Karsten Muuss
2000-Sep-25 10:49 UTC
Update of DCE/DFS Authentication in passdb/pass_check.c
Hi,
I fixed the DCE/DFS authentication code to reflect some changes
in recent releases (>2.0.3) of SAMBA source code.
Current SAMBA won't compile successfully with DFS support.
Please include this patch to your current distribution as soon as
possible
I already got some mails from people who told me that DFS support is
broken.
Karsten
-------------- next part --------------
--- pass_check.c Wed Jul 21 03:25:12 1999
+++ pass_check.c Mon Sep 25 12:36:12 2000
@@ -197,7 +197,7 @@
error_status_t err;
int err2;
int prterr;
- signed32 expire_time, current_time;
+ time_t expire_time, current_time;
boolean32 password_reset;
struct passwd *pw;
sec_passwd_rec_t passwd_rec;
@@ -235,12 +235,19 @@
return(False);
}
- sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
- if (err != error_status_ok) {
- dce_error_inq_text(err, dce_errstr, &err2);
- DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
-
- return(False);
+ { signed32 id_expire = 0;
+ /*
+ * DCE expire time is a 32-bit signed integer
+ * this will rise some problems in the year 2038.
+ */
+ sec_login_get_expiration(my_dce_sec_context, &id_expire, &err);
+ if (err != error_status_ok) {
+ dce_error_inq_text(err, dce_errstr, &err2);
+ DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
+
+ return(False);
+ }
+ expire_time = id_expire;
}
time(¤t_time);
@@ -333,18 +340,8 @@
egid = getegid();
- if (set_effective_gid(pw->pw_gid) != 0) {
- DEBUG(0,("Can't set egid to %d (%s)\n",
- pw->pw_gid, strerror(errno)));
- return False;
- }
-
- if (set_effective_uid(pw->pw_uid) != 0) {
- set_effective_gid(egid);
- DEBUG(0,("Can't set euid to %d (%s)\n",
- pw->pw_uid, strerror(errno)));
- return False;
- }
+ set_effective_gid(pw->pw_gid);
+ set_effective_uid(pw->pw_uid);
if (sec_login_setup_identity((unsigned char *)user,
sec_login_no_flags,
@@ -420,12 +417,21 @@
" shell: %s\n",
pw->pw_gecos, pw->pw_dir, pw->pw_shell));
- sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
- if (err != error_status_ok) {
- dce_error_inq_text(err, dce_errstr, &err2);
- DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
- goto err;
+ { signed32 id_expire = 0;
+ /*
+ * DCE expire time is a 32-bit signed integer
+ * this will rise some problems in the year 2038.
+ */
+ sec_login_get_expiration(my_dce_sec_context, &id_expire, &err);
+ if (err != error_status_ok) {
+ dce_error_inq_text(err, dce_errstr, &err2);
+ DEBUG(0,("DCE can't get expiration. %s\n", dce_errstr));
+
+ goto err;
+ }
+ expire_time = id_expire;
}
+
set_effective_uid(0);
set_effective_gid(0);