diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-03-23 01:30:43 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:11:12 -0500 |
| commit | 79f6bcd5ae1711075ce0e75392ce83a72766698e (patch) | |
| tree | eb7928570c6843880253d0ce053957b1a17d0fcb /source4/auth/auth_domain.c | |
| parent | 9b48673ad9ed5cf2019df7111fe6ef89ad57573d (diff) | |
| download | samba-79f6bcd5ae1711075ce0e75392ce83a72766698e.tar.gz samba-79f6bcd5ae1711075ce0e75392ce83a72766698e.tar.bz2 samba-79f6bcd5ae1711075ce0e75392ce83a72766698e.zip | |
r5988: Fix the -P option (use machine account credentials) to use the Samba4
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
Diffstat (limited to 'source4/auth/auth_domain.c')
| -rw-r--r-- | source4/auth/auth_domain.c | 55 |
1 files changed, 3 insertions, 52 deletions
diff --git a/source4/auth/auth_domain.c b/source4/auth/auth_domain.c index 86669b9b30..6a968592bd 100644 --- a/source4/auth/auth_domain.c +++ b/source4/auth/auth_domain.c @@ -40,17 +40,6 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx, struct netr_LogonSamLogon r; struct netr_Authenticator auth, auth2; struct netr_NetworkInfo ninfo; - const char *machine_account; - const char *password; - struct ldb_context *ldb; - int ldb_ret; - struct ldb_message **msgs; - const char *base_dn = SECRETS_PRIMARY_DOMAIN_DN; - const char *attrs[] = { - "secret", - "samAccountName", - NULL - }; struct creds_CredentialState *creds; struct cli_credentials *credentials; @@ -63,50 +52,12 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx, } credentials = cli_credentials_init(mem_ctx); + status = cli_credentials_set_machine_account(credentials); - /* Fetch join password */ - - /* Local secrets are stored in secrets.ldb */ - ldb = secrets_db_connect(mem_ctx); - if (!ldb) { - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } - - /* search for the secret record */ - ldb_ret = samdb_search(ldb, - mem_ctx, base_dn, &msgs, attrs, - "(&(flatname=%s)(objectclass=primaryDomain))", - lp_workgroup()); - if (ldb_ret == 0) { - DEBUG(1, ("Could not find join record to domain: %s\n", - lp_workgroup())); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } else if (ldb_ret != 1) { - DEBUG(1, ("Found %d records matching flatname=%s under DN %s\n", ldb_ret, - lp_workgroup(), base_dn)); - return NT_STATUS_INTERNAL_ERROR; - } - - password = ldb_msg_find_string(msgs[0], "secret", NULL); - if (!password) { - DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n", - lp_workgroup())); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } - - machine_account = ldb_msg_find_string(msgs[0], "samAccountName", NULL); - if (!machine_account) { - DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n", - lp_workgroup())); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + if (!NT_STATUS_IS_OK(status)) { + return status; } - cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED); - cli_credentials_set_username(credentials, machine_account, CRED_SPECIFIED); - cli_credentials_set_password(credentials, password, CRED_SPECIFIED); - - cli_credentials_guess(credentials); - /* Connect to DC (take a binding string for now) */ status = dcerpc_parse_binding(mem_ctx, binding, &b); |