summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-11-23 00:14:04 +0000
committerTim Potter <tpot@samba.org>2001-11-23 00:14:04 +0000
commit5788899a480c3b4c79a1970dbd1634cc3fed4de6 (patch)
tree98dbdcaabca79f8697cb705cc81fec5dc9aa8aca
parent2025ef4c18b0fdf79e493c2c97e32bc38019424b (diff)
downloadsamba-5788899a480c3b4c79a1970dbd1634cc3fed4de6.tar.gz
samba-5788899a480c3b4c79a1970dbd1634cc3fed4de6.tar.bz2
samba-5788899a480c3b4c79a1970dbd1634cc3fed4de6.zip
Fixed check machine account function.
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)
-rw-r--r--source3/nsswitch/winbindd_cm.c14
-rw-r--r--source3/nsswitch/winbindd_misc.c84
-rw-r--r--source3/nsswitch/winbindd_pam.c18
-rw-r--r--source3/nsswitch/winbindd_proto.h21
4 files changed, 63 insertions, 74 deletions
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index baff937b7f..a00bc3f5d9 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -625,10 +625,11 @@ CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
/* Get a handle on a netlogon pipe. This is a bit of a hack to re-use the
netlogon pipe as no handle is returned. */
-struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd)
+NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
+ struct cli_state **cli)
{
struct winbindd_cm_conn conn;
- NTSTATUS result;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
/* Open an initial conection */
@@ -636,7 +637,7 @@ struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd)
if (!cm_open_connection(domain, PIPE_NETLOGON, &conn)) {
DEBUG(3, ("Could not open a connection to %s\n", domain));
- return NULL;
+ return result;
}
result = cli_nt_setup_creds(conn.cli, trust_passwd);
@@ -645,12 +646,13 @@ struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd)
DEBUG(0, ("error connecting to domain password server: %s\n",
get_nt_error_msg(result)));
cli_shutdown(conn.cli);
- return NULL;
+ return result;
}
- /* We only want the client handle from this structure */
+ if (cli)
+ *cli = conn.cli;
- return conn.cli;
+ return result;
}
/* Dump the current connection status */
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index b06ee223a7..95c4f29c18 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -25,22 +25,6 @@
extern pstring global_myname;
-/* Some routines to fetch the trust account password from a HEAD
- version of Samba. Yuck. )-: */
-
-/************************************************************************
-form a key for fetching a domain trust password from
-************************************************************************/
-static char *trust_keystr(char *domain)
-{
- static fstring keystr;
-
- snprintf(keystr,sizeof(keystr),"%s/%s", SECRETS_MACHINE_ACCT_PASS,
- domain);
-
- return keystr;
-}
-
/************************************************************************
Routine to get the trust account password for a domain
************************************************************************/
@@ -51,11 +35,15 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd,
size_t size;
if (!(pass = secrets_fetch(trust_keystr(domain), &size)) ||
- size != sizeof(*pass)) return False;
+ size != sizeof(*pass))
+ return False;
+
+ if (pass_last_set_time)
+ *pass_last_set_time = pass->mod_time;
- if (pass_last_set_time) *pass_last_set_time = pass->mod_time;
memcpy(ret_pwd, pass->hash, 16);
SAFE_FREE(pass);
+
return True;
}
@@ -63,13 +51,10 @@ static BOOL _get_trust_account_password(char *domain, unsigned char *ret_pwd,
enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *state)
{
- NTSTATUS status;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
uchar trust_passwd[16];
- struct in_addr *ip_list = NULL;
- int count;
- fstring controller, trust_account;
int num_retries = 0;
-
+ struct cli_state *cli;
DEBUG(3, ("[%5d]: check machine account\n", state->pid));
/* Get trust account password */
@@ -77,36 +62,21 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
again:
if (!_get_trust_account_password(lp_workgroup(), trust_passwd,
NULL)) {
- status = NT_STATUS_INTERNAL_ERROR;
- goto done;
- }
-
- /* Get domain controller */
-
- if (!get_dc_list(True, lp_workgroup(), &ip_list, &count) ||
- !lookup_pdc_name(global_myname, lp_workgroup(), &ip_list[0],
- controller)) {
- DEBUG(0, ("could not find domain controller for "
- "domain %s\n", lp_workgroup()));
- status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ result = NT_STATUS_INTERNAL_ERROR;
goto done;
}
- DEBUG(3, ("contacting controller %s to check secret\n", controller));
+ /* This call does a cli_nt_setup_creds() which implicitly checks
+ the trust account password. */
- /* Contact domain controller to check secret */
+ result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
- slprintf(trust_account, sizeof(trust_account) - 1, "%s$",
- global_myname);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
+ goto done;
+ }
-#if 0 /* XXX */
- {
- uint16 validation_level;
- status = cli_nt_setup_creds(controller, lp_workgroup(), global_myname,
- trust_account, trust_passwd,
- SEC_CHAN_WKSTA, &validation_level);
- }
-#endif
+ cli_shutdown(cli);
/* There is a race condition between fetching the trust account
password and joining the domain so it's possible that the trust
@@ -116,7 +86,7 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
#define MAX_RETRIES 8
if ((num_retries < MAX_RETRIES) &&
- NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
+ NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED)) {
num_retries++;
goto again;
}
@@ -124,10 +94,12 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
/* Pass back result code - zero for success, other values for
specific failures. */
- DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(status) ? "good" : "bad"));
+ DEBUG(3, ("secret is %s\n", NT_STATUS_IS_OK(result) ?
+ "good" : "bad"));
done:
- state->response.data.num_entries = NT_STATUS_V(status);
+ state->response.data.num_entries = NT_STATUS_V(result);
+
return WINBINDD_OK;
}
@@ -147,20 +119,21 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
/* Skip own domain */
- if (strequal(domain->name, lp_workgroup())) continue;
+ if (strequal(domain->name, lp_workgroup()))
+ continue;
/* Add domain to list */
total_entries++;
ted = Realloc(extra_data, sizeof(fstring) *
- total_entries);
+ total_entries);
if (!ted) {
DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));
SAFE_FREE(extra_data);
return WINBINDD_ERROR;
- }
- else extra_data = ted;
+ } else
+ extra_data = ted;
memcpy(&extra_data[extra_data_len], domain->name,
strlen(domain->name));
@@ -170,7 +143,8 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
}
if (extra_data) {
- if (extra_data_len > 1) extra_data[extra_data_len - 1] = '\0';
+ if (extra_data_len > 1)
+ extra_data[extra_data_len - 1] = '\0';
state->response.extra_data = extra_data;
state->response.length += extra_data_len;
}
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index aa248aadaf..57733b5471 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -2,7 +2,7 @@
Unix SMB/Netbios implementation.
Version 3.0
- Winbind daemon - pam auuth funcions
+ Winbind daemon - pam auth funcions
Copyright (C) Andrew Tridgell 2000
Copyright (C) Tim Potter 2001
@@ -102,9 +102,11 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
ZERO_STRUCT(info3);
- if (!(cli = cm_get_netlogon_cli(lp_workgroup(), trust_passwd))) {
+ result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+
+ if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
- return WINBINDD_ERROR;
+ goto done;
}
result = cli_nt_login_network(cli, user_info, smb_uid_low,
@@ -113,7 +115,8 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
free_user_info(&user_info);
cli_shutdown(cli);
-
+
+ done:
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
@@ -165,9 +168,11 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
ZERO_STRUCT(info3);
- if (!(cli = cm_get_netlogon_cli(lp_workgroup(), trust_passwd))) {
+ result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+
+ if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
- return WINBINDD_ERROR;
+ goto done;
}
result = cli_nt_login_network(cli, user_info, smb_uid_low,
@@ -177,6 +182,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
cli_shutdown(cli);
+ done:
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
diff --git a/source3/nsswitch/winbindd_proto.h b/source3/nsswitch/winbindd_proto.h
index 1a046c67d5..78afeae94c 100644
--- a/source3/nsswitch/winbindd_proto.h
+++ b/source3/nsswitch/winbindd_proto.h
@@ -16,6 +16,10 @@ void winbindd_store_user_cache(struct winbindd_domain *domain,
void winbindd_store_group_cache(struct winbindd_domain *domain,
struct acct_info *sam_entries,
int num_sam_entries);
+void winbindd_store_name_cache_entry(struct winbindd_domain *domain,
+ char *sid, struct winbindd_name *name);
+void winbindd_store_sid_cache_entry(struct winbindd_domain *domain,
+ char *name, struct winbindd_sid *sid);
void winbindd_store_user_cache_entry(struct winbindd_domain *domain,
char *user_name, struct winbindd_pw *pw);
void winbindd_store_uid_cache_entry(struct winbindd_domain *domain, uid_t uid,
@@ -32,6 +36,10 @@ BOOL winbindd_fetch_user_cache(struct winbindd_domain *domain,
BOOL winbindd_fetch_group_cache(struct winbindd_domain *domain,
struct acct_info **sam_entries,
int *num_entries);
+BOOL winbindd_fetch_sid_cache_entry(struct winbindd_domain *domain,
+ char *name, struct winbindd_sid *sid);
+BOOL winbindd_fetch_name_cache_entry(struct winbindd_domain *domain,
+ char *sid, struct winbindd_name *name);
BOOL winbindd_fetch_user_cache_entry(struct winbindd_domain *domain,
char *user, struct winbindd_pw *pw);
BOOL winbindd_fetch_uid_cache_entry(struct winbindd_domain *domain, uid_t uid,
@@ -54,7 +62,8 @@ CLI_POLICY_HND *cm_get_sam_user_handle(char *domain, DOM_SID *domain_sid,
uint32 user_rid);
CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
uint32 group_rid);
-struct cli_state *cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd);
+NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd,
+ struct cli_state **cli);
void winbindd_cm_status(void);
/* The following definitions come from nsswitch/winbindd_group.c */
@@ -118,13 +127,13 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state);
/* The following definitions come from nsswitch/winbindd_util.c */
+struct winbindd_domain *find_domain_from_name(char *domain_name);
+struct winbindd_domain *find_domain_from_sid(DOM_SID *sid);
BOOL get_domain_info(void);
void free_domain_info(void);
BOOL lookup_domain_sid(char *domain_name, struct winbindd_domain *domain);
-BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid,
- enum SID_NAME_USE *type);
-BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name,
- enum SID_NAME_USE *type);
+BOOL winbindd_lookup_sid_by_name(char *name, DOM_SID *sid, enum SID_NAME_USE *type);
+BOOL winbindd_lookup_name_by_sid(DOM_SID *sid, fstring name, enum SID_NAME_USE *type);
BOOL winbindd_lookup_userinfo(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx, uint32 user_rid,
SAM_USERINFO_CTR **user_info);
@@ -136,8 +145,6 @@ BOOL winbindd_lookup_groupmem(struct winbindd_domain *domain,
uint32 group_rid, uint32 *num_names,
uint32 **rid_mem, char ***names,
uint32 **name_types);
-struct winbindd_domain *find_domain_from_name(char *domain_name);
-struct winbindd_domain *find_domain_from_sid(DOM_SID *sid);
void free_getent_state(struct getent_state *state);
BOOL winbindd_param_init(void);
NTSTATUS winbindd_query_dispinfo(struct winbindd_domain *domain,