summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/auth_domain.c55
-rw-r--r--source4/auth/auth_sam.c8
2 files changed, 7 insertions, 56 deletions
diff --git a/source4/auth/auth_domain.c b/source4/auth/auth_domain.c
index 86669b9b30..6a968592bd 100644
--- a/source4/auth/auth_domain.c
+++ b/source4/auth/auth_domain.c
@@ -40,17 +40,6 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx,
struct netr_LogonSamLogon r;
struct netr_Authenticator auth, auth2;
struct netr_NetworkInfo ninfo;
- const char *machine_account;
- const char *password;
- struct ldb_context *ldb;
- int ldb_ret;
- struct ldb_message **msgs;
- const char *base_dn = SECRETS_PRIMARY_DOMAIN_DN;
- const char *attrs[] = {
- "secret",
- "samAccountName",
- NULL
- };
struct creds_CredentialState *creds;
struct cli_credentials *credentials;
@@ -63,50 +52,12 @@ static NTSTATUS domain_check_password(struct auth_method_context *ctx,
}
credentials = cli_credentials_init(mem_ctx);
+ status = cli_credentials_set_machine_account(credentials);
- /* Fetch join password */
-
- /* Local secrets are stored in secrets.ldb */
- ldb = secrets_db_connect(mem_ctx);
- if (!ldb) {
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
-
- /* search for the secret record */
- ldb_ret = samdb_search(ldb,
- mem_ctx, base_dn, &msgs, attrs,
- "(&(flatname=%s)(objectclass=primaryDomain))",
- lp_workgroup());
- if (ldb_ret == 0) {
- DEBUG(1, ("Could not find join record to domain: %s\n",
- lp_workgroup()));
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- } else if (ldb_ret != 1) {
- DEBUG(1, ("Found %d records matching flatname=%s under DN %s\n", ldb_ret,
- lp_workgroup(), base_dn));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- password = ldb_msg_find_string(msgs[0], "secret", NULL);
- if (!password) {
- DEBUG(1, ("Could not find 'secret' in join record to domain: %s\n",
- lp_workgroup()));
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
-
- machine_account = ldb_msg_find_string(msgs[0], "samAccountName", NULL);
- if (!machine_account) {
- DEBUG(1, ("Could not find 'samAccountName' in join record to domain: %s\n",
- lp_workgroup()));
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED);
- cli_credentials_set_username(credentials, machine_account, CRED_SPECIFIED);
- cli_credentials_set_password(credentials, password, CRED_SPECIFIED);
-
- cli_credentials_guess(credentials);
-
/* Connect to DC (take a binding string for now) */
status = dcerpc_parse_binding(mem_ctx, binding, &b);
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 2a2a437ded..b2aeff78d8 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -214,7 +214,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
if (domain_name) {
/* find the domain's DN */
- ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
+ ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
"(&(|(realm=%s)(name=%s))(objectclass=domain))",
domain_name, domain_name);
if (ret_domain == -1) {
@@ -237,7 +237,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
}
/* pull the user attributes */
- ret = samdb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs,
+ ret = gendb_search(sam_ctx, mem_ctx, domain_dn, &msgs, attrs,
"(&(sAMAccountName=%s)(objectclass=user))",
account_name);
if (ret == -1) {
@@ -264,7 +264,7 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, void *sam_ctx,
}
/* find the domain's DN */
- ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
+ ret_domain = gendb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
"(&(objectSid=%s)(objectclass=domain))",
domain_sid);
if (ret_domain == -1) {
@@ -360,7 +360,7 @@ static NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, void *sam_ctx,
uint_t rid;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- group_ret = samdb_search(sam_ctx,
+ group_ret = gendb_search(sam_ctx,
tmp_ctx, NULL, &group_msgs, group_attrs,
"(&(member=%s)(sAMAccountType=*))",
msgs[0]->dn);