2025-03-07 00:58:40 +03:00 · 2001-05-17 06:08:49 +00:00 · 2001-05-17 06:08:49 +00:00 · 2d27d8c720
commit 2d27d8c720
parent 89de0c46ad
4 changed files with 35 additions and 48 deletions
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@ -368,10 +368,17 @@ WINBINDD_OBJ1 = \
 		nsswitch/winbindd_sid.o   \
 		nsswitch/winbindd_misc.o
 UNECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ = \
 		smbd/password.o smbd/session.o smbd/uid.o smbd/sec_ctx.o \
 		rpc_client/cli_netlogon.o rpc_client/cli_login.o \
 		smbd/chgpasswd.o
 WINBINDD_OBJ = \
 		$(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \
 		$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
-		$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(GROUPDB_OBJ)
+		$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
 		$(GROUPDB_OBJ) \
 		$(UNECESSARY_BECAUSE_SAMBA_DEPENDENCIES_ARE_SO_BROKEN_OBJ)
 WBINFO_OBJ = nsswitch/wbinfo.o
@ -407,6 +414,8 @@ debug2html : CHECK bin/debug2html
 smbfilter : CHECK bin/smbfilter
 nsswitch : CHECK $(WINBIND_PROGS)
 .SUFFIXES:
 .SUFFIXES: .c .o .po .po32 .lo
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@ -50,56 +50,33 @@ static void parse_domain_user(char *domuser, fstring domain, fstring user)
 enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) 
 {
-	NET_USER_INFO_3 info3;
+	BOOL result, user_exists;
 	uchar ntpw[16];
 	uchar lmpw[16];
 	uchar trust_passwd[16];
 	uint32 status;
 	fstring server;
 	fstring name_domain, name_user;
-	extern pstring global_myname;
+	int passlen;
 	DEBUG(3, ("[%5d]: pam auth %s\n", state->pid,
 		  state->request.data.auth.user));
 	/* Parse domain and username */
 	parse_domain_user(state->request.data.auth.user, name_domain, 
                          name_user);
 	/* don't allow the null domain */
 	if (strcmp(name_domain,"") == 0) return WINBINDD_ERROR;
-	ZERO_STRUCT(info3);
+	if (strcmp(name_domain,"") == 0) 
 	if (!_get_trust_account_password(lp_workgroup(), trust_passwd, NULL)) {
            DEBUG(1, ("could not get trust password for domain %s\n",
                      name_domain));
 		return WINBINDD_ERROR;
        }
-	nt_lm_owf_gen(state->request.data.auth.pass, ntpw, lmpw);
+	passlen = strlen(state->request.data.auth.pass);
-	slprintf(server, sizeof(server), "\\\\%s", server_state.controller);
+	result = domain_client_validate(name_user, name_domain,
 					state->request.data.auth.pass,
 					passlen,
 					state->request.data.auth.pass,
 					passlen, &user_exists, 
 					server_state.controller);
-#if 0
+	return result ? WINBINDD_OK : WINBINDD_ERROR;
 	/* XXX */
 	status = domain_client_validate_backend(server, 
 						name_user, name_domain,
 						global_myname, SEC_CHAN_WKSTA,
 						trust_passwd,
 						NULL,
 						lmpw, sizeof(lmpw),
 						ntpw, sizeof(ntpw), &info3);
 #else
 	status = NT_STATUS_UNSUCCESSFUL;
 #endif
 	if (status != NT_STATUS_NOPROBLEMO) return WINBINDD_ERROR;
 	return WINBINDD_OK;
 }
 /* Change a user password */
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@ -1416,8 +1416,6 @@ static BOOL attempt_connect_to_dc(struct cli_state *pcli, struct in_addr *ip, un
  return connect_to_domain_password_server(pcli, dc_name, trust_passwd);
 }
 /***********************************************************************
 We have been asked to dynamcially determine the IP addresses of
 the PDC and BDC's for this DOMAIN, and query them in turn.
@ -1491,17 +1489,16 @@ static BOOL find_connect_pdc(struct cli_state *pcli, unsigned char *trust_passwd
 	return connected_ok;
 }
 /***********************************************************************
 Do the same as security=server, but using NT Domain calls and a session
- key from the machine password.
+ key from the machine password.  If the server parameter is specified
 use it, otherwise figure out a server from the 'password server' param.
 ************************************************************************/
 BOOL domain_client_validate( char *user, char *domain, 
                             char *smb_apasswd, int smb_apasslen, 
                             char *smb_ntpasswd, int smb_ntpasslen,
-                             BOOL *user_exists)
+                             BOOL *user_exists, char *server)
 {
  unsigned char local_challenge[8];
  unsigned char local_lm_response[24];
@ -1541,7 +1538,7 @@ BOOL domain_client_validate( char *user, char *domain,
     * Not encrypted - do so.
     */
-    DEBUG(3,("domain_client_validate: User passwords not in encrypted format.\n"));
+    DEBUG(5,("domain_client_validate: User passwords not in encrypted format.\n"));
    generate_random_buffer( local_challenge, 8, False);
    SMBencrypt( (uchar *)smb_apasswd, local_challenge, local_lm_response);
    SMBNTencrypt((uchar *)smb_ntpasswd, local_challenge, local_nt_response);
@ -1586,9 +1583,13 @@ BOOL domain_client_validate( char *user, char *domain,
   * PDC/BDC. Contact each in turn and try and authenticate.
   */
  if (server) {
 	  p = server;
  } else {
 	  pserver = lp_passwordserver();
 	  if (! *pserver) pserver = "*";
 	  p = pserver;
  }
  while (!connected_ok &&
 	 next_token(&p,remote_machine,LIST_SEP,sizeof(remote_machine))) {
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@ -616,7 +616,7 @@ static BOOL check_domain_security(char *orig_user, char *domain, char *unix_user
  ret = domain_client_validate(orig_user, domain,
                                smb_apasswd, smb_apasslen,
                                smb_ntpasswd, smb_ntpasslen,
-                                &user_exists);
+                                &user_exists, NULL);
  if(ret) {
    /*