]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/samba/samba-3.6.99-fix_gecos_interactive.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'core110'
[ipfire-2.x.git] / src / patches / samba / samba-3.6.99-fix_gecos_interactive.patch
1 commit 8a7159aa1b000593ffe89ca8d7477e6373764aaf
2 Author: Günther Deschner <gd@samba.org>
3 AuthorDate: Tue Jul 15 14:16:56 2014 +0200
4 Commit: Andreas Schneider <asn@samba.org>
5 CommitDate: Tue Jul 15 15:25:27 2014 +0200
6
7 PATCHSET14 s3-rpc_client: return info3 in rpccli_netlogon_password_logon().
8
9 Guenther
10
11 Signed-off-by: Günther Deschner <gd@samba.org>
12 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
13 Reviewed-by: Andreas Schneider <asn@samba.org>
14 ---
15 source3/rpc_client/cli_netlogon.c | 100 +++++++++++++++++++++-----------------
16 source3/rpc_client/cli_netlogon.h | 3 +-
17 source3/rpcclient/cmd_netlogon.c | 3 +-
18 3 files changed, 60 insertions(+), 46 deletions(-)
19
20 diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
21 index c69a933..9454226 100644
22 --- a/source3/rpc_client/cli_netlogon.c
23 +++ b/source3/rpc_client/cli_netlogon.c
24 @@ -153,6 +153,53 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
25 return NT_STATUS_OK;
26 }
27
28 +static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
29 + uint16_t validation_level,
30 + union netr_Validation *validation,
31 + struct netr_SamInfo3 **info3_p)
32 +{
33 + struct netr_SamInfo3 *info3;
34 + NTSTATUS status;
35 +
36 + if (validation == NULL) {
37 + return NT_STATUS_INVALID_PARAMETER;
38 + }
39 +
40 + switch (validation_level) {
41 + case 3:
42 + if (validation->sam3 == NULL) {
43 + return NT_STATUS_INVALID_PARAMETER;
44 + }
45 +
46 + info3 = talloc_move(mem_ctx, &validation->sam3);
47 + break;
48 + case 6:
49 + if (validation->sam6 == NULL) {
50 + return NT_STATUS_INVALID_PARAMETER;
51 + }
52 +
53 + info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
54 + if (info3 == NULL) {
55 + return NT_STATUS_NO_MEMORY;
56 + }
57 + status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
58 + if (!NT_STATUS_IS_OK(status)) {
59 + TALLOC_FREE(info3);
60 + return status;
61 + }
62 +
63 + info3->sidcount = validation->sam6->sidcount;
64 + info3->sids = talloc_move(info3, &validation->sam6->sids);
65 + break;
66 + default:
67 + return NT_STATUS_BAD_VALIDATION_CLASS;
68 + }
69 +
70 + *info3_p = info3;
71 +
72 + return NT_STATUS_OK;
73 +}
74 +
75 /* Logon domain user */
76
77 NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
78 @@ -163,7 +210,8 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
79 const char *password,
80 const char *workstation,
81 uint16_t validation_level,
82 - int logon_type)
83 + int logon_type,
84 + struct netr_SamInfo3 **info3)
85 {
86 NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
87 NTSTATUS status;
88 @@ -298,54 +346,18 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
89 return NT_STATUS_ACCESS_DENIED;
90 }
91
92 - return result;
93 -}
94 -
95 -static NTSTATUS map_validation_to_info3(TALLOC_CTX *mem_ctx,
96 - uint16_t validation_level,
97 - union netr_Validation *validation,
98 - struct netr_SamInfo3 **info3_p)
99 -{
100 - struct netr_SamInfo3 *info3;
101 - NTSTATUS status;
102 -
103 - if (validation == NULL) {
104 - return NT_STATUS_INVALID_PARAMETER;
105 + if (!NT_STATUS_IS_OK(result)) {
106 + return result;
107 }
108
109 - switch (validation_level) {
110 - case 3:
111 - if (validation->sam3 == NULL) {
112 - return NT_STATUS_INVALID_PARAMETER;
113 - }
114 -
115 - info3 = talloc_move(mem_ctx, &validation->sam3);
116 - break;
117 - case 6:
118 - if (validation->sam6 == NULL) {
119 - return NT_STATUS_INVALID_PARAMETER;
120 - }
121 -
122 - info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
123 - if (info3 == NULL) {
124 - return NT_STATUS_NO_MEMORY;
125 - }
126 - status = copy_netr_SamBaseInfo(info3, &validation->sam6->base, &info3->base);
127 - if (!NT_STATUS_IS_OK(status)) {
128 - TALLOC_FREE(info3);
129 - return status;
130 - }
131 + netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
132
133 - info3->sidcount = validation->sam6->sidcount;
134 - info3->sids = talloc_move(info3, &validation->sam6->sids);
135 - break;
136 - default:
137 - return NT_STATUS_BAD_VALIDATION_CLASS;
138 + result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
139 + if (!NT_STATUS_IS_OK(result)) {
140 + return result;
141 }
142
143 - *info3_p = info3;
144 -
145 - return NT_STATUS_OK;
146 + return result;
147 }
148
149 /**
150 diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
151 index ad59d5b..9c6cbc8 100644
152 --- a/source3/rpc_client/cli_netlogon.h
153 +++ b/source3/rpc_client/cli_netlogon.h
154 @@ -41,7 +41,8 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
155 const char *password,
156 const char *workstation,
157 uint16_t validation_level,
158 - int logon_type);
159 + int logon_type,
160 + struct netr_SamInfo3 **info3);
161 NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
162 TALLOC_CTX *mem_ctx,
163 uint32 logon_parameters,
164 diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
165 index 63057ac..e285145 100644
166 --- a/source3/rpcclient/cmd_netlogon.c
167 +++ b/source3/rpcclient/cmd_netlogon.c
168 @@ -724,6 +724,7 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
169 uint16_t validation_level = 3;
170 uint32 logon_param = 0;
171 const char *workstation = NULL;
172 + struct netr_SamInfo3 *info3 = NULL;
173
174 /* Check arguments */
175
176 @@ -750,7 +751,7 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
177
178 /* Perform the sam logon */
179
180 - result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, validation_level, logon_type);
181 + result = rpccli_netlogon_sam_logon(cli, mem_ctx, logon_param, lp_workgroup(), username, password, workstation, validation_level, logon_type, &info3);
182
183 if (!NT_STATUS_IS_OK(result))
184 goto done;
185 commit 53c404ade6d660c449a9dddb56aa80dc6d5ea920
186 Author: Günther Deschner <gd@samba.org>
187 AuthorDate: Tue Jul 15 14:25:19 2014 +0200
188 Commit: Andreas Schneider <asn@samba.org>
189 CommitDate: Tue Jul 15 15:25:29 2014 +0200
190
191 PATCHSET14 s3-winbindd: call interactive samlogon via rpccli_netlogon_password_logon.
192
193 Guenther
194
195 Signed-off-by: Guenther Deschner <gd@samba.org>
196 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
197 Reviewed-by: Andreas Schneider <asn@samba.org>
198 ---
199 source3/winbindd/winbindd_pam.c | 20 +++++++++++++++++++-
200 1 file changed, 19 insertions(+), 1 deletion(-)
201
202 diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
203 index 125e393..2b31d54 100644
204 --- a/source3/winbindd/winbindd_pam.c
205 +++ b/source3/winbindd/winbindd_pam.c
206 @@ -1152,11 +1152,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
207 uint32_t logon_parameters,
208 const char *server,
209 const char *username,
210 + const char *password,
211 const char *domainname,
212 const char *workstation,
213 const uint8_t chal[8],
214 DATA_BLOB lm_response,
215 DATA_BLOB nt_response,
216 + bool interactive,
217 struct netr_SamInfo3 **info3)
218 {
219 int attempts = 0;
220 @@ -1269,7 +1271,19 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
221 domain->can_do_validation6 = false;
222 }
223
224 - if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
225 + if (interactive && username != NULL && password != NULL) {
226 + result = rpccli_netlogon_sam_logon(
227 + netlogon_pipe,
228 + mem_ctx,
229 + logon_parameters,
230 + domainname,
231 + username,
232 + password,
233 + workstation,
234 + 3, /* FIXME */
235 + NetlogonInteractiveInformation,
236 + info3);
237 + } else if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
238 result = rpccli_netlogon_sam_network_logon_ex(
239 netlogon_pipe,
240 mem_ctx,
241 @@ -1453,11 +1467,13 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
242 0,
243 domain->dcname,
244 name_user,
245 + pass,
246 name_domain,
247 global_myname(),
248 chal,
249 lm_resp,
250 nt_resp,
251 + true,
252 &my_info3);
253 if (!NT_STATUS_IS_OK(result)) {
254 goto done;
255 @@ -1874,12 +1890,14 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
256 state->request->data.auth_crap.logon_parameters,
257 domain->dcname,
258 name_user,
259 + NULL, /* password */
260 name_domain,
261 /* Bug #3248 - found by Stefan Burkei. */
262 workstation, /* We carefully set this above so use it... */
263 state->request->data.auth_crap.chal,
264 lm_resp,
265 nt_resp,
266 + false, /* interactive */
267 &info3);
268 if (!NT_STATUS_IS_OK(result)) {
269 goto done;
270 commit f73d1b92b78c4c3f23f411807273e3d09d39c10a
271 Author: Günther Deschner <gd@samba.org>
272 AuthorDate: Mon Jul 7 17:14:37 2014 +0200
273 Commit: Andreas Schneider <asn@samba.org>
274 CommitDate: Tue Jul 15 15:25:30 2014 +0200
275
276 PATCHSET14 s3-winbindd: add wcache_query_user_fullname().
277
278 This helper function is used to query the full name of a cached user object (for
279 further gecos processing).
280
281 Thanks to Matt Rogers <mrogers@redhat.com>.
282
283 BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
284
285 Guenther
286
287 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
288 Signed-off-by: Günther Deschner <gd@samba.org>
289 Reviewed-by: Andreas Schneider <asn@samba.org>
290 ---
291 source3/winbindd/winbindd_cache.c | 34 ++++++++++++++++++++++++++++++++++
292 source3/winbindd/winbindd_proto.h | 4 ++++
293 2 files changed, 38 insertions(+)
294
295 diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
296 index 0a65953..82c8087 100644
297 --- a/source3/winbindd/winbindd_cache.c
298 +++ b/source3/winbindd/winbindd_cache.c
299 @@ -2282,6 +2282,40 @@ NTSTATUS wcache_query_user(struct winbindd_domain *domain,
300 return status;
301 }
302
303 +
304 +/**
305 +* @brief Query a fullname from the username cache (for further gecos processing)
306 +*
307 +* @param domain A pointer to the winbindd_domain struct.
308 +* @param mem_ctx The talloc context.
309 +* @param user_sid The user sid.
310 +* @param full_name A pointer to the full_name string.
311 +*
312 +* @return NTSTATUS code
313 +*/
314 +NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
315 + TALLOC_CTX *mem_ctx,
316 + const struct dom_sid *user_sid,
317 + const char **full_name)
318 +{
319 + NTSTATUS status;
320 + struct wbint_userinfo info;
321 +
322 + status = wcache_query_user(domain, mem_ctx, user_sid, &info);
323 + if (!NT_STATUS_IS_OK(status)) {
324 + return status;
325 + }
326 +
327 + if (info.full_name != NULL) {
328 + *full_name = talloc_strdup(mem_ctx, info.full_name);
329 + if (*full_name == NULL) {
330 + return NT_STATUS_NO_MEMORY;
331 + }
332 + }
333 +
334 + return NT_STATUS_OK;
335 +}
336 +
337 /* Lookup user information from a rid */
338 static NTSTATUS query_user(struct winbindd_domain *domain,
339 TALLOC_CTX *mem_ctx,
340 diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
341 index 82176b2..585853e 100644
342 --- a/source3/winbindd/winbindd_proto.h
343 +++ b/source3/winbindd/winbindd_proto.h
344 @@ -103,6 +103,10 @@ NTSTATUS wcache_query_user(struct winbindd_domain *domain,
345 TALLOC_CTX *mem_ctx,
346 const struct dom_sid *user_sid,
347 struct wbint_userinfo *info);
348 +NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
349 + TALLOC_CTX *mem_ctx,
350 + const struct dom_sid *user_sid,
351 + const char **full_name);
352 NTSTATUS wcache_lookup_useraliases(struct winbindd_domain *domain,
353 TALLOC_CTX *mem_ctx,
354 uint32 num_sids, const struct dom_sid *sids,
355 commit d4d04c269ade1e96f84b71e60a1c6c322eec5514
356 Author: Günther Deschner <gd@samba.org>
357 AuthorDate: Mon Jul 7 17:16:32 2014 +0200
358 Commit: Andreas Schneider <asn@samba.org>
359 CommitDate: Tue Jul 15 15:25:31 2014 +0200
360
361 PATCHSET14 s3-winbindd: use wcache_query_user_fullname after inspecting samlogon cache.
362
363 The reason for this followup query is that very often the samlogon cache only
364 contains a info3 netlogon user structure that has been retrieved during a
365 netlogon samlogon authentication using "network" logon level. With that logon
366 level only a few info3 fields are filled in; the user's fullname is never filled
367 in that case. This is problematic when the cache is used to fill in the user's
368 gecos field (for NSS queries). When we have retrieved the user's fullname during
369 other queries, reuse it from the other caches.
370
371 Thanks to Matt Rogers <mrogers@redhat.com>.
372
373 BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
374
375 Guenther
376
377 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
378 Signed-off-by: Guenther Deschner <gd@samba.org>
379 Reviewed-by: Andreas Schneider <asn@samba.org>
380 ---
381 source3/winbindd/winbindd_ads.c | 8 ++++++++
382 source3/winbindd/winbindd_msrpc.c | 8 ++++++++
383 source3/winbindd/winbindd_pam.c | 41 +++++++++++++++++++++++++++++++++++++++
384 3 files changed, 57 insertions(+)
385
386 diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
387 index 3099ff0..7d960fc 100644
388 --- a/source3/winbindd/winbindd_ads.c
389 +++ b/source3/winbindd/winbindd_ads.c
390 @@ -515,6 +515,14 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
391
392 TALLOC_FREE(user);
393
394 + if (info->full_name == NULL) {
395 + /* this might fail so we dont check the return code */
396 + wcache_query_user_fullname(domain,
397 + mem_ctx,
398 + sid,
399 + &info->full_name);
400 + }
401 +
402 return NT_STATUS_OK;
403 }
404
405 diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
406 index b426884..eae822c 100644
407 --- a/source3/winbindd/winbindd_msrpc.c
408 +++ b/source3/winbindd/winbindd_msrpc.c
409 @@ -439,6 +439,14 @@ static NTSTATUS msrpc_query_user(struct winbindd_domain *domain,
410 user_info->full_name = talloc_strdup(user_info,
411 user->base.full_name.string);
412
413 + if (user_info->full_name == NULL) {
414 + /* this might fail so we dont check the return code */
415 + wcache_query_user_fullname(domain,
416 + mem_ctx,
417 + user_sid,
418 + &user_info->full_name);
419 + }
420 +
421 status = NT_STATUS_OK;
422 goto done;
423 }
424 diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
425 index 2b31d54..86b352e 100644
426 --- a/source3/winbindd/winbindd_pam.c
427 +++ b/source3/winbindd/winbindd_pam.c
428 @@ -1739,6 +1739,26 @@ process_result:
429 sid_compose(&user_sid, info3->base.domain_sid,
430 info3->base.rid);
431
432 + if (info3->base.full_name.string == NULL) {
433 + struct netr_SamInfo3 *cached_info3;
434 +
435 + cached_info3 = netsamlogon_cache_get(state->mem_ctx,
436 + &user_sid);
437 + if (cached_info3 != NULL &&
438 + cached_info3->base.full_name.string != NULL) {
439 + info3->base.full_name.string =
440 + talloc_strdup(info3,
441 + cached_info3->base.full_name.string);
442 + } else {
443 +
444 + /* this might fail so we dont check the return code */
445 + wcache_query_user_fullname(domain,
446 + info3,
447 + &user_sid,
448 + &info3->base.full_name.string);
449 + }
450 + }
451 +
452 wcache_invalidate_samlogon(find_domain_from_name(name_domain),
453 &user_sid);
454 netsamlogon_cache_store(name_user, info3);
455 @@ -1910,6 +1930,27 @@ process_result:
456
457 sid_compose(&user_sid, info3->base.domain_sid,
458 info3->base.rid);
459 +
460 + if (info3->base.full_name.string == NULL) {
461 + struct netr_SamInfo3 *cached_info3;
462 +
463 + cached_info3 = netsamlogon_cache_get(state->mem_ctx,
464 + &user_sid);
465 + if (cached_info3 != NULL &&
466 + cached_info3->base.full_name.string != NULL) {
467 + info3->base.full_name.string =
468 + talloc_strdup(info3,
469 + cached_info3->base.full_name.string);
470 + } else {
471 +
472 + /* this might fail so we dont check the return code */
473 + wcache_query_user_fullname(domain,
474 + info3,
475 + &user_sid,
476 + &info3->base.full_name.string);
477 + }
478 + }
479 +
480 wcache_invalidate_samlogon(find_domain_from_name(name_domain),
481 &user_sid);
482 netsamlogon_cache_store(name_user, info3);
483 commit 7a38729ac2b93d0bd8c2450821cfcedff6fa3f53
484 Author: Günther Deschner <gd@samba.org>
485 AuthorDate: Wed Jul 9 13:36:06 2014 +0200
486 Commit: Andreas Schneider <asn@samba.org>
487 CommitDate: Tue Jul 15 15:25:32 2014 +0200
488
489 PATCHSET14 samlogon_cache: use a talloc_stackframe inside netsamlogon_cache_store.
490
491 Guenther
492
493 Signed-off-by: Günther Deschner <gd@samba.org>
494 Reviewed-by: Andreas Schneider <asn@samba.org>
495 ---
496 source3/libsmb/samlogon_cache.c | 13 ++++---------
497 1 file changed, 4 insertions(+), 9 deletions(-)
498
499 diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
500 index 590c950..4281965 100644
501 --- a/source3/libsmb/samlogon_cache.c
502 +++ b/source3/libsmb/samlogon_cache.c
503 @@ -132,7 +132,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
504 bool result = false;
505 struct dom_sid user_sid;
506 time_t t = time(NULL);
507 - TALLOC_CTX *mem_ctx;
508 + TALLOC_CTX *tmp_ctx = talloc_stackframe();
509 DATA_BLOB blob;
510 enum ndr_err_code ndr_err;
511 struct netsamlogoncache_entry r;
512 @@ -156,11 +156,6 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
513
514 /* Prepare data */
515
516 - if (!(mem_ctx = TALLOC_P( NULL, int))) {
517 - DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n"));
518 - return false;
519 - }
520 -
521 /* only Samba fills in the username, not sure why NT doesn't */
522 /* so we fill it in since winbindd_getpwnam() makes use of it */
523
524 @@ -175,11 +170,11 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
525 NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
526 }
527
528 - ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &r,
529 + ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, &r,
530 (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry);
531 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
532 DEBUG(0,("netsamlogon_cache_store: failed to push entry to cache\n"));
533 - TALLOC_FREE(mem_ctx);
534 + TALLOC_FREE(tmp_ctx);
535 return false;
536 }
537
538 @@ -190,7 +185,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
539 result = true;
540 }
541
542 - TALLOC_FREE(mem_ctx);
543 + TALLOC_FREE(tmp_ctx);
544
545 return result;
546 }
547 commit f89b793bd672a66f5e75ade33467f6621545f0d4
548 Author: Andreas Schneider <asn@samba.org>
549 AuthorDate: Thu Jul 3 16:17:46 2014 +0200
550 Commit: Andreas Schneider <asn@samba.org>
551 CommitDate: Tue Jul 15 15:25:32 2014 +0200
552
553 PATCHSET14 samlogon_cache: avoid overwriting info3->base.full_name.string.
554
555 This field servers as a source for the gecos field. We should not overwrite it
556 when a info3 struct from a samlogon network level gets saved in which case this
557 field is always NULL.
558
559 BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
560
561 Signed-off-by: Andreas Schneider <asn@samba.org>
562 Reviewed-by: Guenther Deschner <gd@samba.org>
563 ---
564 source3/libsmb/samlogon_cache.c | 14 ++++++++++++++
565 1 file changed, 14 insertions(+)
566
567 diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
568 index 4281965..8a3dbd2 100644
569 --- a/source3/libsmb/samlogon_cache.c
570 +++ b/source3/libsmb/samlogon_cache.c
571 @@ -156,6 +156,20 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
572
573 /* Prepare data */
574
575 + if (info3->base.full_name.string == NULL) {
576 + struct netr_SamInfo3 *cached_info3;
577 + const char *full_name = NULL;
578 +
579 + cached_info3 = netsamlogon_cache_get(tmp_ctx, &user_sid);
580 + if (cached_info3 != NULL) {
581 + full_name = cached_info3->base.full_name.string;
582 + }
583 +
584 + if (full_name != NULL) {
585 + info3->base.full_name.string = talloc_strdup(info3, full_name);
586 + }
587 + }
588 +
589 /* only Samba fills in the username, not sure why NT doesn't */
590 /* so we fill it in since winbindd_getpwnam() makes use of it */
591
592 commit 8fcaeecf174a1c9088c84f271e2859f75e9a5101
593 Author: Andreas Schneider <asn@samba.org>
594 AuthorDate: Thu Jul 3 16:19:42 2014 +0200
595 Commit: Andreas Schneider <asn@samba.org>
596 CommitDate: Tue Jul 15 15:25:33 2014 +0200
597
598 PATCHSET14 s3-winbind: Don't set the gecos field to NULL.
599
600 The value is loaded from the cache anyway. So it will be set to NULL if
601 it is not available.
602
603 BUG: https://bugzilla.samba.org/show_bug.cgi?id=10440
604
605 Signed-off-by: Andreas Schneider <asn@samba.org>
606 Reviewed-by: Guenther Deschner <gd@samba.org>
607 ---
608 source3/winbindd/nss_info_template.c | 1 -
609 1 file changed, 1 deletion(-)
610
611 diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c
612 index 5fdfd9b..de93803 100644
613 --- a/source3/winbindd/nss_info_template.c
614 +++ b/source3/winbindd/nss_info_template.c
615 @@ -48,7 +48,6 @@ static NTSTATUS nss_template_get_info( struct nss_domain_entry *e,
616 username */
617 *homedir = talloc_strdup( ctx, lp_template_homedir() );
618 *shell = talloc_strdup( ctx, lp_template_shell() );
619 - *gecos = NULL;
620
621 if ( !*homedir || !*shell ) {
622 return NT_STATUS_NO_MEMORY;
623 commit d32503872aec4fca41056b2d9d9bbb6b15ce9701
624 Author: Günther Deschner <gd@samba.org>
625 AuthorDate: Tue Jul 15 16:21:08 2014 +0200
626 Commit: Andreas Schneider <asn@samba.org>
627 CommitDate: Tue Jul 15 16:24:59 2014 +0200
628
629 PATCHSET14 s3-rpc_client: add rpccli_netlogon_sam_logon_ex().
630
631 This function deals with interactive samlogon and does a dcerpc_netr_SamLogonEx
632 call (w/o credential chaining).
633
634 Guenther
635
636 Signed-off-by: Günther Deschner <gd@samba.org>
637 ---
638 source3/rpc_client/cli_netlogon.c | 152 ++++++++++++++++++++++++++++++++++++++
639 source3/rpc_client/cli_netlogon.h | 10 +++
640 2 files changed, 162 insertions(+)
641
642 diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
643 index 9454226..0290944 100644
644 --- a/source3/rpc_client/cli_netlogon.c
645 +++ b/source3/rpc_client/cli_netlogon.c
646 @@ -360,6 +360,158 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
647 return result;
648 }
649
650 +/* Logon domain user */
651 +
652 +NTSTATUS rpccli_netlogon_sam_logon_ex(struct rpc_pipe_client *cli,
653 + TALLOC_CTX *mem_ctx,
654 + uint32 logon_parameters,
655 + const char *domain,
656 + const char *username,
657 + const char *password,
658 + const char *workstation,
659 + uint16_t validation_level,
660 + int logon_type,
661 + struct netr_SamInfo3 **info3)
662 +{
663 + NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
664 + NTSTATUS status;
665 + struct netr_Authenticator ret_creds;
666 + union netr_LogonLevel *logon;
667 + union netr_Validation validation;
668 + uint8_t authoritative;
669 + fstring clnt_name_slash;
670 + struct dcerpc_binding_handle *b = cli->binding_handle;
671 + uint32_t flags = 0;
672 +
673 + ZERO_STRUCT(ret_creds);
674 +
675 + logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
676 + if (!logon) {
677 + return NT_STATUS_NO_MEMORY;
678 + }
679 +
680 + if (workstation) {
681 + fstr_sprintf( clnt_name_slash, "\\\\%s", workstation );
682 + } else {
683 + fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() );
684 + }
685 +
686 + /* Initialise input parameters */
687 +
688 + switch (logon_type) {
689 + case NetlogonInteractiveInformation: {
690 +
691 + struct netr_PasswordInfo *password_info;
692 +
693 + struct samr_Password lmpassword;
694 + struct samr_Password ntpassword;
695 +
696 + password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo);
697 + if (!password_info) {
698 + return NT_STATUS_NO_MEMORY;
699 + }
700 +
701 + nt_lm_owf_gen(password, ntpassword.hash, lmpassword.hash);
702 +
703 + if (cli->dc->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
704 + netlogon_creds_arcfour_crypt(cli->dc, lmpassword.hash, 16);
705 + netlogon_creds_arcfour_crypt(cli->dc, ntpassword.hash, 16);
706 + } else {
707 + netlogon_creds_des_encrypt(cli->dc, &lmpassword);
708 + netlogon_creds_des_encrypt(cli->dc, &ntpassword);
709 + }
710 +
711 + password_info->identity_info.domain_name.string = domain;
712 + password_info->identity_info.parameter_control = logon_parameters;
713 + password_info->identity_info.logon_id_low = 0xdead;
714 + password_info->identity_info.logon_id_high = 0xbeef;
715 + password_info->identity_info.account_name.string = username;
716 + password_info->identity_info.workstation.string = clnt_name_slash;
717 +
718 + password_info->lmpassword = lmpassword;
719 + password_info->ntpassword = ntpassword;
720 +
721 + logon->password = password_info;
722 +
723 + break;
724 + }
725 + case NetlogonNetworkInformation: {
726 + struct netr_NetworkInfo *network_info;
727 + uint8 chal[8];
728 + unsigned char local_lm_response[24];
729 + unsigned char local_nt_response[24];
730 + struct netr_ChallengeResponse lm;
731 + struct netr_ChallengeResponse nt;
732 +
733 + ZERO_STRUCT(lm);
734 + ZERO_STRUCT(nt);
735 +
736 + network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
737 + if (!network_info) {
738 + return NT_STATUS_NO_MEMORY;
739 + }
740 +
741 + generate_random_buffer(chal, 8);
742 +
743 + SMBencrypt(password, chal, local_lm_response);
744 + SMBNTencrypt(password, chal, local_nt_response);
745 +
746 + lm.length = 24;
747 + lm.data = local_lm_response;
748 +
749 + nt.length = 24;
750 + nt.data = local_nt_response;
751 +
752 + network_info->identity_info.domain_name.string = domain;
753 + network_info->identity_info.parameter_control = logon_parameters;
754 + network_info->identity_info.logon_id_low = 0xdead;
755 + network_info->identity_info.logon_id_high = 0xbeef;
756 + network_info->identity_info.account_name.string = username;
757 + network_info->identity_info.workstation.string = clnt_name_slash;
758 +
759 + memcpy(network_info->challenge, chal, 8);
760 + network_info->nt = nt;
761 + network_info->lm = lm;
762 +
763 + logon->network = network_info;
764 +
765 + break;
766 + }
767 + default:
768 + DEBUG(0, ("switch value %d not supported\n",
769 + logon_type));
770 + return NT_STATUS_INVALID_INFO_CLASS;
771 + }
772 +
773 + status = dcerpc_netr_LogonSamLogonEx(b, mem_ctx,
774 + cli->srv_name_slash,
775 + global_myname(),
776 + logon_type,
777 + logon,
778 + validation_level,
779 + &validation,
780 + &authoritative,
781 + &flags,
782 + &result);
783 + if (!NT_STATUS_IS_OK(status)) {
784 + return status;
785 + }
786 +
787 + if (!NT_STATUS_IS_OK(result)) {
788 + return result;
789 + }
790 +
791 + netlogon_creds_decrypt_samlogon(cli->dc, validation_level, &validation);
792 +
793 + result = map_validation_to_info3(mem_ctx, validation_level, &validation, info3);
794 + if (!NT_STATUS_IS_OK(result)) {
795 + return result;
796 + }
797 +
798 + return result;
799 +}
800 +
801 +
802 /**
803 * Logon domain user with an 'network' SAM logon
804 *
805 diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
806 index 9c6cbc8..3763843 100644
807 --- a/source3/rpc_client/cli_netlogon.h
808 +++ b/source3/rpc_client/cli_netlogon.h
809 @@ -43,6 +43,16 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
810 uint16_t validation_level,
811 int logon_type,
812 struct netr_SamInfo3 **info3);
813 +NTSTATUS rpccli_netlogon_sam_logon_ex(struct rpc_pipe_client *cli,
814 + TALLOC_CTX *mem_ctx,
815 + uint32 logon_parameters,
816 + const char *domain,
817 + const char *username,
818 + const char *password,
819 + const char *workstation,
820 + uint16_t validation_level,
821 + int logon_type,
822 + struct netr_SamInfo3 **info3);
823 NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
824 TALLOC_CTX *mem_ctx,
825 uint32 logon_parameters,
826 commit f39f18e062207427ea436c85a7c721629a38bc0d
827 Author: Günther Deschner <gd@samba.org>
828 AuthorDate: Tue Jul 15 16:22:15 2014 +0200
829 Commit: Andreas Schneider <asn@samba.org>
830 CommitDate: Tue Jul 15 16:25:04 2014 +0200
831
832 PATCHSET14 s3-winbindd: prefer to do a rpccli_netlogon_sam_logon_ex if we can.
833
834 Guenther
835
836 Signed-off-by: Günther Deschner <gd@samba.org>
837 ---
838 source3/winbindd/winbindd_pam.c | 36 +++++++++++++++++++++++++-----------
839 1 file changed, 25 insertions(+), 11 deletions(-)
840
841 diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
842 index 86b352e..e838ac6 100644
843 --- a/source3/winbindd/winbindd_pam.c
844 +++ b/source3/winbindd/winbindd_pam.c
845 @@ -1272,17 +1272,31 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
846 }
847
848 if (interactive && username != NULL && password != NULL) {
849 - result = rpccli_netlogon_sam_logon(
850 - netlogon_pipe,
851 - mem_ctx,
852 - logon_parameters,
853 - domainname,
854 - username,
855 - password,
856 - workstation,
857 - 3, /* FIXME */
858 - NetlogonInteractiveInformation,
859 - info3);
860 + if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
861 + result = rpccli_netlogon_sam_logon_ex(
862 + netlogon_pipe,
863 + mem_ctx,
864 + logon_parameters,
865 + domainname,
866 + username,
867 + password,
868 + workstation,
869 + 6,
870 + NetlogonInteractiveInformation,
871 + info3);
872 + } else {
873 + result = rpccli_netlogon_sam_logon(
874 + netlogon_pipe,
875 + mem_ctx,
876 + logon_parameters,
877 + domainname,
878 + username,
879 + password,
880 + workstation,
881 + domain->can_do_validation6 ? 6 : 3,
882 + NetlogonInteractiveInformation,
883 + info3);
884 + }
885 } else if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
886 result = rpccli_netlogon_sam_network_logon_ex(
887 netlogon_pipe,
888 From fa58aff691268b021ba4dde1eb580d0387b917e1 Mon Sep 17 00:00:00 2001
889 From: Andreas Schneider <asn@samba.org>
890 Date: Wed, 20 Aug 2014 15:51:21 +0200
891 Subject: [PATCH] PATCHSET14: Reset netlogon pipe for interactive samlogon_ex.
892
893 ---
894 source3/winbindd/winbindd_pam.c | 12 ++++++++++++
895 1 file changed, 12 insertions(+)
896
897 diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
898 index e838ac6..5316232 100644
899 --- a/source3/winbindd/winbindd_pam.c
900 +++ b/source3/winbindd/winbindd_pam.c
901 @@ -1297,6 +1297,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
902 NetlogonInteractiveInformation,
903 info3);
904 }
905 +
906 + if (NT_STATUS_EQUAL(result, NT_STATUS_WRONG_PASSWORD)) {
907 + /*
908 + * HACK: This is a 3.6 hack that we get a new
909 + * session_key to do a successfuly interactive
910 + * logon
911 + */
912 + TALLOC_FREE(domain->conn.netlogon_pipe);
913 + attempts += 1;
914 + retry = true;
915 + continue;
916 + }
917 } else if (domain->can_do_samlogon_ex && domain->can_do_validation6) {
918 result = rpccli_netlogon_sam_network_logon_ex(
919 netlogon_pipe,
920 --
921 1.9.3
922
IPFire 2.x development tree