Line data Source code
1 : /* 2 : Unix SMB/CIFS implementation. 3 : Authentication utility functions 4 : Copyright (C) Andrew Tridgell 1992-1998 5 : Copyright (C) Andrew Bartlett 2001 6 : Copyright (C) Jeremy Allison 2000-2001 7 : Copyright (C) Rafal Szczesniak 2002 8 : Copyright (C) Volker Lendecke 2006 9 : 10 : This program is free software; you can redistribute it and/or modify 11 : it under the terms of the GNU General Public License as published by 12 : the Free Software Foundation; either version 3 of the License, or 13 : (at your option) any later version. 14 : 15 : This program is distributed in the hope that it will be useful, 16 : but WITHOUT ANY WARRANTY; without even the implied warranty of 17 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 : GNU General Public License for more details. 19 : 20 : You should have received a copy of the GNU General Public License 21 : along with this program. If not, see <http://www.gnu.org/licenses/>. 22 : */ 23 : 24 : #include "includes.h" 25 : #include "auth.h" 26 : #include "nsswitch/winbind_client.h" 27 : #include "passdb.h" 28 : 29 : #undef DBGC_CLASS 30 : #define DBGC_CLASS DBGC_AUTH 31 : 32 : 33 : /*************************************************************************** 34 : Is the incoming username our own machine account ? 35 : If so, the connection is almost certainly from winbindd. 36 : ***************************************************************************/ 37 : 38 8552 : static bool is_our_machine_account(const char *username) 39 : { 40 0 : bool ret; 41 8552 : size_t ulen = strlen(username); 42 8552 : const char *nb_name = lp_netbios_name(); 43 8552 : size_t nb_namelen = strlen(nb_name); 44 : 45 8552 : if (ulen == 0 || username[ulen-1] != '$') { 46 8378 : return false; 47 : } 48 174 : if (nb_namelen != ulen-1) { 49 150 : return false; 50 : } 51 24 : ret = strnequal(username, nb_name, ulen-1); 52 24 : return ret; 53 : } 54 : 55 : /*************************************************************************** 56 : Make (and fill) a user_info struct from a struct samu 57 : ***************************************************************************/ 58 : 59 21101 : NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx, 60 : struct samu *sampass, 61 : struct auth_serversupplied_info **pserver_info) 62 : { 63 0 : struct passwd *pwd; 64 0 : struct auth_serversupplied_info *server_info; 65 21101 : const char *username = pdb_get_username(sampass); 66 21101 : TALLOC_CTX *tmp_ctx = talloc_stackframe(); 67 0 : NTSTATUS status; 68 : 69 21101 : server_info = make_server_info(tmp_ctx); 70 21101 : if (server_info == NULL) { 71 0 : status = NT_STATUS_NO_MEMORY; 72 0 : goto out; 73 : } 74 : 75 21101 : pwd = Get_Pwnam_alloc(tmp_ctx, username); 76 21101 : if (pwd == NULL) { 77 0 : DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n", 78 : pdb_get_username(sampass))); 79 0 : status = NT_STATUS_NO_SUCH_USER; 80 0 : goto out; 81 : } 82 : 83 21101 : status = samu_to_SamInfo3(server_info, 84 : sampass, 85 : lp_netbios_name(), 86 21101 : &server_info->info3, 87 21101 : &server_info->extra); 88 21101 : if (!NT_STATUS_IS_OK(status)) { 89 0 : goto out; 90 : } 91 : 92 21101 : server_info->unix_name = talloc_move(server_info, &pwd->pw_name); 93 : 94 21101 : server_info->utok.gid = pwd->pw_gid; 95 21101 : server_info->utok.uid = pwd->pw_uid; 96 : 97 21101 : if (IS_DC && is_our_machine_account(username)) { 98 : /* 99 : * This is a hack of monstrous proportions. 100 : * If we know it's winbindd talking to us, 101 : * we know we must never recurse into it, 102 : * so turn off contacting winbindd for this 103 : * entire process. This will get fixed when 104 : * winbindd doesn't need to talk to smbd on 105 : * a PDC. JRA. 106 : */ 107 : 108 0 : (void)winbind_off(); 109 : 110 0 : DEBUG(10, ("make_server_info_sam: our machine account %s " 111 : "turning off winbindd requests.\n", username)); 112 : } 113 : 114 21101 : DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", 115 : pdb_get_username(sampass), server_info->unix_name)); 116 : 117 21101 : *pserver_info = talloc_move(mem_ctx, &server_info); 118 : 119 21101 : status = NT_STATUS_OK; 120 21101 : out: 121 21101 : talloc_free(tmp_ctx); 122 : 123 21101 : return status; 124 : }