summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-11-15 21:23:55 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-11-15 21:23:55 +0000
commitac29d6b310d612f52b6200b0bb5320d09fc66039 (patch)
treeba88284ef3b99d22e1e7f057b3c0e83842a15fc4
parent973645cf2d37d478b71124b550af8b284377ef10 (diff)
downloadsamba-ac29d6b310d612f52b6200b0bb5320d09fc66039.tar.gz
samba-ac29d6b310d612f52b6200b0bb5320d09fc66039.tar.bz2
samba-ac29d6b310d612f52b6200b0bb5320d09fc66039.zip
Small auth updates:
- add static remove unnneded prototype - move become_root() to just around pdb calls, so as to make it easier to remove when we kill off this silly idea - Change auth_sam to do 'account before password' rather than 'password before account'. This means that we match Win2k in giving 'account disabled' instead of 'wrong password' if the wrong password to a disabled account is used. Andrew Bartlett (This used to be commit e6d2debaf6064c3229f41c06545a1ccb83695a77)
-rw-r--r--source3/auth/auth_builtin.c2
-rw-r--r--source3/auth/auth_sam.c4
-rw-r--r--source3/auth/auth_util.c3
-rw-r--r--source3/auth/auth_winbind.c8
4 files changed, 6 insertions, 11 deletions
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index 09b9a36cdf..f55f662a40 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -42,9 +42,7 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context,
if (!(user_info->internal_username.str
&& *user_info->internal_username.str)) {
- become_root();
nt_status = make_server_info_guest(server_info);
- unbecome_root();
}
return nt_status;
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 9fa33dccf6..02f8511d6a 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -393,6 +393,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return NT_STATUS_NO_SUCH_USER;
}
+ nt_status = sam_account_ok(mem_ctx, sampass, user_info);
+
nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -400,8 +402,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return nt_status;
}
- nt_status = sam_account_ok(mem_ctx, sampass, user_info);
-
if (!NT_STATUS_IS_OK(nt_status)) {
pdb_free_sam(&sampass);
return nt_status;
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 98b15f3fb6..5696b8f2dc 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -821,9 +821,12 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
sid_copy(&guest_sid, get_global_sam_sid());
sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST);
+ become_root();
if (!pdb_getsampwsid(sampass, &guest_sid)) {
+ unbecome_root();
return NT_STATUS_NO_SUCH_USER;
}
+ unbecome_root();
nt_status = make_server_info_sam(server_info, sampass);
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 10788721fd..c6a1727ebe 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -26,13 +26,7 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
-/* Prototypes from common.h */
-
-NSS_STATUS winbindd_request(int req_type,
- struct winbindd_request *request,
- struct winbindd_response *response);
-
-NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3)
+static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3)
{
uint8 *info3_ndr;
size_t len = response->length - sizeof(response);