summaryrefslogtreecommitdiff
path: root/source3/libsmb/cli_netlogon.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-03-02 08:25:44 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-03-02 08:25:44 +0000
commit81b2d66c970c0df94823ad96f50b992fff0c8b94 (patch)
tree303fd700ef82f4915ed2fd6c55f3330f7f905d81 /source3/libsmb/cli_netlogon.c
parent53d0c9c79f614fc8aecd7d417ae7b92d0a06f893 (diff)
downloadsamba-81b2d66c970c0df94823ad96f50b992fff0c8b94.tar.gz
samba-81b2d66c970c0df94823ad96f50b992fff0c8b94.tar.bz2
samba-81b2d66c970c0df94823ad96f50b992fff0c8b94.zip
Allow Samba to trust NT4 Domains.
This commit builds on the auth subsystem to give Samba support for trusting NT4 domains. It is off by default, but is enabled by adding 'trustdomain' to the 'auth methods' smb.conf paramater. Tested against NT4 only - there are still some issues with the join code for Win2k servers (spnego stuff). The main work TODO involves enumerating the trusted domains (including the RPC calls to match), and getting winbind to run on the PDC correctly. Similarly, work remains on getting NT4 to trust Samba domains. Andrew Bartlett (This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
Diffstat (limited to 'source3/libsmb/cli_netlogon.c')
-rw-r--r--source3/libsmb/cli_netlogon.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c
index d550c3e9fa..590f5f525e 100644
--- a/source3/libsmb/cli_netlogon.c
+++ b/source3/libsmb/cli_netlogon.c
@@ -93,14 +93,15 @@ Ensure that the server credential returned matches the session key
encrypt of the server challenge originally received. JRA.
****************************************************************************/
-NTSTATUS new_cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
+NTSTATUS new_cli_net_auth2(struct cli_state *cli,
+ uint16 sec_chan,
uint32 neg_flags, DOM_CHAL *srv_chal)
{
prs_struct qbuf, rbuf;
NET_Q_AUTH_2 q;
NET_R_AUTH_2 r;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- extern pstring global_myname;
+ extern pstring global_myname;
prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
@@ -163,7 +164,8 @@ password ?).\n", cli->desthost ));
/* Initialize domain session credentials */
NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli,
- unsigned char mach_pwd[16])
+ uint16 sec_chan,
+ const unsigned char mach_pwd[16])
{
DOM_CHAL clnt_chal;
DOM_CHAL srv_chal;
@@ -185,7 +187,7 @@ NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli,
/**************** Long-term Session key **************/
/* calculate the session key */
- cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd,
+ cred_session_key(&clnt_chal, &srv_chal, mach_pwd,
cli->sess_key);
memset((char *)cli->sess_key+8, '\0', 8);
@@ -201,8 +203,7 @@ NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli,
* Receive an auth-2 challenge response and check it.
*/
- result = new_cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ?
- SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff,
+ result = new_cli_net_auth2(cli, sec_chan, 0x000001ff,
&srv_chal);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed %s\n",