diff options
Diffstat (limited to 'source3/nsswitch')
| -rw-r--r-- | source3/nsswitch/winbindd_ads.c | 2 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_cm.c | 8 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_misc.c | 7 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_pam.c | 19 |
4 files changed, 20 insertions, 16 deletions
diff --git a/source3/nsswitch/winbindd_ads.c b/source3/nsswitch/winbindd_ads.c index f6fc3a8d6c..63dc90bc28 100644 --- a/source3/nsswitch/winbindd_ads.c +++ b/source3/nsswitch/winbindd_ads.c @@ -55,7 +55,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) /* the machine acct password might have change - fetch it every time */ SAFE_FREE(ads->auth.password); - ads->auth.password = secrets_fetch_machine_password(); + ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); if (primary_realm) { SAFE_FREE(ads->auth.realm); diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 706408901e..7502f3696b 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -853,7 +853,9 @@ CLI_POLICY_HND *cm_get_sam_group_handle(char *domain, DOM_SID *domain_sid, /* Get a handle on a netlogon pipe. This is a bit of a hack to re-use the netlogon pipe as no handle is returned. */ -NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_passwd, +NTSTATUS cm_get_netlogon_cli(const char *domain, + const unsigned char *trust_passwd, + uint32 sec_channel_type, struct cli_state **cli) { NTSTATUS result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; @@ -876,7 +878,7 @@ NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_pass DEBUG(0,("cm_get_netlogon_cli: mutex grab failed for %s\n", conn->controller)); } - result = cli_nt_setup_creds(conn->cli, get_sec_chan(), trust_passwd, &neg_flags, 2); + result = cli_nt_setup_creds(conn->cli, sec_channel_type, trust_passwd, &neg_flags, 2); if (got_mutex) secrets_named_mutex_release(lock_name); @@ -896,7 +898,7 @@ NTSTATUS cm_get_netlogon_cli(const char *domain, const unsigned char *trust_pass } /* Try again */ - result = cli_nt_setup_creds( conn->cli, get_sec_chan(),trust_passwd, &neg_flags, 2); + result = cli_nt_setup_creds( conn->cli, sec_channel_type,trust_passwd, &neg_flags, 2); if (got_mutex) secrets_named_mutex_release(lock_name); diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index 52889e85d4..fb56d0e657 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -34,13 +34,14 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat uchar trust_passwd[16]; int num_retries = 0; struct cli_state *cli; + uint32 sec_channel_type; DEBUG(3, ("[%5d]: check machine account\n", state->pid)); /* Get trust account password */ again: if (!secrets_fetch_trust_account_password( - lp_workgroup(), trust_passwd, NULL)) { + lp_workgroup(), trust_passwd, NULL, &sec_channel_type)) { result = NT_STATUS_INTERNAL_ERROR; goto done; } @@ -49,7 +50,7 @@ enum winbindd_result winbindd_check_machine_acct(struct winbindd_cli_state *stat the trust account password. */ /* Don't shut this down - it belongs to the connection cache code */ - result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); + result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, sec_channel_type, &cli); if (!NT_STATUS_IS_OK(result)) { DEBUG(3, ("could not open handle to NETLOGON pipe\n")); @@ -234,7 +235,7 @@ enum winbindd_result winbindd_netbios_name(struct winbindd_cli_state *state) return WINBINDD_OK; } -/* What's my name again? */ +/* Where can I find the privilaged pipe? */ enum winbindd_result winbindd_priv_pipe_dir(struct winbindd_cli_state *state) { diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index e49a95f4b8..2998372bd2 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -61,7 +61,7 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) fstring name_domain, name_user; unsigned char trust_passwd[16]; time_t last_change_time; - uint32 smb_uid_low; + uint32 sec_channel_type; NET_USER_INFO_3 info3; struct cli_state *cli = NULL; uchar chal[8]; @@ -111,21 +111,20 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) */ if (!secrets_fetch_trust_account_password( - lp_workgroup(), trust_passwd, &last_change_time)) { + lp_workgroup(), trust_passwd, &last_change_time, + &sec_channel_type)) { DEBUG(0, ("winbindd_pam_auth: could not fetch trust account " "password for domain %s\n", lp_workgroup())); result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; goto done; } - /* We really don't care what LUID we give the user. */ - - generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False); - ZERO_STRUCT(info3); /* Don't shut this down - it belongs to the connection cache code */ - result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, &cli); + result = cm_get_netlogon_cli(lp_workgroup(), trust_passwd, + sec_channel_type, + &cli); if (!NT_STATUS_IS_OK(result)) { DEBUG(3, ("could not open handle to NETLOGON pipe\n")); @@ -169,6 +168,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) NTSTATUS result; unsigned char trust_passwd[16]; time_t last_change_time; + uint32 sec_channel_type; NET_USER_INFO_3 info3; struct cli_state *cli = NULL; TALLOC_CTX *mem_ctx = NULL; @@ -256,7 +256,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) */ if (!secrets_fetch_trust_account_password ( - contact_domain, trust_passwd, &last_change_time)) { + contact_domain, trust_passwd, &last_change_time, + &sec_channel_type)) { DEBUG(0, ("winbindd_pam_auth: could not fetch trust account " "password for domain %s\n", contact_domain)); result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; @@ -266,7 +267,7 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) ZERO_STRUCT(info3); /* Don't shut this down - it belongs to the connection cache code */ - result = cm_get_netlogon_cli(contact_domain, trust_passwd, &cli); + result = cm_get_netlogon_cli(contact_domain, trust_passwd, sec_channel_type, &cli); if (!NT_STATUS_IS_OK(result)) { DEBUG(3, ("could not open handle to NETLOGON pipe (error: %s)\n", nt_errstr(result))); |