diff options
Diffstat (limited to 'source4/auth/auth_util.c')
-rw-r--r-- | source4/auth/auth_util.c | 125 |
1 files changed, 123 insertions, 2 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 839e87585b..ef008d62c5 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -437,7 +437,7 @@ NTSTATUS make_server_info(const TALLOC_CTX *mem_ctx, /*************************************************************************** Make (and fill) a user_info struct for a guest login. ***************************************************************************/ -NTSTATUS make_server_info_guest(const TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info) +NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info) { NTSTATUS nt_status; @@ -486,6 +486,127 @@ NTSTATUS make_server_info_guest(const TALLOC_CTX *mem_ctx, struct auth_serversup } /*************************************************************************** + Make a server_info struct from the info3 returned by a domain logon +***************************************************************************/ + +NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, + const char *internal_username, + struct auth_serversupplied_info **server_info, + struct netr_SamInfo3 *info3) +{ + NTSTATUS nt_status; + + nt_status = make_server_info(mem_ctx, server_info, internal_username); + + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + (*server_info)->guest = False; + + /* + Here is where we should check the list of + trusted domains, and verify that the SID + matches. + */ + + (*server_info)->user_sid = dom_sid_add_rid(*server_info, dom_sid_dup(*server_info, info3->base.domain_sid), info3->base.rid); + (*server_info)->primary_group_sid = dom_sid_add_rid(*server_info, dom_sid_dup(*server_info, info3->base.domain_sid), info3->base.primary_gid); + + /* TODO: pull in other groups: */ + + + (*server_info)->domain_groups = talloc_array_p((*server_info), struct dom_sid*, info3->base.group_count); + if (!(*server_info)->domain_groups) { + return NT_STATUS_NO_MEMORY; + } + + for ((*server_info)->n_domain_groups = 0; + (*server_info)->n_domain_groups < info3->base.group_count; + (*server_info)->n_domain_groups++) { + struct dom_sid *sid; + sid = dom_sid_dup(*server_info, info3->base.domain_sid); + if (!sid) { + return NT_STATUS_NO_MEMORY; + } + (*server_info)->domain_groups[(*server_info)->n_domain_groups] + = dom_sid_add_rid(*server_info, sid, + info3->base.groupids[(*server_info)->n_domain_groups].rid); + if (!(*server_info)->domain_groups[(*server_info)->n_domain_groups]) { + return NT_STATUS_NO_MEMORY; + } + } + + if (info3->base.account_name.string) { + (*server_info)->account_name = talloc_reference(*server_info, info3->base.account_name.string); + } else { + (*server_info)->account_name = talloc_strdup(*server_info, internal_username); + } + + if (info3->base.domain.string) { + (*server_info)->domain = talloc_reference(*server_info, info3->base.domain.string); + } else { + (*server_info)->domain = NULL; + } + + if (info3->base.full_name.string) { + (*server_info)->full_name = talloc_reference(*server_info, info3->base.full_name.string); + } else { + (*server_info)->full_name = NULL; + } + + if (info3->base.logon_script.string) { + (*server_info)->logon_script = talloc_reference(*server_info, info3->base.logon_script.string); + } else { + (*server_info)->logon_script = NULL; + } + + if (info3->base.profile_path.string) { + (*server_info)->profile_path = talloc_reference(*server_info, info3->base.profile_path.string); + } else { + (*server_info)->profile_path = NULL; + } + + if (info3->base.home_directory.string) { + (*server_info)->home_directory = talloc_reference(*server_info, info3->base.home_directory.string); + } else { + (*server_info)->home_directory = NULL; + } + + if (info3->base.home_drive.string) { + (*server_info)->home_drive = talloc_reference(*server_info, info3->base.home_drive.string); + } else { + (*server_info)->home_drive = NULL; + } + (*server_info)->last_logon = info3->base.last_logon; + (*server_info)->last_logoff = info3->base.last_logoff; + (*server_info)->acct_expiry = info3->base.acct_expiry; + (*server_info)->last_password_change = info3->base.last_password_change; + (*server_info)->allow_password_change = info3->base.allow_password_change; + (*server_info)->force_password_change = info3->base.force_password_change; + + (*server_info)->logon_count = info3->base.logon_count; + (*server_info)->bad_password_count = info3->base.bad_password_count; + + (*server_info)->acct_flags = info3->base.acct_flags; + + /* ensure we are never given NULL session keys */ + + if (all_zero(info3->base.key.key, sizeof(info3->base.key.key))) { + (*server_info)->user_session_key = data_blob(NULL, 0); + } else { + (*server_info)->user_session_key = data_blob_talloc((*server_info), info3->base.key.key, sizeof(info3->base.key.key)); + } + + if (all_zero(info3->base.LMSessKey.key, sizeof(info3->base.LMSessKey.key))) { + (*server_info)->lm_session_key = data_blob(NULL, 0); + } else { + (*server_info)->lm_session_key = data_blob_talloc((*server_info), info3->base.LMSessKey.key, sizeof(info3->base.LMSessKey.key)); + } + return NT_STATUS_OK; +} + +/*************************************************************************** Free a user_info struct ***************************************************************************/ @@ -546,7 +667,7 @@ NTSTATUS make_session_info(TALLOC_CTX *mem_ctx, } (*session_info)->server_info = server_info; - talloc_reference(*session_info, server_info); + talloc_reference(*session_info, (*session_info)->server_info); /* unless set otherwise, the session key is the user session * key from the auth subsystem */ |