diff options
Diffstat (limited to 'source3/rpc_server/srv_netlog_nt.c')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 53 |
1 files changed, 38 insertions, 15 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index bdb064c81d..4ab9c470d0 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -26,8 +26,10 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + extern pstring global_myname; -extern DOM_SID global_sam_sid; /************************************************************************* init_net_r_req_chal: @@ -150,7 +152,7 @@ NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_T ***********************************************************************************/ static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s, - DOM_CRED *srv_cred, NTSTATUS status) + DOM_CRED *srv_cred, NTSTATUS status) { DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__)); @@ -378,7 +380,7 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { - NTSTATUS status = NT_STATUS_WRONG_PASSWORD; + NTSTATUS status = NT_STATUS_ACCESS_DENIED; DOM_CRED srv_cred; pstring workstation; SAM_ACCOUNT *sampass=NULL; @@ -395,8 +397,8 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET * DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); - rpcstr_pull(workstation,q_u->clnt_id.login.uni_acct_name.buffer, - sizeof(workstation),q_u->clnt_id.login.uni_acct_name.uni_str_len*2,0); + rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer, + sizeof(workstation),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0); DEBUG(3,("Server Password Set by Wksta:[%s] on account [%s]\n", workstation, p->dc.mach_acct)); @@ -656,14 +658,35 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * { DOM_GID *gids = NULL; + const DOM_SID *user_sid = NULL; + const DOM_SID *group_sid = NULL; + DOM_SID domain_sid; + uint32 user_rid, group_rid; + int num_gids = 0; pstring my_name; - pstring my_workgroup; - + fstring user_sid_string; + fstring group_sid_string; + + sampw = server_info->sam_account; + /* set up pointer indicating user/password failed to be found */ usr_info->ptr_user_info = 0; - - pstrcpy(my_workgroup, lp_workgroup()); + + user_sid = pdb_get_user_sid(sampw); + group_sid = pdb_get_group_sid(sampw); + + sid_copy(&domain_sid, user_sid); + sid_split_rid(&domain_sid, &user_rid); + + if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) { + DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid %s\n but group sid %s.\nThe conflicting domain portions are not supported for NETLOGON calls\n", + pdb_get_domain(sampw), pdb_get_username(sampw), + sid_to_string(user_sid_string, user_sid), + sid_to_string(group_sid_string, group_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + pstrcpy(my_name, global_myname); strupper(my_name); @@ -677,12 +700,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * gids = NULL; get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account); - - sampw = server_info->sam_account; init_net_user_info3(p->mem_ctx, usr_info, - pdb_get_user_rid(sampw), - pdb_get_group_rid(sampw), + user_rid, + group_rid, pdb_get_username(sampw), pdb_get_fullname(sampw), @@ -704,8 +725,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * 0x20 , /* uint32 user_flgs (?) */ NULL, /* uchar sess_key[16] */ my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - &global_sam_sid, /* DOM_SID *dom_sid */ + pdb_get_domain(sampw), + &domain_sid, /* DOM_SID *dom_sid */ + /* Should be users domain sid, not servers - for trusted domains */ + NULL); /* char *other_sids */ } free_server_info(&server_info); |