The branch, master has been updated via 79e2725 s3-auth: Pass mem_ctx to do_map_to_guest_server_info(). via 4d792db s3-auth: Pass mem_ctx to auth_check_ntlm_password(). via 3dc7226 s3-auth: Pass mem_ctx to make_server_info_sam(). from 0d9bb86 build: find FILE_OFFSET_BITS via array
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 79e2725f339e7c5336b4053348c4266268de6ca3 Author: Andreas Schneider <a...@samba.org> Date: Tue Feb 18 13:52:49 2014 +0100 s3-auth: Pass mem_ctx to do_map_to_guest_server_info(). Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104 commit 4d792db03f18aa164b565c7fdc7b446c174fba28 Author: Andreas Schneider <a...@samba.org> Date: Tue Feb 18 10:19:57 2014 +0100 s3-auth: Pass mem_ctx to auth_check_ntlm_password(). Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <a...@samba.org> Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3dc72266005e87a291f5bf9847257e8c54314d39 Author: Andreas Schneider <a...@samba.org> Date: Tue Feb 18 10:02:57 2014 +0100 s3-auth: Pass mem_ctx to make_server_info_sam(). Coverity-Id: 1168009 BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Andreas Schneider <a...@samba.org> Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/auth/auth.c | 50 +++++++++++++++--------- source3/auth/auth_ntlmssp.c | 13 ++++-- source3/auth/auth_util.c | 12 +++-- source3/auth/check_samsec.c | 2 +- source3/auth/proto.h | 21 ++++++---- source3/auth/server_info_sam.c | 56 +++++++++++++++++--------- source3/auth/user_krb5.c | 12 +++-- source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++- source3/torture/pdbtest.c | 5 ++- 9 files changed, 111 insertions(+), 66 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 0fc8b63..7718142 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -160,18 +160,19 @@ static bool check_domain_match(const char *user, const char *domain) * **/ -NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, - const struct auth_usersupplied_info *user_info, - struct auth_serversupplied_info **server_info) +NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, + const struct auth_context *auth_context, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **pserver_info) { /* if all the modules say 'not for me' this is reasonable */ NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; const char *unix_username; auth_methods *auth_method; - TALLOC_CTX *mem_ctx; - if (!user_info || !auth_context || !server_info) + if (user_info == NULL || auth_context == NULL || pserver_info == NULL) { return NT_STATUS_LOGON_FAILURE; + } DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name)); @@ -205,17 +206,27 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, return NT_STATUS_LOGON_FAILURE; for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) { + struct auth_serversupplied_info *server_info; + TALLOC_CTX *tmp_ctx; NTSTATUS result; - mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name, - user_info->mapped.domain_name, user_info->client.account_name); + tmp_ctx = talloc_named(mem_ctx, + 0, + "%s authentication for user %s\\%s", + auth_method->name, + user_info->mapped.domain_name, + user_info->client.account_name); - result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info); + result = auth_method->auth(auth_context, + auth_method->private_data, + tmp_ctx, + user_info, + &server_info); /* check if the module did anything */ if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) { DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name)); - talloc_destroy(mem_ctx); + TALLOC_FREE(tmp_ctx); continue; } @@ -229,19 +240,20 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, auth_method->name, user_info->client.account_name, nt_errstr(nt_status))); } - talloc_destroy(mem_ctx); - - if ( NT_STATUS_IS_OK(nt_status)) - { - break; + if (NT_STATUS_IS_OK(nt_status)) { + *pserver_info = talloc_steal(mem_ctx, server_info); + TALLOC_FREE(tmp_ctx); + break; } + + TALLOC_FREE(tmp_ctx); } /* successful authentication */ if (NT_STATUS_IS_OK(nt_status)) { - unix_username = (*server_info)->unix_name; - if (!(*server_info)->guest) { + unix_username = (*pserver_info)->unix_name; + if (!(*pserver_info)->guest) { const char *rhost; if (tsocket_address_is_inet(user_info->remote_host, "ip")) { @@ -270,9 +282,9 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, } if (NT_STATUS_IS_OK(nt_status)) { - DEBUG((*server_info)->guest ? 5 : 2, + DEBUG((*pserver_info)->guest ? 5 : 2, ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n", - (*server_info)->guest ? "guest " : "", + (*pserver_info)->guest ? "guest " : "", user_info->client.account_name, user_info->mapped.account_name, unix_username)); @@ -286,7 +298,7 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", user_info->client.account_name, user_info->mapped.account_name, nt_errstr(nt_status))); - ZERO_STRUCTP(server_info); + ZERO_STRUCTP(pserver_info); return nt_status; } diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index f99bd44..d4fe901 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -134,8 +134,10 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context, mapped_user_info->flags = user_info->flags; - nt_status = auth_check_ntlm_password(auth_context, - mapped_user_info, &server_info); + nt_status = auth_check_ntlm_password(mem_ctx, + auth_context, + mapped_user_info, + &server_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n", @@ -149,10 +151,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context, free_user_info(&mapped_user_info); if (!NT_STATUS_IS_OK(nt_status)) { - nt_status = do_map_to_guest_server_info(nt_status, - &server_info, + nt_status = do_map_to_guest_server_info(mem_ctx, + nt_status, user_info->client.account_name, - user_info->client.domain_name); + user_info->client.domain_name, + &server_info); *server_returned_info = talloc_steal(mem_ctx, server_info); return nt_status; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 2b6b13f..fb9e8c8 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1536,9 +1536,11 @@ bool is_trusted_domain(const char* dom_name) on a logon error possibly map the error to success if "map to guest" is set approriately */ -NTSTATUS do_map_to_guest_server_info(NTSTATUS status, - struct auth_serversupplied_info **server_info, - const char *user, const char *domain) +NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx, + NTSTATUS status, + const char *user, + const char *domain, + struct auth_serversupplied_info **server_info) { user = user ? user : ""; domain = domain ? domain : ""; @@ -1548,13 +1550,13 @@ NTSTATUS do_map_to_guest_server_info(NTSTATUS status, (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { DEBUG(3,("No such user %s [%s] - using guest account\n", user, domain)); - return make_server_info_guest(NULL, server_info); + return make_server_info_guest(mem_ctx, server_info); } } else if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) { if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) { DEBUG(3,("Registered username %s for guest access\n", user)); - return make_server_info_guest(NULL, server_info); + return make_server_info_guest(mem_ctx, server_info); } } diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 7ed8cc2..b6cac60 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, } become_root(); - nt_status = make_server_info_sam(server_info, sampass); + nt_status = make_server_info_sam(mem_ctx, sampass, server_info); unbecome_root(); TALLOC_FREE(sampass); diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 7abca07..7b8959f 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -65,6 +65,8 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context, * struct. When the return is other than NT_STATUS_OK the contents * of that structure is undefined. * + * @param mem_ctx The memory context to use to allocate server_info + * * @param user_info Contains the user supplied components, including the passwords. * Must be created with make_user_info() or one of its wrappers. * @@ -79,9 +81,9 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context, * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. * **/ - -NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context, - const struct auth_usersupplied_info *user_info, +NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, + const struct auth_context *auth_context, + const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info); /* The following definitions come from auth/auth_builtin.c */ @@ -190,8 +192,9 @@ bool make_user_info_guest(const struct tsocket_address *remote_address, struct auth_usersupplied_info **user_info); struct samu; -NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, - struct samu *sampass); +NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, + struct samu *sampass, + struct auth_serversupplied_info **pserver_info); NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, const struct auth_serversupplied_info *server_info, DATA_BLOB *session_key, @@ -261,9 +264,11 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info, enum auth_password_state password_state); void free_user_info(struct auth_usersupplied_info **user_info); -NTSTATUS do_map_to_guest_server_info(NTSTATUS status, - struct auth_serversupplied_info **server_info, - const char *user, const char *domain); +NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx, + NTSTATUS status, + const char *user, + const char *domain, + struct auth_serversupplied_info **server_info); /* The following definitions come from auth/auth_winbind.c */ diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c index 5d657f9..47087b1 100644 --- a/source3/auth/server_info_sam.c +++ b/source3/auth/server_info_sam.c @@ -58,39 +58,51 @@ static bool is_our_machine_account(const char *username) Make (and fill) a user_info struct from a struct samu ***************************************************************************/ -NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, - struct samu *sampass) +NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, + struct samu *sampass, + struct auth_serversupplied_info **pserver_info) { struct passwd *pwd; - struct auth_serversupplied_info *result; + struct auth_serversupplied_info *server_info; const char *username = pdb_get_username(sampass); + TALLOC_CTX *tmp_ctx; NTSTATUS status; - if ( !(result = make_server_info(NULL)) ) { + tmp_ctx = talloc_stackframe(); + if (tmp_ctx == NULL) { return NT_STATUS_NO_MEMORY; } - if ( !(pwd = Get_Pwnam_alloc(result, username)) ) { + server_info = make_server_info(tmp_ctx); + if (server_info == NULL) { + return NT_STATUS_NO_MEMORY; + } + + pwd = Get_Pwnam_alloc(tmp_ctx, username); + if (pwd == NULL) { DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", pdb_get_username(sampass))); - TALLOC_FREE(result); - return NT_STATUS_NO_SUCH_USER; + status = NT_STATUS_NO_SUCH_USER; + goto out; } - status = samu_to_SamInfo3(result, sampass, lp_netbios_name(), - &result->info3, &result->extra); + status = samu_to_SamInfo3(server_info, + sampass, + lp_netbios_name(), + &server_info->info3, + &server_info->extra); if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(result); - return status; + goto out; } - result->unix_name = pwd->pw_name; - /* Ensure that we keep pwd->pw_name, because we will free pwd below */ - talloc_steal(result, pwd->pw_name); - result->utok.gid = pwd->pw_gid; - result->utok.uid = pwd->pw_uid; + server_info->unix_name = talloc_strdup(server_info, pwd->pw_name); + if (server_info->unix_name == NULL) { + status = NT_STATUS_NO_MEMORY; + goto out; + } - TALLOC_FREE(pwd); + server_info->utok.gid = pwd->pw_gid; + server_info->utok.uid = pwd->pw_uid; if (IS_DC && is_our_machine_account(username)) { /* @@ -110,9 +122,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, } DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", - pdb_get_username(sampass), result->unix_name)); + pdb_get_username(sampass), server_info->unix_name)); + + *pserver_info = talloc_steal(mem_ctx, server_info); - *server_info = result; + status = NT_STATUS_OK; +out: + talloc_free(tmp_ctx); - return NT_STATUS_OK; + return status; } diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c index 2650e27..6b8fad2 100644 --- a/source3/auth/user_krb5.c +++ b/source3/auth/user_krb5.c @@ -223,9 +223,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, * SID consistency with ntlmssp session setup */ struct samu *sampass; - /* The stupid make_server_info_XX functions here - don't take a talloc context. */ - struct auth_serversupplied_info *tmp = NULL; sampass = samu_new(talloc_tos()); if (sampass == NULL) { @@ -235,14 +232,19 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx, if (pdb_getsampwnam(sampass, username)) { DEBUG(10, ("found user %s in passdb, calling " "make_server_info_sam\n", username)); - status = make_server_info_sam(&tmp, sampass); + status = make_server_info_sam(mem_ctx, + sampass, + &server_info); } else { /* * User not in passdb, make it up artificially */ DEBUG(10, ("didn't find user %s in passdb, calling " "make_server_info_pw\n", username)); - status = make_server_info_pw(mem_ctx, username, pw, &tmp); + status = make_server_info_pw(mem_ctx, + username, + pw, + &server_info); } TALLOC_FREE(sampass); diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index e3e7a3e..f600f74 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1646,8 +1646,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, } /* end switch */ if ( NT_STATUS_IS_OK(status) ) { - status = auth_check_ntlm_password(auth_context, - user_info, &server_info); + status = auth_check_ntlm_password(p->mem_ctx, + auth_context, + user_info, + &server_info); } TALLOC_FREE(auth_context); diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c index df2c326..990917f 100644 --- a/source3/torture/pdbtest.c +++ b/source3/torture/pdbtest.c @@ -304,7 +304,10 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry) return False; } - status = auth_check_ntlm_password(auth_context, user_info, &server_info); + status = auth_check_ntlm_password(mem_ctx, + auth_context, + user_info, + &server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Failed to test authentication with auth module: %s\n", nt_errstr(status))); -- Samba Shared Repository