Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             :    Authentication utility functions
       4             :    Copyright (C) Andrew Tridgell 1992-1998
       5             :    Copyright (C) Andrew Bartlett 2001
       6             :    Copyright (C) Jeremy Allison 2000-2001
       7             :    Copyright (C) Rafal Szczesniak 2002
       8             :    Copyright (C) Volker Lendecke 2006
       9             : 
      10             :    This program is free software; you can redistribute it and/or modify
      11             :    it under the terms of the GNU General Public License as published by
      12             :    the Free Software Foundation; either version 3 of the License, or
      13             :    (at your option) any later version.
      14             : 
      15             :    This program is distributed in the hope that it will be useful,
      16             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      17             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      18             :    GNU General Public License for more details.
      19             : 
      20             :    You should have received a copy of the GNU General Public License
      21             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      22             : */
      23             : 
      24             : #include "includes.h"
      25             : #include "auth.h"
      26             : #include "nsswitch/winbind_client.h"
      27             : #include "passdb.h"
      28             : 
      29             : #undef DBGC_CLASS
      30             : #define DBGC_CLASS DBGC_AUTH
      31             : 
      32             : 
      33             : /***************************************************************************
      34             :  Is the incoming username our own machine account ?
      35             :  If so, the connection is almost certainly from winbindd.
      36             : ***************************************************************************/
      37             : 
      38        8754 : static bool is_our_machine_account(const char *username)
      39             : {
      40           0 :         bool ret;
      41        8754 :         size_t ulen = strlen(username);
      42        8754 :         const char *nb_name = lp_netbios_name();
      43        8754 :         size_t nb_namelen = strlen(nb_name);
      44             : 
      45        8754 :         if (ulen == 0 || username[ulen-1] != '$') {
      46        8573 :                 return false;
      47             :         }
      48         181 :         if (nb_namelen != ulen-1) {
      49         157 :                 return false;
      50             :         }
      51          24 :         ret = strnequal(username, nb_name, ulen-1);
      52          24 :         return ret;
      53             : }
      54             : 
      55             : /***************************************************************************
      56             :  Make (and fill) a user_info struct from a struct samu
      57             : ***************************************************************************/
      58             : 
      59       20888 : NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
      60             :                               struct samu *sampass,
      61             :                               struct auth_serversupplied_info **pserver_info)
      62             : {
      63           0 :         struct passwd *pwd;
      64           0 :         struct auth_serversupplied_info *server_info;
      65       20888 :         const char *username = pdb_get_username(sampass);
      66       20888 :         TALLOC_CTX *tmp_ctx = talloc_stackframe();
      67           0 :         NTSTATUS status;
      68             : 
      69       20888 :         server_info = make_server_info(tmp_ctx);
      70       20888 :         if (server_info == NULL) {
      71           0 :                 status = NT_STATUS_NO_MEMORY;
      72           0 :                 goto out;
      73             :         }
      74             : 
      75       20888 :         pwd = Get_Pwnam_alloc(tmp_ctx, username);
      76       20888 :         if (pwd == NULL) {
      77           0 :                 DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
      78             :                           pdb_get_username(sampass)));
      79           0 :                 status = NT_STATUS_NO_SUCH_USER;
      80           0 :                 goto out;
      81             :         }
      82             : 
      83       20888 :         status = samu_to_SamInfo3(server_info,
      84             :                                   sampass,
      85             :                                   lp_netbios_name(),
      86       20888 :                                   &server_info->info3,
      87       20888 :                                   &server_info->extra);
      88       20888 :         if (!NT_STATUS_IS_OK(status)) {
      89           0 :                 goto out;
      90             :         }
      91             : 
      92       20888 :         server_info->unix_name = talloc_move(server_info, &pwd->pw_name);
      93             : 
      94       20888 :         server_info->utok.gid = pwd->pw_gid;
      95       20888 :         server_info->utok.uid = pwd->pw_uid;
      96             : 
      97       20888 :         if (IS_DC && is_our_machine_account(username)) {
      98             :                 /*
      99             :                  * This is a hack of monstrous proportions.
     100             :                  * If we know it's winbindd talking to us,
     101             :                  * we know we must never recurse into it,
     102             :                  * so turn off contacting winbindd for this
     103             :                  * entire process. This will get fixed when
     104             :                  * winbindd doesn't need to talk to smbd on
     105             :                  * a PDC. JRA.
     106             :                  */
     107             : 
     108           0 :                 (void)winbind_off();
     109             : 
     110           0 :                 DEBUG(10, ("make_server_info_sam: our machine account %s "
     111             :                            "turning off winbindd requests.\n", username));
     112             :         }
     113             : 
     114       20888 :         DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
     115             :                  pdb_get_username(sampass), server_info->unix_name));
     116             : 
     117       20888 :         *pserver_info = talloc_move(mem_ctx, &server_info);
     118             : 
     119       20888 :         status = NT_STATUS_OK;
     120       20888 : out:
     121       20888 :         talloc_free(tmp_ctx);
     122             : 
     123       20888 :         return status;
     124             : }