &logon_info, &ap_rep, 278 288 &session_key, True); 279 289 … … 336 346 } 337 347 338 DEBUG(3,("Ticket name is [%s]\n", client)); 339 340 p = strchr_m(client, '@'); 341 if (!p) { 342 DEBUG(3,("Doesn't look like a valid principal\n")); 348 ret = get_user_from_kerberos_info(talloc_tos(), 349 sconn->client_id.name, 350 principal, logon_info, 351 &username_was_mapped, 352 &map_domainuser_to_guest, 353 &user, &domain, 354 &real_username, &pw); 355 if (!NT_STATUS_IS_OK(ret)) { 343 356 data_blob_free(&ap_rep); 344 357 data_blob_free(&session_key); … … 348 361 } 349 362 350 *p = 0;351 352 363 /* save the PAC data if we have it */ 353 354 if (pac_data) { 355 logon_info = get_logon_info_from_pac(pac_data); 356 if (logon_info) { 357 netsamlogon_cache_store( client, &logon_info->info3 ); 358 } 359 } 360 361 if (!strequal(p+1, lp_realm())) { 362 DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1)); 363 if (!lp_allow_trusted_domains()) { 364 data_blob_free(&ap_rep); 365 data_blob_free(&session_key); 366 talloc_destroy(mem_ctx); 367 reply_nterror(req, nt_status_squash( 368 NT_STATUS_LOGON_FAILURE)); 369 return; 370 } 371 } 372 373 /* this gives a fully qualified user name (ie. with full realm). 374 that leads to very long usernames, but what else can we do? */ 375 376 domain = p+1; 377 378 if (logon_info && logon_info->info3.base.domain.string) { 379 fstrcpy(netbios_domain_name, 380 logon_info->info3.base.domain.string); 381 domain = netbios_domain_name; 382 DEBUG(10, ("Mapped to [%s] (using PAC)\n", domain)); 383 384 } else { 385 386 /* If we have winbind running, we can (and must) shorten the 387 username by using the short netbios name. Otherwise we will 388 have inconsistent user names. With Kerberos, we get the 389 fully qualified realm, with ntlmssp we get the short 390 name. And even w2k3 does use ntlmssp if you for example 391 connect to an ip address. */ 392 393 wbcErr wbc_status; 394 struct wbcDomainInfo *info = NULL; 395 396 DEBUG(10, ("Mapping [%s] to short name\n", domain)); 397 398 wbc_status = wbcDomainInfo(domain, &info); 399 400 if (WBC_ERROR_IS_OK(wbc_status)) { 401 402 fstrcpy(netbios_domain_name, 403 info->short_name); 404 405 wbcFreeMemory(info); 406 domain = netbios_domain_name; 407 DEBUG(10, ("Mapped to [%s] (using Winbind)\n", domain)); 408 } else { 409 DEBUG(3, ("Could not find short name: %s\n", 410 wbcErrorString(wbc_status))); 411 } 412 } 413 414 fstr_sprintf(user, "%s%c%s", domain, *lp_winbind_separator(), client); 415 416 /* lookup the passwd struct, create a new user if necessary */ 417 418 username_was_mapped = map_username(sconn, user); 419 420 pw = smb_getpwnam( mem_ctx, user, real_username, True ); 421 422 if (pw) { 423 /* if a real user check pam account restrictions */ 424 /* only really perfomed if "obey pam restriction" is true */ 425 /* do this before an eventual mapping to guest occurs */ 426 ret = smb_pam_accountcheck(pw->pw_name); 427 if ( !NT_STATUS_IS_OK(ret)) { 428 DEBUG(1,("PAM account restriction " 429 "prevents user login\n")); 430 data_blob_free(&ap_rep); 431 data_blob_free(&session_key); 432 TALLOC_FREE(mem_ctx); 433 reply_nterror(req, nt_status_squash(ret)); 434 return; 435 } 436 } 437 438 if (!pw) { 439 440 /* this was originally the behavior of Samba 2.2, if a user 441 did not have a local uid but has been authenticated, then 442 map them to a guest account */ 443 444 if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID){ 445 map_domainuser_to_guest = True; 446 fstrcpy(user,lp_guestaccount()); 447 pw = smb_getpwnam( mem_ctx, user, real_username, True ); 448 } 449 450 /* extra sanity check that the guest account is valid */ 451 452 if ( !pw ) { 453 DEBUG(1,("Username %s is invalid on this system\n", 454 user)); 455 data_blob_free(&ap_rep); 456 data_blob_free(&session_key); 457 TALLOC_FREE(mem_ctx); 458 reply_nterror(req, nt_status_squash( 459 NT_STATUS_LOGON_FAILURE)); 460 return; 461 } 364 if (logon_info) { 365 netsamlogon_cache_store(user, &logon_info->info3); 462 366 } 463 367 464 368 /* setup the string used by %U */ 465 466 sub_set_smb_name( real_username ); 467 reload_services(True); 468 469 if ( map_domainuser_to_guest ) { 470 make_server_info_guest(NULL, &server_info); 471 } else if (logon_info) { 472 /* pass the unmapped username here since map_username() 473 will be called again from inside make_server_info_info3() */ 474 475 ret = make_server_info_info3(mem_ctx, client, domain, 476 &server_info, &logon_info->info3); 477 if ( !NT_STATUS_IS_OK(ret) ) { 478 DEBUG(1,("make_server_info_info3 failed: %s!\n", 479 nt_errstr(ret))); 480 data_blob_free(&ap_rep); 481 data_blob_free(&session_key); 482 TALLOC_FREE(mem_ctx); 483 reply_nterror(req, nt_status_squash(ret)); 484 return; 485 } 486 487 } else { 488 /* 489 * We didn't get a PAC, we have to make up the user 490 * ourselves. Try to ask the pdb backend to provide 491 * SID consistency with ntlmssp session setup 492 */ 493 struct samu *sampass; 494 495 sampass = samu_new(talloc_tos()); 496 if (sampass == NULL) { 497 ret = NT_STATUS_NO_MEMORY; 498 data_blob_free(&ap_rep); 499 data_blob_free(&session_key); 500 TALLOC_FREE(mem_ctx); 501 reply_nterror(req, nt_status_squash(ret)); 502 return; 503 } 504 505 if (pdb_getsampwnam(sampass, real_username)) { 506 DEBUG(10, ("found user %s in passdb, calling " 507 "make_server_info_sam\n", real_username)); 508 ret = make_server_info_sam(&server_info, sampass); 509 } else { 510 /* 511 * User not in passdb, make it up artificially 512 */ 513 TALLOC_FREE(sampass); 514 DEBUG(10, ("didn't find user %s in passdb, calling " 515 "make_server_info_pw\n", real_username)); 516 ret = make_server_info_pw(&server_info, real_username, 517 pw); 518 } 519 520 if ( !NT_STATUS_IS_OK(ret) ) { 521 DEBUG(1,("make_server_info_[sam|pw] failed: %s!\n", 522 nt_errstr(ret))); 523 data_blob_free(&ap_rep); 524 data_blob_free(&session_key); 525 TALLOC_FREE(mem_ctx); 526 reply_nterror(req, nt_status_squash(ret)); 527 return; 528 } 529 530 /* make_server_info_pw does not set the domain. Without this 531 * we end up with the local netbios name in substitutions for 532 * %D. */ 533 534 if (server_info->sam_account != NULL) { 535 pdb_set_domain(server_info->sam_account, 536 domain, PDB_SET); 537 } 369 sub_set_smb_name(real_username); 370 371 /* reload services so that the new %U is taken into account */ 372 reload_services(sconn->msg_ctx, sconn->sock, True); 373 374 ret = make_server_info_krb5(mem_ctx, 375 user, domain, real_username, pw, 376 logon_info, map_domainuser_to_guest, 377 &server_info); 378 if (!NT_STATUS_IS_OK(ret)) { 379 DEBUG(1, ("make_server_info_krb5 failed!\n")); 380 data_blob_free(&ap_rep); 381 data_blob_free(&session_key); 382 TALLOC_FREE(mem_ctx); 383 reply_nterror(req, nt_status_squash(ret)); 384 return; 538 385 } 539 386 … … 543 390 already does this */ 544 391 545 if ( !server_info-> ptok) {392 if ( !server_info->security_token ) { 546 393 ret = create_local_token( server_info ); 547 394 if ( !NT_STATUS_IS_OK(ret) ) { … … 562 409 563 410 data_blob_free(&server_info->user_session_key); 411 /* Set the kerberos-derived session key onto the server_info */ 564 412 server_info->user_session_key = session_key; 413 talloc_steal(server_info, session_key.data); 414 565 415 session_key = data_blob_null; 566 416 … … 570 420 * it.... */ 571 421 572 sess_vuid = register_existing_vuid(sconn, 573 sess_vuid, 574 server_info, 575 nullblob, 576 client); 422 sess_vuid = register_existing_vuid(sconn, sess_vuid, 423 server_info, nullblob, user); 577 424 578 425 reply_outbuf(req, 4, 0); … … 583 430 } else { 584 431 /* current_user_info is changed on new vuid */ 585 reload_services( True);432 reload_services(sconn->msg_ctx, sconn->sock, True); 586 433 587 434 SSVAL(req->outbuf, smb_vwv3, 0); … … 599 446 /* wrap that up in a nice GSS-API wrapping */ 600 447 if (NT_STATUS_IS_OK(ret)) { 601 ap_rep_wrapped = spnego_gen_krb5_wrap( ap_rep,448 ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep, 602 449 TOK_ID_KRB_AP_REP); 603 450 } else { 604 451 ap_rep_wrapped = data_blob_null; 605 452 } 606 response = spnego_gen_auth_response( &ap_rep_wrapped, ret,453 response = spnego_gen_auth_response(talloc_tos(), &ap_rep_wrapped, ret, 607 454 mechOID); 608 455 reply_sesssetup_blob(req, response, ret); … … 626 473 static void reply_spnego_ntlmssp(struct smb_request *req, 627 474 uint16 vuid, 628 AUTH_NTLMSSP_STATE**auth_ntlmssp_state,475 struct auth_ntlmssp_state **auth_ntlmssp_state, 629 476 DATA_BLOB *ntlmssp_blob, NTSTATUS nt_status, 630 477 const char *OID, 631 478 bool wrap) 632 479 { 480 bool do_invalidate = true; 633 481 DATA_BLOB response; 634 struct auth_serversupplied_info *se rver_info = NULL;635 struct smbd_server_connection *sconn = smbd_server_conn;482 struct auth_serversupplied_info *session_info = NULL; 483 struct smbd_server_connection *sconn = req->sconn; 636 484 637 485 if (NT_STATUS_IS_OK(nt_status)) { 638 server_info = (*auth_ntlmssp_state)->server_info; 486 nt_status = auth_ntlmssp_steal_session_info(talloc_tos(), 487 (*auth_ntlmssp_state), &session_info); 639 488 } else { 489 /* Note that this session_info won't have a session 490 * key. But for map to guest, that's exactly the right 491 * thing - we can't reasonably guess the key the 492 * client wants, as the password was wrong */ 640 493 nt_status = do_map_to_guest(nt_status, 641 &server_info,642 (*auth_ntlmssp_state)->ntlmssp_state->user,643 (*auth_ntlmssp_state)->ntlmssp_state->domain);494 &session_info, 495 auth_ntlmssp_get_username(*auth_ntlmssp_state), 496 auth_ntlmssp_get_domain(*auth_ntlmssp_state)); 644 497 } 645 498 … … 656 509 } 657 510 658 data_blob_free(&server_info->user_session_key);659 server_info->user_session_key =660 data_blob_talloc(661 server_info,662 (*auth_ntlmssp_state)->ntlmssp_state->session_key.data,663 (*auth_ntlmssp_state)->ntlmssp_state->session_key.length);664 665 511 /* register_existing_vuid keeps the server info */ 666 512 if (register_existing_vuid(sconn, vuid, 667 server_info, nullblob, 668 (*auth_ntlmssp_state)->ntlmssp_state->user) != 669 vuid) { 513 session_info, nullblob, 514 auth_ntlmssp_get_username(*auth_ntlmssp_state)) != 515 vuid) { 516 /* The problem is, *auth_ntlmssp_state points 517 * into the vuser this will have 518 * talloc_free()'ed in 519 * register_existing_vuid() */ 520 do_invalidate = false; 670 521 nt_status = NT_STATUS_LOGON_FAILURE; 671 522 goto out; 672 523 } 673 524 674 (*auth_ntlmssp_state)->server_info = NULL;675 676 525 /* current_user_info is changed on new vuid */ 677 reload_services( True);526 reload_services(sconn->msg_ctx, sconn->sock, True); 678 527 679 528 SSVAL(req->outbuf, smb_vwv3, 0); 680 529 681 if (se rver_info->guest) {530 if (session_info->guest) { 682 531 SSVAL(req->outbuf,smb_vwv2,1); 683 532 } … … 687 536 688 537 if (wrap) { 689 response = spnego_gen_auth_response(ntlmssp_blob, 538 response = spnego_gen_auth_response(talloc_tos(), 539 ntlmssp_blob, 690 540 nt_status, OID); 691 541 } else { … … 703 553 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { 704 554 /* NB. This is *NOT* an error case. JRA */ 705 auth_ntlmssp_end(auth_ntlmssp_state); 706 if (!NT_STATUS_IS_OK(nt_status)) { 707 /* Kill the intermediate vuid */ 708 invalidate_vuid(sconn, vuid); 555 if (do_invalidate) { 556 TALLOC_FREE(*auth_ntlmssp_state); 557 if (!NT_STATUS_IS_OK(nt_status)) { 558 /* Kill the intermediate vuid */ 559 invalidate_vuid(sconn, vuid); 560 } 709 561 } 710 562 } … … 715 567 ****************************************************************************/ 716 568 717 NTSTATUS parse_spnego_mechanisms(DATA_BLOB blob_in, 569 NTSTATUS parse_spnego_mechanisms(TALLOC_CTX *ctx, 570 DATA_BLOB blob_in, 718 571 DATA_BLOB *pblob_out, 719 572 char **kerb_mechOID) … … 726 579 727 580 /* parse out the OIDs and the first sec blob */ 728 if (! parse_negTokenTarg(blob_in, OIDs, pblob_out) ||729 OIDs[0] == NULL) {581 if (!spnego_parse_negTokenInit(ctx, blob_in, OIDs, NULL, pblob_out) || 582 (OIDs[0] == NULL)) { 730 583 return NT_STATUS_LOGON_FAILURE; 731 584 } … … 744 597 if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 || 745 598 strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) { 746 *kerb_mechOID = SMB_STRDUP(OIDs[0]);599 *kerb_mechOID = talloc_strdup(ctx, OIDs[0]); 747 600 if (*kerb_mechOID == NULL) { 748 601 ret = NT_STATUS_NO_MEMORY; … … 773 626 "but set to downgrade to NTLMSSP\n")); 774 627 775 response = spnego_gen_auth_response( NULL,628 response = spnego_gen_auth_response(talloc_tos(), NULL, 776 629 NT_STATUS_MORE_PROCESSING_REQUIRED, 777 630 OID_NTLMSSP); … … 787 640 uint16 vuid, 788 641 DATA_BLOB blob1, 789 AUTH_NTLMSSP_STATE**auth_ntlmssp_state)642 struct auth_ntlmssp_state **auth_ntlmssp_state) 790 643 { 791 644 DATA_BLOB secblob; … … 793 646 char *kerb_mech = NULL; 794 647 NTSTATUS status; 795 struct smbd_server_connection *sconn = smbd_server_conn; 796 797 status = parse_spnego_mechanisms(blob1, &secblob, &kerb_mech); 648 struct smbd_server_connection *sconn = req->sconn; 649 650 status = parse_spnego_mechanisms(talloc_tos(), 651 blob1, &secblob, &kerb_mech); 798 652 if (!NT_STATUS_IS_OK(status)) { 799 653 /* Kill the intermediate vuid */ … … 817 671 invalidate_vuid(sconn, vuid); 818 672 } 819 SAFE_FREE(kerb_mech);673 TALLOC_FREE(kerb_mech); 820 674 return; 821 675 } 822 676 #endif 823 677 824 if (*auth_ntlmssp_state) { 825 auth_ntlmssp_end(auth_ntlmssp_state); 826 } 678 TALLOC_FREE(*auth_ntlmssp_state); 827 679 828 680 if (kerb_mech) { … … 831 683 * we need to fall back to NTLM. */ 832 684 reply_spnego_downgrade_to_ntlmssp(req, vuid); 833 SAFE_FREE(kerb_mech);685 TALLOC_FREE(kerb_mech); 834 686 return; 835 687 } … … 864 716 uint16 vuid, 865 717 DATA_BLOB blob1, 866 AUTH_NTLMSSP_STATE**auth_ntlmssp_state)718 struct auth_ntlmssp_state **auth_ntlmssp_state) 867 719 { 868 720 DATA_BLOB auth = data_blob_null; … … 870 722 DATA_BLOB secblob = data_blob_null; 871 723 NTSTATUS status = NT_STATUS_LOGON_FAILURE; 872 struct smbd_server_connection *sconn = smbd_server_conn;873 874 if (!spnego_parse_auth( blob1, &auth)) {724 struct smbd_server_connection *sconn = req->sconn; 725 726 if (!spnego_parse_auth(talloc_tos(), blob1, &auth)) { 875 727 #if 0 876 728 file_save("auth.dat", blob1.data, blob1.length); … … 888 740 char *kerb_mech = NULL; 889 741 890 status = parse_spnego_mechanisms(auth, &secblob, &kerb_mech); 742 status = parse_spnego_mechanisms(talloc_tos(), 743 auth, &secblob, &kerb_mech); 891 744 892 745 if (!NT_STATUS_IS_OK(status)) { … … 911 764 invalidate_vuid(sconn, vuid); 912 765 } 913 SAFE_FREE(kerb_mech);766 TALLOC_FREE(kerb_mech); 914 767 return; 915 768 } … … 927 780 reply_nterror(req, nt_status_squash( 928 781 NT_STATUS_LOGON_FAILURE)); 929 SAFE_FREE(kerb_mech);782 TALLOC_FREE(kerb_mech); 930 783 } 931 784 } … … 1208 1061 NTSTATUS status = NT_STATUS_OK; 1209 1062 uint16 smbpid = req->smbpid; 1210 struct smbd_server_connection *sconn = smbd_server_conn;1063 struct smbd_server_connection *sconn = req->sconn; 1211 1064 1212 1065 DEBUG(3,("Doing spnego session setup\n")); … … 1267 1120 } else { 1268 1121 ra_lanman_string( native_lanman ); 1122 } 1123 } else if ( ra_type == RA_VISTA ) { 1124 if ( strncmp(native_os, "Mac OS X", 8) == 0 ) { 1125 set_remote_arch(RA_OSX); 1269 1126 } 1270 1127 } … … 1379 1236 ****************************************************************************/ 1380 1237 1381 static int shutdown_other_smbds(struct db_record *rec, 1382 const struct connections_key *key, 1238 struct shutdown_state { 1239 const char *ip; 1240 struct messaging_context *msg_ctx; 1241 }; 1242 1243 static int shutdown_other_smbds(const struct connections_key *key, 1383 1244 const struct connections_data *crec, 1384 1245 void *private_data) 1385 1246 { 1386 const char *ip = (const char *)private_data; 1247 struct shutdown_state *state = (struct shutdown_state *)private_data; 1248 1249 DEBUG(10, ("shutdown_other_smbds: %s, %s\n", 1250 procid_str(talloc_tos(), &crec->pid), crec->addr)); 1387 1251 1388 1252 if (!process_exists(crec->pid)) { 1253 DEBUG(10, ("process does not exist\n")); 1389 1254 return 0; 1390 1255 } 1391 1256 1392 1257 if (procid_is_me(&crec->pid)) { 1258 DEBUG(10, ("It's me\n")); 1393 1259 return 0; 1394 1260 } 1395 1261 1396 if (strcmp(ip, crec->addr) != 0) { 1262 if (strcmp(state->ip, crec->addr) != 0) { 1263 DEBUG(10, ("%s does not match %s\n", state->ip, crec->addr)); 1397 1264 return 0; 1398 1265 } 1399 1266 1400 DEBUG(0,("shutdown_other_smbds: shutting down pid %u " 1401 "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid), ip)); 1402 1403 messaging_send(smbd_messaging_context(), crec->pid, MSG_SHUTDOWN, 1267 DEBUG(1, ("shutdown_other_smbds: shutting down pid %u " 1268 "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid), 1269 state->ip)); 1270 1271 messaging_send(state->msg_ctx, crec->pid, MSG_SHUTDOWN, 1404 1272 &data_blob_null); 1405 1273 return 0; 1406 1274 } 1407 1275 1408 static void setup_new_vc_session( void)1276 static void setup_new_vc_session(struct smbd_server_connection *sconn) 1409 1277 { 1410 char addr[INET6_ADDRSTRLEN];1411 1412 1278 DEBUG(2,("setup_new_vc_session: New VC == 0, if NT4.x " 1413 1279 "compatible we would close all old resources.\n")); … … 1417 1283 #endif 1418 1284 if (lp_reset_on_zero_vc()) { 1419 connections_forall(shutdown_other_smbds, 1420 CONST_DISCARD(void *, 1421 client_addr(get_client_fd(),addr,sizeof(addr)))); 1285 char *addr; 1286 struct shutdown_state state; 1287 1288 addr = tsocket_address_inet_addr_string( 1289 sconn->remote_address, talloc_tos()); 1290 if (addr == NULL) { 1291 return; 1292 } 1293 state.ip = addr; 1294 state.msg_ctx = sconn->msg_ctx; 1295 connections_forall_read(shutdown_other_smbds, &state); 1296 TALLOC_FREE(addr); 1422 1297 } 1423 1298 } … … 1436 1311 char *tmp; 1437 1312 const char *user; 1438 fstring sub_user; /* Sa initised username for substituion */1313 fstring sub_user; /* Sanitised username for substituion */ 1439 1314 const char *domain; 1440 1315 const char *native_os; 1441 1316 const char *native_lanman; 1442 1317 const char *primary_domain; 1443 auth_usersupplied_info *user_info = NULL;1444 auth_serversupplied_info *server_info = NULL;1318 struct auth_usersupplied_info *user_info = NULL; 1319 struct auth_serversupplied_info *server_info = NULL; 1445 1320 uint16 smb_flag2 = req->flags2; 1446 1321 1447 1322 NTSTATUS nt_status; 1448 struct smbd_server_connection *sconn = smbd_server_conn;1323 struct smbd_server_connection *sconn = req->sconn; 1449 1324 1450 1325 bool doencrypt = sconn->smb1.negprot.encrypted_passwords; … … 1474 1349 1475 1350 if (SVAL(req->vwv+4, 0) == 0) { 1476 setup_new_vc_session( );1351 setup_new_vc_session(req->sconn); 1477 1352 } 1478 1353 … … 1671 1546 1672 1547 if (SVAL(req->vwv+4, 0) == 0) { 1673 setup_new_vc_session( );1548 setup_new_vc_session(req->sconn); 1674 1549 } 1675 1550 … … 1698 1573 sub_set_smb_name(sub_user); 1699 1574 1700 reload_services( True);1575 reload_services(sconn->msg_ctx, sconn->sock, True); 1701 1576 1702 1577 if (lp_security() == SEC_SHARE) { 1578 char *sub_user_mapped = NULL; 1703 1579 /* In share level we should ignore any passwords */ 1704 1580 … … 1707 1583 data_blob_clear_free(&plaintext_password); 1708 1584 1709 map_username(sconn, sub_user); 1585 (void)map_username(talloc_tos(), sub_user, &sub_user_mapped); 1586 if (!sub_user_mapped) { 1587 reply_nterror(req, NT_STATUS_NO_MEMORY); 1588 END_PROFILE(SMBsesssetupX); 1589 return; 1590 } 1591 fstrcpy(sub_user, sub_user_mapped); 1710 1592 add_session_user(sconn, sub_user); 1711 1593 add_session_workgroup(sconn, domain); … … 1742 1624 1743 1625 nt_status = make_auth_context_subsystem( 1744 1626 talloc_tos(), &plaintext_auth_context); 1745 1627 1746 1628 if (NT_STATUS_IS_OK(nt_status)) { … … 1762 1644 &server_info); 1763 1645 1764 (plaintext_auth_context->free)( 1765 &plaintext_auth_context); 1646 TALLOC_FREE(plaintext_auth_context); 1766 1647 } 1767 1648 } … … 1792 1673 } 1793 1674 1794 if (!server_info-> ptok) {1675 if (!server_info->security_token) { 1795 1676 nt_status = create_local_token(server_info); 1796 1677 … … 1852 1733 1853 1734 /* current_user_info is changed on new vuid */ 1854 reload_services( True);1735 reload_services(sconn->msg_ctx, sconn->sock, True); 1855 1736 } 1856 1737
Note:
See TracChangeset
for help on using the changeset viewer.
