diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-11-15 21:23:55 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-11-15 21:23:55 +0000 |
commit | ac29d6b310d612f52b6200b0bb5320d09fc66039 (patch) | |
tree | ba88284ef3b99d22e1e7f057b3c0e83842a15fc4 | |
parent | 973645cf2d37d478b71124b550af8b284377ef10 (diff) | |
download | samba-ac29d6b310d612f52b6200b0bb5320d09fc66039.tar.gz samba-ac29d6b310d612f52b6200b0bb5320d09fc66039.tar.bz2 samba-ac29d6b310d612f52b6200b0bb5320d09fc66039.zip |
Small auth updates:
- add static remove unnneded prototype
- move become_root() to just around pdb calls, so as to make it easier to
remove when we kill off this silly idea
- Change auth_sam to do 'account before password' rather than 'password before
account'. This means that we match Win2k in giving 'account disabled' instead
of 'wrong password' if the wrong password to a disabled account is used.
Andrew Bartlett
(This used to be commit e6d2debaf6064c3229f41c06545a1ccb83695a77)
-rw-r--r-- | source3/auth/auth_builtin.c | 2 | ||||
-rw-r--r-- | source3/auth/auth_sam.c | 4 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 3 | ||||
-rw-r--r-- | source3/auth/auth_winbind.c | 8 |
4 files changed, 6 insertions, 11 deletions
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index 09b9a36cdf..f55f662a40 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -42,9 +42,7 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, if (!(user_info->internal_username.str && *user_info->internal_username.str)) { - become_root(); nt_status = make_server_info_guest(server_info); - unbecome_root(); } return nt_status; diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 9fa33dccf6..02f8511d6a 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -393,6 +393,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_NO_SUCH_USER; } + nt_status = sam_account_ok(mem_ctx, sampass, user_info); + nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key); if (!NT_STATUS_IS_OK(nt_status)) { @@ -400,8 +402,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return nt_status; } - nt_status = sam_account_ok(mem_ctx, sampass, user_info); - if (!NT_STATUS_IS_OK(nt_status)) { pdb_free_sam(&sampass); return nt_status; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 98b15f3fb6..5696b8f2dc 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -821,9 +821,12 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info) sid_copy(&guest_sid, get_global_sam_sid()); sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST); + become_root(); if (!pdb_getsampwsid(sampass, &guest_sid)) { + unbecome_root(); return NT_STATUS_NO_SUCH_USER; } + unbecome_root(); nt_status = make_server_info_sam(server_info, sampass); diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 10788721fd..c6a1727ebe 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -26,13 +26,7 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -/* Prototypes from common.h */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response); - -NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3) +static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3) { uint8 *info3_ndr; size_t len = response->length - sizeof(response); |