void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, const struct security_token *token) { struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; /* Set the security context */ DEBUG(4, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", (unsigned int)uid, (unsigned int)gid, sec_ctx_stack_ndx)); security_token_debug(DBGC_CLASS, 5, token); debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups); /* Change uid, gid and supplementary group list. */ set_unix_security_ctx(uid, gid, ngroups, groups); ctx_p->ut.ngroups = ngroups; SAFE_FREE(ctx_p->ut.groups); if (token && (token == ctx_p->token)) { smb_panic("DUPLICATE_TOKEN"); } TALLOC_FREE(ctx_p->token); if (ngroups) { ctx_p->ut.groups = (gid_t *)smb_xmemdup(groups, sizeof(gid_t) * ngroups); } else { ctx_p->ut.groups = NULL; } if (token) { ctx_p->token = dup_nt_token(NULL, token); if (!ctx_p->token) { smb_panic("dup_nt_token failed"); } } else { ctx_p->token = NULL; } ctx_p->ut.uid = uid; ctx_p->ut.gid = gid; /* Update current_user stuff */ current_user.ut.uid = uid; current_user.ut.gid = gid; current_user.ut.ngroups = ngroups; current_user.ut.groups = groups; current_user.nt_user_token = ctx_p->token; }
extern NTSTATUS mapiproxy_server_register(const void *_server_module) { const struct mapiproxy_module *server_module = (const struct mapiproxy_module *) _server_module; server_modules = realloc_p(server_modules, struct server_module, num_server_modules + 1); if (!server_modules) { smb_panic("out of memory in mapiproxy_server_register"); } server_modules[num_server_modules].server_module = (struct mapiproxy_module *) smb_xmemdup(server_module, sizeof (*server_module)); server_modules[num_server_modules].server_module->name = smb_xstrdup(server_module->name); num_server_modules++; DEBUG(3, ("MAPIPROXY server '%s' registered\n", server_module->name)); return NT_STATUS_OK; }
DATA_BLOB data_blob(const void *p, size_t length) { DATA_BLOB ret; if (!length) { ZERO_STRUCT(ret); return ret; } if (p) { ret.data = (uint8 *)smb_xmemdup(p, length); } else { ret.data = SMB_XMALLOC_ARRAY(uint8, length); } ret.length = length; ret.free = free_data_blob; return ret; }
enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *domain, struct winbindd_cli_state *state) { NTSTATUS result = NT_STATUS_NOT_SUPPORTED; struct WINBINDD_MEMORY_CREDS *entry; DATA_BLOB initial, challenge, auth; fstring name_domain, name_user; uint32 initial_blob_len, challenge_blob_len, extra_len; /* Ensure null termination */ state->request.data.ccache_ntlm_auth.user[ sizeof(state->request.data.ccache_ntlm_auth.user)-1]='\0'; DEBUG(3, ("winbindd_dual_ccache_ntlm_auth: [%5lu]: perform NTLM auth on " "behalf of user %s (dual)\n", (unsigned long)state->pid, state->request.data.ccache_ntlm_auth.user)); /* validate blob lengths */ initial_blob_len = state->request.data.ccache_ntlm_auth.initial_blob_len; challenge_blob_len = state->request.data.ccache_ntlm_auth.challenge_blob_len; extra_len = state->request.extra_len; if (initial_blob_len > extra_len || challenge_blob_len > extra_len || initial_blob_len + challenge_blob_len > extra_len || initial_blob_len + challenge_blob_len < initial_blob_len || initial_blob_len + challenge_blob_len < challenge_blob_len) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: blob lengths overrun " "or wrap. Buffer [%d+%d > %d]\n", initial_blob_len, challenge_blob_len, extra_len)); goto process_result; } /* Parse domain and username */ if (!parse_domain_user(state->request.data.ccache_ntlm_auth.user, name_domain, name_user)) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse " "domain and user from name [%s]\n", state->request.data.ccache_ntlm_auth.user)); goto process_result; } entry = find_memory_creds_by_name(state->request.data.ccache_ntlm_auth.user); if (entry == NULL || entry->nt_hash == NULL || entry->lm_hash == NULL) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: could not find " "credentials for user %s\n", state->request.data.ccache_ntlm_auth.user)); goto process_result; } DEBUG(10,("winbindd_dual_ccache_ntlm_auth: found ccache [%s]\n", entry->username)); if (!client_can_access_ccache_entry(state->request.data.ccache_ntlm_auth.uid, entry)) { goto process_result; } if (initial_blob_len == 0 && challenge_blob_len == 0) { /* this is just a probe to see if credentials are available. */ result = NT_STATUS_OK; state->response.data.ccache_ntlm_auth.auth_blob_len = 0; goto process_result; } initial = data_blob(state->request.extra_data.data, initial_blob_len); challenge = data_blob(state->request.extra_data.data + initial_blob_len, state->request.data.ccache_ntlm_auth.challenge_blob_len); if (!initial.data || !challenge.data) { result = NT_STATUS_NO_MEMORY; } else { result = do_ntlm_auth_with_hashes(name_user, name_domain, entry->lm_hash, entry->nt_hash, initial, challenge, &auth); } data_blob_free(&initial); data_blob_free(&challenge); if (!NT_STATUS_IS_OK(result)) { goto process_result; } state->response.extra_data.data = smb_xmemdup(auth.data, auth.length); if (!state->response.extra_data.data) { result = NT_STATUS_NO_MEMORY; goto process_result; } state->response.length += auth.length; state->response.data.ccache_ntlm_auth.auth_blob_len = auth.length; data_blob_free(&auth); process_result: return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; }