From 6cc5e2edc1018a30b9ef16f2572849790ab490d1 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 11 Dec 2001 05:19:15 +0000 Subject: Modify winbindd to use authenticated user info from secrets.tdb when making IPC$ connections to domain controllers. (This used to be commit 1217ef28a6c18c085fcb2eac3bf04866c166d959) --- source3/nsswitch/winbindd_cm.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/winbindd_cm.c') diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 987b28e09c..31ab61a7de 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -182,6 +182,34 @@ static BOOL cm_get_dc_name(char *domain, fstring srv_name) return True; } +/* Choose between anonymous or authenticated connections. We need to use + an authenticated connection if DCs have the RestrictAnonymous registry + entry set > 0, or the "Additional restrictions for anonymous + connections" set in the win2k Local Security Policy. */ + +void cm_init_creds(struct ntuser_creds *creds) +{ + char *username, *password; + + ZERO_STRUCTP(creds); + + creds->pwd.null_pwd = True; /* anonymoose */ + + username = secrets_fetch(SECRETS_AUTH_USER, NULL); + password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); + + if (username && *username) { + pwd_set_cleartext(&creds->pwd, password); + + fstrcpy(creds->user_name, username); + fstrcpy(creds->domain, lp_workgroup()); + + DEBUG(3, ("IPC$ connections done %s\\%s\n", creds->domain, + creds->user_name)); + } else + DEBUG(3, ("IPC$ connections done anonymously\n")); +} + /* Open a new smb pipe connection to a DC on a given domain. Cache negative creation attempts so we don't try and connect to broken machines too often. */ @@ -257,8 +285,7 @@ static BOOL cm_open_connection(char *domain, char *pipe_name, make_nmb_name(&called, dns_to_netbios_name(new_conn->controller), 0x20); make_nmb_name(&calling, dns_to_netbios_name(global_myname), 0); - ZERO_STRUCT(creds); - creds.pwd.null_pwd = 1; + cm_init_creds(&creds); cli_init_creds(new_conn->cli, &creds); -- cgit