summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-11-08 23:08:59 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-11-08 23:08:59 +0000
commitc19598f2a6a3329e973e14e389e0577ebb914f3b (patch)
treea3a5040c9598eb21ca60ba73f16061828a08493d /source3
parent3b90ef84a5907ca5a1bc460adab5f52e940b5b72 (diff)
downloadsamba-c19598f2a6a3329e973e14e389e0577ebb914f3b.tar.gz
samba-c19598f2a6a3329e973e14e389e0577ebb914f3b.tar.bz2
samba-c19598f2a6a3329e973e14e389e0577ebb914f3b.zip
Merge from HEAD:
- change auth_sam to use the initialisation flags to determine if the password attributes are set - add const to secrets.c, cliconnect.c - passdb: fix spelling in pdb_ldap, add group mapping back to smbpasswd - SAMR: add debugs to show what fails for group enum. Andrew Bartlett (This used to be commit 4e74d00b3634abf52aa24bfaa6dbe88202aa57a1)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth_sam.c17
-rw-r--r--source3/libsmb/cliconnect.c2
-rw-r--r--source3/passdb/pdb_ldap.c28
-rw-r--r--source3/passdb/pdb_smbpasswd.c40
-rw-r--r--source3/passdb/secrets.c15
-rw-r--r--source3/rpc_server/srv_samr_nt.c2
-rw-r--r--source3/utils/smbpasswd.c2
7 files changed, 60 insertions, 46 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index bc98f46dc2..7252193c9a 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -162,12 +162,9 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
}
- nt_pw = pdb_get_nt_passwd(sampass);
- lm_pw = pdb_get_lanman_passwd(sampass);
-
auth_flags = user_info->auth_flags;
- if (nt_pw == NULL) {
+ if (IS_SAM_DEFAULT(sampass, PDB_NTPASSWD)) {
DEBUG(3,("sam_password_ok: NO NT password stored for user %s.\n",
pdb_get_username(sampass)));
/* No return, we want to check the LM hash below in this case */
@@ -175,6 +172,7 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
if (auth_flags & AUTH_FLAG_NTLMv2_RESP) {
+ nt_pw = pdb_get_nt_passwd(sampass);
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
@@ -191,7 +189,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
return NT_STATUS_WRONG_PASSWORD;
}
} else if (auth_flags & AUTH_FLAG_NTLM_RESP) {
- if (lp_ntlm_auth()) {
+ if (lp_ntlm_auth()) {
+ nt_pw = pdb_get_nt_passwd(sampass);
/* We have the NT MD4 hash challenge available - see if we can
use it (ie. does it exist in the smbpasswd file).
*/
@@ -211,13 +210,14 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
}
- if (lm_pw == NULL) {
+ if (IS_SAM_DEFAULT(sampass, PDB_LMPASSWD)) {
DEBUG(3,("sam_password_ok: NO LanMan password set for user %s (and no NT password supplied)\n",pdb_get_username(sampass)));
auth_flags &= (~AUTH_FLAG_LM_RESP);
}
if (auth_flags & AUTH_FLAG_LM_RESP) {
-
+ lm_pw = pdb_get_lanman_passwd(sampass);
+
if (user_info->lm_resp.length != 24) {
DEBUG(2,("sam_password_ok: invalid LanMan password length (%d) for user %s\n",
user_info->nt_resp.length, pdb_get_username(sampass)));
@@ -235,7 +235,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
{
return NT_STATUS_OK;
} else {
- if (lp_ntlm_auth()) {
+ if (lp_ntlm_auth() && (!IS_SAM_DEFAULT(sampass, PDB_NTPASSWD))) {
+ nt_pw = pdb_get_nt_passwd(sampass);
/* Apparently NT accepts NT responses in the LM field
- I think this is related to Win9X pass-though authentication
*/
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 890dc4dc25..ee311932a7 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1280,7 +1280,7 @@ again:
Attempt a NetBIOS session request, falling back to *SMBSERVER if needed.
****************************************************************************/
-BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost,
+BOOL attempt_netbios_session_request(struct cli_state *cli, const char *srchost, const char *desthost,
struct in_addr *pdest_ip)
{
struct nmb_name calling, called;
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 22358cb47d..e35775a6da 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1907,49 +1907,49 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
return NT_STATUS_OK;
}
-static NTSTATUS lsapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
+static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid, BOOL with_priv)
{
return get_group_map_from_sid(sid, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS lsapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
+static NTSTATUS ldapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid, BOOL with_priv)
{
return get_group_map_from_gid(gid, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS lsapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
+static NTSTATUS ldapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
char *name, BOOL with_priv)
{
return get_group_map_from_ntname(name, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS lsapsam_add_group_mapping_entry(struct pdb_methods *methods,
+static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return add_mapping_entry(map, TDB_INSERT) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS lsapsam_update_group_mapping_entry(struct pdb_methods *methods,
+static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return add_mapping_entry(map, TDB_REPLACE) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS lsapsam_delete_group_mapping_entry(struct pdb_methods *methods,
+static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
return group_map_remove(sid) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS lsapsam_enum_group_mapping(struct pdb_methods *methods,
+static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv)
@@ -1998,13 +1998,13 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
- (*pdb_method)->getgrsid = lsapsam_getgrsid;
- (*pdb_method)->getgrgid = lsapsam_getgrgid;
- (*pdb_method)->getgrnam = lsapsam_getgrnam;
- (*pdb_method)->add_group_mapping_entry = lsapsam_add_group_mapping_entry;
- (*pdb_method)->update_group_mapping_entry = lsapsam_update_group_mapping_entry;
- (*pdb_method)->delete_group_mapping_entry = lsapsam_delete_group_mapping_entry;
- (*pdb_method)->enum_group_mapping = lsapsam_enum_group_mapping;
+ (*pdb_method)->getgrsid = ldapsam_getgrsid;
+ (*pdb_method)->getgrgid = ldapsam_getgrgid;
+ (*pdb_method)->getgrnam = ldapsam_getgrnam;
+ (*pdb_method)->add_group_mapping_entry = ldapsam_add_group_mapping_entry;
+ (*pdb_method)->update_group_mapping_entry = ldapsam_update_group_mapping_entry;
+ (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry;
+ (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping;
/* TODO: Setup private data and free */
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index abfe016e8a..5fd6a828bf 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1494,47 +1494,55 @@ static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SA
}
static NTSTATUS smbpasswd_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid, BOOL with_priv)
+ DOM_SID sid, BOOL with_priv)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return get_group_map_from_sid(sid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS smbpasswd_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
- gid_t gid, BOOL with_priv)
+ gid_t gid, BOOL with_priv)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return get_group_map_from_gid(gid, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS smbpasswd_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
- char *name, BOOL with_priv)
+ char *name, BOOL with_priv)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return get_group_map_from_ntname(name, map, with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS smbpasswd_add_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
+ GROUP_MAP *map)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return add_mapping_entry(map, TDB_INSERT) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS smbpasswd_update_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
+ GROUP_MAP *map)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return add_mapping_entry(map, TDB_REPLACE) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS smbpasswd_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
+ DOM_SID sid)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return group_map_remove(sid) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS smbpasswd_enum_group_mapping(struct pdb_methods *methods,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv)
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **rmap, int *num_entries,
+ BOOL unix_only, BOOL with_priv)
{
- return NT_STATUS_NOT_IMPLEMENTED;
+ return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
+ with_priv) ?
+ NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static void free_private_data(void **vp)
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index ad56fcedd1..29afaddea3 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -209,7 +209,7 @@ char *trustdom_keystr(const char *domain)
Lock the trust password entry.
************************************************************************/
-BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock)
+BOOL secrets_lock_trust_account_password(const char *domain, BOOL dolock)
{
if (!tdb)
return False;
@@ -263,7 +263,7 @@ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
Routine to get account password to trusted domain
************************************************************************/
-BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd,
+BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
DOM_SID *sid, time_t *pass_last_set_time)
{
struct trusted_dom_pass *pass;
@@ -302,7 +302,8 @@ BOOL secrets_fetch_trusted_domain_password(char *domain, char** pwd,
/************************************************************************
Routine to set the trust account password for a domain.
************************************************************************/
-BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16])
+
+BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
{
struct machine_acct_pass pass;
@@ -322,7 +323,7 @@ BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16])
* @return true if succeeded
**/
-BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_name,
+BOOL secrets_store_trusted_domain_password(const char* domain, smb_ucs2_t *uni_dom_name,
size_t uni_name_len, char* pwd,
DOM_SID sid)
{
@@ -353,7 +354,8 @@ BOOL secrets_store_trusted_domain_password(char* domain, smb_ucs2_t *uni_dom_nam
Routine to set the plaintext machine account password for a realm
the password is assumed to be a null terminated ascii string
************************************************************************/
-BOOL secrets_store_machine_password(char *pass)
+
+BOOL secrets_store_machine_password(const char *pass)
{
char *key;
BOOL ret;
@@ -394,6 +396,7 @@ BOOL trust_password_delete(const char *domain)
/************************************************************************
Routine to delete the password for trusted domain
************************************************************************/
+
BOOL trusted_domain_password_delete(const char *domain)
{
return secrets_delete(trustdom_keystr(domain));
@@ -602,7 +605,7 @@ BOOL secrets_named_mutex(const char *name, unsigned int timeout)
Unlock a named mutex.
*******************************************************************************/
-void secrets_named_mutex_release(char *name)
+void secrets_named_mutex_release(const char *name)
{
tdb_unlock_bystring(tdb, name);
DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name ));
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7b611922f6..0b5870b16c 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -303,6 +303,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
}
if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
+ DEBUG(1, ("load_group_domain_entries: pdb_enum_group_mapping() failed!\n"));
return NT_STATUS_NO_MEMORY;
}
@@ -311,6 +312,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
grp_array=(DISP_GROUP_INFO *)talloc(mem_ctx, info->disp_info.num_group_account*sizeof(DISP_GROUP_INFO));
if (group_entries!=0 && grp_array==NULL) {
+ DEBUG(1, ("load_group_domain_entries: talloc() failed for grp_array!\n"));
SAFE_FREE(map);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index 75a4319cb9..0e822ee7ad 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -122,7 +122,7 @@ static int process_options(int argc, char **argv, int local_flags)
local_flags |= LOCAL_INTERDOM_ACCOUNT;
break;
case 'j':
- d_printf("See 'net rpc join' for this functionality\n");
+ d_printf("See 'net join' for this functionality\n");
exit(1);
break;
case 'n':