From 064e7447bebd715c8351d9a0ee31f648990f2336 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 15 May 2004 07:51:38 +0000 Subject: r743: Start on a NETLOGON server in Samba4. Currently this only authentiates the machine, not real users. As a consequence of running the Samba4 NETLOGON test against Samba4, I found a number of issues in the SAMR server, which I have addressed. There are more templates in the provison.ldif for this reason. I also added some debug to our credentials code, and fixed some bugs in the auth_sam module. The static buffer in generate_random_string() bit me badly, so I removed it in favor of a talloc based system. Andrew Bartlett (This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0) --- source4/auth/auth_sam.c | 47 ++++++----------------------------------------- 1 file changed, 6 insertions(+), 41 deletions(-) (limited to 'source4/auth') diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c index d7e4e97826..f57afba425 100644 --- a/source4/auth/auth_sam.c +++ b/source4/auth/auth_sam.c @@ -187,16 +187,12 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, NTSTATUS nt_status; DATA_BLOB user_sess_key = data_blob(NULL, 0); DATA_BLOB lm_sess_key = data_blob(NULL, 0); - const uint8 *lm_pwd, *nt_pwd; - const char *unicodePwd; - struct samr_Hash lmPwdHash_u, ntPwdHash_u; - struct samr_Hash *lmPwdHash, *ntPwdHash; - uint_t num_lm, num_nt; + uint8 *lm_pwd, *nt_pwd; struct dom_sid *domain_sid; const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", - "sAMAcctFlags", + "userAccountControl", "pwdLastSet", "accountExpires", "objectSid", @@ -204,7 +200,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, NULL, }; - const char *domain_attrs[] = {NULL}; + const char *domain_attrs[] = {"name"}; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; @@ -270,40 +266,9 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, return NT_STATUS_ACCOUNT_LOCKED_OUT; } - unicodePwd = samdb_result_string(msgs[0], "unicodePwd", NULL); - - if (unicodePwd) { - BOOL lm_hash_ok; - /* compute the new nt and lm hashes */ - lm_hash_ok = E_deshash(unicodePwd, lmPwdHash_u.hash); - E_md4hash(unicodePwd, ntPwdHash_u.hash); - - if (lm_hash_ok) { - lm_pwd = lmPwdHash_u.hash; - } else { - lm_pwd = NULL; - } - - nt_pwd = ntPwdHash_u.hash; - - } else { - num_lm = samdb_result_hashes(mem_ctx, msgs[0], "lmPwdHash", &lmPwdHash); - if (num_lm == 0) { - lm_pwd = NULL; - } else if (num_lm > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - lm_pwd = lmPwdHash[0].hash; - } - - num_nt = samdb_result_hashes(mem_ctx, msgs[0], "ntPwdHash", &ntPwdHash); - if (num_nt == 0) { - nt_pwd = NULL; - } else if (num_nt > 1) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } else { - nt_pwd = ntPwdHash[0].hash; - } + if (!NT_STATUS_IS_OK(nt_status = samdb_result_passwords(mem_ctx, msgs[0], + &lm_pwd, &nt_pwd))) { + return nt_status; } nt_status = sam_password_ok(auth_context, mem_ctx, -- cgit