diff options
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/auth_domain.c | 55 | ||||
-rw-r--r-- | source4/auth/auth_sam.c | 8 |
2 files changed, 7 insertions, 56 deletions
diff --git a/source4/auth/auth_domain.c b/source4/auth/auth_domain.c index 86669b9b30..6a968592bd 100644 --- a/source4/auth/auth_domain.c +++ b/source4/auth/auth_domain.c @@ -40,17 +40,6 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx, struct netr_LogonSamLogon r; struct netr_Authenticator auth, auth2; struct netr_NetworkInfo ninfo; - const char *machine_account; - const char *password; - struct ldb_context *ldb; - int ldb_ret; - struct ldb_message **msgs; - const char *base_dn = SECRETS_PRIMARY_DOMAIN_DN; - const char *attrs[] = { - "secret", - "samAccountName", - NULL - }; struct creds_CredentialState *creds; struct cli_credentials *credentials; @@ -63,50 +52,12 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx, } credentials = cli_credentials_init(mem_ctx); + status = cli_credentials_set_machine_account(credentials); - /* Fetch join password */ - - /* Local secrets are stored in secrets.ldb */ - ldb = secrets_db_connect(mem_ctx); - if (!ldb) { - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } - - /* search for the secret record */ - ldb_ret = samdb_search(ldb, - mem_ctx, base_dn, &msgs, attrs, - "(&(flatname=%s)(objectclass=primaryDomain))", - lp_workgroup()); - if (ldb_ret == 0) { - DEBUG(1, ("Could not find join record to domain: %s\n", - lp_workgroup())); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } else if (ldb_ret != 1) { - DEBUG(1, ("Found %d records matching flatname=%s under DN %s\n", ldb_ret, - lp_workgroup(), base_dn)); - return NT_STATUS_INTERNAL_ERROR; - } - - password = ldb_msg_find_string(msgs[0], "secret", NULL); - if (!password) { - DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n", - lp_workgroup())); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } - - machine_account = ldb_msg_find_string(msgs[0], "samAccountName", NULL); - if (!machine_account) { - DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n", - lp_workgroup())); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + if (!NT_STATUS_IS_OK(status)) { + return status; } - cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED); - cli_credentials_set_username(credentials, machine_account, CRED_SPECIFIED); - cli_credentials_set_password(credentials, password, CRED_SPECIFIED); - - cli_credentials_guess(credentials); - /* Connect to DC (take a binding string for now) */ status = dcerpc_parse_binding(mem_ctx, binding, &b); diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index 2a2a437ded..b2aeff78d8 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -214,7 +214,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx, if (domain_name) { /* find the domain's DN */ - ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs, + ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs, "(&(|(realm=%s)(name=%s))(objectclass=domain))", domain_name, domain_name); if (ret_domain == -1) { @@ -237,7 +237,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx, } /* pull the user attributes */ - ret = samdb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs, + ret = gendb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs, "(&(sAMAccountName=%s)(objectclass=user))", account_name); if (ret == -1) { @@ -264,7 +264,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx, } /* find the domain's DN */ - ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs, + ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs, "(&(objectSid=%s)(objectclass=domain))", domain_sid); if (ret_domain == -1) { @@ -360,7 +360,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, void *sam_ctx, uint_t rid; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - group_ret = samdb_search(sam_ctx, + group_ret = gendb_search(sam_ctx, tmp_ctx, NULL, &group_msgs, group_attrs, "(&(member=%s)(sAMAccountType=*))", msgs[0]->dn); |