diff options
Diffstat (limited to 'source3/smbd/sesssetup.c')
| -rw-r--r-- | source3/smbd/sesssetup.c | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index b9af720008..77f93812dd 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -160,12 +160,12 @@ static int reply_spnego_kerberos(connection_struct *conn, ads_destroy(&ads); /* the password is good - let them in */ - pw = Get_Pwnam(user); + pw = smb_getpwnam(user,False); if (!pw && !strstr(user, lp_winbind_separator())) { char *user2; /* try it with a winbind domain prefix */ asprintf(&user2, "%s%s%s", lp_workgroup(), lp_winbind_separator(), user); - pw = Get_Pwnam(user2); + pw = smb_getpwnam(user2,False); if (pw) { free(user); user = user2; @@ -177,9 +177,9 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_NO_SUCH_USER); } - if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info,pw))) { + if (!make_server_info_pw(&server_info,pw)) { DEBUG(1,("make_server_info_from_pw failed!\n")); - return ERROR_NT(ret); + return ERROR_NT(NT_STATUS_NO_MEMORY); } sess_vuid = register_vuid(server_info, user); @@ -294,6 +294,8 @@ static int reply_spnego_negotiate(connection_struct *conn, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } + DEBUG(3,("Got neg_flags=0x%08x\n", neg_flags)); + debug_ntlmssp_flags(neg_flags); if (ntlmssp_auth_context) { @@ -322,12 +324,12 @@ static int reply_spnego_negotiate(connection_struct *conn, "U", lp_workgroup()); - fstrcpy(dnsdomname, (SEC_ADS == lp_security())?lp_realm():""); + fstrcpy(dnsdomname, lp_realm()); strlower(dnsdomname); fstrcpy(dnsname, global_myname); fstrcat(dnsname, "."); - fstrcat(dnsname, dnsdomname); + fstrcat(dnsname, lp_realm()); strlower(dnsname); msrpc_gen(&struct_blob, "aaaaa", @@ -439,14 +441,14 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf, auth_flags |= AUTH_FLAG_NTLM_RESP; } else if (nthash.length > 24) { auth_flags |= AUTH_FLAG_NTLMv2_RESP; - }; - - nt_status = make_user_info_map(&user_info, user, workgroup, machine, - lmhash, nthash, plaintext_password, - auth_flags, True); + } - /* it looks a bit weird, but this function returns int type... */ - if (!NT_STATUS_IS_OK(nt_status)) { + if (!make_user_info_map(&user_info, + user, workgroup, + machine, + lmhash, nthash, + plaintext_password, + auth_flags, True)) { return ERROR_NT(NT_STATUS_NO_MEMORY); } @@ -621,7 +623,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, NTSTATUS nt_status; BOOL doencrypt = global_encrypted_passwords_negotiated; - + START_PROFILE(SMBsesssetupX); ZERO_STRUCT(lm_resp); @@ -734,7 +736,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, /* don't allow for weird usernames or domains */ alpha_strcpy(user, user, ". _-$", sizeof(user)); - alpha_strcpy(domain, domain, ". _-@", sizeof(domain)); + alpha_strcpy(domain, domain, ". _-", sizeof(domain)); if (strstr(user, "..") || strstr(domain,"..")) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -776,9 +778,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, nt_status = check_guest_password(&server_info); } else if (doencrypt) { - nt_status = make_user_info_for_reply_enc(&user_info, user, domain, - lm_resp, nt_resp); - if (NT_STATUS_IS_OK(nt_status)) { + if (!make_user_info_for_reply_enc(&user_info, + user, domain, + lm_resp, nt_resp)) { + nt_status = NT_STATUS_NO_MEMORY; + } else { nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, user_info, &server_info); |