source3/auth/server_info_sam.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Authentication utility functions
   4    Copyright (C) Andrew Tridgell 1992-1998
   5    Copyright (C) Andrew Bartlett 2001
   6    Copyright (C) Jeremy Allison 2000-2001
   7    Copyright (C) Rafal Szczesniak 2002
   8    Copyright (C) Volker Lendecke 2006
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25 #include "smbd/globals.h"
  26 #include "../libcli/auth/libcli_auth.h"
  27
  28 #undef DBGC_CLASS
  29 #define DBGC_CLASS DBGC_AUTH
  30
  31
  32 /***************************************************************************
  33  Is the incoming username our own machine account ?
  34  If so, the connection is almost certainly from winbindd.
  35 ***************************************************************************/
  36
  37 static bool is_our_machine_account(const char *username)
  38 {
  39         bool ret;
  40         char *truncname = NULL;
  41         size_t ulen = strlen(username);
  42
  43         if (ulen == 0 || username[ulen-1] != '$') {
  44                 return false;
  45         }
  46         truncname = SMB_STRDUP(username);
  47         if (!truncname) {
  48                 return false;
  49         }
  50         truncname[ulen-1] = '\0';
  51         ret = strequal(truncname, global_myname());
  52         SAFE_FREE(truncname);
  53         return ret;
  54 }
  55
  56 /***************************************************************************
  57  Make (and fill) a user_info struct from a struct samu
  58 ***************************************************************************/
  59
  60 NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
  61                               struct samu *sampass)
  62 {
  63         struct passwd *pwd;
  64         struct auth_serversupplied_info *result;
  65         const char *username = pdb_get_username(sampass);
  66         NTSTATUS status;
  67
  68         if ( !(result = make_server_info(NULL)) ) {
  69                 return NT_STATUS_NO_MEMORY;
  70         }
  71
  72         if ( !(pwd = getpwnam_alloc(result, username)) ) {
  73                 DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
  74                           pdb_get_username(sampass)));
  75                 TALLOC_FREE(result);
  76                 return NT_STATUS_NO_SUCH_USER;
  77         }
  78
  79         status = samu_to_SamInfo3(result, sampass, global_myname(),
  80                                   &result->info3, &result->extra);
  81         if (!NT_STATUS_IS_OK(status)) {
  82                 TALLOC_FREE(result);
  83                 return status;
  84         }
  85
  86         result->unix_name = pwd->pw_name;
  87         /* Ensure that we keep pwd->pw_name, because we will free pwd below */
  88         talloc_steal(result, pwd->pw_name);
  89         result->utok.gid = pwd->pw_gid;
  90         result->utok.uid = pwd->pw_uid;
  91
  92         TALLOC_FREE(pwd);
  93
  94         result->sanitized_username = sanitize_username(result,
  95                                                        result->unix_name);
  96         if (result->sanitized_username == NULL) {
  97                 TALLOC_FREE(result);
  98                 return NT_STATUS_NO_MEMORY;
  99         }
 100
 101         if (IS_DC && is_our_machine_account(username)) {
 102                 /*
 103                  * This is a hack of monstrous proportions.
 104                  * If we know it's winbindd talking to us,
 105                  * we know we must never recurse into it,
 106                  * so turn off contacting winbindd for this
 107                  * entire process. This will get fixed when
 108                  * winbindd doesn't need to talk to smbd on
 109                  * a PDC. JRA.
 110                  */
 111
 112                 (void)winbind_off();
 113
 114                 DEBUG(10, ("make_server_info_sam: our machine account %s "
 115                            "turning off winbindd requests.\n", username));
 116         }
 117
 118         DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
 119                  pdb_get_username(sampass), result->unix_name));
 120
 121         *server_info = result;
 122
 123         return NT_STATUS_OK;
 124 }