r17400: grabbing latest changes from SAMBA_3_0_23 to help in testing

author: Gerald Carter <jerry@samba.org> 2006-08-04 17:09:13 +0000
committer: Gerald Carter <jerry@samba.org> 2006-08-04 17:09:13 +0000
commit: ef426b9e2a9c29668ea5118e81af28588632d0f8 (patch)
tree: 62be961725dc09a1607eb43e3b3928f0ba7451bd /source
parent: 33cf334255d1937f238030a3a9e23b3e02f3be27 (diff)
download: samba-ef426b9e2a9c29668ea5118e81af28588632d0f8.tar.gz
samba-ef426b9e2a9c29668ea5118e81af28588632d0f8.tar.xz
samba-ef426b9e2a9c29668ea5118e81af28588632d0f8.zip
6 files changed, 74 insertions, 68 deletions
diff --git a/source/VERSION b/source/VERSION
index 0b9ecab60b9..673d82d34d9 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -37,7 +37,7 @@ SAMBA_VERSION_RELEASE=23
 # e.g. SAMBA_VERSION_REVISION=a                        #
 #  ->  "2.2.8a"                                        #
 ########################################################
-SAMBA_VERSION_REVISION=a
+SAMBA_VERSION_REVISION=b
 
 ########################################################
 # For 'pre' releases the version will be               #
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 5298560ba43..67fe508721d 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -29,7 +29,6 @@
 
 static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 						   const DOM_SID *user_sid,
-						   const DOM_SID *group_sid,
 						   BOOL is_guest,
 						   int num_groupsids,
 						   const DOM_SID *groupsids);
@@ -509,7 +508,7 @@ NT_USER_TOKEN *get_root_nt_token( void )
 	uid_to_sid(&u_sid, pw->pw_uid);
 	gid_to_sid(&g_sid, pw->pw_gid);
 
-	token = create_local_nt_token(NULL, &u_sid, &g_sid, False,
+	token = create_local_nt_token(NULL, &u_sid, False,
 				      1, &global_sid_Builtin_Administrators);
 	return token;
 }
@@ -803,7 +802,6 @@ static NTSTATUS create_builtin_administrators( void )
 
 static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 						   const DOM_SID *user_sid,
-						   const DOM_SID *group_sid,
 						   BOOL is_guest,
 						   int num_groupsids,
 						   const DOM_SID *groupsids)
@@ -830,8 +828,12 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 
 	add_sid_to_array(result, user_sid,
 			 &result->user_sids, &result->num_sids);
-	add_sid_to_array(result, group_sid,
-			 &result->user_sids, &result->num_sids);
+
+	/* For guest, num_groupsids may be zero. */
+	if (num_groupsids) {
+		add_sid_to_array(result, &groupsids[0],
+				 &result->user_sids, &result->num_sids);
+	}
 			 
 	/* Add in BUILTIN sids */
 	
@@ -850,9 +852,11 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 	
 	/* Now the SIDs we got from authentication. These are the ones from
 	 * the info3 struct or from the pdb_enum_group_memberships, depending
-	 * on who authenticated the user. */
+	 * on who authenticated the user.
+	 * Note that we start the for loop at "1" here, we already added the
+	 * first group sid as primary above. */
 
-	for (i=0; i<num_groupsids; i++) {
+	for (i=1; i<num_groupsids; i++) {
 		add_sid_to_array_unique(result, &groupsids[i],
 					&result->user_sids, &result->num_sids);
 	}
@@ -955,8 +959,8 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) || 
-		server_info->was_mapped) {
+	if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
+	    (server_info->was_mapped)) {
 		status = create_token_from_username(server_info,
 						    server_info->unix_name,
 						    server_info->guest,
@@ -969,7 +973,6 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 		server_info->ptok = create_local_nt_token(
 			server_info,
 			pdb_get_user_sid(server_info->sam_account),
-			pdb_get_group_sid(server_info->sam_account),
 			server_info->guest,
 			server_info->num_sids, server_info->sids);
 		status = server_info->ptok ?
@@ -1072,7 +1075,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		/* This is a passdb user, so ask passdb */
 
 		struct samu *sam_acct = NULL;
-		const DOM_SID *gr_sid = NULL;
 
 		if ( !(sam_acct = samu_new( tmp_ctx )) ) {
 			result = NT_STATUS_NO_MEMORY;
@@ -1086,20 +1088,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 			goto unix_user;
 		}
 
-		gr_sid = pdb_get_group_sid(sam_acct);
-		if (!gr_sid) {
-			goto unix_user;
-		}
-
-		sid_copy(&primary_group_sid, gr_sid);
-
-		if (!sid_to_gid(&primary_group_sid, gid)) {
-			DEBUG(1, ("sid_to_gid(%s) failed\n",
-				  sid_string_static(&primary_group_sid)));
-			DEBUGADD(1, ("Fall back to unix user %s\n", username));
-			goto unix_user;
-		}
-
 		result = pdb_enum_group_memberships(tmp_ctx, sam_acct,
 						    &group_sids, &gids,
 						    &num_group_sids);
@@ -1110,6 +1098,10 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 			goto unix_user;
 		}
 
+		/* see the smb_panic() in pdb_default_enum_group_memberships */
+		SMB_ASSERT(num_group_sids > 0); 
+
+		*gid = gids[0];
 		*found_username = talloc_strdup(mem_ctx,
 						pdb_get_username(sam_acct));
 
@@ -1138,9 +1130,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 			goto done;
 		}
 
-		*gid = pass->pw_gid;
-		gid_to_sid(&primary_group_sid, pass->pw_gid);
-
 		if (!getgroups_unix_user(tmp_ctx, username, pass->pw_gid,
 					 &gids, &num_group_sids)) {
 			DEBUG(1, ("getgroups_unix_user for user %s failed\n",
@@ -1158,6 +1147,11 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		for (i=0; i<num_group_sids; i++) {
 			gid_to_sid(&group_sids[i], gids[i]);
 		}
+
+		/* In getgroups_unix_user we always set the primary gid */
+		SMB_ASSERT(num_group_sids > 0); 
+
+		*gid = gids[0];
 		*found_username = talloc_strdup(mem_ctx, pass->pw_name);
 
 	} else {
@@ -1181,13 +1175,13 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 			goto done;
 		}
 
-		num_group_sids = 0;
-		group_sids = NULL;
+		num_group_sids = 1;
+		group_sids = &primary_group_sid;
 
 		*found_username = talloc_strdup(mem_ctx, username);
 	}
 
-	*token = create_local_nt_token(mem_ctx, &user_sid, &primary_group_sid,
+	*token = create_local_nt_token(mem_ctx, &user_sid,
 				       is_guest, num_group_sids, group_sids);
 
 	if ((*token == NULL) || (*found_username == NULL)) {
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index bbb27f21c9e..5a9fb4cf595 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -209,12 +209,15 @@ static int _make_remark_format(pam_handle_t * pamh, int type, const char *format
 {
 	va_list args;
 	char *var;
+	int ret;
 
 	va_start(args, format);
 	vasprintf(&var, format, args);
 	va_end(args);
 
-	return _make_remark(pamh, type, var);
+	ret = _make_remark(pamh, type, var);
+	SAFE_FREE(var);
+	return ret;
 }
 
 static int pam_winbind_request(pam_handle_t * pamh, int ctrl,
@@ -482,13 +485,27 @@ static int winbind_auth_request(pam_handle_t * pamh,
 
 	/* save the CIFS homedir for pam_cifs / pam_mount */
 	if (response.data.auth.info3.home_dir[0] != '\0') {
-		char *buf;
 
-		if (!asprintf(&buf, "%s", response.data.auth.info3.home_dir)) {
-			return PAM_BUF_ERR;
+		int ret2 = pam_set_data(pamh, PAM_WINBIND_HOMEDIR,
+					(void *) strdup(response.data.auth.info3.home_dir),
+					_pam_winbind_cleanup_func);
+		if (ret2) {
+			_pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s", 
+				       pam_strerror(pamh, ret2));
 		}
 
-		pam_set_data( pamh, PAM_WINBIND_HOMEDIR, (void *)buf, _pam_winbind_cleanup_func);
+	}
+
+	/* save the logon script path for other PAM modules */
+	if (response.data.auth.info3.logon_script[0] != '\0') {
+
+		int ret2 = pam_set_data(pamh, PAM_WINBIND_LOGONSCRIPT, 
+					(void *) strdup(response.data.auth.info3.logon_script), 
+					_pam_winbind_cleanup_func);
+		if (ret2) {
+			_pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s", 
+				       pam_strerror(pamh, ret2));
+		}
 	}
 
 	return ret;
diff --git a/source/nsswitch/pam_winbind.h b/source/nsswitch/pam_winbind.h
index fb2769d1c1a..2b7080182be 100644
--- a/source/nsswitch/pam_winbind.h
+++ b/source/nsswitch/pam_winbind.h
@@ -108,6 +108,7 @@ do {                             \
 
 #define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD"
 #define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR"
+#define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT"
 #define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET"
 
 #define SECONDS_PER_DAY 86400
diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c
index 55a6850478f..8dc29728249 100644
--- a/source/smbd/msdfs.c
+++ b/source/smbd/msdfs.c
@@ -505,13 +505,10 @@ BOOL get_referred_path(TALLOC_CTX *ctx, char *pathname, struct junction_map *juc
 	parse_dfs_path(pathname, &dp);
 
 	/* Verify hostname in path */
-	if ( !strequal(get_local_machine_name(), dp.hostname) ) {
-		/* Hostname mismatch, check if one of our IP addresses */
-		if (!ismyip(*interpret_addr2(dp.hostname))) {
-			DEBUG(3, ("get_referred_path: Invalid hostname %s in path %s\n",
-				dp.hostname, pathname));
-			return False;
-		}
+	if (!is_myname_or_ipaddr(dp.hostname)) {
+		DEBUG(3, ("get_referred_path: Invalid hostname %s in path %s\n",
+			dp.hostname, pathname));
+		return False;
 	}
 
 	pstrcpy(jucn->service_name, dp.servicename);
@@ -878,13 +875,10 @@ BOOL create_junction(char *pathname, struct junction_map *jucn)
         parse_dfs_path(pathname,&dp);
 
         /* check if path is dfs : validate first token */
-        if ( !strequal(get_local_machine_name(),dp.hostname) ) {
-		/* Hostname mismatch, check if one of our IP addresses */
-		if (!ismyip(*interpret_addr2(dp.hostname))) {
-			DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n",
-				dp.hostname, pathname));
-			return False;
-		}
+	if (!is_myname_or_ipaddr(dp.hostname)) {
+		DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n",
+			dp.hostname, pathname));
+		return False;
 	}
 
 	/* Check for a non-DFS share */
diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c
index dcbd53bafc3..f01f7ac33b3 100644
--- a/source/utils/net_ads.c
+++ b/source/utils/net_ads.c
@@ -1169,7 +1169,7 @@ static int net_ads_join_usage(int argc, const char **argv)
  
 int net_ads_join(int argc, const char **argv)
 {
-	ADS_STRUCT *ads;
+	ADS_STRUCT *ads = NULL;
 	ADS_STATUS status;
 	char *machine_account = NULL;
 	const char *short_domain_name = NULL;
@@ -1184,24 +1184,23 @@ int net_ads_join(int argc, const char **argv)
 	
 	if ( check_ads_config() != 0 ) {
 		d_fprintf(stderr, "Invalid configuration.  Exiting....\n");
-		return -1;
+		goto fail;
 	}
 
 	if ( (ads = ads_startup(True)) == NULL ) {
-		return -1;
+		goto fail;
 	}
 
 	if (strcmp(ads->config.realm, lp_realm()) != 0) {
 		d_fprintf(stderr, "realm of remote server (%s) and realm in smb.conf "
 			"(%s) DO NOT match.  Aborting join\n", ads->config.realm, 
 			lp_realm());
-		ads_destroy(&ads);
-		return -1;
+		goto fail;
 	}
 
 	if (!(ctx = talloc_init("net_ads_join"))) {
 		DEBUG(0, ("Could not initialise talloc context\n"));
-		return -1;
+		goto fail;
 	}
 
 	/* process additional command line args */
@@ -1214,12 +1213,12 @@ int net_ads_join(int argc, const char **argv)
 		else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) {
 			if ( (create_in_ou = get_string_param(argv[i])) == NULL ) {
 				d_fprintf(stderr, "Please supply a valid OU path\n");
-				return -1;
+				goto fail;
 			}		
 		}
 		else {
 			d_fprintf(stderr, "Bad option: %s\n", argv[i]);
-			return -1;
+			goto fail;
 		}
 	}
 
@@ -1231,8 +1230,7 @@ int net_ads_join(int argc, const char **argv)
 		if ( !ADS_ERR_OK(status) ) {
 			d_fprintf( stderr, "Failed to pre-create the machine object "
 				"in OU %s.\n", argv[0]);
-			ads_destroy( &ads );
-			return -1;
+			goto fail;
 		}
 	}
 
@@ -1243,7 +1241,7 @@ int net_ads_join(int argc, const char **argv)
 	
 	if ( net_join_domain( ctx, ads->config.ldap_server_name, &ads->ldap_ip, &domain_sid, password ) != 0 ) {
 		d_fprintf(stderr, "Failed to join domain!\n");
-		return -1;
+		goto fail;
 	}
 	
 	/* Check the short name of the domain */
@@ -1274,15 +1272,14 @@ int net_ads_join(int argc, const char **argv)
 	if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1)
 		|| (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) )
 	{
-		ads_destroy(&ads);
-		return -1;
+		goto fail;
 	}
 
 	/* Verify that everything is ok */
 
 	if ( net_rpc_join_ok(short_domain_name, ads->config.ldap_server_name, &ads->ldap_ip) != 0 ) {
 		d_fprintf(stderr, "Failed to verify membership in domain!\n");
-		return -1;
+		goto fail;
 	}	
 
 	/* create the dNSHostName & servicePrincipalName values */
@@ -1306,13 +1303,12 @@ int net_ads_join(int argc, const char **argv)
 		netdom_store_machine_account( lp_workgroup(), domain_sid, "" ); 
 		netdom_store_machine_account( short_domain_name, domain_sid, "" );
 		
-		return -1;
+		goto fail;
 	}
 
 	if ( !net_derive_salting_principal( ctx, ads ) ) {
 		DEBUG(1,("Failed to determine salting principal\n"));
-		ads_destroy(&ads);
-		return -1;
+		goto fail;
 	}
 
 	if ( createupn ) {
@@ -1343,6 +1339,10 @@ int net_ads_join(int argc, const char **argv)
 	ads_destroy(&ads);
 	
 	return 0;
+
+fail:
+	ads_destroy(&ads);
+	return -1;
 }
 
 /*******************************************************************
author	Gerald Carter <jerry@samba.org>	2006-08-04 17:09:13 +0000
committer	Gerald Carter <jerry@samba.org>	2006-08-04 17:09:13 +0000
commit	ef426b9e2a9c29668ea5118e81af28588632d0f8 (patch)
tree	62be961725dc09a1607eb43e3b3928f0ba7451bd /source
parent	33cf334255d1937f238030a3a9e23b3e02f3be27 (diff)
download	samba-ef426b9e2a9c29668ea5118e81af28588632d0f8.tar.gz samba-ef426b9e2a9c29668ea5118e81af28588632d0f8.tar.xz samba-ef426b9e2a9c29668ea5118e81af28588632d0f8.zip