summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_domain.c18
-rw-r--r--source3/libsmb/netlogon_unigrp.c24
-rw-r--r--source3/smbd/server.c3
3 files changed, 20 insertions, 25 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index e84d4e4724..704f600c66 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -324,7 +324,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
/* Store the user group information in the server_info returned to the caller. */
if (NT_STATUS_IS_OK(nt_status) && (info3.num_groups2 != 0)) {
- DOM_SID domain_sid;
int i;
NT_USER_TOKEN *ptok;
auth_serversupplied_info *pserver_info = *server_info;
@@ -346,21 +345,12 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
goto done;
}
- if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
- DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n"));
- nt_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- free_server_info(server_info);
- goto done;
- }
-
for (i = 0; i < ptok->num_sids; i++) {
- sid_copy(&ptok->user_sids[i], &domain_sid);
+ sid_copy(&ptok->user_sids[i], &info3.dom_sid.sid);
sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
}
- become_root();
uni_group_cache_store_netlogon(mem_ctx, &info3);
- unbecome_root();
}
#if 0
@@ -423,10 +413,9 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
return NT_STATUS_LOGON_FAILURE;
}
- become_root();
-
/*
* Get the machine account password for our primary domain
+ * No need to become_root() as secrets_init() is done at startup.
*/
if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time))
@@ -436,8 +425,6 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- unbecome_root();
-
/* Test if machine password is expired and need to be changed */
if (time(NULL) > last_change_time + lp_machine_password_timeout())
{
@@ -470,4 +457,3 @@ BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_m
(*auth_method)->auth = check_ntdomain_security;
return True;
}
-
diff --git a/source3/libsmb/netlogon_unigrp.c b/source3/libsmb/netlogon_unigrp.c
index 317a5bc3d0..d4063242f6 100644
--- a/source3/libsmb/netlogon_unigrp.c
+++ b/source3/libsmb/netlogon_unigrp.c
@@ -37,18 +37,24 @@ static TDB_CONTEXT *netlogon_unigrp_tdb = NULL;
array of uint32 where array[0] is number of elements
and elements are array[1] ... array[array[0]]
*/
+
+BOOL uni_group_cache_init(void)
+{
+ if (!netlogon_unigrp_tdb) {
+ netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
+ TDB_NOLOCK, O_RDWR | O_CREAT, 0644);
+ }
+
+ return (netlogon_unigrp_tdb != NULL);
+}
+
void uni_group_cache_store_netlogon(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
{
TDB_DATA key,data;
fstring keystr;
int i;
-
- if (!netlogon_unigrp_tdb) {
- netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
- TDB_NOLOCK, O_RDWR | O_CREAT, 0644);
- }
- if (!netlogon_unigrp_tdb) {
+ if (!uni_group_cache_init()) {
DEBUG(0,("uni_group_cache_store_netlogon: cannot open netlogon_unigrp.tdb for write!\n"));
return;
}
@@ -145,8 +151,8 @@ uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid,
/* Shutdown netlogon_unigrp database */
void uni_group_cache_shutdown(void)
{
- if(netlogon_unigrp_tdb) {
- tdb_close(netlogon_unigrp_tdb);
- }
+ if(netlogon_unigrp_tdb) {
+ tdb_close(netlogon_unigrp_tdb);
+ }
}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 492632e7ac..44002bfc94 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -556,6 +556,7 @@ static void init_structs(void )
init_dptrs();
secrets_init();
+
}
/****************************************************************************
@@ -841,6 +842,8 @@ static void usage(char *pname)
if(!initialize_password_db(False))
exit(1);
+ uni_group_cache_init(); /* Non-critical */
+
/* possibly reload the services file. */
reload_services(True);