diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-06-24 01:51:11 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-06-24 01:51:11 +0000 |
commit | 4f7a02d5ded64e8c845f0c094a58be5bfb0171e8 (patch) | |
tree | b9b7ac4bcf529913d1bc91dd0959ccef0a0ce3f1 /source3/auth | |
parent | ea7cdc4de060181b11779d726ba2aecf0a09b72b (diff) | |
download | samba-4f7a02d5ded64e8c845f0c094a58be5bfb0171e8.tar.gz samba-4f7a02d5ded64e8c845f0c094a58be5bfb0171e8.tar.bz2 samba-4f7a02d5ded64e8c845f0c094a58be5bfb0171e8.zip |
Try to get security=domain at least slightly working.
The previous code both had basic logic flaws in it, and some subtle
issues regarding the Win2k info3 response.
I've tested this against Samba (it looks like that was missed last time
due to the 'called name' corruption - which broke my testsuite) and
accomidated what I've seen from a info3 printout jmcd gave me.
I'll get this tested fully as soon as I get my VMware going again.
Andrew Bartlett
(This used to be commit 87eba4c811293d2428bfb9bc36de22e66dce7f8b)
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth_domain.c | 3 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 18 |
2 files changed, 13 insertions, 8 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 8c6bb8908f..ee486d3f30 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -332,7 +332,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, user_info->domain.str, cli->srv_name_slash, nt_errstr(nt_status))); } else { - nt_status = make_server_info_info3(mem_ctx, domain, server_info, &info3); + nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str, + user_info->smb_name.str, domain, server_info, &info3); #if 0 /* The stuff doesn't work right yet */ SMB_ASSERT(sizeof((*server_info)->session_key) == sizeof(info3.user_sess_key)); diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index a66cd6ffc7..3ade220c0f 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -570,14 +570,16 @@ BOOL make_server_info_guest(auth_serversupplied_info **server_info) ***************************************************************************/ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, + const char *internal_username, + const char *sent_nt_username, const char *domain, auth_serversupplied_info **server_info, NET_USER_INFO_3 *info3) { NTSTATUS nt_status = NT_STATUS_OK; - char *nt_domain; - char *nt_username; + const char *nt_domain; + const char *nt_username; SAM_ACCOUNT *sam_account = NULL; DOM_SID user_sid; @@ -605,11 +607,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, } if (!(nt_username = unistr2_tdup(mem_ctx, &(info3->uni_user_name)))) { - return NT_STATUS_NO_MEMORY; + /* If the server didn't give us one, just use the one we sent them */ + nt_username = sent_nt_username; } if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) { - return NT_STATUS_NO_MEMORY; + /* If the server didn't give us one, just use the one we sent them */ + domain = domain; } if (winbind_sid_to_uid(&uid, &user_sid) @@ -622,7 +626,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, dom_user = talloc_asprintf(mem_ctx, "%s%s%s", nt_domain, lp_winbind_separator(), - nt_username); + internal_username); if (!dom_user) { DEBUG(0, ("talloc_asprintf failed!\n")); @@ -634,10 +638,10 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, domain, we don't want this for trusted domains */ && strequal(nt_domain, lp_workgroup())) { - passwd = Get_Pwnam(nt_username); + passwd = Get_Pwnam(internal_username); } - if (passwd) { + if (!passwd) { return NT_STATUS_NO_SUCH_USER; } else { nt_status = pdb_init_sam_pw(&sam_account, passwd); |