LDAP machine accounts
Daniel T. Gynn
dan.gynn at essensys.com
Fri Feb 14 16:25:30 GMT 2003
On Fri, 2003-02-14 at 10:37, Illtud Daniel wrote:
> Nope. None again. But looking in the headers:
>
> X-Content-Filtered-By: Mailman/MimeDel 2.1
>
> The mailing list stripped the attachments (as it should, IMHO!).
>
> Can't you send diff patches for the changes you made?
The diff for pdb_ldap.c is:
--- samba-2.2.7a/source/passdb/pdb_ldap.c 2002-12-10
09:58:15.000000000 -0500
+++ ../samba-2.2.7a/source/passdb/pdb_ldap.c 2003-02-13
15:49:18.000000000 -0500
@@ -2,6 +2,7 @@
Unix SMB/Netbios implementation.
Version 2.9.
LDAP protocol helper functions for SAMBA
+ Copyright (C) Daniel T Gynn 2003
Copyright (C) Gerald Carter 2001
Copyright (C) Shahms King 2001
Copyright (C) Jean Fran�is Micouleau 1998
@@ -590,8 +591,12 @@
*/
sys_user = sys_getpwnam(username);
if (sys_user == NULL) {
- DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a
uid!\n", username));
- return False;
+ DEBUG (2,("init_sam_from_ldap: User [%s] does not have a
uid!\n", username));
+
+ /* If we aren't looking for a machine then return false
+ */
+ if ( username[strlen(username) - 1] != '$' )
+ return False;
}
@@ -625,8 +630,10 @@
pdb_set_hours_len(sampass, hours_len);
pdb_set_logon_divs(sampass, logon_divs);
- pdb_set_uid(sampass, sys_user->pw_uid);
- pdb_set_gid(sampass, sys_user->pw_gid);
+ if (sys_user != NULL) {
+ pdb_set_uid(sampass, sys_user->pw_uid);
+ pdb_set_gid(sampass, sys_user->pw_gid);
+ }
pdb_set_user_rid(sampass, user_rid);
pdb_set_group_rid(sampass, group_rid);
@@ -641,10 +648,12 @@
pdb_set_workstations(sampass, workstations);
pdb_set_munged_dial(sampass, munged_dial);
- if (!pdb_set_nt_passwd(sampass, smbntpwd))
- return False;
- if (!pdb_set_lanman_passwd(sampass, smblmpwd))
- return False;
+ if (!pdb_set_nt_passwd(sampass, smbntpwd)) {
+ return False;
+ }
+ if (!pdb_set_lanman_passwd(sampass, smblmpwd)) {
+ return False;
+ }
/* pdb_set_unknown_3(sampass, unknown3); */
/* pdb_set_unknown_5(sampass, unknown5); */
@@ -839,6 +848,7 @@
if (!ldap_open_connection(&ldap_struct))
return False;
+
if (!ldap_connect_system(ldap_struct))
{
ldap_unbind(ldap_struct);
@@ -877,6 +887,16 @@
}
/**********************************************************************
+DTG. Get SAM_ACCOUNT entry from LDAP by username
+ Added to make sure get_md4pw in src_netlog_nt.c calls
+ the correct function
+*********************************************************************/
+BOOL pdb_getldapsampwnam(SAM_ACCOUNT * user, char *sname)
+{
+ return pdb_getsampwnam ( user, sname ) ;
+}
+
+/**********************************************************************
Get SAM_ACCOUNT entry from LDAP by rid
*********************************************************************/
BOOL pdb_getsampwrid(SAM_ACCOUNT * user, uint32 rid)
The diff for srv_netlog_nt.c:
--- samba-2.2.7a/source/rpc_server/srv_netlog_nt.c 2002-05-18
09:40:44.000000000 -0400
+++ ../samba-2.2.7a/source/rpc_server/srv_netlog_nt.c 2003-02-13
15:45:52.000000000 -0500
@@ -7,6 +7,7 @@
* Copyright (C) Paul Ashton 1997.
* Copyright (C) Jeremy Allison 1998-2001.
* Copyirht (C) Andrew Bartlett 2001.
+ * Copyright (C) Daniel T Gynn 2003.
*
* This program is free software; you can redistribute it and/or
modify
* it under the terms of the GNU General Public License as published
by
@@ -173,7 +174,7 @@
unbecome_root();
if (ret==False) {
- DEBUG(0,("get_md4pw: Workstation %s: no account in
domain\n", mach_acct));
+ DEBUG(0,("get_md4pw: Workstation %s: no account in
domain via pdb_getsampwnam()\n", mach_acct));
pdb_free_sam(sampass);
return False;
}
@@ -185,8 +186,32 @@
return True;
}
- DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n",
mach_acct));
- pdb_free_sam(sampass);
+ /* DTG. Added to check if workstation is in LDAP since it
+ isn't in the passwd file
+ */
+ DEBUG(1,("get_md4pw: Checking if workstation %s exists in
LDAP\n", mach_acct));
+ become_root();
+ /* DTG. This just calls the pdb_getsampwnam in pdb_ldap.c
+ instead of the other functions with the same name
+ */
+ ret=pdb_getldapsampwnam(sampass, mach_acct);
+ unbecome_root();
+
+ if (ret==False) {
+ DEBUG(0,("get_md4pw: Workstation %s: no account in
domain via pdb_getsampwnam()\n", mach_acct));
+ pdb_free_sam(sampass);
+ return False;
+ }
+
+ if (!(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) &&
((pass=pdb_get_nt_passwd(sampass)) != NULL)) {
+ memcpy(md4pw, pass, 16);
+ dump_data(5, md4pw, 16);
+ pdb_free_sam(sampass);
+ return True;
+ }
+
+ DEBUG(0,("get_md4pw: Workstation %s does not have an account in
the password file or LDAP\n", mach_acct));
+ pdb_free_sam(sampass) ;
return False;
}
--
-----------------------
Daniel T. Gynn
RHCE #806200978201621
Essential Systems, Inc.
412-931-5403 ext. 1
fax: 412-931-5425
dan.gynn at essensys.com
GnuPG Key http://www.essensys.com/~dan/gpgring.asc
Fingerprint: 1341 3132 FDAC C415 8F5F 03D7 FD4E 166B FA90 58E1
More information about the samba-technical
mailing list