diff options
| author | Gerald Carter <jerry@samba.org> | 2003-07-07 05:11:10 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-07-07 05:11:10 +0000 |
| commit | 0b18acb841f6a372b3aa285d4734875e5e35fe3b (patch) | |
| tree | add4afee2b70d87bfd96b7702d9d6a2476ac7e74 /source3/utils/ntlm_auth.c | |
| parent | b5cd4a8643169b276a3af8a9272d212d76a54dd3 (diff) | |
| download | samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.tar.gz samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.tar.bz2 samba-0b18acb841f6a372b3aa285d4734875e5e35fe3b.zip | |
and so it begins....
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
Diffstat (limited to 'source3/utils/ntlm_auth.c')
| -rw-r--r-- | source3/utils/ntlm_auth.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index c619936f68..3dfa157bda 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -196,7 +196,7 @@ static NTSTATUS contact_winbind_auth_crap(const char *username, ZERO_STRUCT(request); ZERO_STRUCT(response); - request.data.auth_crap.flags = flags; + request.flags = flags; fstrcpy(request.data.auth_crap.user, username); @@ -233,13 +233,13 @@ static NTSTATUS contact_winbind_auth_crap(const char *username, return nt_status; } - if ((flags & WINBIND_PAM_LMKEY) && lm_key + if ((flags & WBFLAG_PAM_LMKEY) && lm_key && (memcmp(zeros, response.data.auth.first_8_lm_hash, sizeof(response.data.auth.first_8_lm_hash)) != 0)) { memcpy(lm_key, response.data.auth.first_8_lm_hash, sizeof(response.data.auth.first_8_lm_hash)); } - if ((flags & WINBIND_PAM_NTKEY) && nt_key + if ((flags & WBFLAG_PAM_NTKEY) && nt_key && (memcmp(zeros, response.data.auth.nt_session_key, sizeof(response.data.auth.nt_session_key)) != 0)) { memcpy(nt_key, response.data.auth.nt_session_key, @@ -413,10 +413,10 @@ static BOOL check_auth_crap(void) x_setbuf(x_stdout, NULL); if (request_lm_key) - flags |= WINBIND_PAM_LMKEY; + flags |= WBFLAG_PAM_LMKEY; if (request_nt_key) - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_NTKEY; nt_status = contact_winbind_auth_crap(opt_username, opt_domain, opt_workstation, @@ -494,8 +494,8 @@ static BOOL test_lm(void) ZERO_STRUCT(lm_key); ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_LMKEY; - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_NTKEY; SMBencrypt(opt_password, chall.data, lm_response.data); E_deshash(opt_password, lm_hash); @@ -559,8 +559,8 @@ static BOOL test_lm_ntlm(void) ZERO_STRUCT(lm_key); ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_LMKEY; - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_NTKEY; SMBencrypt(opt_password,chall.data,lm_response.data); E_deshash(opt_password, lm_hash); @@ -633,8 +633,8 @@ static BOOL test_ntlm(void) ZERO_STRUCT(lm_key); ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_LMKEY; - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_NTKEY; SMBNTencrypt(opt_password,chall.data,nt_response.data); E_md4hash(opt_password, nt_hash); @@ -702,8 +702,8 @@ static BOOL test_ntlm_in_lm(void) ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_LMKEY; - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_NTKEY; SMBNTencrypt(opt_password,chall.data,nt_response.data); @@ -771,8 +771,8 @@ static BOOL test_ntlm_in_both(void) ZERO_STRUCT(lm_key); ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_LMKEY; - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_NTKEY; SMBNTencrypt(opt_password,chall.data,nt_response.data); E_md4hash(opt_password, nt_hash); @@ -842,7 +842,7 @@ static BOOL test_ntlmv2(void) ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_NTKEY; if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall, &names_blob, @@ -905,7 +905,7 @@ static BOOL test_lmv2_ntlmv2(void) ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_NTKEY; if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall, &names_blob, @@ -1016,8 +1016,8 @@ static BOOL test_ntlm_broken(BOOL break_lm) ZERO_STRUCT(lm_key); ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_LMKEY; - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_LMKEY; + flags |= WBFLAG_PAM_NTKEY; SMBencrypt(opt_password,chall.data,lm_response.data); E_deshash(opt_password, lm_hash); @@ -1099,7 +1099,7 @@ static BOOL test_ntlmv2_broken(BOOL break_lmv2) ZERO_STRUCT(nt_key); - flags |= WINBIND_PAM_NTKEY; + flags |= WBFLAG_PAM_NTKEY; if (!SMBNTLMv2encrypt(opt_username, opt_domain, opt_password, &chall, &names_blob, |