diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-06-15 11:40:25 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-06-15 11:40:25 +0000 |
commit | 843a467f21b48c5fc77c6c2d2db6553e5066a0c5 (patch) | |
tree | 058d33c6a4183c65433d6d0bc9da5252cca4d6e5 /source3/rpc_server | |
parent | 0142f472994fab45f683a08b2fa91f8be481ac5f (diff) | |
download | samba-843a467f21b48c5fc77c6c2d2db6553e5066a0c5.tar.gz samba-843a467f21b48c5fc77c6c2d2db6553e5066a0c5.tar.bz2 samba-843a467f21b48c5fc77c6c2d2db6553e5066a0c5.zip |
Update the netlogon code to better cope with trusted domains, where things
like the domain name and SID come from the remote domain, not the local
one. These are filled out by the code from the previous commit (auth_util.c,
the make_server_info_info3() fn) and read back here.
Andrew Bartlett
(This used to be commit 6872de2e5b27fd2de61ed14c85475a0eacd637ca)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 9b917cdda5..49b9fcd0f2 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -655,14 +655,35 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * { DOM_GID *gids = NULL; + const DOM_SID *user_sid = NULL; + const DOM_SID *group_sid = NULL; + DOM_SID domain_sid; + uint32 user_rid, group_rid; + int num_gids = 0; pstring my_name; - pstring my_workgroup; - + fstring user_sid_string; + fstring group_sid_string; + + sampw = server_info->sam_account; + /* set up pointer indicating user/password failed to be found */ usr_info->ptr_user_info = 0; - - pstrcpy(my_workgroup, lp_workgroup()); + + user_sid = pdb_get_user_sid(sampw); + group_sid = pdb_get_group_sid(sampw); + + sid_copy(&domain_sid, user_sid); + sid_split_rid(&domain_sid, &user_rid); + + if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) { + DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid %s\n but group sid %s.\nThe conflicting domain portions are not supported for NETLOGON calls\n", + pdb_get_domain(sampw), pdb_get_username(sampw), + sid_to_string(user_sid_string, user_sid), + sid_to_string(group_sid_string, group_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + pstrcpy(my_name, global_myname); strupper(my_name); @@ -676,12 +697,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * gids = NULL; get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account); - - sampw = server_info->sam_account; init_net_user_info3(p->mem_ctx, usr_info, - pdb_get_user_rid(sampw), - pdb_get_group_rid(sampw), + user_rid, + group_rid, pdb_get_username(sampw), pdb_get_fullname(sampw), @@ -703,8 +722,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * 0x20 , /* uint32 user_flgs (?) */ NULL, /* uchar sess_key[16] */ my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - get_global_sam_sid(), /* DOM_SID *dom_sid */ + pdb_get_domain(sampw), + &domain_sid, /* DOM_SID *dom_sid */ /* Should be users domain sid, not servers - for trusted domains */ NULL); /* char *other_sids */ |