util.c:get_trusted_serverlist()

Gerald Carter cartegw at Eng.Auburn.EDU
Wed Dec 8 22:51:39 GMT 1999 

Luke Kenneth Casson Leighton wrote:
> 
> jerry, the code checks lp_workgroup() == domain to return
> lp_passwordserver() list.
> 
> therefore, what is your workgroup?

Luke,

I've had so much fun trying to figure out what you've 
been doing lately. ;)  Hmm....where to start?

from lib/util_pwdb.c:pwdb_initialise()

	}
                char *srvs;
                if (lp_server_role() == ROLE_DOMAIN_PDC)
                {
                 srvs = global_myname;
                }
                else
                {
                 srvs = lp_passwordserver();
                }
                if (!get_domain_sids(global_myname, &global_member_sid,
                                      &global_sam_sid, srvs))
		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Here's the function definition

/************************************************************************
 obtain the sid from the PDC.  do some verification along the way...
************************************************************************/
BOOL get_domain_sids(const char *myname,
                                DOM_SID *sid3, DOM_SID *sid5, char
*domain)
{
        POLICY_HND pol;



------------------
Not in the function, myname is **never** used in the function.
Also, when we called get_domain_sids() from pwdb_initialise(),
look at the args.  As a PDC, 'srvs' is out netbios name.  But 
we're referring to it as a domain name in get_domain_sid()?
I'm really confused here.

Next we call get_any_dc_name() from within 
get_domain_sids() passing it the server's netbios 
name.  srv_name is junk at this point.

	if (sid3 == NULL && sid5 == NULL)
	{
		/* don't waste my time... */
		return False;
	}

	if (!get_any_dc_name(domain, srv_name))
                             ^^^^^^^
	{
		return False;
	}


get_any_dc_name() looks like...

BOOL get_any_dc_name(const char *domain, char *srv_name)
{
	struct cli_state cli;

	if (!cli_connect_servers_auth(&cli,
	                      get_trusted_serverlist(domain), NULL))
	{
		return False;
	}

And now we go to get_trusted_serverlist():

char *get_trusted_serverlist(const char* domain)
{
        pstring tmp;
        static char *server_list = NULL;
        static pstring srv_list;
        char *trusted_list = lp_trusted_domains();

        if (strequal(lp_workgroup(), domain))
        {
                DEBUG(10,("local domain server list: %s\n",
server_list));
                                                            ^^^^^^^^^^^
There is no value in server_list as we **never** set it 
in this function!

                pstrcpy(srv_list, lp_passwordserver());
                return srv_list;
        }

if you look at this if() statement, you should remember that 
we passed in our netbios name as the domain.  Therefore 
lp_workgroup() will never == domain.  Since we don't have 
anything listed in our password server list (not even ourselves), 
the list of servers passed back up the stakc is "".  Therefore 
will never get an anonymous connection to the IPC$ of a DC 
and can never use smbpasswd!

        if (!next_token(&trusted_list, tmp, NULL, sizeof(tmp)))
        {
                return NULL;
        }


if you want to follow this through with a debugger, simply 
start at the pwdb_initialise (False) call in smbpasswd.c:main().

Could you make sense of this for me please?




Thanks,
jerry

More information about the samba-technical mailing list