diff options
| author | Jeremy Allison <jra@samba.org> | 2005-11-08 06:19:34 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:05:20 -0500 |
| commit | fcceedd67c29bae6941949a16ebef37e95dab601 (patch) | |
| tree | 17233b5fb3522134c86ed4a3dd05e1f79a8f3a9f /source3/rpc_client/cli_netlogon.c | |
| parent | c3d673e5712b254ea6e3eef10041f3a30b70a983 (diff) | |
| download | samba-fcceedd67c29bae6941949a16ebef37e95dab601.tar.gz samba-fcceedd67c29bae6941949a16ebef37e95dab601.tar.bz2 samba-fcceedd67c29bae6941949a16ebef37e95dab601.zip | |
r11573: Adding Andrew Bartlett's patch to make machine account
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
Diffstat (limited to 'source3/rpc_client/cli_netlogon.c')
| -rw-r--r-- | source3/rpc_client/cli_netlogon.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index 85b557471b..af0062f2b3 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -528,11 +528,12 @@ NTSTATUS rpccli_netlogon_sam_deltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem /* Logon domain user */ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - const char *domain, - const char *username, - const char *password, - int logon_type) + TALLOC_CTX *mem_ctx, + uint32 logon_parameters, + const char *domain, + const char *username, + const char *password, + int logon_type) { prs_struct qbuf, rbuf; NET_Q_SAM_LOGON q; @@ -566,7 +567,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd); init_id_info1(&ctr.auth.id1, domain, - 0, /* param_ctrl */ + logon_parameters, /* param_ctrl */ 0xdead, 0xbeef, /* LUID? */ username, clnt_name_slash, (const char *)cli->dc->sess_key, lm_owf_user_pwd, @@ -585,7 +586,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, SMBNTencrypt(password, chal, local_nt_response); init_id_info2(&ctr.auth.id2, domain, - 0, /* param_ctrl */ + logon_parameters, /* param_ctrl */ 0xdead, 0xbeef, /* LUID? */ username, clnt_name_slash, chal, local_lm_response, 24, local_nt_response, 24); @@ -636,6 +637,7 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli, NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, + uint32 logon_parameters, const char *server, const char *username, const char *domain, @@ -688,7 +690,7 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli, ctr.switch_value = NET_LOGON_TYPE; init_id_info2(&ctr.auth.id2, domain, - 0, /* param_ctrl */ + logon_parameters, /* param_ctrl */ 0xdead, 0xbeef, /* LUID? */ username, workstation_name_slash, (const uchar*)chal, lm_response.data, lm_response.length, nt_response.data, nt_response.length); |