summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-04-16 10:20:14 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-04-16 10:20:14 +0000
commit2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7 (patch)
tree70203479d0f7bebcbb80e7af48f560715162171a /source3/nsswitch
parentf9cde25fa492e071960e0857f5075222119a0d1c (diff)
downloadsamba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.tar.gz
samba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.tar.bz2
samba-2cb0b91ed19c0fbbc3bfb1b5a35c6af2acf5b5d7.zip
Store the type of 'sec channel' that we establish to the DC. If we are a
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/winbindd_ads.c2
-rw-r--r--source3/nsswitch/winbindd_cm.c8
-rw-r--r--source3/nsswitch/winbindd_misc.c7
-rw-r--r--source3/nsswitch/winbindd_pam.c19
4 files changed, 20 insertions, 16 deletions
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c
index de3757aa44..beb40af79d 100644
--- a/source3/nsswitch/winbindd_ads.c
+++ b/source3/nsswitch/winbindd_ads.c
@@ -56,7 +56,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
/* the machine acct password might have change - fetch it every time */
SAFE_FREE(ads->auth.password);
- ads->auth.password = secrets_fetch_machine_password();
+ ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
if (primary_realm) {
SAFE_FREE(ads->auth.realm);
diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c
index 1b49d8ce01..dbcfdcf88f 100644
--- a/source3/nsswitch/winbindd_cm.c
+++ b/source3/nsswitch/winbindd_cm.c
@@ -853,7 +853,9 @@ CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid,
/* Get a handle on a netlogon pipe. This is a bit of a hack to re-use the
netlogon pipe as no handle is returned. */
-NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_passwd,
+NTSTATUS cm_get_netlogon_cli(const char *domain,
+ const unsigned char *trust_passwd,
+ uint32 sec_channel_type,
struct cli_state **cli)
{
NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
@@ -876,7 +878,7 @@ NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_pass
DEBUG(0,("cm_get_netlogon_cli: mutex grab failed for %s\n", conn->controller));
}
- result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2);
+ result = cli_nt_setup_creds(conn->cli, sec_channel_type, trust_passwd, &neg_flags, 2);
if (got_mutex)
secrets_named_mutex_release(lock_name);
@@ -896,7 +898,7 @@ NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_pass
}
/* Try again */
- result = cli_nt_setup_creds( conn->cli, get_sec_chan(),trust_passwd, &neg_flags, 2);
+ result = cli_nt_setup_creds( conn->cli, sec_channel_type,trust_passwd, &neg_flags, 2);
if (got_mutex)
secrets_named_mutex_release(lock_name);
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index 52889e85d4..fb56d0e657 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -34,13 +34,14 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
uchar trust_passwd[16];
int num_retries = 0;
struct cli_state *cli;
+ uint32 sec_channel_type;
DEBUG(3, ("[%5d]: check machine account\n", state->pid));
/* Get trust account password */
again:
if (!secrets_fetch_trust_account_password(
- lp_workgroup(), trust_passwd, NULL)) {
+ lp_workgroup(), trust_passwd, NULL, &sec_channel_type)) {
result = NT_STATUS_INTERNAL_ERROR;
goto done;
}
@@ -49,7 +50,7 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat
the trust account password. */
/* Don't shut this down - it belongs to the connection cache code */
- result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+ result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, sec_channel_type, &cli);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
@@ -234,7 +235,7 @@ enum winbindd_result winbindd_netbios_name(struct winbindd_cli_state *state)
return WINBINDD_OK;
}
-/* What's my name again? */
+/* Where can I find the privilaged pipe? */
enum winbindd_result winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
{
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index e49a95f4b8..2998372bd2 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -61,7 +61,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
fstring name_domain, name_user;
unsigned char trust_passwd[16];
time_t last_change_time;
- uint32 smb_uid_low;
+ uint32 sec_channel_type;
NET_USER_INFO_3 info3;
struct cli_state *cli = NULL;
uchar chal[8];
@@ -111,21 +111,20 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
*/
if (!secrets_fetch_trust_account_password(
- lp_workgroup(), trust_passwd, &last_change_time)) {
+ lp_workgroup(), trust_passwd, &last_change_time,
+ &sec_channel_type)) {
DEBUG(0, ("winbindd_pam_auth: could not fetch trust account "
"password for domain %s\n", lp_workgroup()));
result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
goto done;
}
- /* We really don't care what LUID we give the user. */
-
- generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False);
-
ZERO_STRUCT(info3);
/* Don't shut this down - it belongs to the connection cache code */
- result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli);
+ result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd,
+ sec_channel_type,
+ &cli);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
@@ -169,6 +168,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
NTSTATUS result;
unsigned char trust_passwd[16];
time_t last_change_time;
+ uint32 sec_channel_type;
NET_USER_INFO_3 info3;
struct cli_state *cli = NULL;
TALLOC_CTX *mem_ctx = NULL;
@@ -256,7 +256,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
*/
if (!secrets_fetch_trust_account_password (
- contact_domain, trust_passwd, &last_change_time)) {
+ contact_domain, trust_passwd, &last_change_time,
+ &sec_channel_type)) {
DEBUG(0, ("winbindd_pam_auth: could not fetch trust account "
"password for domain %s\n", contact_domain));
result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
@@ -266,7 +267,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
ZERO_STRUCT(info3);
/* Don't shut this down - it belongs to the connection cache code */
- result = cm_get_netlogon_cli(contact_domain, trust_passwd, &cli);
+ result = cm_get_netlogon_cli(contact_domain, trust_passwd, sec_channel_type, &cli);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3, ("could not open handle to NETLOGON pipe (error: %s)\n", nt_errstr(result)));