Update of DCE/DFS Authentication in passdb/pass_check.c

[Karsten Muuss]

Hi,
I fixed the DCE/DFS authentication code to reflect some changes
in recent releases (>2.0.3) of SAMBA source code.

Current SAMBA won't compile successfully with DFS support.

Please include this patch to your current distribution as soon as
possible 
I already got some mails from people who told me that DFS support is
broken.
 
Karsten
-------------- next part --------------
--- pass_check.c	Wed Jul 21 03:25:12 1999
+++ pass_check.c	Mon Sep 25 12:36:12 2000
@@ -197,7 +197,7 @@
 	error_status_t err;
 	int err2;
 	int prterr;
-	signed32 expire_time, current_time;
+	time_t expire_time, current_time;
 	boolean32 password_reset;
 	struct passwd *pw;
 	sec_passwd_rec_t passwd_rec;
@@ -235,12 +235,19 @@
 		return(False);
 	}
 
-	sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
-	if (err != error_status_ok) {
-		dce_error_inq_text(err, dce_errstr, &err2);
-		DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
-		
-		return(False);
+	{ signed32 id_expire = 0;
+	/*
+	 * DCE expire time is a 32-bit signed integer
+	 * this will rise some problems in the year 2038.
+	 */
+		sec_login_get_expiration(my_dce_sec_context, &id_expire, &err);
+		if (err != error_status_ok) {
+			dce_error_inq_text(err, dce_errstr, &err2);
+			DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
+			
+			return(False);
+		}
+		expire_time = id_expire;
 	}
   
 	time(&current_time);
@@ -333,18 +340,8 @@
 	
 	egid = getegid();
 
-	if (set_effective_gid(pw->pw_gid) != 0) {
-		DEBUG(0,("Can't set egid to %d (%s)\n", 
-			 pw->pw_gid, strerror(errno)));
-		return False;
-	}
-
-	if (set_effective_uid(pw->pw_uid) != 0) {
-		set_effective_gid(egid);
-		DEBUG(0,("Can't set euid to %d (%s)\n", 
-			 pw->pw_uid, strerror(errno)));
-		return False;
-	}
+	set_effective_gid(pw->pw_gid);
+	set_effective_uid(pw->pw_uid);
  
 	if (sec_login_setup_identity((unsigned char *)user,
 				     sec_login_no_flags,
@@ -420,12 +417,21 @@
 		 "        shell: %s\n",
 		 pw->pw_gecos, pw->pw_dir, pw->pw_shell));
 	
-	sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
-	if (err != error_status_ok) {
-		dce_error_inq_text(err, dce_errstr, &err2);
-		DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
-		goto err;
+	{ signed32 id_expire = 0;
+	/*
+	 * DCE expire time is a 32-bit signed integer
+	 * this will rise some problems in the year 2038.
+	 */
+		sec_login_get_expiration(my_dce_sec_context, &id_expire, &err);
+		if (err != error_status_ok) {
+			dce_error_inq_text(err, dce_errstr, &err2);
+			DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
+			
+			goto err;
+		}
+		expire_time = id_expire;
 	}
+  
 	
 	set_effective_uid(0);
 	set_effective_gid(0);