summaryrefslogtreecommitdiff
path: root/source3/smbd/password.c
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1999-12-12 20:03:42 +0000
committerLuke Leighton <lkcl@samba.org>1999-12-12 20:03:42 +0000
commit4f8a24522c683761c6f2ee23dba56f6c7913377b (patch)
treefef9baa89fc7695fe462cbace85a0f4276845d53 /source3/smbd/password.c
parent0ce128e3550794d4dbbd1def00e87c020f72c992 (diff)
downloadsamba-4f8a24522c683761c6f2ee23dba56f6c7913377b.tar.gz
samba-4f8a24522c683761c6f2ee23dba56f6c7913377b.tar.bz2
samba-4f8a24522c683761c6f2ee23dba56f6c7913377b.zip
final part of "first" phase converting over to msrpc daemon architecture.
done a minimal amout of clean-up in the Makefile, removing unnecessary modules from the link stage. this is not complete, yet, and will involve some changes, for example to smbd, to remove dependencies on the password database API that shouldn't be there. for example, smbd should not ever call getsmbpwXXX() it should call the Samr or Lsa API. this first implementation has minor problems with not reinstantiating the same services as the caller. the "homes" service is a good example. (This used to be commit caa50525220b0d0250fa139367593c2de2c12135)
Diffstat (limited to 'source3/smbd/password.c')
-rw-r--r--source3/smbd/password.c129
1 files changed, 0 insertions, 129 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 91f727701c..fa46a74c14 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -606,132 +606,3 @@ use this machine as the password server.\n"));
return(True);
}
-/***********************************************************************
- Do the same as security=server, but using NT Domain calls and a session
- key from the workstation trust account password.
-************************************************************************/
-
-BOOL domain_client_validate( char *user, char *domain,
- char *acct_name, uint16 acct_type,
- char *smb_apasswd, int smb_apasslen,
- char *smb_ntpasswd, int smb_ntpasslen,
- uchar user_sess_key[16])
-{
- unsigned char local_challenge[8];
- unsigned char local_lm_response[24];
- unsigned char local_nt_reponse[24];
- unsigned char trust_passwd[16];
- NET_ID_INFO_CTR ctr;
- NET_USER_INFO_3 info3;
- uint32 smb_uid_low;
- fstring trust_acct;
- fstring srv_name;
-
- fstrcpy(trust_acct, acct_name);
- fstrcat(trust_acct, "$");
-
- /*
- * Check that the requested domain is not our own machine name.
- * If it is, we should never check the PDC here, we use our own local
- * password file.
- */
-
- if(strequal( domain, global_myname))
- {
- DEBUG(3,("domain_client_validate: Requested domain was for this machine.\n"));
- return False;
- }
-
- if (!get_any_dc_name(domain, srv_name))
- {
- DEBUG(3,("domain_client_validate: could not find domain %s\n",
- domain));
- return False;
- }
-
- /*
- * Next, check that the passwords given were encrypted.
- */
-
- if(((smb_apasslen != 24) && (smb_apasslen != 0)) ||
- ((smb_ntpasslen <= 24) && (smb_ntpasslen != 0)))
- {
- /*
- * Not encrypted - do so.
- */
-
- DEBUG(3,("domain_client_validate: User passwords not in encrypted format.\n"));
- generate_random_buffer( local_challenge, 8, False);
- SMBencrypt( (uchar *)smb_apasswd, local_challenge, local_lm_response);
- SMBNTencrypt((uchar *)smb_ntpasswd, local_challenge, local_nt_reponse);
- smb_apasslen = 24;
- smb_ntpasslen = 24;
- smb_apasswd = (char *)local_lm_response;
- smb_ntpasswd = (char *)local_nt_reponse;
- }
- else
- {
- /*
- * Encrypted - get the challenge we sent for these
- * responses.
- */
-
- if (!last_challenge(local_challenge))
- {
- DEBUG(0,("domain_client_validate: no challenge done - password failed\n"));
- return False;
- }
- }
-
- /*
- * Get the workstation trust account password.
- */
- if (!trust_get_passwd( trust_passwd, domain, acct_name))
- {
- return False;
- }
-
- /*
- * At this point, smb_apasswd points to the lanman response to
- * the challenge in local_challenge, and smb_ntpasswd points to
- * the NT response to the challenge in local_challenge. Ship
- * these over the secure channel to a domain controller and
- * see if they were valid.
- */
-
- /*
- * Ok - we have an anonymous connection to the IPC$ share.
- * Now start the NT Domain stuff :-).
- */
-
- if(cli_nt_setup_creds(srv_name, global_myname, trust_acct,
- trust_passwd, acct_type) != 0x0)
- {
- DEBUG(0,("domain_client_validate: unable to setup the PDC credentials to machine \
- %s.\n", srv_name));
- return False;
- }
-
- /* We really don't care what LUID we give the user. */
- generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False);
-
- if (!cli_nt_login_network(srv_name, global_myname,
- domain, user,
- smb_uid_low, (char *)local_challenge,
- ((smb_apasslen != 0) ? smb_apasswd : NULL),
- ((smb_ntpasslen != 0) ? smb_ntpasswd : NULL),
- &ctr, &info3))
- {
- DEBUG(0,("domain_client_validate: unable to validate password for user %s in domain \
- %s to Domain controller %s.\n", user, domain, srv_name));
- return False;
- }
-
- /*
- * Here, if we really want it, we have lots of info about the user in info3.
- * LKCLXXXX - really important to check things like "is this user acct
- * locked out / disabled" etc!!!!
- */
-
- return True;
-}