summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-06-24 01:51:11 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-06-24 01:51:11 +0000
commit4f7a02d5ded64e8c845f0c094a58be5bfb0171e8 (patch)
treeb9b7ac4bcf529913d1bc91dd0959ccef0a0ce3f1
parentea7cdc4de060181b11779d726ba2aecf0a09b72b (diff)
downloadsamba-4f7a02d5ded64e8c845f0c094a58be5bfb0171e8.tar.gz
samba-4f7a02d5ded64e8c845f0c094a58be5bfb0171e8.tar.bz2
samba-4f7a02d5ded64e8c845f0c094a58be5bfb0171e8.zip
Try to get security=domain at least slightly working.
The previous code both had basic logic flaws in it, and some subtle issues regarding the Win2k info3 response. I've tested this against Samba (it looks like that was missed last time due to the 'called name' corruption - which broke my testsuite) and accomidated what I've seen from a info3 printout jmcd gave me. I'll get this tested fully as soon as I get my VMware going again. Andrew Bartlett (This used to be commit 87eba4c811293d2428bfb9bc36de22e66dce7f8b)
-rw-r--r--source3/auth/auth_domain.c3
-rw-r--r--source3/auth/auth_util.c18
2 files changed, 13 insertions, 8 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 8c6bb8908f..ee486d3f30 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -332,7 +332,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
user_info->domain.str, cli->srv_name_slash,
nt_errstr(nt_status)));
} else {
- nt_status = make_server_info_info3(mem_ctx, domain, server_info, &info3);
+ nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str,
+ user_info->smb_name.str, domain, server_info, &info3);
#if 0
/* The stuff doesn't work right yet */
SMB_ASSERT(sizeof((*server_info)->session_key) == sizeof(info3.user_sess_key));
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a66cd6ffc7..3ade220c0f 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -570,14 +570,16 @@ BOOL make_server_info_guest(auth_serversupplied_info **server_info)
***************************************************************************/
NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
+ const char *internal_username,
+ const char *sent_nt_username,
const char *domain,
auth_serversupplied_info **server_info,
NET_USER_INFO_3 *info3)
{
NTSTATUS nt_status = NT_STATUS_OK;
- char *nt_domain;
- char *nt_username;
+ const char *nt_domain;
+ const char *nt_username;
SAM_ACCOUNT *sam_account = NULL;
DOM_SID user_sid;
@@ -605,11 +607,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
}
if (!(nt_username = unistr2_tdup(mem_ctx, &(info3->uni_user_name)))) {
- return NT_STATUS_NO_MEMORY;
+ /* If the server didn't give us one, just use the one we sent them */
+ nt_username = sent_nt_username;
}
if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) {
- return NT_STATUS_NO_MEMORY;
+ /* If the server didn't give us one, just use the one we sent them */
+ domain = domain;
}
if (winbind_sid_to_uid(&uid, &user_sid)
@@ -622,7 +626,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
dom_user = talloc_asprintf(mem_ctx, "%s%s%s",
nt_domain,
lp_winbind_separator(),
- nt_username);
+ internal_username);
if (!dom_user) {
DEBUG(0, ("talloc_asprintf failed!\n"));
@@ -634,10 +638,10 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
domain, we don't want this for
trusted domains */
&& strequal(nt_domain, lp_workgroup())) {
- passwd = Get_Pwnam(nt_username);
+ passwd = Get_Pwnam(internal_username);
}
- if (passwd) {
+ if (!passwd) {
return NT_STATUS_NO_SUCH_USER;
} else {
nt_status = pdb_init_sam_pw(&sam_account, passwd);