diff options
Diffstat (limited to 'source3/auth/auth_domain.c')
-rw-r--r-- | source3/auth/auth_domain.c | 101 |
1 files changed, 12 insertions, 89 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index b41848076d..8c6bb8908f 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -29,32 +29,6 @@ BOOL global_machine_password_needs_changing = False; extern pstring global_myname; extern userdom_struct current_user_info; -static char *mutex_server_name; - -static BOOL grab_server_mutex(const char *name) -{ - mutex_server_name = strdup(name); - if (!mutex_server_name) { - DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name)); - return False; - } - if (!message_named_mutex(name, 20)) { - DEBUG(10,("grab_server_mutex: failed for %s\n", name)); - SAFE_FREE(mutex_server_name); - return False; - } - - return True; -} - -static void release_server_mutex(void) -{ - if (mutex_server_name) { - message_named_mutex_release(mutex_server_name); - SAFE_FREE(mutex_server_name); - } -} - /** * Connect to a remote server for domain security authenticaion. * @@ -113,9 +87,10 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, logonserver. We can avoid a 30-second timeout if the DC is down if the SAMLOGON request fails as it is only over UDP. */ - /* we use a mutex to prevent two connections at once - when a NT PDC gets - two connections where one hasn't completed a negprot yet it will send a - TCP reset to the first connection (tridge) */ + /* we use a mutex to prevent two connections at once - when a + Win2k PDC get two connections where one hasn't completed a + session setup yet it will send a TCP reset to the first + connection (tridge) */ /* * With NT4.x DC's *all* authentication must be serialized to avoid @@ -307,14 +282,13 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, auth_serversupplied_info **server_info, char *server, char *setup_creds_as, uint16 sec_chan, - unsigned char *trust_passwd, + unsigned char trust_passwd[16], time_t last_change_time) { fstring remote_machine; NET_USER_INFO_3 info3; struct cli_state *cli = NULL; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct passwd *pass; /* * At this point, smb_apasswd points to the lanman response to @@ -358,63 +332,14 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, user_info->domain.str, cli->srv_name_slash, nt_errstr(nt_status))); } else { - char *dom_user; - - /* Check DOMAIN\username first to catch winbind users, then - just the username for local users. */ + nt_status = make_server_info_info3(mem_ctx, domain, server_info, &info3); +#if 0 + /* The stuff doesn't work right yet */ + SMB_ASSERT(sizeof((*server_info)->session_key) == sizeof(info3.user_sess_key)); + memcpy((*server_info)->session_key, info3.user_sess_key, sizeof((*server_info)->session_key)/* 16 */); + SamOEMhash((*server_info)->session_key, trust_passwd, sizeof((*server_info)->session_key)); +#endif - dom_user = talloc_asprintf(mem_ctx, "%s%s%s", user_info->domain.str, - lp_winbind_separator(), - user_info->internal_username.str); - - if (!dom_user) { - DEBUG(0, ("talloc_asprintf failed!\n")); - nt_status = NT_STATUS_NO_MEMORY; - } else { - - if (!(pass = Get_Pwnam(dom_user))) - pass = Get_Pwnam(user_info->internal_username.str); - - if (pass) { - make_server_info_pw(server_info, pass); - if (!server_info) { - nt_status = NT_STATUS_NO_MEMORY; - } - } else { - nt_status = NT_STATUS_NO_SUCH_USER; - } - } - } - - /* Store the user group information in the server_info returned to the caller. */ - - if (NT_STATUS_IS_OK(nt_status) && (info3.num_groups2 != 0)) { - int i; - NT_USER_TOKEN *ptok; - auth_serversupplied_info *pserver_info = *server_info; - - if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) { - DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n")); - nt_status = NT_STATUS_NO_MEMORY; - free_server_info(server_info); - goto done; - } - - ptok = pserver_info->ptok; - ptok->num_sids = (size_t)info3.num_groups2; - - if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) { - DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n")); - nt_status = NT_STATUS_NO_MEMORY; - free_server_info(server_info); - goto done; - } - - for (i = 0; i < ptok->num_sids; i++) { - sid_copy(&ptok->user_sids[i], &info3.dom_sid.sid); - sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid); - } - uni_group_cache_store_netlogon(mem_ctx, &info3); } @@ -434,8 +359,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, } #endif /* 0 */ - done: - /* Note - once the cli stream is shutdown the mem_ctx used to allocate the other_sids and gids structures has been deleted - so these pointers are no longer valid..... */ |