diff options
author | Tim Potter <tpot@samba.org> | 2001-11-23 00:14:04 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2001-11-23 00:14:04 +0000 |
commit | 5788899a480c3b4c79a1970dbd1634cc3fed4de6 (patch) | |
tree | 98dbdcaabca79f8697cb705cc81fec5dc9aa8aca | |
parent | 2025ef4c18b0fdf79e493c2c97e32bc38019424b (diff) | |
download | samba-5788899a480c3b4c79a1970dbd1634cc3fed4de6.tar.gz samba-5788899a480c3b4c79a1970dbd1634cc3fed4de6.tar.bz2 samba-5788899a480c3b4c79a1970dbd1634cc3fed4de6.zip |
Fixed check machine account function.
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
-rw-r--r-- | source3/nsswitch/winbindd_cm.c | 14 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_misc.c | 84 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 18 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_proto.h | 21 |
4 files changed, 63 insertions, 74 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index baff937b7f..a00bc3f5d9 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -625,10 +625,11 @@ CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, /* Get a handle on a netlogon pipe. This is a bit of a hack to re-use the netlogon pipe as no handle is returned. */ -struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd) +NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, + struct cli_state **cli) { struct winbindd_cm_conn conn; - NTSTATUS result; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; /* Open an initial conection */ @@ -636,7 +637,7 @@ struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd) if (!cm_open_connection(domain, PIPE_NETLOGON, &conn)) { DEBUG(3, ("Could not open a connection to %s\n", domain)); - return NULL; + return result; } result = cli_nt_setup_creds(conn.cli, trust_passwd); @@ -645,12 +646,13 @@ struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd) DEBUG(0, ("error connecting to domain password server: %s\n", get_nt_error_msg(result))); cli_shutdown(conn.cli); - return NULL; + return result; } - /* We only want the client handle from this structure */ + if (cli) + *cli = conn.cli; - return conn.cli; + return result; } /* Dump the current connection status */ diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index b06ee223a7..95c4f29c18 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -25,22 +25,6 @@ extern pstring global_myname; -/* Some routines to fetch the trust account password from a HEAD - version of Samba. Yuck. )-: */ - -/************************************************************************ -form a key for fetching a domain trust password from -************************************************************************/ -static char *trust_keystr(char *domain) -{ - static fstring keystr; - - snprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS, - domain); - - return keystr; -} - /************************************************************************ Routine to get the trust account password for a domain ************************************************************************/ @@ -51,11 +35,15 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, size_t size; if (!(pass = secrets_fetch(trust_keystr(domain), &size)) || - size != sizeof(*pass)) return False; + size != sizeof(*pass)) + return False; + + if (pass_last_set_time) + *pass_last_set_time = pass->mod_time; - if (pass_last_set_time) *pass_last_set_time = pass->mod_time; memcpy(ret_pwd, pass->hash, 16); SAFE_FREE(pass); + return True; } @@ -63,13 +51,10 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd, enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state) { - NTSTATUS status; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uchar trust_passwd[16]; - struct in_addr *ip_list = NULL; - int count; - fstring controller, trust_account; int num_retries = 0; - + struct cli_state *cli; DEBUG(3, ("[%5d]: check machine account\n", state->pid)); /* Get trust account password */ @@ -77,36 +62,21 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat again: if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) { - status = NT_STATUS_INTERNAL_ERROR; - goto done; - } - - /* Get domain controller */ - - if (!get_dc_list(True, lp_workgroup(), &ip_list, &count) || - !lookup_pdc_name(global_myname, lp_workgroup(), &ip_list[0], - controller)) { - DEBUG(0, ("could not find domain controller for " - "domain %s\n", lp_workgroup())); - status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; + result = NT_STATUS_INTERNAL_ERROR; goto done; } - DEBUG(3, ("contacting controller %s to check secret\n", controller)); + /* This call does a cli_nt_setup_creds() which implicitly checks + the trust account password. */ - /* Contact domain controller to check secret */ + result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); - slprintf(trust_account, sizeof(trust_account) - 1, "%s$", - global_myname); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + goto done; + } -#if 0 /* XXX */ - { - uint16 validation_level; - status = cli_nt_setup_creds(controller, lp_workgroup(), global_myname, - trust_account, trust_passwd, - SEC_CHAN_WKSTA, &validation_level); - } -#endif + cli_shutdown(cli); /* There is a race condition between fetching the trust account password and joining the domain so it's possible that the trust @@ -116,7 +86,7 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat #define MAX_RETRIES 8 if ((num_retries < MAX_RETRIES) && - NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { + NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) { num_retries++; goto again; } @@ -124,10 +94,12 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat /* Pass back result code - zero for success, other values for specific failures. */ - DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ? "good" : "bad")); + DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ? + "good" : "bad")); done: - state->response.data.num_entries = NT_STATUS_V(status); + state->response.data.num_entries = NT_STATUS_V(result); + return WINBINDD_OK; } @@ -147,20 +119,21 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state /* Skip own domain */ - if (strequal(domain->name, lp_workgroup())) continue; + if (strequal(domain->name, lp_workgroup())) + continue; /* Add domain to list */ total_entries++; ted = Realloc(extra_data, sizeof(fstring) * - total_entries); + total_entries); if (!ted) { DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n")); SAFE_FREE(extra_data); return WINBINDD_ERROR; - } - else extra_data = ted; + } else + extra_data = ted; memcpy(&extra_data[extra_data_len], domain->name, strlen(domain->name)); @@ -170,7 +143,8 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state } if (extra_data) { - if (extra_data_len > 1) extra_data[extra_data_len - 1] = '\0'; + if (extra_data_len > 1) + extra_data[extra_data_len - 1] = '\0'; state->response.extra_data = extra_data; state->response.length += extra_data_len; } diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index aa248aadaf..57733b5471 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -2,7 +2,7 @@ Unix SMB/Netbios implementation. Version 3.0 - Winbind daemon - pam auuth funcions + Winbind daemon - pam auth funcions Copyright (C) Andrew Tridgell 2000 Copyright (C) Tim Potter 2001 @@ -102,9 +102,11 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) ZERO_STRUCT(info3); - if (!(cli = cm_get_netlogon_cli(lp_workgroup(), trust_passwd))) { + result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); + + if (!NT_STATUS_IS_OK(result)) { DEBUG(3, ("could not open handle to NETLOGON pipe\n")); - return WINBINDD_ERROR; + goto done; } result = cli_nt_login_network(cli, user_info, smb_uid_low, @@ -113,7 +115,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) free_user_info(&user_info); cli_shutdown(cli); - + + done: return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } @@ -165,9 +168,11 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) ZERO_STRUCT(info3); - if (!(cli = cm_get_netlogon_cli(lp_workgroup(), trust_passwd))) { + result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); + + if (!NT_STATUS_IS_OK(result)) { DEBUG(3, ("could not open handle to NETLOGON pipe\n")); - return WINBINDD_ERROR; + goto done; } result = cli_nt_login_network(cli, user_info, smb_uid_low, @@ -177,6 +182,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) cli_shutdown(cli); + done: return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h index 1a046c67d5..78afeae94c 100644 --- a/source3/nsswitch/winbindd_proto.h +++ b/source3/nsswitch/winbindd_proto.h @@ -16,6 +16,10 @@ void winbindd_store_user_cache(struct winbindd_domain *domain, void winbindd_store_group_cache(struct winbindd_domain *domain, struct acct_info *sam_entries, int num_sam_entries); +void winbindd_store_name_cache_entry(struct winbindd_domain *domain, + char *sid, struct winbindd_name *name); +void winbindd_store_sid_cache_entry(struct winbindd_domain *domain, + char *name, struct winbindd_sid *sid); void winbindd_store_user_cache_entry(struct winbindd_domain *domain, char *user_name, struct winbindd_pw *pw); void winbindd_store_uid_cache_entry(struct winbindd_domain *domain, uid_t uid, @@ -32,6 +36,10 @@ BOOL winbindd_fetch_user_cache(struct winbindd_domain *domain, BOOL winbindd_fetch_group_cache(struct winbindd_domain *domain, struct acct_info **sam_entries, int *num_entries); +BOOL winbindd_fetch_sid_cache_entry(struct winbindd_domain *domain, + char *name, struct winbindd_sid *sid); +BOOL winbindd_fetch_name_cache_entry(struct winbindd_domain *domain, + char *sid, struct winbindd_name *name); BOOL winbindd_fetch_user_cache_entry(struct winbindd_domain *domain, char *user, struct winbindd_pw *pw); BOOL winbindd_fetch_uid_cache_entry(struct winbindd_domain *domain, uid_t uid, @@ -54,7 +62,8 @@ CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid, uint32 user_rid); CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, uint32 group_rid); -struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd); +NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, + struct cli_state **cli); void winbindd_cm_status(void); /* The following definitions come from nsswitch/winbindd_group.c */ @@ -118,13 +127,13 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state); /* The following definitions come from nsswitch/winbindd_util.c */ +struct winbindd_domain *find_domain_from_name(char *domain_name); +struct winbindd_domain *find_domain_from_sid(DOM_SID *sid); BOOL get_domain_info(void); void free_domain_info(void); BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain); -BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, - enum SID_NAME_USE *type); -BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name, - enum SID_NAME_USE *type); +BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, enum SID_NAME_USE *type); +BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name, enum SID_NAME_USE *type); BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 user_rid, SAM_USERINFO_CTR **user_info); @@ -136,8 +145,6 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain, uint32 group_rid, uint32 *num_names, uint32 **rid_mem, char ***names, uint32 **name_types); -struct winbindd_domain *find_domain_from_name(char *domain_name); -struct winbindd_domain *find_domain_from_sid(DOM_SID *sid); void free_getent_state(struct getent_state *state); BOOL winbindd_param_init(void); NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain, |