sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-24 21:49:29 +03:00
Code Activity

winbind: Fix UPN handling in canonicalize_username()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 11 12:02:37 CEST 2018 on sn-devel-144

(cherry picked from commit 1766f77493)
This commit is contained in:
Andreas Schneider
2018-04-26 17:32:42 +02:00
committed by Karolin Seeger
parent 124f0e4bda
commit 682a2e2656
6 changed files with 44 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
source3/winbindd/winbindd_ccache_access.c
View File

@ -199,8 +199,11 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
/* Parse domain and username */
if (!canonicalize_username(state->request->data.ccache_ntlm_auth.user,
name_domain, name_user)) {
ok = canonicalize_username(state->request->data.ccache_ntlm_auth.user,
name_namespace,
name_domain,
name_user);
if (!ok) {
DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
request_error(state);
@ -316,8 +319,9 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
void winbindd_ccache_save(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
fstring name_domain, name_user;
fstring name_namespace, name_domain, name_user;
NTSTATUS status;
bool ok;
/* Ensure null termination */
state->request->data.ccache_save.user[
@ -331,8 +335,11 @@ void winbindd_ccache_save(struct winbindd_cli_state *state)
/* Parse domain and username */
if (!canonicalize_username(state->request->data.ccache_save.user,
name_domain, name_user)) {
ok = canonicalize_username(state->request->data.ccache_save.user,
name_namespace,
name_domain,
name_user);
if (!ok) {
DEBUG(5,("winbindd_ccache_save: cannot parse domain and user "
"from name [%s]\n",
state->request->data.ccache_save.user));

11
source3/winbindd/winbindd_pam_auth.c
View File

@ -36,9 +36,10 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req, *subreq;
struct winbindd_pam_auth_state *state;
struct winbindd_domain *domain;
fstring name_domain, name_user;
fstring name_namespace, name_domain, name_user;
char *mapped = NULL;
NTSTATUS status;
bool ok;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_pam_auth_state);
@ -71,12 +72,16 @@ struct tevent_req *winbindd_pam_auth_send(TALLOC_CTX *mem_ctx,
fstrcpy(request->data.auth.user, mapped);
}
if (!canonicalize_username(request->data.auth.user, name_domain, name_user)) {
ok = canonicalize_username(request->data.auth.user,
name_namespace,
name_domain,
name_user);
if (!ok) {
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return tevent_req_post(req, ev);
}
domain = find_auth_domain(request->flags, name_domain);
domain = find_auth_domain(request->flags, name_namespace);
if (domain == NULL) {
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return tevent_req_post(req, ev);

12
source3/winbindd/winbindd_pam_chauthtok.c
View File

@ -36,9 +36,10 @@ struct tevent_req *winbindd_pam_chauthtok_send(
struct tevent_req *req, *subreq;
struct winbindd_pam_chauthtok_state *state;
struct winbindd_domain *contact_domain;
fstring domain, user;
fstring namespace, domain, user;
char *mapped_user;
NTSTATUS status;
bool ok;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_pam_chauthtok_state);
@ -62,15 +63,18 @@ struct tevent_req *winbindd_pam_chauthtok_send(
fstrcpy(request->data.chauthtok.user, mapped_user);
}
if (!canonicalize_username(request->data.chauthtok.user, domain,
user)) {
ok = canonicalize_username(request->data.chauthtok.user,
namespace,
domain,
user);
if (!ok) {
DEBUG(10, ("winbindd_pam_chauthtok: canonicalize_username %s "
"failed with\n", request->data.chauthtok.user));
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return tevent_req_post(req, ev);
}
contact_domain = find_domain_from_name(domain);
contact_domain = find_domain_from_name(namespace);
if (contact_domain == NULL) {
DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] "
"as %s is not a trusted domain\n",

12
source3/winbindd/winbindd_pam_logoff.c
View File

@ -35,10 +35,11 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req, *subreq;
struct winbindd_pam_logoff_state *state;
struct winbindd_domain *domain;
fstring name_domain, user;
fstring name_namespace, name_domain, user;
uid_t caller_uid;
gid_t caller_gid;
int res;
bool ok;
req = tevent_req_create(mem_ctx, &state,
struct winbindd_pam_logoff_state);
@ -60,12 +61,15 @@ struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
goto failed;
}
if (!canonicalize_username(request->data.logoff.user, name_domain,
user)) {
ok = canonicalize_username(request->data.logoff.user,
name_namespace,
name_domain,
user);
if (!ok) {
goto failed;
}
domain = find_auth_domain(request->flags, name_domain);
domain = find_auth_domain(request->flags, name_namespace);
if (domain == NULL) {
goto failed;
}

5
source3/winbindd/winbindd_proto.h
View File

@ -481,7 +481,10 @@ bool parse_domain_user(const char *domuser,
fstring namespace,
fstring domain,
fstring user);
bool canonicalize_username(fstring username_inout, fstring domain, fstring user);
bool canonicalize_username(fstring username_inout,
fstring namespace,
fstring domain,
fstring user);
void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume);
char *fill_domain_username_talloc(TALLOC_CTX *ctx,
const char *domain,

6
source3/winbindd/winbindd_util.c
View File

@ -1620,9 +1620,11 @@ bool parse_domain_user(const char *domuser,
really should be changed to use this instead of doing things
by hand. JRA. */
bool canonicalize_username(fstring username_inout, fstring domain, fstring user)
bool canonicalize_username(fstring username_inout,
fstring namespace,
fstring domain,
fstring user)
{
fstring namespace;
bool ok;
ok = parse_domain_user(username_inout, namespace, domain, user);