summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_netlog_nt.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server/srv_netlog_nt.c')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c53
1 files changed, 38 insertions, 15 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index bdb064c81d..4ab9c470d0 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -26,8 +26,10 @@
#include "includes.h"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
+
extern pstring global_myname;
-extern DOM_SID global_sam_sid;
/*************************************************************************
init_net_r_req_chal:
@@ -150,7 +152,7 @@ NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_T
***********************************************************************************/
static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
- DOM_CRED *srv_cred, NTSTATUS status)
+ DOM_CRED *srv_cred, NTSTATUS status)
{
DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
@@ -378,7 +380,7 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u)
{
- NTSTATUS status = NT_STATUS_WRONG_PASSWORD;
+ NTSTATUS status = NT_STATUS_ACCESS_DENIED;
DOM_CRED srv_cred;
pstring workstation;
SAM_ACCOUNT *sampass=NULL;
@@ -395,8 +397,8 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
- rpcstr_pull(workstation,q_u->clnt_id.login.uni_acct_name.buffer,
- sizeof(workstation),q_u->clnt_id.login.uni_acct_name.uni_str_len*2,0);
+ rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer,
+ sizeof(workstation),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0);
DEBUG(3,("Server Password Set by Wksta:[%s] on account [%s]\n", workstation, p->dc.mach_acct));
@@ -656,14 +658,35 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
{
DOM_GID *gids = NULL;
+ const DOM_SID *user_sid = NULL;
+ const DOM_SID *group_sid = NULL;
+ DOM_SID domain_sid;
+ uint32 user_rid, group_rid;
+
int num_gids = 0;
pstring my_name;
- pstring my_workgroup;
-
+ fstring user_sid_string;
+ fstring group_sid_string;
+
+ sampw = server_info->sam_account;
+
/* set up pointer indicating user/password failed to be found */
usr_info->ptr_user_info = 0;
-
- pstrcpy(my_workgroup, lp_workgroup());
+
+ user_sid = pdb_get_user_sid(sampw);
+ group_sid = pdb_get_group_sid(sampw);
+
+ sid_copy(&domain_sid, user_sid);
+ sid_split_rid(&domain_sid, &user_rid);
+
+ if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
+ DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid %s\n but group sid %s.\nThe conflicting domain portions are not supported for NETLOGON calls\n",
+ pdb_get_domain(sampw), pdb_get_username(sampw),
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(group_sid_string, group_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
pstrcpy(my_name, global_myname);
strupper(my_name);
@@ -677,12 +700,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
gids = NULL;
get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
-
- sampw = server_info->sam_account;
init_net_user_info3(p->mem_ctx, usr_info,
- pdb_get_user_rid(sampw),
- pdb_get_group_rid(sampw),
+ user_rid,
+ group_rid,
pdb_get_username(sampw),
pdb_get_fullname(sampw),
@@ -704,8 +725,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
0x20 , /* uint32 user_flgs (?) */
NULL, /* uchar sess_key[16] */
my_name , /* char *logon_srv */
- my_workgroup, /* char *logon_dom */
- &global_sam_sid, /* DOM_SID *dom_sid */
+ pdb_get_domain(sampw),
+ &domain_sid, /* DOM_SID *dom_sid */
+ /* Should be users domain sid, not servers - for trusted domains */
+
NULL); /* char *other_sids */
}
free_server_info(&server_info);