The branch, master has been updated
via f3501cf s3-smbd: use make_server_info_krb5() in smb2 too.
via a413a86 s3-smbd: use make_server_info_krb5()
via 08a8e25 s3-auth: add helper to get server_info out of kerberos info
from ce60d6d s3-smbd: User helper function to resolve kerberos user for
smb2
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f3501cf8488c77a896b56fb33bfbb68ee13cb1e9
Author: Simo Sorce <i...@samba.org>
Date: Thu Aug 26 18:49:49 2010 -0400
s3-smbd: use make_server_info_krb5() in smb2 too.
Signed-off-by: Günther Deschner <g...@samba.org>
commit a413a86daa25a277ddb068ed5606a604d62d70ef
Author: Simo Sorce <i...@samba.org>
Date: Thu Aug 26 18:49:28 2010 -0400
s3-smbd: use make_server_info_krb5()
Signed-off-by: Günther Deschner <g...@samba.org>
commit 08a8e25d6bfc559b56250efcce8e73845de23194
Author: Simo Sorce <i...@samba.org>
Date: Thu Aug 26 18:48:46 2010 -0400
s3-auth: add helper to get server_info out of kerberos info
Signed-off-by: Günther Deschner <g...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/auth/user_krb5.c | 100 +++++++++++++++++++++++++++++++++++++++++
source3/include/proto.h | 8 +++
source3/smbd/sesssetup.c | 90 +++++--------------------------------
source3/smbd/smb2_sesssetup.c | 83 +++------------------------------
4 files changed, 127 insertions(+), 154 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
index 2cdcdcc..580e71a 100644
--- a/source3/auth/user_krb5.c
+++ b/source3/auth/user_krb5.c
@@ -155,6 +155,93 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ char *ntuser,
+ char *ntdomain,
+ char *username,
+ struct passwd *pw,
+ struct PAC_LOGON_INFO *logon_info,
+ bool mapped_to_guest,
+ struct auth_serversupplied_info **server_info)
+{
+ NTSTATUS status;
+
+ if (mapped_to_guest) {
+ status = make_server_info_guest(mem_ctx, server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("make_server_info_guest failed: %s!\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ } else if (logon_info) {
+ /* pass the unmapped username here since map_username()
+ will be called again in make_server_info_info3() */
+
+ status = make_server_info_info3(mem_ctx,
+ ntuser, ntdomain,
+ server_info,
+ &logon_info->info3);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("make_server_info_info3 failed: %s!\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ } else {
+ /*
+ * We didn't get a PAC, we have to make up the user
+ * ourselves. Try to ask the pdb backend to provide
+ * SID consistency with ntlmssp session setup
+ */
+ struct samu *sampass;
+ /* The stupid make_server_info_XX functions here
+ don't take a talloc context. */
+ struct auth_serversupplied_info *tmp = NULL;
+
+ sampass = samu_new(talloc_tos());
+ if (sampass == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (pdb_getsampwnam(sampass, username)) {
+ DEBUG(10, ("found user %s in passdb, calling "
+ "make_server_info_sam\n", username));
+ status = make_server_info_sam(&tmp, sampass);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+ */
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", username));
+ status = make_server_info_pw(&tmp, username, pw);
+ }
+ TALLOC_FREE(sampass);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("make_server_info_[sam|pw] failed: %s!\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ /* Steal tmp server info into the server_info pointer. */
+ *server_info = talloc_move(mem_ctx, &tmp);
+
+ /* make_server_info_pw does not set the domain. Without this
+ * we end up with the local netbios name in substitutions for
+ * %D. */
+
+ if ((*server_info)->info3 != NULL) {
+ (*server_info)->info3->base.domain.string =
+ talloc_strdup((*server_info)->info3, ntdomain);
+ }
+
+ }
+
+ return NT_STATUS_OK;
+}
+
#else /* HAVE_KRB5 */
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
const char *cli_name,
@@ -169,4 +256,17 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
{
return NT_STATUS_NOT_IMPLEMENTED;
}
+
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ char *ntuser,
+ char *ntdomain,
+ char *username,
+ struct passwd *pw,
+ struct PAC_LOGON_INFO *logon_info,
+ bool mapped_to_guest,
+ struct auth_serversupplied_info **server_info)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
#endif /* HAVE_KRB5 */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index db31127..7af0d08 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -4867,6 +4867,14 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
char **ntdomain,
char **username,
struct passwd **_pw);
+NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ char *ntuser,
+ char *ntdomain,
+ char *username,
+ struct passwd *pw,
+ struct PAC_LOGON_INFO *logon_info,
+ bool mapped_to_guest,
+ struct auth_serversupplied_info **server_info);
/* The following definitions come from smbd/message.c */
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index c9b5b8c..58b446d 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -368,85 +368,17 @@ static void reply_spnego_kerberos(struct smb_request *req,
/* reload services so that the new %U is taken into account */
reload_services(sconn->msg_ctx, sconn->sock, True);
- if (map_domainuser_to_guest) {
- ret = make_server_info_guest(NULL, &server_info);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(1, ("make_server_info_guest failed: %s!\n",
- nt_errstr(ret)));
- data_blob_free(&ap_rep);
- data_blob_free(&session_key);
- TALLOC_FREE(mem_ctx);
- reply_nterror(req, nt_status_squash(ret));
- return;
- }
- } else if (logon_info) {
- /* pass the unmapped username here since map_username()
- will be called again from inside make_server_info_info3() */
-
- ret = make_server_info_info3(mem_ctx, user, domain,
- &server_info, &logon_info->info3);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(1,("make_server_info_info3 failed: %s!\n",
- nt_errstr(ret)));
- data_blob_free(&ap_rep);
- data_blob_free(&session_key);
- TALLOC_FREE(mem_ctx);
- reply_nterror(req, nt_status_squash(ret));
- return;
- }
-
- } else {
- /*
- * We didn't get a PAC, we have to make up the user
- * ourselves. Try to ask the pdb backend to provide
- * SID consistency with ntlmssp session setup
- */
- struct samu *sampass;
-
- sampass = samu_new(talloc_tos());
- if (sampass == NULL) {
- ret = NT_STATUS_NO_MEMORY;
- data_blob_free(&ap_rep);
- data_blob_free(&session_key);
- TALLOC_FREE(mem_ctx);
- reply_nterror(req, nt_status_squash(ret));
- return;
- }
-
- if (pdb_getsampwnam(sampass, real_username)) {
- DEBUG(10, ("found user %s in passdb, calling "
- "make_server_info_sam\n", real_username));
- ret = make_server_info_sam(&server_info, sampass);
- TALLOC_FREE(sampass);
- } else {
- /*
- * User not in passdb, make it up artificially
- */
- TALLOC_FREE(sampass);
- DEBUG(10, ("didn't find user %s in passdb, calling "
- "make_server_info_pw\n", real_username));
- ret = make_server_info_pw(&server_info, real_username,
- pw);
- }
-
- if ( !NT_STATUS_IS_OK(ret) ) {
- DEBUG(1,("make_server_info_[sam|pw] failed: %s!\n",
- nt_errstr(ret)));
- data_blob_free(&ap_rep);
- data_blob_free(&session_key);
- TALLOC_FREE(mem_ctx);
- reply_nterror(req, nt_status_squash(ret));
- return;
- }
-
- /* make_server_info_pw does not set the domain. Without this
- * we end up with the local netbios name in substitutions for
- * %D. */
-
- if (server_info->info3 != NULL) {
- server_info->info3->base.domain.string =
- talloc_strdup(server_info->info3, domain);
- }
+ ret = make_server_info_krb5(mem_ctx,
+ user, domain, real_username, pw,
+ logon_info, map_domainuser_to_guest,
+ &server_info);
+ if (!NT_STATUS_IS_OK(ret)) {
+ DEBUG(1, ("make_server_info_krb5 failed!\n"));
+ data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
+ TALLOC_FREE(mem_ctx);
+ reply_nterror(req, nt_status_squash(ret));
+ return;
}
server_info->nss_token |= username_was_mapped;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 89f9ffe..e025f98 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -233,83 +233,16 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct
smbd_smb2_session *session,
/* reload services so that the new %U is taken into account */
reload_services(smb2req->sconn->msg_ctx, smb2req->sconn->sock, true);
- if (map_domainuser_to_guest) {
- status = make_server_info_guest(session,
- &session->server_info);
- if (!NT_STATUS_IS_OK(status) ) {
- DEBUG(1,("smb2: make_server_info_guest failed: %s!\n",
- nt_errstr(status)));
- goto fail;
- }
-
- } else if (logon_info) {
- /* pass the unmapped username here since map_username()
- will be called again in make_server_info_info3() */
-
- status = make_server_info_info3(session,
- user, domain,
- &session->server_info,
- &logon_info->info3);
- if (!NT_STATUS_IS_OK(status) ) {
- DEBUG(1,("smb2: make_server_info_info3 failed: %s!\n",
- nt_errstr(status)));
- goto fail;
- }
-
- } else {
- /*
- * We didn't get a PAC, we have to make up the user
- * ourselves. Try to ask the pdb backend to provide
- * SID consistency with ntlmssp session setup
- */
- struct samu *sampass;
- /* The stupid make_server_info_XX functions here
- don't take a talloc context. */
- struct auth_serversupplied_info *tmp_server_info = NULL;
-
- sampass = samu_new(talloc_tos());
- if (sampass == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto fail;
- }
-
- if (pdb_getsampwnam(sampass, real_username)) {
- DEBUG(10, ("smb2: found user %s in passdb, calling "
- "make_server_info_sam\n", real_username));
- status = make_server_info_sam(&tmp_server_info,
sampass);
- TALLOC_FREE(sampass);
- } else {
- /*
- * User not in passdb, make it up artificially
- */
- TALLOC_FREE(sampass);
- DEBUG(10, ("smb2: didn't find user %s in passdb,
calling "
- "make_server_info_pw\n", real_username));
- status = make_server_info_pw(&tmp_server_info,
- real_username, pw);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1,("smb2: make_server_info_[sam|pw] failed:
%s!\n",
- nt_errstr(status)));
- goto fail;
- }
-
- /* Steal tmp_server_info into the session->server_info
- pointer. */
- session->server_info = talloc_move(session, &tmp_server_info);
-
- /* make_server_info_pw does not set the domain. Without this
- * we end up with the local netbios name in substitutions for
- * %D. */
-
- if (session->server_info->info3 != NULL) {
- session->server_info->info3->base.domain.string =
- talloc_strdup(session->server_info->info3,
domain);
- }
-
+ status = make_server_info_krb5(session,
+ user, domain, real_username, pw,
+ logon_info, map_domainuser_to_guest,
+ &session->server_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("smb2: make_server_info_krb5 failed\n"));
+ goto fail;
}
+
session->server_info->nss_token |= username_was_mapped;
/* we need to build the token for the user. make_server_info_guest()
--
Samba Shared Repository
