diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-03-02 08:25:44 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-03-02 08:25:44 +0000 |
| commit | 81b2d66c970c0df94823ad96f50b992fff0c8b94 (patch) | |
| tree | 303fd700ef82f4915ed2fd6c55f3330f7f905d81 /source3/libsmb | |
| parent | 53d0c9c79f614fc8aecd7d417ae7b92d0a06f893 (diff) | |
| download | samba-81b2d66c970c0df94823ad96f50b992fff0c8b94.tar.gz samba-81b2d66c970c0df94823ad96f50b992fff0c8b94.tar.bz2 samba-81b2d66c970c0df94823ad96f50b992fff0c8b94.zip | |
Allow Samba to trust NT4 Domains.
This commit builds on the auth subsystem to give Samba support for trusting NT4
domains. It is off by default, but is enabled by adding 'trustdomain' to the
'auth methods' smb.conf paramater.
Tested against NT4 only - there are still some issues with the join code for
Win2k servers (spnego stuff).
The main work TODO involves enumerating the trusted domains (including the RPC
calls to match), and getting winbind to run on the PDC correctly.
Similarly, work remains on getting NT4 to trust Samba domains.
Andrew Bartlett
(This used to be commit ac8c24a9a888a3f916e8b40238b936e6ad743ef7)
Diffstat (limited to 'source3/libsmb')
| -rw-r--r-- | source3/libsmb/cli_netlogon.c | 13 | ||||
| -rw-r--r-- | source3/libsmb/trust_passwd.c | 3 |
2 files changed, 9 insertions, 7 deletions
diff --git a/source3/libsmb/cli_netlogon.c b/source3/libsmb/cli_netlogon.c index d550c3e9fa..590f5f525e 100644 --- a/source3/libsmb/cli_netlogon.c +++ b/source3/libsmb/cli_netlogon.c @@ -93,14 +93,15 @@ Ensure that the server credential returned matches the session key encrypt of the server challenge originally received. JRA. ****************************************************************************/ -NTSTATUS new_cli_net_auth2(struct cli_state *cli, uint16 sec_chan, +NTSTATUS new_cli_net_auth2(struct cli_state *cli, + uint16 sec_chan, uint32 neg_flags, DOM_CHAL *srv_chal) { prs_struct qbuf, rbuf; NET_Q_AUTH_2 q; NET_R_AUTH_2 r; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - extern pstring global_myname; + extern pstring global_myname; prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL); prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); @@ -163,7 +164,8 @@ password ?).\n", cli->desthost )); /* Initialize domain session credentials */ NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, - unsigned char mach_pwd[16]) + uint16 sec_chan, + const unsigned char mach_pwd[16]) { DOM_CHAL clnt_chal; DOM_CHAL srv_chal; @@ -185,7 +187,7 @@ NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, /**************** Long-term Session key **************/ /* calculate the session key */ - cred_session_key(&clnt_chal, &srv_chal, (char *)mach_pwd, + cred_session_key(&clnt_chal, &srv_chal, mach_pwd, cli->sess_key); memset((char *)cli->sess_key+8, '\0', 8); @@ -201,8 +203,7 @@ NTSTATUS new_cli_nt_setup_creds(struct cli_state *cli, * Receive an auth-2 challenge response and check it. */ - result = new_cli_net_auth2(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? - SEC_CHAN_WKSTA : SEC_CHAN_BDC, 0x000001ff, + result = new_cli_net_auth2(cli, sec_chan, 0x000001ff, &srv_chal); if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("cli_nt_setup_creds: auth2 challenge failed %s\n", diff --git a/source3/libsmb/trust_passwd.c b/source3/libsmb/trust_passwd.c index 069be7f15e..1f52ab3611 100644 --- a/source3/libsmb/trust_passwd.c +++ b/source3/libsmb/trust_passwd.c @@ -35,7 +35,8 @@ static NTSTATUS just_change_the_password(struct cli_state *cli, TALLOC_CTX *mem_ unsigned char new_trust_passwd_hash[16]) { NTSTATUS result; - result = new_cli_nt_setup_creds(cli, orig_trust_passwd_hash); + result = new_cli_nt_setup_creds(cli, (lp_server_role() == ROLE_DOMAIN_MEMBER) ? + SEC_CHAN_WKSTA : SEC_CHAN_BDC, orig_trust_passwd_hash); if (!NT_STATUS_IS_OK(result)) { DEBUG(0,("just_change_the_password: unable to setup creds (%s)!\n", |