Changeset 988 for vendor/current/nsswitch/wbinfo.c

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/nsswitch/wbinfo.c (modified) (35 diffs)

vendor/current/nsswitch/wbinfo.c

@@ -23 +23 @@
 
 #include "includes.h"
-#include "popt_common.h"
 #include "winbind_client.h"
 #include "libwbclient/wbclient.h"
-#include "lib/popt/popt.h"
 #include "../libcli/auth/libcli_auth.h"
-#if (_SAMBA_BUILD_) >= 4
 #include "lib/cmdline/popt_common.h"
-#endif
+#include "lib/afs/afs_settoken.h"
 
 #ifdef DBGC_CLASS
@@ -121 +118 @@
         if (!p) {
                 /* Maybe it was a UPN? */
-                if ((p = strchr(domuser, '@')) != NULL) {
+                p = strchr(domuser, '@');
+                if (p != NULL) {
                         fstrcpy(domain, "");
                         fstrcpy(user, domuser);
@@ -135 +133 @@
         fstrcpy(domain, domuser);
         domain[PTR_DIFF(p, domuser)] = 0;
-        strupper_m(domain);
 
         return true;
@@ -243 +240 @@
                  pwd->pw_shell);
 
+        wbcFreeMemory(pwd);
+
         return true;
 }
@@ -520 +519 @@
 
         if (print_all) {
-                d_printf("%-16s%-24s%-12s%-12s%-5s%-5s\n",
+                d_printf("%-16s%-65s%-12s%-12s%-5s%-5s\n",
                          "Domain Name", "DNS Domain", "Trust Type",
                          "Transitive", "In", "Out");
@@ -534 +533 @@
                 }
 
-                d_printf("%-24s", domain_list[i].dns_name);
+                d_printf("%-65s", domain_list[i].dns_name);
 
                 switch(domain_list[i].trust_type) {
@@ -690 +689 @@
         /* Send request */
 
-        if (winbindd_request_response(WINBINDD_GETDCNAME, &request,
+        if (winbindd_request_response(NULL, WINBINDD_GETDCNAME, &request,
                                       &response) != NSS_STATUS_SUCCESS) {
                 d_fprintf(stderr, "Could not get dc name for %s\n",domain_name);
@@ -754 +753 @@
 
         if (wbc_status == WBC_ERR_AUTH_ERROR) {
-                d_fprintf(stderr, "error code was %s (0x%x)\n",
-                          error->nt_string, error->nt_status);
+                d_fprintf(stderr, "wbcCheckTrustCredentials(%s): error code was %s (0x%x)\n",
+                          domain_name, error->nt_string, error->nt_status);
                 wbcFreeMemory(error);
         }
@@ -813 +812 @@
 
         if (wbc_status == WBC_ERR_AUTH_ERROR) {
-                d_fprintf(stderr, "error code was %s (0x%x)\n",
-                          error->nt_string, error->nt_status);
+                d_fprintf(stderr, "wbcChangeTrustCredentials(%s): error code was %s (0x%x)\n",
+                          domain_name, error->nt_string, error->nt_status);
                 wbcFreeMemory(error);
         }
@@ -828 +827 @@
 /* Check DC connection */
 
-static bool wbinfo_ping_dc(void)
+static bool wbinfo_ping_dc(const char *domain)
 {
         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
         struct wbcAuthErrorInfo *error = NULL;
-
-        wbc_status = wbcPingDc(NULL, &error);
-
-        d_printf("checking the NETLOGON dc connection %s\n",
+        char *dcname = NULL;
+
+        const char *domain_name;
+
+        if (domain) {
+                domain_name = domain;
+        } else {
+                domain_name = get_winbind_domain();
+        }
+
+        wbc_status = wbcPingDc2(domain_name, &error, &dcname);
+
+        d_printf("checking the NETLOGON for domain[%s] dc connection to \"%s\" %s\n",
+                 domain_name ? domain_name : "",
+                 dcname ? dcname : "",
                  WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
+        wbcFreeMemory(dcname);
         if (wbc_status == WBC_ERR_AUTH_ERROR) {
-                d_fprintf(stderr, "error code was %s (0x%x)\n",
-                          error->nt_string, error->nt_status);
+                d_fprintf(stderr, "wbcPingDc2(%s): error code was %s (0x%x)\n",
+                          domain_name, error->nt_string, error->nt_status);
                 wbcFreeMemory(error);
+                return false;
         }
         if (!WBC_ERROR_IS_OK(wbc_status)) {
@@ -1020 +1032 @@
                         d_printf("%s -> gid %d\n", sidstr, unix_ids[i].id.gid);
                         break;
+                case WBC_ID_TYPE_BOTH:
+                        d_printf("%s -> uid/gid %d\n", sidstr, unix_ids[i].id.uid);
+                        break;
                 default:
                         d_printf("%s -> unmapped\n", sidstr);
@@ -1218 +1233 @@
         /* Display response */
 
-        d_printf("%s%c%s %d\n",
-                 domain, winbind_separator(), name, type);
+        if (type == WBC_SID_NAME_DOMAIN) {
+                d_printf("%s %d\n", domain, type);
+        } else {
+                d_printf("%s%c%s %d\n",
+                         domain, winbind_separator(), name, type);
+        }
+
+        wbcFreeMemory(domain);
+        wbcFreeMemory(name);
 
         return true;
@@ -1254 +1276 @@
         d_printf("%s%c%s %d\n",
                  domain, winbind_separator(), name, type);
+
+        wbcFreeMemory(domain);
+        wbcFreeMemory(name);
 
         return true;
@@ -1314 +1339 @@
 
         wbc_status = wbcLookupRids(&dinfo->sid, num_rids, rids,
-                                   (const char **)&domain_name, &names, &types);
+                                   &p, &names, &types);
         if (!WBC_ERROR_IS_OK(wbc_status)) {
                 d_printf("winbind_lookup_rids failed: %s\n",
@@ -1321 +1346 @@
         }
 
+        domain_name = discard_const_p(char, p);
         d_printf("Domain: %s\n", domain_name);
 
@@ -1395 +1421 @@
                 if (names[i].type == WBC_SID_NAME_DOMAIN) {
                         d_printf("%s -> %s %d\n", sidstr,
-                                domain,
-                                names[i].type);
+                                 domain,
+                                 names[i].type);
                 } else {
                         d_printf("%s -> %s%c%s %d\n", sidstr,
-                                domain,
-                                winbind_separator(),
-                                names[i].name, names[i].type);
-                }
-        }
+                                 domain,
+                                 winbind_separator(),
+                                 names[i].name, names[i].type);
+                }
+        }
+        wbcFreeMemory(names);
+        wbcFreeMemory(domains);
         return true;
 }
@@ -1445 +1473 @@
 {
         char *prompt;
-        const char *ret = NULL;
+        char buf[1024] = {0};
+        int rc;
 
         prompt = talloc_asprintf(mem_ctx, "Enter %s's ", username);
@@ -1462 +1491 @@
         }
 
-        ret = getpass(prompt);
+        rc = samba_getpass(prompt, buf, sizeof(buf), false, false);
         TALLOC_FREE(prompt);
-
-        return talloc_strdup(mem_ctx, ret);
+        if (rc < 0) {
+                return NULL;
+        }
+
+        return talloc_strdup(mem_ctx, buf);
 }
 
@@ -1553 +1585 @@
         if (error) {
                 d_fprintf(stderr,
-                         "error code was %s (0x%x)\nerror message was: %s\n",
-                         error->nt_string,
+                         "wbcLogonUser(%s): error code was %s (0x%x)\n"
+                         "error message was: %s\n",
+                         params.username, error->nt_string,
                          error->nt_status,
                          error->display_string);
@@ -1725 +1758 @@
         if (wbc_status == WBC_ERR_AUTH_ERROR) {
                 d_fprintf(stderr,
-                         "error code was %s (0x%x)\nerror message was: %s\n",
+                         "wbcAuthenticateUserEx(%s%c%s): error code was %s (0x%x)\n"
+                         "error message was: %s\n",
+                         name_domain,
+                         winbind_separator(),
+                         name_user,
                          err->nt_string,
                          err->nt_status,
@@ -1742 +1779 @@
 /* Authenticate a user with a plaintext password */
 
-static bool wbinfo_pam_logon(char *username)
+static bool wbinfo_pam_logon(char *username, bool verbose)
 {
         wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
         struct wbcLogonUserParams params;
+        struct wbcLogonUserInfo *info = NULL;
         struct wbcAuthErrorInfo *error = NULL;
         char *s = NULL;
@@ -1790 +1828 @@
         }
 
-        wbc_status = wbcLogonUser(&params, NULL, &error, NULL);
+        wbc_status = wbcLogonUser(&params, &info, &error, NULL);
+
+        if (verbose && (info != NULL)) {
+                struct wbcAuthUserInfo *i = info->info;
+                uint32_t j;
+
+                if (i->account_name != NULL) {
+                        d_printf("account_name: %s\n", i->account_name);
+                }
+                if (i->user_principal != NULL) {
+                        d_printf("user_principal: %s\n", i->user_principal);
+                }
+                if (i->full_name != NULL) {
+                        d_printf("full_name: %s\n", i->full_name);
+                }
+                if (i->domain_name != NULL) {
+                        d_printf("domain_name: %s\n", i->domain_name);
+                }
+                if (i->dns_domain_name != NULL) {
+                        d_printf("dns_domain_name: %s\n", i->dns_domain_name);
+                }
+                if (i->logon_server != NULL) {
+                        d_printf("logon_server: %s\n", i->logon_server);
+                }
+                if (i->logon_script != NULL) {
+                        d_printf("logon_script: %s\n", i->logon_script);
+                }
+                if (i->profile_path != NULL) {
+                        d_printf("profile_path: %s\n", i->profile_path);
+                }
+                if (i->home_directory != NULL) {
+                        d_printf("home_directory: %s\n", i->home_directory);
+                }
+                if (i->home_drive != NULL) {
+                        d_printf("home_drive: %s\n", i->home_drive);
+                }
+
+                d_printf("sids:");
+
+                for (j=0; j<i->num_sids; j++) {
+                        char buf[WBC_SID_STRING_BUFLEN];
+                        wbcSidToStringBuf(&i->sids[j].sid, buf, sizeof(buf));
+                        d_printf(" %s", buf);
+                }
+                d_printf("\n");
+
+                wbcFreeMemory(info);
+                info = NULL;
+        }
 
         wbcFreeMemory(params.blobs);
@@ -1799 +1885 @@
         if (!WBC_ERROR_IS_OK(wbc_status) && (error != NULL)) {
                 d_fprintf(stderr,
-                          "error code was %s (0x%x)\nerror message was: %s\n",
+                          "wbcLogonUser(%s): error code was %s (0x%x)\n"
+                          "error message was: %s\n",
+                          params.username,
                           error->nt_string,
                           (int)error->nt_status,
@@ -1869 +1957 @@
         } else {
                 fstrcpy(request.data.auth.user, username);
-                fstrcpy(request.data.auth.pass, getpass("Password: "));
+                (void) samba_getpass("Password: ",
+                                     request.data.auth.pass,
+                                     sizeof(request.data.auth.pass),
+                                     false, false);
         }
 
         request.flags |= WBFLAG_PAM_AFS_TOKEN;
 
-        result = winbindd_request_response(WINBINDD_PAM_AUTH, &request,
+        result = winbindd_request_response(NULL, WINBINDD_PAM_AUTH, &request,
                                            &response);
 
@@ -1924 +2015 @@
         /* Send request to winbind daemon */
 
-        /* '.' is the special sign for our own domain */
-        if (domain && strcmp(domain, ".") == 0) {
+        if (domain == NULL) {
                 domain = get_winbind_domain();
+        } else {
+                /* '.' is the special sign for our own domain */
+                if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
+                        domain = get_winbind_domain();
+                /* '*' is the special sign for all domains */
+                } else if (strcmp(domain, "*") == 0) {
+                        domain = NULL;
+                }
         }
 
@@ -1954 +2052 @@
         /* Send request to winbind daemon */
 
-        /* '.' is the special sign for our own domain */
-        if (domain && strcmp(domain, ".") == 0) {
+        if (domain == NULL) {
                 domain = get_winbind_domain();
+        } else {
+                /* '.' is the special sign for our own domain */
+                if ((domain[0] == '\0') || strcmp(domain, ".") == 0) {
+                        domain = get_winbind_domain();
+                /* '*' is the special sign for all domains */
+                } else if (strcmp(domain, "*") == 0) {
+                        domain = NULL;
+                }
         }
 
@@ -2062 +2167 @@
         OPT_LOGOFF_USER,
         OPT_LOGOFF_UID,
-        OPT_LANMAN
+        OPT_LANMAN,
+        OPT_KRB5CCNAME
 };
 
-int main(int argc, char **argv, char **envp)
+int main(int argc, const char **argv, char **envp)
 {
         int opt;
@@ -2081 +2187 @@
         char *logoff_user = getenv("USER");
         int logoff_uid = geteuid();
+        const char *opt_krb5ccname = "FILE";
 
         struct poptOption long_options[] = {
@@ -2162 +2269 @@
                         /* destroys wbinfo --help output */
                         /* "user%password,DOM\\user%password,user@EXAMPLE.COM,EXAMPLE.COM\\user%password" }, */
+                { "krb5ccname", 0, POPT_ARG_STRING, &opt_krb5ccname, OPT_KRB5CCNAME, "authenticate user using Kerberos and specific credential cache type", "krb5ccname" },
 #endif
                 { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL },
@@ -2173 +2281 @@
 
         /* Samba client initialisation */
-        load_case_tables();
+        smb_init_locale();
 
 
         /* Parse options */
 
-        pc = poptGetContext("wbinfo", argc, (const char **)argv,
+        pc = poptGetContext("wbinfo", argc, argv,
                             long_options, 0);
 
@@ -2382 +2490 @@
                         break;
                 case 'P':
-                        if (!wbinfo_ping_dc()) {
-                                d_fprintf(stderr, "Could not ping our DC\n");
+                        if (!wbinfo_ping_dc(opt_domain_name)) {
                                 goto done;
                         }
@@ -2509 +2616 @@
                         }
                 case OPT_PAM_LOGON:
-                        if (!wbinfo_pam_logon(string_arg)) {
+                        if (!wbinfo_pam_logon(string_arg, verbose)) {
                                 d_fprintf(stderr, "pam_logon failed for %s\n",
                                           string_arg);
@@ -2532 +2639 @@
                                                  WBFLAG_PAM_CONTACT_TRUSTDOM;
 
-                                if (!wbinfo_auth_krb5(string_arg, "FILE",
+                                if (!wbinfo_auth_krb5(string_arg, opt_krb5ccname,
                                                       flags)) {
                                         d_fprintf(stderr,
@@ -2538 +2645 @@
                                                 "[%s] with Kerberos "
                                                 "(ccache: %s)\n", string_arg,
-                                                "FILE");
+                                                opt_krb5ccname);
                                         goto done;
                                 }
@@ -2618 +2725 @@
                 case OPT_LOGOFF_USER:
                 case OPT_LOGOFF_UID:
+                case OPT_KRB5CCNAME:
                         break;
                 default: