diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2004-05-15 07:51:38 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:53:46 -0500 |
| commit | 064e7447bebd715c8351d9a0ee31f648990f2336 (patch) | |
| tree | 156925cd7c8d4616f0eca3a743b7323b3b0b23b7 /source4/auth/auth_sam.c | |
| parent | 31b9470996632d717c3c74482308e200906fdb8f (diff) | |
| download | samba-064e7447bebd715c8351d9a0ee31f648990f2336.tar.gz samba-064e7447bebd715c8351d9a0ee31f648990f2336.tar.bz2 samba-064e7447bebd715c8351d9a0ee31f648990f2336.zip | |
r743: Start on a NETLOGON server in Samba4.
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
(This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
Diffstat (limited to 'source4/auth/auth_sam.c')
| -rw-r--r-- | source4/auth/auth_sam.c | 47 |
1 files changed, 6 insertions, 41 deletions
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index d7e4e97826..f57afba425 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -187,16 +187,12 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, NTSTATUS nt_status; DATA_BLOB user_sess_key = data_blob(NULL, 0); DATA_BLOB lm_sess_key = data_blob(NULL, 0); - const uint8 *lm_pwd, *nt_pwd; - const char *unicodePwd; - struct samr_Hash lmPwdHash_u, ntPwdHash_u; - struct samr_Hash *lmPwdHash, *ntPwdHash; - uint_t num_lm, num_nt; + uint8 *lm_pwd, *nt_pwd; struct dom_sid *domain_sid; const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", - "sAMAcctFlags", + "userAccountControl", "pwdLastSet", "accountExpires", "objectSid", @@ -204,7 +200,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, NULL, }; - const char *domain_attrs[] = {NULL}; + const char *domain_attrs[] = {"name"}; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; @@ -270,40 +266,9 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_ACCOUNT_LOCKED_OUT; } - unicodePwd = samdb_result_string(msgs[0], "unicodePwd", NULL); - - if (unicodePwd) { - BOOL lm_hash_ok; - /* compute the new nt and lm hashes */ - lm_hash_ok = E_deshash(unicodePwd, lmPwdHash_u.hash); - E_md4hash(unicodePwd, ntPwdHash_u.hash); - - if (lm_hash_ok) { - lm_pwd = lmPwdHash_u.hash; - } else { - lm_pwd = NULL; - } - - nt_pwd = ntPwdHash_u.hash; - - } else { - num_lm = samdb_result_hashes(mem_ctx, msgs[0], "lmPwdHash", &lmPwdHash); - if (num_lm == 0) { - lm_pwd = NULL; - } else if (num_lm > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - lm_pwd = lmPwdHash[0].hash; - } - - num_nt = samdb_result_hashes(mem_ctx, msgs[0], "ntPwdHash", &ntPwdHash); - if (num_nt == 0) { - nt_pwd = NULL; - } else if (num_nt > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - nt_pwd = ntPwdHash[0].hash; - } + if (!NT_STATUS_IS_OK(nt_status = samdb_result_passwords(mem_ctx, msgs[0], + &lm_pwd, &nt_pwd))) { + return nt_status; } nt_status = sam_password_ok(auth_context, mem_ctx, |