1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Add some debug statments to our vampire code - try to make it easier to track

down failures.

Add a 'auto-add on modify' feature to guestsam

Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.

Make the 'private data' a bit more robust.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 0001-01-01 00:00:00 +00:00
parent c7118cb31d
commit 6c48309cda
7 changed files with 48 additions and 13 deletions

View File

@ -162,11 +162,13 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
NTSTATUS nt_status;
SAM_ACCOUNT *account = NULL;
if (!NT_STATUS_IS_OK(nt_status =
auth_get_sam_account(user_info->internal_username.str,
&account))) {
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
nt_status = NT_STATUS_NOT_IMPLEMENTED;
return nt_status;
}
@ -174,6 +176,7 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex
nt_status = make_server_info_sam(server_info, account);
} else {
pdb_free_sam(&account);
nt_status = NT_STATUS_NOT_IMPLEMENTED;
}
return nt_status;
@ -202,7 +205,7 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
const auth_usersupplied_info *user_info,
auth_serversupplied_info **server_info)
{
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
NTSTATUS nt_status;
SAM_ACCOUNT *account = NULL;
pstring rhostsfile;
const char *home;
@ -210,6 +213,8 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
if (!NT_STATUS_IS_OK(nt_status =
auth_get_sam_account(user_info->internal_username.str,
&account))) {
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
nt_status = NT_STATUS_NOT_IMPLEMENTED;
return nt_status;
}
@ -226,6 +231,7 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
unbecome_root();
} else {
pdb_free_sam(&account);
nt_status = NT_STATUS_NOT_IMPLEMENTED;
}
return nt_status;

View File

@ -138,6 +138,8 @@ typedef struct sam_passwd
uint32 unknown_5; /* 0x0002 0000 */
uint32 unknown_6; /* 0x0000 04ec */
/* a tag for who added the private methods */
const struct pdb_methods *backend_private_methods;
void *backend_private_data;
void (*backend_private_data_free_fn)(void **);
} private;

View File

@ -332,7 +332,7 @@ uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
void *pdb_get_backend_private_data (const SAM_ACCOUNT *sampass, const struct pdb_methods *my_methods)
{
if (sampass && my_methods == sampass->methods)
if (sampass && my_methods == sampass->private.backend_private_methods)
return sampass->private.backend_private_data;
else
return NULL;
@ -1028,7 +1028,7 @@ BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data,
return False;
/* does this backend 'own' this SAM_ACCOUNT? */
if (my_methods != sampass->methods)
if (my_methods != sampass->private.backend_private_methods)
return False;
if (sampass->private.backend_private_data && sampass->private.backend_private_data_free_fn) {
@ -1037,6 +1037,7 @@ BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data,
sampass->private.backend_private_data = private_data;
sampass->private.backend_private_data_free_fn = free_fn;
sampass->private.backend_private_methods = my_methods;
return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
}

View File

@ -98,6 +98,21 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
}
/***************************************************************************
Updates a SAM_ACCOUNT
This isn't a particulary practical option for pdb_guest. We certainly don't
want to twidde the filesystem, so what should we do?
Current plan is to transparently add the account. It should appear
as if the pdb_unix version was modified, but its actually stored somehwere.
****************************************************************************/
static NTSTATUS guestsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
{
return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
}
NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
@ -115,6 +130,7 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c
(*pdb_method)->getsampwnam = guestsam_getsampwnam;
(*pdb_method)->getsampwsid = guestsam_getsampwsid;
(*pdb_method)->update_sam_account = guestsam_update_sam_account;
/* we should do no group mapping here */
(*pdb_method)->getgrsid = pdb_nop_getgrsid;

View File

@ -1528,6 +1528,8 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
{
int rc = -1;
char ** attr_list;
uint32 rid;
switch ( ldap_state->schema_ver )
{
case SCHEMAVER_SAMBASAMACCOUNT:
@ -1540,8 +1542,6 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
break;
case SCHEMAVER_SAMBAACCOUNT:
{
uint32 rid;
if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
return rc;
}
@ -1552,8 +1552,7 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
if ( rc != LDAP_SUCCESS )
return rc;
}
break;
break;
}
return rc;
}
@ -1610,7 +1609,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
} else {
ldap_msgfree(result);
}
return ret;
return NT_STATUS_NO_SUCH_USER;
}
/********************************************************************
@ -1810,8 +1809,9 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
attr_list = get_userattr_list(ldap_state->schema_ver);
rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list );
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS)
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
pdb_set_backend_private_data(newpwd, result, private_data_free_fn, my_methods, PDB_CHANGED);
}
@ -1823,6 +1823,8 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
DEBUG(4, ("user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn));
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_changed)) {
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
@ -1926,7 +1928,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
}
}
/* does the entry already exist but without a samba rttibutes?
/* does the entry already exist but without a samba attributes?
we need to return the samba attributes here */
escape_user = escape_ldap_string_alloc( username );

View File

@ -397,7 +397,7 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id,
int rc = -1;
int ldap_op;
fstring sid_string;
char **values;
char **values = NULL;
int i;
sid_to_string( sid_string, sid );
@ -424,7 +424,9 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id,
snprintf(id_str, sizeof(id_str), "%u", ((id_type & ID_USERID) ? id.uid : id.gid));
values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass");
if (entry)
values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass");
if (values) {
BOOL found_idmap = False;
for (i=0; values[i]; i++) {

View File

@ -414,6 +414,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
struct passwd *passwd;
unid_t id;
int u_type = ID_USERID | ID_QUERY_ONLY;
fstring sid_string;
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
d_printf("Creating account: %s\n", account);
@ -449,8 +450,11 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
sid_copy(&user_sid, get_global_sam_sid());
sid_append_rid(&user_sid, delta->user_rid);
DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), account));
if (!pdb_getsampwsid(sam_account, &user_sid)) {
sam_account_from_delta(sam_account, delta);
DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account)));
if (!pdb_add_sam_account(sam_account)) {
DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
account));
@ -458,6 +462,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
}
} else {
sam_account_from_delta(sam_account, delta);
DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account)));
if (!pdb_update_sam_account(sam_account)) {
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
account));