summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-06-15 11:40:25 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-06-15 11:40:25 +0000
commit843a467f21b48c5fc77c6c2d2db6553e5066a0c5 (patch)
tree058d33c6a4183c65433d6d0bc9da5252cca4d6e5 /source3
parent0142f472994fab45f683a08b2fa91f8be481ac5f (diff)
downloadsamba-843a467f21b48c5fc77c6c2d2db6553e5066a0c5.tar.gz
samba-843a467f21b48c5fc77c6c2d2db6553e5066a0c5.tar.bz2
samba-843a467f21b48c5fc77c6c2d2db6553e5066a0c5.zip
Update the netlogon code to better cope with trusted domains, where things
like the domain name and SID come from the remote domain, not the local one. These are filled out by the code from the previous commit (auth_util.c, the make_server_info_info3() fn) and read back here. Andrew Bartlett (This used to be commit 6872de2e5b27fd2de61ed14c85475a0eacd637ca)
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c39
1 files changed, 29 insertions, 10 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 9b917cdda5..49b9fcd0f2 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -655,14 +655,35 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
{
DOM_GID *gids = NULL;
+ const DOM_SID *user_sid = NULL;
+ const DOM_SID *group_sid = NULL;
+ DOM_SID domain_sid;
+ uint32 user_rid, group_rid;
+
int num_gids = 0;
pstring my_name;
- pstring my_workgroup;
-
+ fstring user_sid_string;
+ fstring group_sid_string;
+
+ sampw = server_info->sam_account;
+
/* set up pointer indicating user/password failed to be found */
usr_info->ptr_user_info = 0;
-
- pstrcpy(my_workgroup, lp_workgroup());
+
+ user_sid = pdb_get_user_sid(sampw);
+ group_sid = pdb_get_group_sid(sampw);
+
+ sid_copy(&domain_sid, user_sid);
+ sid_split_rid(&domain_sid, &user_rid);
+
+ if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
+ DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid %s\n but group sid %s.\nThe conflicting domain portions are not supported for NETLOGON calls\n",
+ pdb_get_domain(sampw), pdb_get_username(sampw),
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(group_sid_string, group_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
pstrcpy(my_name, global_myname);
strupper(my_name);
@@ -676,12 +697,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
gids = NULL;
get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
-
- sampw = server_info->sam_account;
init_net_user_info3(p->mem_ctx, usr_info,
- pdb_get_user_rid(sampw),
- pdb_get_group_rid(sampw),
+ user_rid,
+ group_rid,
pdb_get_username(sampw),
pdb_get_fullname(sampw),
@@ -703,8 +722,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
0x20 , /* uint32 user_flgs (?) */
NULL, /* uchar sess_key[16] */
my_name , /* char *logon_srv */
- my_workgroup, /* char *logon_dom */
- get_global_sam_sid(), /* DOM_SID *dom_sid */
+ pdb_get_domain(sampw),
+ &domain_sid, /* DOM_SID *dom_sid */
/* Should be users domain sid, not servers - for trusted domains */
NULL); /* char *other_sids */