summaryrefslogtreecommitdiff
path: root/source4/auth/auth_sam.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-05-15 07:51:38 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:53:46 -0500
commit064e7447bebd715c8351d9a0ee31f648990f2336 (patch)
tree156925cd7c8d4616f0eca3a743b7323b3b0b23b7 /source4/auth/auth_sam.c
parent31b9470996632d717c3c74482308e200906fdb8f (diff)
downloadsamba-064e7447bebd715c8351d9a0ee31f648990f2336.tar.gz
samba-064e7447bebd715c8351d9a0ee31f648990f2336.tar.bz2
samba-064e7447bebd715c8351d9a0ee31f648990f2336.zip
r743: Start on a NETLOGON server in Samba4.
Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
Diffstat (limited to 'source4/auth/auth_sam.c')
-rw-r--r--source4/auth/auth_sam.c47
1 files changed, 6 insertions, 41 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index d7e4e97826..f57afba425 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -187,16 +187,12 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
NTSTATUS nt_status;
DATA_BLOB user_sess_key = data_blob(NULL, 0);
DATA_BLOB lm_sess_key = data_blob(NULL, 0);
- const uint8 *lm_pwd, *nt_pwd;
- const char *unicodePwd;
- struct samr_Hash lmPwdHash_u, ntPwdHash_u;
- struct samr_Hash *lmPwdHash, *ntPwdHash;
- uint_t num_lm, num_nt;
+ uint8 *lm_pwd, *nt_pwd;
struct dom_sid *domain_sid;
const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash",
- "sAMAcctFlags",
+ "userAccountControl",
"pwdLastSet",
"accountExpires",
"objectSid",
@@ -204,7 +200,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
NULL,
};
- const char *domain_attrs[] = {NULL};
+ const char *domain_attrs[] = {"name"};
if (!user_info || !auth_context) {
return NT_STATUS_UNSUCCESSFUL;
@@ -270,40 +266,9 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
- unicodePwd = samdb_result_string(msgs[0], "unicodePwd", NULL);
-
- if (unicodePwd) {
- BOOL lm_hash_ok;
- /* compute the new nt and lm hashes */
- lm_hash_ok = E_deshash(unicodePwd, lmPwdHash_u.hash);
- E_md4hash(unicodePwd, ntPwdHash_u.hash);
-
- if (lm_hash_ok) {
- lm_pwd = lmPwdHash_u.hash;
- } else {
- lm_pwd = NULL;
- }
-
- nt_pwd = ntPwdHash_u.hash;
-
- } else {
- num_lm = samdb_result_hashes(mem_ctx, msgs[0], "lmPwdHash", &lmPwdHash);
- if (num_lm == 0) {
- lm_pwd = NULL;
- } else if (num_lm > 1) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else {
- lm_pwd = lmPwdHash[0].hash;
- }
-
- num_nt = samdb_result_hashes(mem_ctx, msgs[0], "ntPwdHash", &ntPwdHash);
- if (num_nt == 0) {
- nt_pwd = NULL;
- } else if (num_nt > 1) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- } else {
- nt_pwd = ntPwdHash[0].hash;
- }
+ if (!NT_STATUS_IS_OK(nt_status = samdb_result_passwords(mem_ctx, msgs[0],
+ &lm_pwd, &nt_pwd))) {
+ return nt_status;
}
nt_status = sam_password_ok(auth_context, mem_ctx,