Changeset 745 for trunk/server/nsswitch/libwbclient/wbc_pam.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
nsswitch/libwbclient/wbc_pam.c (modified) (46 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/nsswitch/libwbclient/wbc_pam.c
r599 r745 26 26 #include "replace.h" 27 27 #include "libwbclient.h" 28 #include "../winbind_client.h" 28 29 29 30 /* Authenticate a username/password pair */ … … 47 48 } 48 49 49 static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx, 50 const struct winbindd_response *resp, 50 static bool sid_attr_compose(struct wbcSidWithAttr *s, 51 const struct wbcDomainSid *d, 52 uint32_t rid, uint32_t attr) 53 { 54 if (d->num_auths >= WBC_MAXSUBAUTHS) { 55 return false; 56 } 57 s->sid = *d; 58 s->sid.sub_auths[s->sid.num_auths++] = rid; 59 s->attributes = attr; 60 return true; 61 } 62 63 static void wbcAuthUserInfoDestructor(void *ptr) 64 { 65 struct wbcAuthUserInfo *i = (struct wbcAuthUserInfo *)ptr; 66 free(i->account_name); 67 free(i->user_principal); 68 free(i->full_name); 69 free(i->domain_name); 70 free(i->dns_domain_name); 71 free(i->logon_server); 72 free(i->logon_script); 73 free(i->profile_path); 74 free(i->home_directory); 75 free(i->home_drive); 76 free(i->sids); 77 } 78 79 static wbcErr wbc_create_auth_info(const struct winbindd_response *resp, 51 80 struct wbcAuthUserInfo **_i) 52 81 { … … 58 87 uint32_t j; 59 88 60 i = talloc(mem_ctx, struct wbcAuthUserInfo); 89 i = (struct wbcAuthUserInfo *)wbcAllocateMemory( 90 1, sizeof(struct wbcAuthUserInfo), 91 wbcAuthUserInfoDestructor); 61 92 BAIL_ON_PTR_ERROR(i, wbc_status); 62 93 63 94 i->user_flags = resp->data.auth.info3.user_flgs; 64 95 65 i->account_name = talloc_strdup(i,resp->data.auth.info3.user_name);96 i->account_name = strdup(resp->data.auth.info3.user_name); 66 97 BAIL_ON_PTR_ERROR(i->account_name, wbc_status); 67 98 i->user_principal= NULL; 68 i->full_name = talloc_strdup(i,resp->data.auth.info3.full_name);99 i->full_name = strdup(resp->data.auth.info3.full_name); 69 100 BAIL_ON_PTR_ERROR(i->full_name, wbc_status); 70 i->domain_name = talloc_strdup(i,resp->data.auth.info3.logon_dom);101 i->domain_name = strdup(resp->data.auth.info3.logon_dom); 71 102 BAIL_ON_PTR_ERROR(i->domain_name, wbc_status); 72 103 i->dns_domain_name= NULL; … … 90 121 i->pass_must_change_time= resp->data.auth.info3.pass_must_change_time; 91 122 92 i->logon_server = talloc_strdup(i,resp->data.auth.info3.logon_srv);123 i->logon_server = strdup(resp->data.auth.info3.logon_srv); 93 124 BAIL_ON_PTR_ERROR(i->logon_server, wbc_status); 94 i->logon_script = talloc_strdup(i,resp->data.auth.info3.logon_script);125 i->logon_script = strdup(resp->data.auth.info3.logon_script); 95 126 BAIL_ON_PTR_ERROR(i->logon_script, wbc_status); 96 i->profile_path = talloc_strdup(i,resp->data.auth.info3.profile_path);127 i->profile_path = strdup(resp->data.auth.info3.profile_path); 97 128 BAIL_ON_PTR_ERROR(i->profile_path, wbc_status); 98 i->home_directory= talloc_strdup(i,resp->data.auth.info3.home_dir);129 i->home_directory= strdup(resp->data.auth.info3.home_dir); 99 130 BAIL_ON_PTR_ERROR(i->home_directory, wbc_status); 100 i->home_drive = talloc_strdup(i,resp->data.auth.info3.dir_drive);131 i->home_drive = strdup(resp->data.auth.info3.dir_drive); 101 132 BAIL_ON_PTR_ERROR(i->home_drive, wbc_status); 102 133 … … 105 136 i->num_sids += resp->data.auth.info3.num_other_sids; 106 137 107 i->sids = talloc_array(i, struct wbcSidWithAttr, i->num_sids); 138 i->sids = (struct wbcSidWithAttr *)calloc( 139 sizeof(struct wbcSidWithAttr), i->num_sids); 108 140 BAIL_ON_PTR_ERROR(i->sids, wbc_status); 109 141 … … 112 144 BAIL_ON_WBC_ERROR(wbc_status); 113 145 114 #define _SID_COMPOSE(s, d, r, a) { \115 (s).sid = d; \116 if ((s).sid.num_auths < WBC_MAXSUBAUTHS) { \117 (s).sid.sub_auths[(s).sid.num_auths++] = r; \118 } else { \119 wbc_status = WBC_ERR_INVALID_SID; \120 BAIL_ON_WBC_ERROR(wbc_status); \121 } \122 (s).attributes = a; \123 } while (0)124 125 146 sn = 0; 126 _SID_COMPOSE(i->sids[sn], domain_sid, 127 resp->data.auth.info3.user_rid, 128 0); 147 if (!sid_attr_compose(&i->sids[sn], &domain_sid, 148 resp->data.auth.info3.user_rid, 0)) { 149 wbc_status = WBC_ERR_INVALID_SID; 150 goto done; 151 } 129 152 sn++; 130 _SID_COMPOSE(i->sids[sn], domain_sid, 131 resp->data.auth.info3.group_rid, 132 0); 153 if (!sid_attr_compose(&i->sids[sn], &domain_sid, 154 resp->data.auth.info3.group_rid, 0)) { 155 wbc_status = WBC_ERR_INVALID_SID; 156 goto done; 157 } 133 158 sn++; 134 159 … … 158 183 } 159 184 160 _SID_COMPOSE(i->sids[sn], domain_sid, 161 rid, attrs); 185 if (!sid_attr_compose(&i->sids[sn], &domain_sid, 186 rid, attrs)) { 187 wbc_status = WBC_ERR_INVALID_SID; 188 goto done; 189 } 162 190 sn++; 163 191 } … … 203 231 i = NULL; 204 232 done: 205 talloc_free(i); 206 return wbc_status; 207 } 208 209 static wbcErr wbc_create_error_info(TALLOC_CTX *mem_ctx, 210 const struct winbindd_response *resp, 211 struct wbcAuthErrorInfo **_e) 233 wbcFreeMemory(i); 234 return wbc_status; 235 } 236 237 static void wbcAuthErrorInfoDestructor(void *ptr) 238 { 239 struct wbcAuthErrorInfo *e = (struct wbcAuthErrorInfo *)ptr; 240 free(e->nt_string); 241 free(e->display_string); 242 } 243 244 static wbcErr wbc_create_error_info(const struct winbindd_response *resp, 245 struct wbcAuthErrorInfo **_e) 212 246 { 213 247 wbcErr wbc_status = WBC_ERR_SUCCESS; 214 248 struct wbcAuthErrorInfo *e; 215 249 216 e = talloc(mem_ctx, struct wbcAuthErrorInfo); 250 e = (struct wbcAuthErrorInfo *)wbcAllocateMemory( 251 1, sizeof(struct wbcAuthErrorInfo), 252 wbcAuthErrorInfoDestructor); 217 253 BAIL_ON_PTR_ERROR(e, wbc_status); 218 254 219 255 e->nt_status = resp->data.auth.nt_status; 220 256 e->pam_error = resp->data.auth.pam_error; 221 e->nt_string = talloc_strdup(e,resp->data.auth.nt_status_string);257 e->nt_string = strdup(resp->data.auth.nt_status_string); 222 258 BAIL_ON_PTR_ERROR(e->nt_string, wbc_status); 223 259 224 e->display_string = talloc_strdup(e,resp->data.auth.error_string);260 e->display_string = strdup(resp->data.auth.error_string); 225 261 BAIL_ON_PTR_ERROR(e->display_string, wbc_status); 226 262 … … 229 265 230 266 done: 231 talloc_free(e); 232 return wbc_status; 233 } 234 235 static wbcErr wbc_create_password_policy_info(TALLOC_CTX *mem_ctx, 236 const struct winbindd_response *resp, 267 wbcFreeMemory(e); 268 return wbc_status; 269 } 270 271 static wbcErr wbc_create_password_policy_info(const struct winbindd_response *resp, 237 272 struct wbcUserPasswordPolicyInfo **_i) 238 273 { … … 240 275 struct wbcUserPasswordPolicyInfo *i; 241 276 242 i = talloc(mem_ctx, struct wbcUserPasswordPolicyInfo); 277 i = (struct wbcUserPasswordPolicyInfo *)wbcAllocateMemory( 278 1, sizeof(struct wbcUserPasswordPolicyInfo), NULL); 243 279 BAIL_ON_PTR_ERROR(i, wbc_status); 244 280 … … 253 289 254 290 done: 255 talloc_free(i); 256 return wbc_status; 257 } 258 259 static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx, 260 struct winbindd_response *resp, 291 wbcFreeMemory(i); 292 return wbc_status; 293 } 294 295 static void wbcLogonUserInfoDestructor(void *ptr) 296 { 297 struct wbcLogonUserInfo *i = (struct wbcLogonUserInfo *)ptr; 298 wbcFreeMemory(i->info); 299 wbcFreeMemory(i->blobs); 300 } 301 302 static wbcErr wbc_create_logon_info(struct winbindd_response *resp, 261 303 struct wbcLogonUserInfo **_i) 262 304 { … … 264 306 struct wbcLogonUserInfo *i; 265 307 266 i = talloc_zero(mem_ctx, struct wbcLogonUserInfo); 308 i = (struct wbcLogonUserInfo *)wbcAllocateMemory( 309 1, sizeof(struct wbcLogonUserInfo), 310 wbcLogonUserInfoDestructor); 267 311 BAIL_ON_PTR_ERROR(i, wbc_status); 268 312 269 wbc_status = wbc_create_auth_info( i,resp, &i->info);313 wbc_status = wbc_create_auth_info(resp, &i->info); 270 314 BAIL_ON_WBC_ERROR(wbc_status); 271 315 272 if (resp->data.auth.krb5ccname && 273 strlen(resp->data.auth.krb5ccname)) { 316 if (resp->data.auth.krb5ccname[0] != '\0') { 274 317 wbc_status = wbcAddNamedBlob(&i->num_blobs, 275 318 &i->blobs, … … 281 324 } 282 325 283 if (resp->data.auth.unix_username && 284 strlen(resp->data.auth.unix_username)) { 326 if (resp->data.auth.unix_username[0] != '\0') { 285 327 wbc_status = wbcAddNamedBlob(&i->num_blobs, 286 328 &i->blobs, … … 295 337 i = NULL; 296 338 done: 297 if (!WBC_ERROR_IS_OK(wbc_status) && i) { 298 wbcFreeMemory(i->blobs); 299 } 300 301 talloc_free(i); 302 return wbc_status; 303 } 339 wbcFreeMemory(i); 340 return wbc_status; 341 } 342 304 343 305 344 /* Authenticate with more detailed information */ … … 437 476 request.flags |= WBFLAG_BIG_NTLMV2_BLOB; 438 477 request.extra_len = params->password.response.nt_length; 439 request.extra_data.data = talloc_zero_array(NULL, char, request.extra_len); 478 request.extra_data.data = (char *)malloc( 479 request.extra_len); 440 480 if (request.extra_data.data == NULL) { 441 481 wbc_status = WBC_ERR_NO_MEMORY; … … 471 511 if (response.data.auth.nt_status != 0) { 472 512 if (error) { 473 wbc_status = wbc_create_error_info(NULL, 474 &response, 513 wbc_status = wbc_create_error_info(&response, 475 514 error); 476 515 BAIL_ON_WBC_ERROR(wbc_status); … … 483 522 484 523 if (info) { 485 wbc_status = wbc_create_auth_info(NULL, 486 &response, 487 info); 524 wbc_status = wbc_create_auth_info(&response, info); 488 525 BAIL_ON_WBC_ERROR(wbc_status); 489 526 } 490 527 491 528 done: 492 if (response.extra_data.data) 493 free(response.extra_data.data); 494 495 talloc_free(request.extra_data.data); 529 winbindd_free_response(&response); 530 531 free(request.extra_data.data); 496 532 497 533 return wbc_status; … … 520 556 if (response.data.auth.nt_status != 0) { 521 557 if (error) { 522 wbc_status = wbc_create_error_info(NULL, 523 &response, 558 wbc_status = wbc_create_error_info(&response, 524 559 error); 525 560 BAIL_ON_WBC_ERROR(wbc_status); … … 557 592 if (response.data.auth.nt_status != 0) { 558 593 if (error) { 559 wbc_status = wbc_create_error_info(NULL, 560 &response, 594 wbc_status = wbc_create_error_info(&response, 561 595 error); 562 596 BAIL_ON_WBC_ERROR(wbc_status); … … 601 635 if (response.data.auth.nt_status != 0) { 602 636 if (error) { 603 wbc_status = wbc_create_error_info(NULL, 604 &response, 637 wbc_status = wbc_create_error_info(&response, 605 638 error); 606 639 BAIL_ON_WBC_ERROR(wbc_status); … … 688 721 if (response.data.auth.nt_status != 0) { 689 722 if (error) { 690 wbc_status = wbc_create_error_info(NULL, 691 &response, 723 wbc_status = wbc_create_error_info(&response, 692 724 error); 693 725 BAIL_ON_WBC_ERROR(wbc_status); … … 758 790 if (!params->account_name) { 759 791 wbc_status = WBC_ERR_INVALID_PARAM; 760 BAIL_ON_WBC_ERROR(wbc_status);792 goto done; 761 793 } 762 794 … … 782 814 if (!params->account_name) { 783 815 wbc_status = WBC_ERR_INVALID_PARAM; 784 BAIL_ON_WBC_ERROR(wbc_status);816 goto done; 785 817 } 786 818 … … 806 838 if (!params->account_name || !params->domain_name) { 807 839 wbc_status = WBC_ERR_INVALID_PARAM; 808 BAIL_ON_WBC_ERROR(wbc_status);840 goto done; 809 841 } 810 842 … … 812 844 !params->old_password.response.old_lm_hash_enc_data) { 813 845 wbc_status = WBC_ERR_INVALID_PARAM; 814 BAIL_ON_WBC_ERROR(wbc_status);846 goto done; 815 847 } 816 848 … … 818 850 params->old_password.response.old_lm_hash_enc_data) { 819 851 wbc_status = WBC_ERR_INVALID_PARAM; 820 BAIL_ON_WBC_ERROR(wbc_status);852 goto done; 821 853 } 822 854 … … 824 856 !params->old_password.response.old_nt_hash_enc_data) { 825 857 wbc_status = WBC_ERR_INVALID_PARAM; 826 BAIL_ON_WBC_ERROR(wbc_status);858 goto done; 827 859 } 828 860 … … 830 862 params->old_password.response.old_nt_hash_enc_data) { 831 863 wbc_status = WBC_ERR_INVALID_PARAM; 832 BAIL_ON_WBC_ERROR(wbc_status);864 goto done; 833 865 } 834 866 … … 836 868 !params->new_password.response.lm_data) { 837 869 wbc_status = WBC_ERR_INVALID_PARAM; 838 BAIL_ON_WBC_ERROR(wbc_status);870 goto done; 839 871 } 840 872 … … 842 874 params->new_password.response.lm_data) { 843 875 wbc_status = WBC_ERR_INVALID_PARAM; 844 BAIL_ON_WBC_ERROR(wbc_status);876 goto done; 845 877 } 846 878 … … 848 880 !params->new_password.response.nt_data) { 849 881 wbc_status = WBC_ERR_INVALID_PARAM; 850 BAIL_ON_WBC_ERROR(wbc_status);882 goto done; 851 883 } 852 884 … … 854 886 params->new_password.response.nt_data) { 855 887 wbc_status = WBC_ERR_INVALID_PARAM; 856 BAIL_ON_WBC_ERROR(wbc_status);888 goto done; 857 889 } 858 890 … … 900 932 default: 901 933 wbc_status = WBC_ERR_INVALID_PARAM; 902 BAIL_ON_WBC_ERROR(wbc_status);934 goto done; 903 935 break; 904 936 } … … 917 949 if (response.data.auth.nt_status != 0) { 918 950 if (error) { 919 wbc_status = wbc_create_error_info(NULL, 920 &response, 951 wbc_status = wbc_create_error_info(&response, 921 952 error); 922 953 BAIL_ON_WBC_ERROR(wbc_status); … … 926 957 927 958 if (policy) { 928 wbc_status = wbc_create_password_policy_info(NULL, 929 &response, 959 wbc_status = wbc_create_password_policy_info(&response, 930 960 policy); 931 961 BAIL_ON_WBC_ERROR(wbc_status); … … 975 1005 { 976 1006 wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; 977 int cmd = 0;978 1007 struct winbindd_request request; 979 1008 struct winbindd_response response; … … 1014 1043 /* Initialize request */ 1015 1044 1016 cmd = WINBINDD_PAM_AUTH;1017 1045 request.flags = WBFLAG_PAM_INFO3_TEXT | 1018 1046 WBFLAG_PAM_USER_SESSION_KEY | … … 1076 1104 } 1077 1105 1078 wbc_status = wbcRequestResponse( cmd,1106 wbc_status = wbcRequestResponse(WINBINDD_PAM_AUTH, 1079 1107 &request, 1080 1108 &response); … … 1082 1110 if (response.data.auth.nt_status != 0) { 1083 1111 if (error) { 1084 wbc_status = wbc_create_error_info(NULL, 1085 &response, 1112 wbc_status = wbc_create_error_info(&response, 1086 1113 error); 1087 1114 BAIL_ON_WBC_ERROR(wbc_status); … … 1094 1121 1095 1122 if (info) { 1096 wbc_status = wbc_create_logon_info(NULL, 1097 &response, 1123 wbc_status = wbc_create_logon_info(&response, 1098 1124 info); 1099 1125 BAIL_ON_WBC_ERROR(wbc_status); … … 1101 1127 1102 1128 if (policy) { 1103 wbc_status = wbc_create_password_policy_info(NULL, 1104 &response, 1129 wbc_status = wbc_create_password_policy_info(&response, 1105 1130 policy); 1106 1131 BAIL_ON_WBC_ERROR(wbc_status); … … 1108 1133 1109 1134 done: 1110 if (response.extra_data.data) 1111 free(response.extra_data.data); 1112 1113 return wbc_status; 1135 winbindd_free_response(&response); 1136 1137 return wbc_status; 1138 } 1139 1140 static void wbcCredentialCacheInfoDestructor(void *ptr) 1141 { 1142 struct wbcCredentialCacheInfo *i = 1143 (struct wbcCredentialCacheInfo *)ptr; 1144 wbcFreeMemory(i->blobs); 1114 1145 } 1115 1146 … … 1187 1218 1188 1219 if (request.extra_len != 0) { 1189 request.extra_data.data = talloc_array( 1190 NULL, char, request.extra_len); 1220 request.extra_data.data = (char *)malloc(request.extra_len); 1191 1221 if (request.extra_data.data == NULL) { 1192 1222 status = WBC_ERR_NO_MEMORY; … … 1211 1241 } 1212 1242 1213 result = talloc(NULL, struct wbcCredentialCacheInfo); 1243 result = (struct wbcCredentialCacheInfo *)wbcAllocateMemory( 1244 1, sizeof(struct wbcCredentialCacheInfo), 1245 wbcCredentialCacheInfoDestructor); 1214 1246 if (result == NULL) { 1215 1247 status = WBC_ERR_NO_MEMORY; … … 1217 1249 } 1218 1250 result->num_blobs = 0; 1219 result->blobs = talloc(result, struct wbcNamedBlob); 1220 if (result->blobs == NULL) { 1221 status = WBC_ERR_NO_MEMORY; 1222 goto fail; 1223 } 1251 result->blobs = NULL; 1224 1252 status = wbcAddNamedBlob(&result->num_blobs, &result->blobs, 1225 1253 "auth_blob", 0, … … 1237 1265 } 1238 1266 1239 if (response.extra_data.data)1240 free(response.extra_data.data);1241 1267 *info = result; 1242 re turn WBC_ERR_SUCCESS;1243 1268 result = NULL; 1269 status = WBC_ERR_SUCCESS; 1244 1270 fail: 1245 TALLOC_FREE(request.extra_data.data); 1246 if (response.extra_data.data) 1247 free(response.extra_data.data); 1248 talloc_free(result); 1271 free(request.extra_data.data); 1272 winbindd_free_response(&response); 1273 wbcFreeMemory(result); 1249 1274 return status; 1250 1275 }
Note:
See TracChangeset
for help on using the changeset viewer.
