Changeset 745 for trunk/server/source3/smbd/sesssetup.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/smbd/sesssetup.c (modified) (44 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/smbd/sesssetup.c
r599 r745 24 24 25 25 #include "includes.h" 26 #include "../lib/tsocket/tsocket.h" 27 #include "smbd/smbd.h" 26 28 #include "smbd/globals.h" 27 29 #include "../libcli/auth/spnego.h" 30 #include "../libcli/auth/ntlmssp.h" 31 #include "ntlmssp_wrap.h" 32 #include "../librpc/gen_ndr/krb5pac.h" 33 #include "libads/kerberos_proto.h" 34 #include "../lib/util/asn1.h" 35 #include "auth.h" 36 #include "messages.h" 37 #include "smbprofile.h" 28 38 29 39 /* For split krb5 SPNEGO blobs. */ … … 40 50 is set approriately 41 51 */ 42 staticNTSTATUS do_map_to_guest(NTSTATUS status,43 44 52 NTSTATUS do_map_to_guest(NTSTATUS status, 53 struct auth_serversupplied_info **server_info, 54 const char *user, const char *domain) 45 55 { 56 user = user ? user : ""; 57 domain = domain ? domain : ""; 58 46 59 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { 47 60 if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || … … 132 145 ****************************************************************************/ 133 146 134 static NTSTATUS check_guest_password( auth_serversupplied_info **server_info)147 static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_info) 135 148 { 136 149 struct auth_context *auth_context; 137 auth_usersupplied_info *user_info = NULL;150 struct auth_usersupplied_info *user_info = NULL; 138 151 139 152 NTSTATUS nt_status; 140 unsigned char chal[8]; 141 142 ZERO_STRUCT(chal); 153 static unsigned char chal[8] = { 0, }; 143 154 144 155 DEBUG(3,("Got anonymous request\n")); 145 156 146 if (!NT_STATUS_IS_OK(nt_status = make_auth_context_fixed(&auth_context,147 chal))) {157 nt_status = make_auth_context_fixed(talloc_tos(), &auth_context, chal); 158 if (!NT_STATUS_IS_OK(nt_status)) { 148 159 return nt_status; 149 160 } 150 161 151 162 if (!make_user_info_guest(&user_info)) { 152 (auth_context->free)(&auth_context);163 TALLOC_FREE(auth_context); 153 164 return NT_STATUS_NO_MEMORY; 154 165 } … … 157 168 user_info, 158 169 server_info); 159 (auth_context->free)(&auth_context);170 TALLOC_FREE(auth_context); 160 171 free_user_info(&user_info); 161 172 return nt_status; … … 240 251 TALLOC_CTX *mem_ctx; 241 252 DATA_BLOB ticket; 242 char *client, *p, *domain;243 fstring netbios_domain_name;244 253 struct passwd *pw; 245 fstring user;246 254 int sess_vuid = req->vuid; 247 255 NTSTATUS ret = NT_STATUS_OK; 248 struct PAC_DATA *pac_data = NULL;249 256 DATA_BLOB ap_rep, ap_rep_wrapped, response; 250 auth_serversupplied_info *server_info = NULL;257 struct auth_serversupplied_info *server_info = NULL; 251 258 DATA_BLOB session_key = data_blob_null; 252 259 uint8 tok_id[2]; 253 260 DATA_BLOB nullblob = data_blob_null; 254 fstring real_username;255 261 bool map_domainuser_to_guest = False; 256 262 bool username_was_mapped; 257 263 struct PAC_LOGON_INFO *logon_info = NULL; 258 struct smbd_server_connection *sconn = smbd_server_conn; 264 struct smbd_server_connection *sconn = req->sconn; 265 char *principal; 266 char *user; 267 char *domain; 268 char *real_username; 259 269 260 270 ZERO_STRUCT(ticket); … … 272 282 } 273 283 274 if (!spnego_parse_krb5_wrap( *secblob, &ticket, tok_id)) {284 if (!spnego_parse_krb5_wrap(mem_ctx, *secblob, &ticket, tok_id)) { 275 285 talloc_destroy(mem_ctx); 276 286 reply_nterror(req, nt_status_squash(NT_STATUS_LOGON_FAILURE)); … … 279 289 280 290 ret = ads_verify_ticket(mem_ctx, lp_realm(), 0, &ticket, 281 & client, &pac_data, &ap_rep,291 &principal, &logon_info, &ap_rep, 282 292 &session_key, True); 283 293 … … 340 350 } 341 351 342 DEBUG(3,("Ticket name is [%s]\n", client)); 343 344 p = strchr_m(client, '@'); 345 if (!p) { 346 DEBUG(3,("Doesn't look like a valid principal\n")); 352 ret = get_user_from_kerberos_info(talloc_tos(), 353 sconn->client_id.name, 354 principal, logon_info, 355 &username_was_mapped, 356 &map_domainuser_to_guest, 357 &user, &domain, 358 &real_username, &pw); 359 if (!NT_STATUS_IS_OK(ret)) { 347 360 data_blob_free(&ap_rep); 348 361 data_blob_free(&session_key); … … 352 365 } 353 366 354 *p = 0;355 356 367 /* save the PAC data if we have it */ 357 358 if (pac_data) { 359 logon_info = get_logon_info_from_pac(pac_data); 360 if (logon_info) { 361 netsamlogon_cache_store( client, &logon_info->info3 ); 362 } 363 } 364 365 if (!strequal(p+1, lp_realm())) { 366 DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1)); 367 if (!lp_allow_trusted_domains()) { 368 data_blob_free(&ap_rep); 369 data_blob_free(&session_key); 370 talloc_destroy(mem_ctx); 371 reply_nterror(req, nt_status_squash( 372 NT_STATUS_LOGON_FAILURE)); 373 return; 374 } 375 } 376 377 /* this gives a fully qualified user name (ie. with full realm). 378 that leads to very long usernames, but what else can we do? */ 379 380 domain = p+1; 381 382 if (logon_info && logon_info->info3.base.domain.string) { 383 fstrcpy(netbios_domain_name, 384 logon_info->info3.base.domain.string); 385 domain = netbios_domain_name; 386 DEBUG(10, ("Mapped to [%s] (using PAC)\n", domain)); 387 388 } else { 389 390 /* If we have winbind running, we can (and must) shorten the 391 username by using the short netbios name. Otherwise we will 392 have inconsistent user names. With Kerberos, we get the 393 fully qualified realm, with ntlmssp we get the short 394 name. And even w2k3 does use ntlmssp if you for example 395 connect to an ip address. */ 396 397 wbcErr wbc_status; 398 struct wbcDomainInfo *info = NULL; 399 400 DEBUG(10, ("Mapping [%s] to short name\n", domain)); 401 402 wbc_status = wbcDomainInfo(domain, &info); 403 404 if (WBC_ERROR_IS_OK(wbc_status)) { 405 406 fstrcpy(netbios_domain_name, 407 info->short_name); 408 409 wbcFreeMemory(info); 410 domain = netbios_domain_name; 411 DEBUG(10, ("Mapped to [%s] (using Winbind)\n", domain)); 412 } else { 413 DEBUG(3, ("Could not find short name: %s\n", 414 wbcErrorString(wbc_status))); 415 } 416 } 417 418 fstr_sprintf(user, "%s%c%s", domain, *lp_winbind_separator(), client); 419 420 /* lookup the passwd struct, create a new user if necessary */ 421 422 username_was_mapped = map_username(sconn, user); 423 424 pw = smb_getpwnam( mem_ctx, user, real_username, True ); 425 426 if (pw) { 427 /* if a real user check pam account restrictions */ 428 /* only really perfomed if "obey pam restriction" is true */ 429 /* do this before an eventual mapping to guest occurs */ 430 ret = smb_pam_accountcheck(pw->pw_name); 431 if ( !NT_STATUS_IS_OK(ret)) { 432 DEBUG(1,("PAM account restriction " 433 "prevents user login\n")); 434 data_blob_free(&ap_rep); 435 data_blob_free(&session_key); 436 TALLOC_FREE(mem_ctx); 437 reply_nterror(req, nt_status_squash(ret)); 438 return; 439 } 440 } 441 442 if (!pw) { 443 444 /* this was originally the behavior of Samba 2.2, if a user 445 did not have a local uid but has been authenticated, then 446 map them to a guest account */ 447 448 if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID){ 449 map_domainuser_to_guest = True; 450 fstrcpy(user,lp_guestaccount()); 451 pw = smb_getpwnam( mem_ctx, user, real_username, True ); 452 } 453 454 /* extra sanity check that the guest account is valid */ 455 456 if ( !pw ) { 457 DEBUG(1,("Username %s is invalid on this system\n", 458 user)); 459 data_blob_free(&ap_rep); 460 data_blob_free(&session_key); 461 TALLOC_FREE(mem_ctx); 462 reply_nterror(req, nt_status_squash( 463 NT_STATUS_LOGON_FAILURE)); 464 return; 465 } 368 if (logon_info) { 369 netsamlogon_cache_store(user, &logon_info->info3); 466 370 } 467 371 468 372 /* setup the string used by %U */ 469 470 sub_set_smb_name( real_username ); 471 reload_services(True); 472 473 if ( map_domainuser_to_guest ) { 474 make_server_info_guest(NULL, &server_info); 475 } else if (logon_info) { 476 /* pass the unmapped username here since map_username() 477 will be called again from inside make_server_info_info3() */ 478 479 ret = make_server_info_info3(mem_ctx, client, domain, 480 &server_info, &logon_info->info3); 481 if ( !NT_STATUS_IS_OK(ret) ) { 482 DEBUG(1,("make_server_info_info3 failed: %s!\n", 483 nt_errstr(ret))); 484 data_blob_free(&ap_rep); 485 data_blob_free(&session_key); 486 TALLOC_FREE(mem_ctx); 487 reply_nterror(req, nt_status_squash(ret)); 488 return; 489 } 490 491 } else { 492 /* 493 * We didn't get a PAC, we have to make up the user 494 * ourselves. Try to ask the pdb backend to provide 495 * SID consistency with ntlmssp session setup 496 */ 497 struct samu *sampass; 498 499 sampass = samu_new(talloc_tos()); 500 if (sampass == NULL) { 501 ret = NT_STATUS_NO_MEMORY; 502 data_blob_free(&ap_rep); 503 data_blob_free(&session_key); 504 TALLOC_FREE(mem_ctx); 505 reply_nterror(req, nt_status_squash(ret)); 506 return; 507 } 508 509 if (pdb_getsampwnam(sampass, real_username)) { 510 DEBUG(10, ("found user %s in passdb, calling " 511 "make_server_info_sam\n", real_username)); 512 ret = make_server_info_sam(&server_info, sampass); 513 } else { 514 /* 515 * User not in passdb, make it up artificially 516 */ 517 TALLOC_FREE(sampass); 518 DEBUG(10, ("didn't find user %s in passdb, calling " 519 "make_server_info_pw\n", real_username)); 520 ret = make_server_info_pw(&server_info, real_username, 521 pw); 522 } 523 524 if ( !NT_STATUS_IS_OK(ret) ) { 525 DEBUG(1,("make_server_info_[sam|pw] failed: %s!\n", 526 nt_errstr(ret))); 527 data_blob_free(&ap_rep); 528 data_blob_free(&session_key); 529 TALLOC_FREE(mem_ctx); 530 reply_nterror(req, nt_status_squash(ret)); 531 return; 532 } 533 534 /* make_server_info_pw does not set the domain. Without this 535 * we end up with the local netbios name in substitutions for 536 * %D. */ 537 538 if (server_info->sam_account != NULL) { 539 pdb_set_domain(server_info->sam_account, 540 domain, PDB_SET); 541 } 373 sub_set_smb_name(real_username); 374 375 /* reload services so that the new %U is taken into account */ 376 reload_services(sconn->msg_ctx, sconn->sock, True); 377 378 ret = make_server_info_krb5(mem_ctx, 379 user, domain, real_username, pw, 380 logon_info, map_domainuser_to_guest, 381 &server_info); 382 if (!NT_STATUS_IS_OK(ret)) { 383 DEBUG(1, ("make_server_info_krb5 failed!\n")); 384 data_blob_free(&ap_rep); 385 data_blob_free(&session_key); 386 TALLOC_FREE(mem_ctx); 387 reply_nterror(req, nt_status_squash(ret)); 388 return; 542 389 } 543 390 … … 547 394 already does this */ 548 395 549 if ( !server_info-> ptok) {396 if ( !server_info->security_token ) { 550 397 ret = create_local_token( server_info ); 551 398 if ( !NT_STATUS_IS_OK(ret) ) { … … 566 413 567 414 data_blob_free(&server_info->user_session_key); 415 /* Set the kerberos-derived session key onto the server_info */ 568 416 server_info->user_session_key = session_key; 417 talloc_steal(server_info, session_key.data); 418 569 419 session_key = data_blob_null; 570 420 … … 574 424 * it.... */ 575 425 576 sess_vuid = register_existing_vuid(sconn, 577 sess_vuid, 578 server_info, 579 nullblob, 580 client); 426 sess_vuid = register_existing_vuid(sconn, sess_vuid, 427 server_info, nullblob, user); 581 428 582 429 reply_outbuf(req, 4, 0); … … 587 434 } else { 588 435 /* current_user_info is changed on new vuid */ 589 reload_services( True);436 reload_services(sconn->msg_ctx, sconn->sock, True); 590 437 591 438 SSVAL(req->outbuf, smb_vwv3, 0); … … 603 450 /* wrap that up in a nice GSS-API wrapping */ 604 451 if (NT_STATUS_IS_OK(ret)) { 605 ap_rep_wrapped = spnego_gen_krb5_wrap( ap_rep,452 ap_rep_wrapped = spnego_gen_krb5_wrap(talloc_tos(), ap_rep, 606 453 TOK_ID_KRB_AP_REP); 607 454 } else { 608 455 ap_rep_wrapped = data_blob_null; 609 456 } 610 response = spnego_gen_auth_response( &ap_rep_wrapped, ret,457 response = spnego_gen_auth_response(talloc_tos(), &ap_rep_wrapped, ret, 611 458 mechOID); 612 459 reply_sesssetup_blob(req, response, ret); … … 630 477 static void reply_spnego_ntlmssp(struct smb_request *req, 631 478 uint16 vuid, 632 AUTH_NTLMSSP_STATE**auth_ntlmssp_state,479 struct auth_ntlmssp_state **auth_ntlmssp_state, 633 480 DATA_BLOB *ntlmssp_blob, NTSTATUS nt_status, 634 481 const char *OID, 635 482 bool wrap) 636 483 { 484 bool do_invalidate = true; 637 485 DATA_BLOB response; 638 struct auth_serversupplied_info *se rver_info = NULL;639 struct smbd_server_connection *sconn = smbd_server_conn;486 struct auth_serversupplied_info *session_info = NULL; 487 struct smbd_server_connection *sconn = req->sconn; 640 488 641 489 if (NT_STATUS_IS_OK(nt_status)) { 642 server_info = (*auth_ntlmssp_state)->server_info; 490 nt_status = auth_ntlmssp_steal_session_info(talloc_tos(), 491 (*auth_ntlmssp_state), &session_info); 643 492 } else { 493 /* Note that this session_info won't have a session 494 * key. But for map to guest, that's exactly the right 495 * thing - we can't reasonably guess the key the 496 * client wants, as the password was wrong */ 644 497 nt_status = do_map_to_guest(nt_status, 645 &server_info,646 (*auth_ntlmssp_state)->ntlmssp_state->user,647 (*auth_ntlmssp_state)->ntlmssp_state->domain);498 &session_info, 499 auth_ntlmssp_get_username(*auth_ntlmssp_state), 500 auth_ntlmssp_get_domain(*auth_ntlmssp_state)); 648 501 } 649 502 … … 660 513 } 661 514 662 data_blob_free(&server_info->user_session_key);663 server_info->user_session_key =664 data_blob_talloc(665 server_info,666 (*auth_ntlmssp_state)->ntlmssp_state->session_key.data,667 (*auth_ntlmssp_state)->ntlmssp_state->session_key.length);668 669 515 /* register_existing_vuid keeps the server info */ 670 516 if (register_existing_vuid(sconn, vuid, 671 server_info, nullblob, 672 (*auth_ntlmssp_state)->ntlmssp_state->user) != 673 vuid) { 517 session_info, nullblob, 518 auth_ntlmssp_get_username(*auth_ntlmssp_state)) != 519 vuid) { 520 /* The problem is, *auth_ntlmssp_state points 521 * into the vuser this will have 522 * talloc_free()'ed in 523 * register_existing_vuid() */ 524 do_invalidate = false; 674 525 nt_status = NT_STATUS_LOGON_FAILURE; 675 526 goto out; 676 527 } 677 528 678 (*auth_ntlmssp_state)->server_info = NULL;679 680 529 /* current_user_info is changed on new vuid */ 681 reload_services( True);530 reload_services(sconn->msg_ctx, sconn->sock, True); 682 531 683 532 SSVAL(req->outbuf, smb_vwv3, 0); 684 533 685 if (se rver_info->guest) {534 if (session_info->guest) { 686 535 SSVAL(req->outbuf,smb_vwv2,1); 687 536 } … … 691 540 692 541 if (wrap) { 693 response = spnego_gen_auth_response(ntlmssp_blob, 542 response = spnego_gen_auth_response(talloc_tos(), 543 ntlmssp_blob, 694 544 nt_status, OID); 695 545 } else { … … 707 557 if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { 708 558 /* NB. This is *NOT* an error case. JRA */ 709 auth_ntlmssp_end(auth_ntlmssp_state); 710 if (!NT_STATUS_IS_OK(nt_status)) { 711 /* Kill the intermediate vuid */ 712 invalidate_vuid(sconn, vuid); 559 if (do_invalidate) { 560 TALLOC_FREE(*auth_ntlmssp_state); 561 if (!NT_STATUS_IS_OK(nt_status)) { 562 /* Kill the intermediate vuid */ 563 invalidate_vuid(sconn, vuid); 564 } 713 565 } 714 566 } … … 719 571 ****************************************************************************/ 720 572 721 NTSTATUS parse_spnego_mechanisms(DATA_BLOB blob_in, 573 NTSTATUS parse_spnego_mechanisms(TALLOC_CTX *ctx, 574 DATA_BLOB blob_in, 722 575 DATA_BLOB *pblob_out, 723 576 char **kerb_mechOID) … … 730 583 731 584 /* parse out the OIDs and the first sec blob */ 732 if (! parse_negTokenTarg(blob_in, OIDs, pblob_out) ||733 OIDs[0] == NULL) {585 if (!spnego_parse_negTokenInit(ctx, blob_in, OIDs, NULL, pblob_out) || 586 (OIDs[0] == NULL)) { 734 587 return NT_STATUS_LOGON_FAILURE; 735 588 } … … 748 601 if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 || 749 602 strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) { 750 *kerb_mechOID = SMB_STRDUP(OIDs[0]);603 *kerb_mechOID = talloc_strdup(ctx, OIDs[0]); 751 604 if (*kerb_mechOID == NULL) { 752 605 ret = NT_STATUS_NO_MEMORY; … … 777 630 "but set to downgrade to NTLMSSP\n")); 778 631 779 response = spnego_gen_auth_response( NULL,632 response = spnego_gen_auth_response(talloc_tos(), NULL, 780 633 NT_STATUS_MORE_PROCESSING_REQUIRED, 781 634 OID_NTLMSSP); … … 791 644 uint16 vuid, 792 645 DATA_BLOB blob1, 793 AUTH_NTLMSSP_STATE**auth_ntlmssp_state)646 struct auth_ntlmssp_state **auth_ntlmssp_state) 794 647 { 795 648 DATA_BLOB secblob; … … 797 650 char *kerb_mech = NULL; 798 651 NTSTATUS status; 799 struct smbd_server_connection *sconn = smbd_server_conn; 800 801 status = parse_spnego_mechanisms(blob1, &secblob, &kerb_mech); 652 struct smbd_server_connection *sconn = req->sconn; 653 654 status = parse_spnego_mechanisms(talloc_tos(), 655 blob1, &secblob, &kerb_mech); 802 656 if (!NT_STATUS_IS_OK(status)) { 803 657 /* Kill the intermediate vuid */ … … 821 675 invalidate_vuid(sconn, vuid); 822 676 } 823 SAFE_FREE(kerb_mech);677 TALLOC_FREE(kerb_mech); 824 678 return; 825 679 } 826 680 #endif 827 681 828 if (*auth_ntlmssp_state) { 829 auth_ntlmssp_end(auth_ntlmssp_state); 830 } 682 TALLOC_FREE(*auth_ntlmssp_state); 831 683 832 684 if (kerb_mech) { … … 835 687 * we need to fall back to NTLM. */ 836 688 reply_spnego_downgrade_to_ntlmssp(req, vuid); 837 SAFE_FREE(kerb_mech);689 TALLOC_FREE(kerb_mech); 838 690 return; 839 691 } … … 868 720 uint16 vuid, 869 721 DATA_BLOB blob1, 870 AUTH_NTLMSSP_STATE**auth_ntlmssp_state)722 struct auth_ntlmssp_state **auth_ntlmssp_state) 871 723 { 872 724 DATA_BLOB auth = data_blob_null; … … 874 726 DATA_BLOB secblob = data_blob_null; 875 727 NTSTATUS status = NT_STATUS_LOGON_FAILURE; 876 struct smbd_server_connection *sconn = smbd_server_conn;877 878 if (!spnego_parse_auth( blob1, &auth)) {728 struct smbd_server_connection *sconn = req->sconn; 729 730 if (!spnego_parse_auth(talloc_tos(), blob1, &auth)) { 879 731 #if 0 880 732 file_save("auth.dat", blob1.data, blob1.length); … … 892 744 char *kerb_mech = NULL; 893 745 894 status = parse_spnego_mechanisms(auth, &secblob, &kerb_mech); 746 status = parse_spnego_mechanisms(talloc_tos(), 747 auth, &secblob, &kerb_mech); 895 748 896 749 if (!NT_STATUS_IS_OK(status)) { … … 915 768 invalidate_vuid(sconn, vuid); 916 769 } 917 SAFE_FREE(kerb_mech);770 TALLOC_FREE(kerb_mech); 918 771 return; 919 772 } … … 931 784 reply_nterror(req, nt_status_squash( 932 785 NT_STATUS_LOGON_FAILURE)); 933 SAFE_FREE(kerb_mech);786 TALLOC_FREE(kerb_mech); 934 787 } 935 788 } … … 1212 1065 NTSTATUS status = NT_STATUS_OK; 1213 1066 uint16 smbpid = req->smbpid; 1214 struct smbd_server_connection *sconn = smbd_server_conn;1067 struct smbd_server_connection *sconn = req->sconn; 1215 1068 1216 1069 DEBUG(3,("Doing spnego session setup\n")); … … 1271 1124 } else { 1272 1125 ra_lanman_string( native_lanman ); 1126 } 1127 } else if ( ra_type == RA_VISTA ) { 1128 if ( strncmp(native_os, "Mac OS X", 8) == 0 ) { 1129 set_remote_arch(RA_OSX); 1273 1130 } 1274 1131 } … … 1383 1240 ****************************************************************************/ 1384 1241 1385 static int shutdown_other_smbds(struct db_record *rec, 1386 const struct connections_key *key, 1242 struct shutdown_state { 1243 const char *ip; 1244 struct messaging_context *msg_ctx; 1245 }; 1246 1247 static int shutdown_other_smbds(const struct connections_key *key, 1387 1248 const struct connections_data *crec, 1388 1249 void *private_data) 1389 1250 { 1390 const char *ip = (const char *)private_data; 1251 struct shutdown_state *state = (struct shutdown_state *)private_data; 1252 1253 DEBUG(10, ("shutdown_other_smbds: %s, %s\n", 1254 procid_str(talloc_tos(), &crec->pid), crec->addr)); 1391 1255 1392 1256 if (!process_exists(crec->pid)) { 1257 DEBUG(10, ("process does not exist\n")); 1393 1258 return 0; 1394 1259 } 1395 1260 1396 1261 if (procid_is_me(&crec->pid)) { 1262 DEBUG(10, ("It's me\n")); 1397 1263 return 0; 1398 1264 } 1399 1265 1400 if (strcmp(ip, crec->addr) != 0) { 1266 if (strcmp(state->ip, crec->addr) != 0) { 1267 DEBUG(10, ("%s does not match %s\n", state->ip, crec->addr)); 1401 1268 return 0; 1402 1269 } 1403 1270 1404 DEBUG(0,("shutdown_other_smbds: shutting down pid %u " 1405 "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid), ip)); 1406 1407 messaging_send(smbd_messaging_context(), crec->pid, MSG_SHUTDOWN, 1271 DEBUG(1, ("shutdown_other_smbds: shutting down pid %u " 1272 "(IP %s)\n", (unsigned int)procid_to_pid(&crec->pid), 1273 state->ip)); 1274 1275 messaging_send(state->msg_ctx, crec->pid, MSG_SHUTDOWN, 1408 1276 &data_blob_null); 1409 1277 return 0; 1410 1278 } 1411 1279 1412 static void setup_new_vc_session( void)1280 static void setup_new_vc_session(struct smbd_server_connection *sconn) 1413 1281 { 1414 char addr[INET6_ADDRSTRLEN];1415 1416 1282 DEBUG(2,("setup_new_vc_session: New VC == 0, if NT4.x " 1417 1283 "compatible we would close all old resources.\n")); … … 1421 1287 #endif 1422 1288 if (lp_reset_on_zero_vc()) { 1423 connections_forall(shutdown_other_smbds, 1424 CONST_DISCARD(void *, 1425 client_addr(get_client_fd(),addr,sizeof(addr)))); 1289 char *addr; 1290 struct shutdown_state state; 1291 1292 addr = tsocket_address_inet_addr_string( 1293 sconn->remote_address, talloc_tos()); 1294 if (addr == NULL) { 1295 return; 1296 } 1297 state.ip = addr; 1298 state.msg_ctx = sconn->msg_ctx; 1299 connections_forall_read(shutdown_other_smbds, &state); 1300 TALLOC_FREE(addr); 1426 1301 } 1427 1302 } … … 1440 1315 char *tmp; 1441 1316 const char *user; 1442 fstring sub_user; /* Sa initised username for substituion */1317 fstring sub_user; /* Sanitised username for substituion */ 1443 1318 const char *domain; 1444 1319 const char *native_os; 1445 1320 const char *native_lanman; 1446 1321 const char *primary_domain; 1447 auth_usersupplied_info *user_info = NULL;1448 auth_serversupplied_info *server_info = NULL;1322 struct auth_usersupplied_info *user_info = NULL; 1323 struct auth_serversupplied_info *server_info = NULL; 1449 1324 uint16 smb_flag2 = req->flags2; 1450 1325 1451 1326 NTSTATUS nt_status; 1452 struct smbd_server_connection *sconn = smbd_server_conn;1327 struct smbd_server_connection *sconn = req->sconn; 1453 1328 1454 1329 bool doencrypt = sconn->smb1.negprot.encrypted_passwords; … … 1478 1353 1479 1354 if (SVAL(req->vwv+4, 0) == 0) { 1480 setup_new_vc_session( );1355 setup_new_vc_session(req->sconn); 1481 1356 } 1482 1357 … … 1675 1550 1676 1551 if (SVAL(req->vwv+4, 0) == 0) { 1677 setup_new_vc_session( );1552 setup_new_vc_session(req->sconn); 1678 1553 } 1679 1554 … … 1702 1577 sub_set_smb_name(sub_user); 1703 1578 1704 reload_services( True);1579 reload_services(sconn->msg_ctx, sconn->sock, True); 1705 1580 1706 1581 if (lp_security() == SEC_SHARE) { 1582 char *sub_user_mapped = NULL; 1707 1583 /* In share level we should ignore any passwords */ 1708 1584 … … 1711 1587 data_blob_clear_free(&plaintext_password); 1712 1588 1713 map_username(sconn, sub_user); 1589 (void)map_username(talloc_tos(), sub_user, &sub_user_mapped); 1590 if (!sub_user_mapped) { 1591 reply_nterror(req, NT_STATUS_NO_MEMORY); 1592 END_PROFILE(SMBsesssetupX); 1593 return; 1594 } 1595 fstrcpy(sub_user, sub_user_mapped); 1714 1596 add_session_user(sconn, sub_user); 1715 1597 add_session_workgroup(sconn, domain); … … 1746 1628 1747 1629 nt_status = make_auth_context_subsystem( 1748 1630 talloc_tos(), &plaintext_auth_context); 1749 1631 1750 1632 if (NT_STATUS_IS_OK(nt_status)) { … … 1766 1648 &server_info); 1767 1649 1768 (plaintext_auth_context->free)( 1769 &plaintext_auth_context); 1650 TALLOC_FREE(plaintext_auth_context); 1770 1651 } 1771 1652 } … … 1796 1677 } 1797 1678 1798 if (!server_info-> ptok) {1679 if (!server_info->security_token) { 1799 1680 nt_status = create_local_token(server_info); 1800 1681 … … 1856 1737 1857 1738 /* current_user_info is changed on new vuid */ 1858 reload_services( True);1739 reload_services(sconn->msg_ctx, sconn->sock, True); 1859 1740 } 1860 1741
Note:
See TracChangeset
for help on using the changeset viewer.
