From: Noel Power Date: Sat, 21 Oct 2023 10:47:30 +0000 (+0100) Subject: s3/winbindd: Add new canonicalize_username function X-Git-Tag: talloc-2.4.2~1174 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2e06bf9feb3d6f14fa981c9b79f6fb89311f781f;p=thirdparty%2Fsamba.git s3/winbindd: Add new canonicalize_username function Add a mew canonicalize_username replacement function for canonicalize_username_fstr which doesn't use fstrings but instead uses talloc allocated strings Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 9becd891267..bf96566edc2 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -520,6 +520,33 @@ bool parse_domain_user(const char *domuser, fstring namespace, fstring domain, fstring user); +/** + * Ensure an incoming username from NSS is fully qualified. Replace the + * incoming username with DOMAIN user. Additionally returns + * the same values as parse_domain_user() as out params. + * Used to ensure all names are fully qualified within winbindd. + * Used by the NSS protocols of auth, chauthtok, logoff and ccache_ntlm_auth. + * The protocol definitions of auth_crap, chng_pswd_auth_crap + * really should be changed to use this instead of doing things + * by hand. JRA. + * + * @param[in] mem_ctx talloc context + * @param[in,out] username_inout populated with fully qualified name + with format 'DOMAIN user' where DOMAIN and + user are determined by the output of parse_domain_user() + * @param[out] namespace populated with namespace returned from + parse_domain_user() + * @param[out] domain populated with domain returned from + parse_domain_user() + * @param[out] populated with user returned from + parse_domain_user() + * @return bool indicating success or failure + */ +bool canonicalize_username(TALLOC_CTX *mem_ctx, + char **username_inout, + char **namespace, + char **domain, + char **user); bool canonicalize_username_fstr(fstring username_inout, fstring namespace, fstring domain, diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 9a6d9cdaa36..49880111999 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1590,6 +1590,67 @@ bool parse_domain_user(const char *domuser, return strupper_m(domain); } +bool canonicalize_username(TALLOC_CTX *mem_ctx, + char **pusername_inout, + char **pnamespace, + char **pdomain, + char **puser) +{ + bool ok; + char *namespace = NULL; + char *domain = NULL; + char *user = NULL; + char *username_inout = NULL; + fstring f_username_inout; + fstring f_namespace; + fstring f_domain; + fstring f_user; + + fstrcpy(f_username_inout, *pusername_inout); + fstrcpy(f_namespace, *pnamespace); + fstrcpy(f_domain, *pdomain); + fstrcpy(f_user, *puser); + + ok = parse_domain_user(f_username_inout, + f_namespace, f_domain, f_user); + if (!ok) { + return False; + } + + username_inout = talloc_asprintf(mem_ctx, "%s%c%s", + f_domain, *lp_winbind_separator(), + f_user); + + if (username_inout == NULL) { + goto fail; + } + + user = talloc_strdup(mem_ctx, f_user); + if (user == NULL) { + goto fail; + } + domain = talloc_strdup(mem_ctx, f_domain); + if (domain == NULL) { + goto fail; + } + namespace = talloc_strdup(mem_ctx, f_namespace); + if (namespace == NULL) { + goto fail; + } + *pnamespace = namespace; + *puser = user; + *pdomain = domain; + *pusername_inout = username_inout; + return True; +fail: + TALLOC_FREE(username_inout); + TALLOC_FREE(namespace); + TALLOC_FREE(domain); + TALLOC_FREE(user); + return false; +} + + /* Ensure an incoming username from NSS is fully qualified. Replace the incoming fstring with DOMAIN user. Returns the same values as parse_domain_user() but also replaces the incoming username.