sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

s3/winbindd: replace use of parse_domain_user_fstr with parse_domain_user

Browse Source 
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Noel Power 2023-10-20 12:36:35 +01:00 committed by Noel Power
parent 89fb5eee53
commit b4bdd341a7
1 changed files with 78 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
source3/winbindd/winbindd_pam.c
View File

@ -737,7 +737,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
const char *cc = NULL;
const char *principal_s = NULL;
char *realm = NULL;
fstring name_namespace, name_domain, name_user;
char *name_namespace = NULL;
char *name_domain = NULL;
char *name_user = NULL;
time_t ticket_lifetime = 0;
time_t renewal_until = 0;
time_t time_offset = 0;
@ -790,10 +792,11 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
/* 3rd step:
* do kerberos auth and setup ccache as the user */
ok = parse_domain_user_fstr(user,
name_namespace,
name_domain,
name_user);
ok = parse_domain_user(mem_ctx,
user,
&name_namespace,
&name_domain,
&name_user);
if (!ok) {
return NT_STATUS_INVALID_PARAMETER;
}
@ -1113,7 +1116,9 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
TALLOC_CTX *tmp_ctx = NULL;
NTSTATUS result = NT_STATUS_LOGON_FAILURE;
uint16_t max_allowed_bad_attempts;
fstring name_namespace, name_domain, name_user;
char *name_namespace = NULL;
char *name_domain = NULL;
char *name_user = NULL;
struct dom_sid sid;
enum lsa_SidType type;
uchar new_nt_pass[NT_HASH_LEN];
@ -1145,10 +1150,11 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
/* Parse domain and username */
ok = parse_domain_user_fstr(user,
name_namespace,
name_domain,
name_user);
ok = parse_domain_user(tmp_ctx,
user,
&name_namespace,
&name_domain,
&name_user);
if (!ok) {
DBG_DEBUG("parse_domain_user failed\n");
result = NT_STATUS_NO_SUCH_USER;
@ -1450,7 +1456,9 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
{
struct netr_SamInfo6 *info6 = NULL;
struct winbindd_domain *contact_domain;
fstring name_namespace, name_domain, name_user;
char *name_namespace = NULL;
char *name_domain = NULL;
char *name_user = NULL;
NTSTATUS result;
bool ok;
@ -1458,10 +1466,11 @@ static NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
/* Parse domain and username */
ok = parse_domain_user_fstr(user,
name_namespace,
name_domain,
name_user);
ok = parse_domain_user(mem_ctx,
user,
&name_namespace,
&name_domain,
&name_user);
if (!ok) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
@ -2034,7 +2043,9 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
uint16_t *_validation_level,
union netr_Validation **_validation)
{
fstring name_namespace, name_domain, name_user;
char *name_namespace = NULL;
char *name_domain = NULL;
char *name_user = NULL;
NTSTATUS result;
uint8_t authoritative = 1;
uint32_t flags = 0;
@ -2046,10 +2057,11 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
/* Parse domain and username */
ok = parse_domain_user_fstr(user,
name_namespace,
name_domain,
name_user);
ok = parse_domain_user(mem_ctx,
user,
&name_namespace,
&name_domain,
&name_user);
if (!ok) {
return NT_STATUS_INVALID_PARAMETER;
}
@ -2228,7 +2240,9 @@ NTSTATUS _wbint_PamAuth(struct pipes_struct *p,
struct winbindd_domain *domain = wb_child_domain();
NTSTATUS result = NT_STATUS_LOGON_FAILURE;
NTSTATUS krb5_result = NT_STATUS_OK;
fstring name_namespace, name_domain, name_user;
char *name_namespace = NULL;
char *name_domain = NULL;
char *name_user = NULL;
char *mapped_user = NULL;
const char *domain_user = NULL;
uint16_t validation_level = UINT16_MAX;
@ -2286,10 +2300,11 @@ NTSTATUS _wbint_PamAuth(struct pipes_struct *p,
mapped_user = discard_const(r->in.info->username);
}
ok = parse_domain_user_fstr(mapped_user,
name_namespace,
name_domain,
name_user);
ok = parse_domain_user(p->mem_ctx,
mapped_user,
&name_namespace,
&name_domain,
&name_user);
if (!ok) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
@ -2944,7 +2959,9 @@ NTSTATUS _wbint_PamAuthChangePassword(struct pipes_struct *p,
struct userPwdChangeFailureInformation *reject = NULL;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
fstring namespace, domain, user;
char *namespace = NULL;
char *domain = NULL;
char *user = NULL;
struct dcerpc_binding_handle *b = NULL;
bool ok;
pid_t client_pid;
@ -2965,10 +2982,11 @@ NTSTATUS _wbint_PamAuthChangePassword(struct pipes_struct *p,
DBG_NOTICE("[%"PRIu32"]: dual pam chauthtok %s\n",
client_pid, r->in.user);
ok = parse_domain_user_fstr(r->in.user,
namespace,
domain,
user);
ok = parse_domain_user(p->mem_ctx,
r->in.user,
&namespace,
&domain,
&user);
if (!ok) {
goto done;
}
@ -3230,11 +3248,14 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
struct wbint_PamAuthCrapChangePassword *r)
{
NTSTATUS result;
fstring namespace, domain, user;
char *namespace = NULL;
char *domain = NULL;
char *user = NULL;
struct policy_handle dom_pol;
struct winbindd_domain *contact_domain = wb_child_domain();
struct rpc_pipe_client *cli = NULL;
struct dcerpc_binding_handle *b = NULL;
TALLOC_CTX *frame = talloc_stackframe();
pid_t client_pid;
ZERO_STRUCT(dom_pol);
@ -3250,10 +3271,6 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
return NT_STATUS_INVALID_PARAMETER;
}
domain[0] = '\0';
namespace[0] = '\0';
user[0] = '\0';
DBG_NOTICE("[%"PRIu32"]: pam change pswd auth crap domain: %s "
"user: %s\n", client_pid, r->in.domain, r->in.user);
@ -3265,14 +3282,22 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
}
if (r->in.domain != NULL && strlen(r->in.domain) > 0) {
fstrcpy(domain, r->in.domain);
user = talloc_strdup(frame, "");
namespace = talloc_strdup(frame, "");
domain = talloc_strdup(frame, r->in.domain);
if (domain == NULL || user == NULL || namespace == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
} else {
bool ok;
ok = parse_domain_user_fstr(r->in.user,
namespace,
domain,
user);
ok = parse_domain_user(frame,
r->in.user,
&namespace,
&domain,
&user);
if (!ok) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
@ -3287,7 +3312,12 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
}
if (!*domain && lp_winbind_use_default_domain()) {
fstrcpy(domain,lp_workgroup());
TALLOC_FREE(domain);
domain = talloc_strdup(frame, lp_workgroup());
if (domain == NULL) {
result = NT_STATUS_NO_MEMORY;
goto done;
}
}
if (!is_allowed_domain(domain)) {
@ -3300,7 +3330,12 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
}
if(!*user) {
fstrcpy(user, r->in.user);
TALLOC_FREE(user);
user = talloc_strdup(frame, r->in.user);
if (user == NULL) {
result = NT_STATUS_NO_SUCH_USER;
goto done;
}
}
/* Get sam handle */
@ -3346,7 +3381,7 @@ NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
domain, user,
nt_errstr(result),
nt_status_to_pam(result)));
TALLOC_FREE(frame);
return result;
}