diff options
| author | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2000-11-13 23:03:34 +0000 |
| commit | 9fede0dc0dbad51528cd1384023d24549c3f0ba4 (patch) | |
| tree | 0f3a045da16581462aa3dce6e7221ee12924954b /source3/smbd/reply.c | |
| parent | 8f338ee3dd5d3b68b36c021a22b624678ea116f6 (diff) | |
| download | samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.tar.gz samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.tar.bz2 samba-9fede0dc0dbad51528cd1384023d24549c3f0ba4.zip | |
Large commit which restructures the local password storage API.
Currently the only backend which works is smbpasswd (tdb, LDAP, and NIS+)
are broken, but they were somewhat broken before. :)
The following functions implement the storage manipulation interface
/*The following definitions come from passdb/pdb_smbpasswd.c */
BOOL pdb_setsampwent (BOOL update);
void pdb_endsampwent (void);
SAM_ACCOUNT* pdb_getsampwent (void);
SAM_ACCOUNT* pdb_getsampwnam (char *username);
SAM_ACCOUNT* pdb_getsampwuid (uid_t uid);
SAM_ACCOUNT* pdb_getsampwrid (uint32 rid);
BOOL pdb_add_sam_account (SAM_ACCOUNT *sampass);
BOOL pdb_update_sam_account (SAM_ACCOUNT *sampass, BOOL override);
BOOL pdb_delete_sam_account (char* username);
There is also a host of pdb_set..() and pdb_get..() functions for
manipulating SAM_ACCOUNT struct members. Note that the struct
passdb_ops {} has gone away. Also notice that struct smb_passwd
(formally in smb.h) has been moved to passdb/pdb_smbpasswd.c
and is not accessed outisde of static internal functions in this
file. All local password searches should make use of the the SAM_ACCOUNT
struct and the previously mentioned functions.
I'll write some documentation for this later. The next step is to fix
the TDB passdb backend, then work on spliting the backends out into
share libraries, and finally get the LDAP backend going.
What works and may not:
o domain logons from Win9x works
o domain logons from WinNT 4 works
o user and group enumeration
as implemented by Tim works
o file and print access works
o changing password from
Win9x & NT ummm...i'll fix this tonight :)
If I broke anything else, just yell and I'll fix it. I think it
should be fairly quite.
-- jerry
(This used to be commit 0b92d0838ebdbe24f34f17e313ecbf61a0301389)
Diffstat (limited to 'source3/smbd/reply.c')
| -rw-r--r-- | source3/smbd/reply.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 4fd9f9c42d..fa8aa11277 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -439,16 +439,19 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out char *smb_passwd, int smb_passlen, char *smb_nt_passwd, int smb_nt_passlen) { - struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */ + /* check if trust account exists */ + SAM_ACCOUNT *sam_trust_acct = NULL; + uint16 acct_ctrl; + if (lp_security() == SEC_USER) { - smb_trust_acct = getsmbpwnam(user); + sam_trust_acct = pdb_getsampwnam(user); } else { DEBUG(0,("session_trust_account: Trust account %s only supported with security = user\n", user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_LOGON_FAILURE)); } - if (smb_trust_acct == NULL) { + if (sam_trust_acct == NULL) { /* lkclXXXX: workstation entry doesn't exist */ DEBUG(0,("session_trust_account: Trust account %s user doesn't exist\n",user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); @@ -460,25 +463,26 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out return(ERROR(0, NT_STATUS_LOGON_FAILURE)); } - if (!smb_password_ok(smb_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) { + if (!smb_password_ok(sam_trust_acct, NULL, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd)) { DEBUG(0,("session_trust_account: Trust Account %s - password failed\n", user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_LOGON_FAILURE)); } - if (smb_trust_acct->acct_ctrl & ACB_DOMTRUST) { + acct_ctrl = pdb_get_acct_ctrl(sam_trust_acct); + if (acct_ctrl & ACB_DOMTRUST) { DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n",user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT)); } - if (smb_trust_acct->acct_ctrl & ACB_SVRTRUST) { + if (acct_ctrl & ACB_SVRTRUST) { DEBUG(0,("session_trust_account: Server trust account %s denied by server\n",user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT)); } - if (smb_trust_acct->acct_ctrl & ACB_WSTRUST) { + if (acct_ctrl & ACB_WSTRUST) { DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", user)); SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES); return(ERROR(0, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT)); |