svn commit: samba r13548 - in branches/SAMBA_3_0/source: passdb rpc_server

jra at samba.org jra at samba.org
Fri Feb 17 21:32:32 GMT 2006 

Author: jra
Date: 2006-02-17 21:32:31 +0000 (Fri, 17 Feb 2006)
New Revision: 13548

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=13548

Log:
Always use the get_remote_macinhe_name() as the key
for the creds store. This should fix the problems
Jerry reported (but I have still to run tests :-).
Jeremy.

Modified:
   branches/SAMBA_3_0/source/passdb/secrets.c
   branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c


Changeset:
Modified: branches/SAMBA_3_0/source/passdb/secrets.c
===================================================================
--- branches/SAMBA_3_0/source/passdb/secrets.c	2006-02-17 21:07:26 UTC (rev 13547)
+++ branches/SAMBA_3_0/source/passdb/secrets.c	2006-02-17 21:32:31 UTC (rev 13548)
@@ -930,13 +930,15 @@
  Note we must be root here.
 *******************************************************************************/
 
-BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx, const struct dcinfo *pdc)
+BOOL secrets_store_schannel_session_info(TALLOC_CTX *mem_ctx,
+				const char *remote_machine,
+				const struct dcinfo *pdc)
 {
 	TDB_CONTEXT *tdb_sc = NULL;
 	TDB_DATA value;
 	BOOL ret;
 	char *keystr = talloc_asprintf(mem_ctx, "%s/%s", SECRETS_SCHANNEL_STATE,
-				pdc->remote_machine);
+				remote_machine);
 	if (!keystr) {
 		return False;
 	}

Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c	2006-02-17 21:07:26 UTC (rev 13547)
+++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c	2006-02-17 21:32:31 UTC (rev 13548)
@@ -281,10 +281,6 @@
 			q_u->uni_logon_clnt.buffer,
 			sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
 
-	/* Remember the workstation name. This is what we'll use to look
-	   up the secrets.tdb record later. */
-	fstrcpy(p->wks, p->dc->remote_machine);
-
 	/* Save the client challenge to the server. */
 	memcpy(p->dc->clnt_chal.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
 
@@ -448,7 +444,9 @@
 
 	/* Store off the state so we can continue after client disconnect. */
 	become_root();
-	secrets_store_schannel_session_info(p->mem_ctx, p->dc);
+	secrets_store_schannel_session_info(p->mem_ctx,
+					get_remote_machine_name(),
+					p->dc);
 	unbecome_root();
 
 	return r_u->status;
@@ -480,7 +478,7 @@
 		/* Restore the saved state of the netlogon creds. */
 		become_root();
 		ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
-							workstation,
+							get_remote_machine_name(),
 							&p->dc);
 		unbecome_root();
 		if (!ret) {
@@ -505,7 +503,9 @@
 
 	/* We must store the creds state after an update. */
 	become_root();
-	secrets_store_schannel_session_info(p->pipe_state_mem_ctx, p->dc);
+	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
+						get_remote_machine_name(),
+						p->dc);
 	pdb_init_sam(&sampass);
 	ret=pdb_getsampwnam(sampass, p->dc->mach_acct);
 	unbecome_root();
@@ -579,8 +579,6 @@
 
 NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u)
 {
-	fstring workstation;
-
 	if (!get_valid_user_struct(p->vuid))
 		return NT_STATUS_NO_SUCH_USER;
 
@@ -588,12 +586,10 @@
 		/* Restore the saved state of the netlogon creds. */
 		BOOL ret;
 
-		*workstation = '\0';
-		rpcstr_pull_unistr2_fstring(workstation, &q_u->sam_id.client.login.uni_comp_name);
-
 		become_root();
-		ret = secrets_restore_schannel_session_info(
-			p->pipe_state_mem_ctx, workstation, &p->dc);
+		ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
+						get_remote_machine_name(),
+						&p->dc);
 		unbecome_root();
 		if (!ret) {
 			return NT_STATUS_INVALID_HANDLE;
@@ -616,7 +612,9 @@
 
 	/* We must store the creds state after an update. */
 	become_root();
-	secrets_store_schannel_session_info(p->pipe_state_mem_ctx, p->dc);
+	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
+					get_remote_machine_name(),
+					p->dc);
 	unbecome_root();
 
 	r_u->status = NT_STATUS_OK;
@@ -694,44 +692,15 @@
 	if (!get_valid_user_struct(p->vuid))
 		return NT_STATUS_NO_SUCH_USER;
 
-	/* We need the workstation name for the creds lookup. */
-    
-	switch (q_u->sam_id.logon_level) {
-	case INTERACTIVE_LOGON_TYPE:
-		uni_samlogon_user = &ctr->auth.id1.uni_user_name;
- 		uni_samlogon_domain = &ctr->auth.id1.uni_domain_name;
-
-                uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name;
-            
-		DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
-		break;
-	case NET_LOGON_TYPE:
-		uni_samlogon_user = &ctr->auth.id2.uni_user_name;
-		uni_samlogon_domain = &ctr->auth.id2.uni_domain_name;
-		uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name;
-            
-		DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
-		break;
-	default:
-		DEBUG(2,("SAM Logon: unsupported switch value\n"));
-		return NT_STATUS_INVALID_INFO_CLASS;
-	} /* end switch */
-
-	rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0);
-	rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0);
-	rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0);
-
-	DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
-
 	if (process_creds) {
 		if (!p->dc) {
 			/* Restore the saved state of the netlogon creds. */
 			BOOL ret;
 
 			become_root();
-			ret = secrets_restore_schannel_session_info(
-				p->pipe_state_mem_ctx, nt_workstation,
-				&p->dc);
+			ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
+					get_remote_machine_name(),
+					&p->dc);
 			unbecome_root();
 			if (!ret) {
 				return NT_STATUS_INVALID_HANDLE;
@@ -748,7 +717,7 @@
 		   schannel, the client did offer it in auth2, but
 		   obviously did not use it. */
 		DEBUG(0,("_net_sam_logon: client %s not using schannel for netlogon\n",
-			p->dc->remote_machine ));
+			get_remote_machine_name() ));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
@@ -763,10 +732,39 @@
 
 		/* We must store the creds state after an update. */
 		become_root();
-		secrets_store_schannel_session_info(p->pipe_state_mem_ctx, p->dc);
+		secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
+					get_remote_machine_name(),
+					p->dc);
 		unbecome_root();
 	}
 
+
+	switch (q_u->sam_id.logon_level) {
+	case INTERACTIVE_LOGON_TYPE:
+		uni_samlogon_user = &ctr->auth.id1.uni_user_name;
+ 		uni_samlogon_domain = &ctr->auth.id1.uni_domain_name;
+
+                uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name;
+            
+		DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
+		break;
+	case NET_LOGON_TYPE:
+		uni_samlogon_user = &ctr->auth.id2.uni_user_name;
+		uni_samlogon_domain = &ctr->auth.id2.uni_domain_name;
+		uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name;
+            
+		DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
+		break;
+	default:
+		DEBUG(2,("SAM Logon: unsupported switch value\n"));
+		return NT_STATUS_INVALID_INFO_CLASS;
+	} /* end switch */
+
+	rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0);
+	rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0);
+	rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0);
+
+	DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
 	fstrcpy(current_user_info.smb_name, nt_username);
 	sub_set_smb_name(nt_username);

More information about the samba-cvs mailing list