summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-26 06:24:53 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-26 06:24:53 +0000
commit714cdd47cb3e0e1f683c0a22396f9167a85e7df3 (patch)
tree713059fb2ea69f180f21abc39e79fa44cc5f48bd /source3/auth
parent806991158ef016cd7a723912a6eebe1f6d3b0ed1 (diff)
downloadsamba-714cdd47cb3e0e1f683c0a22396f9167a85e7df3.tar.gz
samba-714cdd47cb3e0e1f683c0a22396f9167a85e7df3.tar.bz2
samba-714cdd47cb3e0e1f683c0a22396f9167a85e7df3.zip
Fix up a security issue with the way we handle domain groups retuned on the
info3. These are RIDs, and it only makes sense to combine them with the domain SID returned with them. This is important for trusted domains, where that sid might be other than the one we currently reterive from the secrets.tdb. Also remove the become_root()/unbecome_root() wrapper from around both remaining TDB users: Both are now initialised at smbd startup. Andrew Bartlett (This used to be commit 554842e0a55155193f25aefca6480b89d5c512ca)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_domain.c18
1 files changed, 2 insertions, 16 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index e84d4e4724..704f600c66 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -324,7 +324,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
/* Store the user group information in the server_info returned to the caller. */
if (NT_STATUS_IS_OK(nt_status) && (info3.num_groups2 != 0)) {
- DOM_SID domain_sid;
int i;
NT_USER_TOKEN *ptok;
auth_serversupplied_info *pserver_info = *server_info;
@@ -346,21 +345,12 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
goto done;
}
- if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
- DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n"));
- nt_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- free_server_info(server_info);
- goto done;
- }
-
for (i = 0; i < ptok->num_sids; i++) {
- sid_copy(&ptok->user_sids[i], &domain_sid);
+ sid_copy(&ptok->user_sids[i], &info3.dom_sid.sid);
sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
}
- become_root();
uni_group_cache_store_netlogon(mem_ctx, &info3);
- unbecome_root();
}
#if 0
@@ -423,10 +413,9 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
return NT_STATUS_LOGON_FAILURE;
}
- become_root();
-
/*
* Get the machine account password for our primary domain
+ * No need to become_root() as secrets_init() is done at startup.
*/
if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time))
@@ -436,8 +425,6 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- unbecome_root();
-
/* Test if machine password is expired and need to be changed */
if (time(NULL) > last_change_time + lp_machine_password_timeout())
{
@@ -470,4 +457,3 @@ BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_m
(*auth_method)->auth = check_ntdomain_security;
return True;
}
-