2010-04-11 22:41:59 +02:00
/*
Unix SMB / CIFS implementation .
Authentication utility functions
Copyright ( C ) Andrew Tridgell 1992 - 1998
Copyright ( C ) Andrew Bartlett 2001
Copyright ( C ) Jeremy Allison 2000 - 2001
Copyright ( C ) Rafal Szczesniak 2002
Copyright ( C ) Volker Lendecke 2006
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2011-03-25 02:28:05 +01:00
# include "auth.h"
2010-08-18 12:42:49 +02:00
# include "nsswitch/winbind_client.h"
2011-03-18 18:58:37 +01:00
# include "passdb.h"
2010-04-11 22:41:59 +02:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_AUTH
/***************************************************************************
Is the incoming username our own machine account ?
If so , the connection is almost certainly from winbindd .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static bool is_our_machine_account ( const char * username )
{
bool ret ;
size_t ulen = strlen ( username ) ;
2021-09-07 17:39:38 -07:00
const char * nb_name = lp_netbios_name ( ) ;
size_t nb_namelen = strlen ( nb_name ) ;
2010-04-11 22:41:59 +02:00
if ( ulen = = 0 | | username [ ulen - 1 ] ! = ' $ ' ) {
return false ;
}
2021-09-07 17:39:38 -07:00
if ( nb_namelen ! = ulen - 1 ) {
return false ;
}
ret = strnequal ( username , nb_name , ulen - 1 ) ;
2010-04-11 22:41:59 +02:00
return ret ;
}
/***************************************************************************
Make ( and fill ) a user_info struct from a struct samu
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2014-02-18 10:02:57 +01:00
NTSTATUS make_server_info_sam ( TALLOC_CTX * mem_ctx ,
struct samu * sampass ,
struct auth_serversupplied_info * * pserver_info )
2010-04-11 22:41:59 +02:00
{
struct passwd * pwd ;
2014-02-18 10:02:57 +01:00
struct auth_serversupplied_info * server_info ;
2010-04-11 22:41:59 +02:00
const char * username = pdb_get_username ( sampass ) ;
2021-04-22 10:29:24 +02:00
TALLOC_CTX * tmp_ctx = talloc_stackframe ( ) ;
2010-04-11 22:41:59 +02:00
NTSTATUS status ;
2014-02-18 10:02:57 +01:00
server_info = make_server_info ( tmp_ctx ) ;
if ( server_info = = NULL ) {
2014-02-28 17:15:40 +01:00
status = NT_STATUS_NO_MEMORY ;
goto out ;
2014-02-18 10:02:57 +01:00
}
pwd = Get_Pwnam_alloc ( tmp_ctx , username ) ;
if ( pwd = = NULL ) {
2010-04-11 22:41:59 +02:00
DEBUG ( 1 , ( " User %s in passdb, but getpwnam() fails! \n " ,
pdb_get_username ( sampass ) ) ) ;
2014-02-18 10:02:57 +01:00
status = NT_STATUS_NO_SUCH_USER ;
goto out ;
2010-04-11 22:41:59 +02:00
}
2014-02-18 10:02:57 +01:00
status = samu_to_SamInfo3 ( server_info ,
sampass ,
lp_netbios_name ( ) ,
& server_info - > info3 ,
& server_info - > extra ) ;
2010-05-27 03:41:56 -04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2014-02-18 10:02:57 +01:00
goto out ;
2010-05-27 03:41:56 -04:00
}
2021-04-13 14:45:54 +00:00
server_info - > unix_name = talloc_move ( server_info , & pwd - > pw_name ) ;
2010-04-11 22:41:59 +02:00
2014-02-18 10:02:57 +01:00
server_info - > utok . gid = pwd - > pw_gid ;
server_info - > utok . uid = pwd - > pw_uid ;
2010-04-11 22:41:59 +02:00
if ( IS_DC & & is_our_machine_account ( username ) ) {
/*
* This is a hack of monstrous proportions .
* If we know it ' s winbindd talking to us ,
* we know we must never recurse into it ,
* so turn off contacting winbindd for this
* entire process . This will get fixed when
* winbindd doesn ' t need to talk to smbd on
* a PDC . JRA .
*/
( void ) winbind_off ( ) ;
DEBUG ( 10 , ( " make_server_info_sam: our machine account %s "
2010-05-28 17:03:18 -04:00
" turning off winbindd requests. \n " , username ) ) ;
2010-04-11 22:41:59 +02:00
}
DEBUG ( 5 , ( " make_server_info_sam: made server info for user %s -> %s \n " ,
2014-02-18 10:02:57 +01:00
pdb_get_username ( sampass ) , server_info - > unix_name ) ) ;
2021-04-13 14:45:54 +00:00
* pserver_info = talloc_move ( mem_ctx , & server_info ) ;
2010-04-11 22:41:59 +02:00
2014-02-18 10:02:57 +01:00
status = NT_STATUS_OK ;
out :
talloc_free ( tmp_ctx ) ;
2010-04-11 22:41:59 +02:00
2014-02-18 10:02:57 +01:00
return status ;
2010-04-11 22:41:59 +02:00
}