s3:auth: allow special SYSTEM and ANONYMOUS handling in auth3_generate_session_info()

auth_ctx->generate_session_info() will be used by the SCHANNEL and NCALRPC_AS_SYSTEM gensec modules in future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2014-04-23 19:00:26 +0200
committer: Stefan Metzmacher <metze@samba.org> 2014-04-24 11:21:05 +0200
commit: 169c6d409f9c1b50b25bc59bcf12515d9a286c56 (patch)
tree: 3137ed63fdb4d0ea75c03f05ec352eccd302925a
parent: ea27382ef40650f1a8310bce02fe60c0a94fa121 (diff)
download: samba-169c6d409f9c1b50b25bc59bcf12515d9a286c56.tar.gz
samba-169c6d409f9c1b50b25bc59bcf12515d9a286c56.tar.xz
samba-169c6d409f9c1b50b25bc59bcf12515d9a286c56.zip
1 files changed, 43 insertions, 2 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 45166c094b5..14bce62df09 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -23,6 +23,7 @@
 
 #include "includes.h"
 #include "auth.h"
+#include "libcli/security/security.h"
 
 NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
 				     TALLOC_CTX *mem_ctx,
@@ -31,10 +32,50 @@ NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
 				     uint32_t session_info_flags,
 				     struct auth_session_info **session_info)
 {
-	struct auth_serversupplied_info *server_info = talloc_get_type_abort(server_returned_info,
-									     struct auth_serversupplied_info);
+	struct auth_user_info_dc *user_info = NULL;
+	struct auth_serversupplied_info *server_info = NULL;
 	NTSTATUS nt_status;
 
+	/*
+	 * This is a hack, some callers...
+	 *
+	 * Some callers pass auth_user_info_dc, the SCHANNEL and
+	 * NCALRPC_AS_SYSTEM gensec modules.
+	 *
+	 * While the reset passes auth3_check_password() returned.
+	 */
+	user_info = talloc_get_type(server_returned_info,
+				    struct auth_user_info_dc);
+	if (user_info != NULL) {
+		const struct dom_sid *sid;
+		int cmp;
+
+		/*
+		 * This should only be called from SCHANNEL or NCALRPC_AS_SYSTEM
+		 */
+		if (user_info->num_sids != 1) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
+		sid = &user_info->sids[PRIMARY_USER_SID_INDEX];
+
+		cmp = dom_sid_compare(sid, &global_sid_System);
+		if (cmp == 0) {
+			return make_session_info_system(mem_ctx, session_info);
+		}
+
+		cmp = dom_sid_compare(sid, &global_sid_Anonymous);
+		if (cmp == 0) {
+			/*
+			 * TODO: use auth_anonymous_session_info() here?
+			 */
+			return make_session_info_guest(mem_ctx, session_info);
+		}
+
+		return NT_STATUS_INTERNAL_ERROR;
+	}
+
+	server_info = talloc_get_type_abort(server_returned_info,
+					    struct auth_serversupplied_info);
 	nt_status = create_local_token(mem_ctx,
 				       server_info,
 				       NULL,
author	Stefan Metzmacher <metze@samba.org>	2014-04-23 19:00:26 +0200
committer	Stefan Metzmacher <metze@samba.org>	2014-04-24 11:21:05 +0200
commit	169c6d409f9c1b50b25bc59bcf12515d9a286c56 (patch)
tree	3137ed63fdb4d0ea75c03f05ec352eccd302925a
parent	ea27382ef40650f1a8310bce02fe60c0a94fa121 (diff)
download	samba-169c6d409f9c1b50b25bc59bcf12515d9a286c56.tar.gz samba-169c6d409f9c1b50b25bc59bcf12515d9a286c56.tar.xz samba-169c6d409f9c1b50b25bc59bcf12515d9a286c56.zip