mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Add some debug statments to our vampire code - try to make it easier to track
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett
This commit is contained in:
parent
c7118cb31d
commit
6c48309cda
@ -162,11 +162,13 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex
|
||||
const auth_usersupplied_info *user_info,
|
||||
auth_serversupplied_info **server_info)
|
||||
{
|
||||
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
|
||||
NTSTATUS nt_status;
|
||||
SAM_ACCOUNT *account = NULL;
|
||||
if (!NT_STATUS_IS_OK(nt_status =
|
||||
auth_get_sam_account(user_info->internal_username.str,
|
||||
&account))) {
|
||||
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
|
||||
nt_status = NT_STATUS_NOT_IMPLEMENTED;
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -174,6 +176,7 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex
|
||||
nt_status = make_server_info_sam(server_info, account);
|
||||
} else {
|
||||
pdb_free_sam(&account);
|
||||
nt_status = NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
return nt_status;
|
||||
@ -202,7 +205,7 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
|
||||
const auth_usersupplied_info *user_info,
|
||||
auth_serversupplied_info **server_info)
|
||||
{
|
||||
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
|
||||
NTSTATUS nt_status;
|
||||
SAM_ACCOUNT *account = NULL;
|
||||
pstring rhostsfile;
|
||||
const char *home;
|
||||
@ -210,6 +213,8 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
|
||||
if (!NT_STATUS_IS_OK(nt_status =
|
||||
auth_get_sam_account(user_info->internal_username.str,
|
||||
&account))) {
|
||||
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
|
||||
nt_status = NT_STATUS_NOT_IMPLEMENTED;
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
@ -226,6 +231,7 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
|
||||
unbecome_root();
|
||||
} else {
|
||||
pdb_free_sam(&account);
|
||||
nt_status = NT_STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
return nt_status;
|
||||
|
@ -138,6 +138,8 @@ typedef struct sam_passwd
|
||||
|
||||
uint32 unknown_5; /* 0x0002 0000 */
|
||||
uint32 unknown_6; /* 0x0000 04ec */
|
||||
/* a tag for who added the private methods */
|
||||
const struct pdb_methods *backend_private_methods;
|
||||
void *backend_private_data;
|
||||
void (*backend_private_data_free_fn)(void **);
|
||||
} private;
|
||||
|
@ -332,7 +332,7 @@ uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
|
||||
|
||||
void *pdb_get_backend_private_data (const SAM_ACCOUNT *sampass, const struct pdb_methods *my_methods)
|
||||
{
|
||||
if (sampass && my_methods == sampass->methods)
|
||||
if (sampass && my_methods == sampass->private.backend_private_methods)
|
||||
return sampass->private.backend_private_data;
|
||||
else
|
||||
return NULL;
|
||||
@ -1028,7 +1028,7 @@ BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data,
|
||||
return False;
|
||||
|
||||
/* does this backend 'own' this SAM_ACCOUNT? */
|
||||
if (my_methods != sampass->methods)
|
||||
if (my_methods != sampass->private.backend_private_methods)
|
||||
return False;
|
||||
|
||||
if (sampass->private.backend_private_data && sampass->private.backend_private_data_free_fn) {
|
||||
@ -1037,6 +1037,7 @@ BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data,
|
||||
|
||||
sampass->private.backend_private_data = private_data;
|
||||
sampass->private.backend_private_data_free_fn = free_fn;
|
||||
sampass->private.backend_private_methods = my_methods;
|
||||
|
||||
return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag);
|
||||
}
|
||||
|
@ -98,6 +98,21 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
|
||||
}
|
||||
|
||||
|
||||
/***************************************************************************
|
||||
Updates a SAM_ACCOUNT
|
||||
|
||||
This isn't a particulary practical option for pdb_guest. We certainly don't
|
||||
want to twidde the filesystem, so what should we do?
|
||||
|
||||
Current plan is to transparently add the account. It should appear
|
||||
as if the pdb_unix version was modified, but its actually stored somehwere.
|
||||
****************************************************************************/
|
||||
|
||||
static NTSTATUS guestsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
|
||||
{
|
||||
return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
|
||||
}
|
||||
|
||||
NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
|
||||
{
|
||||
NTSTATUS nt_status;
|
||||
@ -115,6 +130,7 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c
|
||||
|
||||
(*pdb_method)->getsampwnam = guestsam_getsampwnam;
|
||||
(*pdb_method)->getsampwsid = guestsam_getsampwsid;
|
||||
(*pdb_method)->update_sam_account = guestsam_update_sam_account;
|
||||
|
||||
/* we should do no group mapping here */
|
||||
(*pdb_method)->getgrsid = pdb_nop_getgrsid;
|
||||
|
@ -1528,6 +1528,8 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
|
||||
{
|
||||
int rc = -1;
|
||||
char ** attr_list;
|
||||
uint32 rid;
|
||||
|
||||
switch ( ldap_state->schema_ver )
|
||||
{
|
||||
case SCHEMAVER_SAMBASAMACCOUNT:
|
||||
@ -1540,8 +1542,6 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
|
||||
break;
|
||||
|
||||
case SCHEMAVER_SAMBAACCOUNT:
|
||||
{
|
||||
uint32 rid;
|
||||
if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) {
|
||||
return rc;
|
||||
}
|
||||
@ -1552,8 +1552,7 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state,
|
||||
|
||||
if ( rc != LDAP_SUCCESS )
|
||||
return rc;
|
||||
}
|
||||
break;
|
||||
break;
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
@ -1610,7 +1609,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
|
||||
} else {
|
||||
ldap_msgfree(result);
|
||||
}
|
||||
return ret;
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
@ -1810,8 +1809,9 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
|
||||
attr_list = get_userattr_list(ldap_state->schema_ver);
|
||||
rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list );
|
||||
free_attr_list( attr_list );
|
||||
if (rc != LDAP_SUCCESS)
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
pdb_set_backend_private_data(newpwd, result, private_data_free_fn, my_methods, PDB_CHANGED);
|
||||
}
|
||||
|
||||
@ -1823,6 +1823,8 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
|
||||
entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
|
||||
dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
|
||||
|
||||
DEBUG(4, ("user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn));
|
||||
|
||||
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
|
||||
element_is_changed)) {
|
||||
DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
|
||||
@ -1926,7 +1928,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
|
||||
}
|
||||
}
|
||||
|
||||
/* does the entry already exist but without a samba rttibutes?
|
||||
/* does the entry already exist but without a samba attributes?
|
||||
we need to return the samba attributes here */
|
||||
|
||||
escape_user = escape_ldap_string_alloc( username );
|
||||
|
@ -397,7 +397,7 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id,
|
||||
int rc = -1;
|
||||
int ldap_op;
|
||||
fstring sid_string;
|
||||
char **values;
|
||||
char **values = NULL;
|
||||
int i;
|
||||
|
||||
sid_to_string( sid_string, sid );
|
||||
@ -424,7 +424,9 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id,
|
||||
|
||||
snprintf(id_str, sizeof(id_str), "%u", ((id_type & ID_USERID) ? id.uid : id.gid));
|
||||
|
||||
values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass");
|
||||
if (entry)
|
||||
values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass");
|
||||
|
||||
if (values) {
|
||||
BOOL found_idmap = False;
|
||||
for (i=0; values[i]; i++) {
|
||||
|
@ -414,6 +414,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
struct passwd *passwd;
|
||||
unid_t id;
|
||||
int u_type = ID_USERID | ID_QUERY_ONLY;
|
||||
fstring sid_string;
|
||||
|
||||
fstrcpy(account, unistr2_static(&delta->uni_acct_name));
|
||||
d_printf("Creating account: %s\n", account);
|
||||
@ -449,8 +450,11 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
sid_copy(&user_sid, get_global_sam_sid());
|
||||
sid_append_rid(&user_sid, delta->user_rid);
|
||||
|
||||
DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), account));
|
||||
if (!pdb_getsampwsid(sam_account, &user_sid)) {
|
||||
sam_account_from_delta(sam_account, delta);
|
||||
DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
|
||||
sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account)));
|
||||
if (!pdb_add_sam_account(sam_account)) {
|
||||
DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
|
||||
account));
|
||||
@ -458,6 +462,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
|
||||
}
|
||||
} else {
|
||||
sam_account_from_delta(sam_account, delta);
|
||||
DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
|
||||
sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account)));
|
||||
if (!pdb_update_sam_account(sam_account)) {
|
||||
DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
|
||||
account));
|
||||
|
Loading…
Reference in New Issue
Block a user