From ac29d6b310d612f52b6200b0bb5320d09fc66039 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Nov 2002 21:23:55 +0000 Subject: Small auth updates: - add static remove unnneded prototype - move become_root() to just around pdb calls, so as to make it easier to remove when we kill off this silly idea - Change auth_sam to do 'account before password' rather than 'password before account'. This means that we match Win2k in giving 'account disabled' instead of 'wrong password' if the wrong password to a disabled account is used. Andrew Bartlett (This used to be commit e6d2debaf6064c3229f41c06545a1ccb83695a77) --- source3/auth/auth_builtin.c | 2 -- source3/auth/auth_sam.c | 4 ++-- source3/auth/auth_util.c | 3 +++ source3/auth/auth_winbind.c | 8 +------- 4 files changed, 6 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index 09b9a36cdf..f55f662a40 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -42,9 +42,7 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, if (!(user_info->internal_username.str && *user_info->internal_username.str)) { - become_root(); nt_status = make_server_info_guest(server_info); - unbecome_root(); } return nt_status; diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 9fa33dccf6..02f8511d6a 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -393,6 +393,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_NO_SUCH_USER; } + nt_status = sam_account_ok(mem_ctx, sampass, user_info); + nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key); if (!NT_STATUS_IS_OK(nt_status)) { @@ -400,8 +402,6 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return nt_status; } - nt_status = sam_account_ok(mem_ctx, sampass, user_info); - if (!NT_STATUS_IS_OK(nt_status)) { pdb_free_sam(&sampass); return nt_status; diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 98b15f3fb6..5696b8f2dc 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -821,9 +821,12 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info) sid_copy(&guest_sid, get_global_sam_sid()); sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST); + become_root(); if (!pdb_getsampwsid(sampass, &guest_sid)) { + unbecome_root(); return NT_STATUS_NO_SUCH_USER; } + unbecome_root(); nt_status = make_server_info_sam(server_info, sampass); diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 10788721fd..c6a1727ebe 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -26,13 +26,7 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH -/* Prototypes from common.h */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response); - -NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3) +static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3) { uint8 *info3_ndr; size_t len = response->length - sizeof(response); -- cgit