diff options
-rw-r--r-- | source3/auth/auth_domain.c | 18 | ||||
-rw-r--r-- | source3/libsmb/netlogon_unigrp.c | 24 | ||||
-rw-r--r-- | source3/smbd/server.c | 3 |
3 files changed, 20 insertions, 25 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index e84d4e4724..704f600c66 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -324,7 +324,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, /* Store the user group information in the server_info returned to the caller. */ if (NT_STATUS_IS_OK(nt_status) && (info3.num_groups2 != 0)) { - DOM_SID domain_sid; int i; NT_USER_TOKEN *ptok; auth_serversupplied_info *pserver_info = *server_info; @@ -346,21 +345,12 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, goto done; } - if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) { - DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n")); - nt_status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - free_server_info(server_info); - goto done; - } - for (i = 0; i < ptok->num_sids; i++) { - sid_copy(&ptok->user_sids[i], &domain_sid); + sid_copy(&ptok->user_sids[i], &info3.dom_sid.sid); sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid); } - become_root(); uni_group_cache_store_netlogon(mem_ctx, &info3); - unbecome_root(); } #if 0 @@ -423,10 +413,9 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, return NT_STATUS_LOGON_FAILURE; } - become_root(); - /* * Get the machine account password for our primary domain + * No need to become_root() as secrets_init() is done at startup. */ if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time)) @@ -436,8 +425,6 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } - unbecome_root(); - /* Test if machine password is expired and need to be changed */ if (time(NULL) > last_change_time + lp_machine_password_timeout()) { @@ -470,4 +457,3 @@ BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_m (*auth_method)->auth = check_ntdomain_security; return True; } - diff --git a/source3/libsmb/netlogon_unigrp.c b/source3/libsmb/netlogon_unigrp.c index 317a5bc3d0..d4063242f6 100644 --- a/source3/libsmb/netlogon_unigrp.c +++ b/source3/libsmb/netlogon_unigrp.c @@ -37,18 +37,24 @@ static TDB_CONTEXT *netlogon_unigrp_tdb = NULL; array of uint32 where array[0] is number of elements and elements are array[1] ... array[array[0]] */ + +BOOL uni_group_cache_init(void) +{ + if (!netlogon_unigrp_tdb) { + netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0, + TDB_NOLOCK, O_RDWR | O_CREAT, 0644); + } + + return (netlogon_unigrp_tdb != NULL); +} + void uni_group_cache_store_netlogon(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user) { TDB_DATA key,data; fstring keystr; int i; - - if (!netlogon_unigrp_tdb) { - netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0, - TDB_NOLOCK, O_RDWR | O_CREAT, 0644); - } - if (!netlogon_unigrp_tdb) { + if (!uni_group_cache_init()) { DEBUG(0,("uni_group_cache_store_netlogon: cannot open netlogon_unigrp.tdb for write!\n")); return; } @@ -145,8 +151,8 @@ uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid, /* Shutdown netlogon_unigrp database */ void uni_group_cache_shutdown(void) { - if(netlogon_unigrp_tdb) { - tdb_close(netlogon_unigrp_tdb); - } + if(netlogon_unigrp_tdb) { + tdb_close(netlogon_unigrp_tdb); + } } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 492632e7ac..44002bfc94 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -556,6 +556,7 @@ static void init_structs(void ) init_dptrs(); secrets_init(); + } /**************************************************************************** @@ -841,6 +842,8 @@ static void usage(char *pname) if(!initialize_password_db(False)) exit(1); + uni_group_cache_init(); /* Non-critical */ + /* possibly reload the services file. */ reload_services(True); |