diff options
author | Gerald Carter <jerry@samba.org> | 2003-06-28 08:29:42 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-06-28 08:29:42 +0000 |
commit | 8a6fc79ad8d9f1b6c4f604b173426bf821f98208 (patch) | |
tree | 6cfda8b5d1f1b94c9471c98b91277cd1e4b10500 /source3/auth/auth_domain.c | |
parent | b2fbc05c6bfd92354c8970c66581a32daaf6e6a3 (diff) | |
download | samba-8a6fc79ad8d9f1b6c4f604b173426bf821f98208.tar.gz samba-8a6fc79ad8d9f1b6c4f604b173426bf821f98208.tar.xz samba-8a6fc79ad8d9f1b6c4f604b173426bf821f98208.zip |
add check for NT_STATUS_NOT_IMPLEMENTED in auth check so that
map to guest = bad user works again when "trustdomain" is listed
as last auth method.
Also clean up some more DC location calls.
(This used to be commit 77a5b1032f39b8d20925721b719fdcfff910cb06)
Diffstat (limited to 'source3/auth/auth_domain.c')
-rw-r--r-- | source3/auth/auth_domain.c | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index df19a274fb..84453ac3b5 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -401,11 +401,12 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; - char *password_server; unsigned char trust_passwd[16]; time_t last_change_time; const char *domain = lp_workgroup(); uint32 sec_channel_type = 0; + fstring dc_name; + struct in_addr dc_ip; if (!user_info || !server_info || !auth_context) { DEBUG(1,("check_ntdomain_security: Critical variables not present. Failing.\n")); @@ -443,17 +444,15 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, } } - /* - * Treat each name in the 'password server =' line as a potential - * PDC/BDC. Contact each in turn and try and authenticate. - */ - - password_server = lp_passwordserver(); - + if ( !rpc_dc_name(user_info->domain.str, dc_name, &dc_ip) ) { + DEBUG(5,("check_trustdomain_security: unable to locate a DC for domain %s\n", + user_info->domain.str)); + return NT_STATUS_NO_LOGON_SERVERS; + } + nt_status = domain_client_validate(mem_ctx, user_info, domain, (uchar *)auth_context->challenge.data, - server_info, - password_server, global_myname(), sec_channel_type,trust_passwd, last_change_time); + server_info, dc_name, global_myname(), sec_channel_type,trust_passwd, last_change_time); return nt_status; } @@ -485,6 +484,8 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte char *trust_password; time_t last_change_time; DOM_SID sid; + fstring dc_name; + struct in_addr dc_ip; if (!user_info || !server_info || !auth_context) { DEBUG(1,("check_trustdomain_security: Critical variables not present. Failing.\n")); @@ -509,9 +510,15 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte if(strequal(lp_workgroup(), (user_info->domain.str))) { DEBUG(3,("check_trustdomain_security: Requested domain was for this domain.\n")); - return NT_STATUS_LOGON_FAILURE; + return NT_STATUS_NOT_IMPLEMENTED; } + /* no point is bothering if this is not a trusted domain */ + /* this return makes "map to guest = bad user" work again */ + + if ( !is_trusted_domain( user_info->domain.str ) ) + return NT_STATUS_NO_SUCH_USER; + /* * Get the trusted account password for the trusted domain * No need to become_root() as secrets_init() is done at startup. @@ -537,11 +544,17 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte } #endif + if ( !rpc_dc_name(user_info->domain.str, dc_name, &dc_ip) ) { + DEBUG(5,("check_trustdomain_security: unable to locate a DC for domain %s\n", + user_info->domain.str)); + return NT_STATUS_NO_LOGON_SERVERS; + } + nt_status = domain_client_validate(mem_ctx, user_info, user_info->domain.str, (uchar *)auth_context->challenge.data, - server_info, "*" /* Do a lookup */, - lp_workgroup(), SEC_CHAN_DOMAIN, trust_md4_password, last_change_time); - + server_info, dc_name, lp_workgroup(), + SEC_CHAN_DOMAIN, trust_md4_password, last_change_time); + return nt_status; } |