summaryrefslogtreecommitdiffstats
path: root/source4/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-06-29 13:55:09 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:18:57 -0500
commit9a7481bcfeff29495334eff8803878c2c238878f (patch)
tree040ffa0f4b35ebe93b749a7b32166a9be1e525ad /source4/rpc_server
parentf4e75294be1f4c9d110d4ca48c5143078ade2bce (diff)
downloadsamba-9a7481bcfeff29495334eff8803878c2c238878f.tar.gz
samba-9a7481bcfeff29495334eff8803878c2c238878f.tar.xz
samba-9a7481bcfeff29495334eff8803878c2c238878f.zip
r7993: Further work on the Krb5 PAC.
We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
Diffstat (limited to 'source4/rpc_server')
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c65
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c8
2 files changed, 6 insertions, 67 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 4dd8312df58..1317ea31a95 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -503,64 +503,9 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_
nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
- sam = talloc_zero(mem_ctx, struct netr_SamBaseInfo);
- NT_STATUS_HAVE_NO_MEMORY(sam);
-
- sam->last_logon = server_info->last_logon;
- sam->last_logoff = server_info->last_logoff;
- sam->acct_expiry = server_info->acct_expiry;
- sam->last_password_change = server_info->last_password_change;
- sam->allow_password_change = server_info->allow_password_change;
- sam->force_password_change = server_info->force_password_change;
-
- sam->account_name.string = server_info->account_name;
- sam->full_name.string = server_info->full_name;
- sam->logon_script.string = server_info->logon_script;
- sam->profile_path.string = server_info->profile_path;
- sam->home_directory.string = server_info->home_directory;
- sam->home_drive.string = server_info->home_drive;
-
- sam->logon_count = server_info->logon_count;
- sam->bad_password_count = sam->bad_password_count;
- sam->rid = server_info->account_sid->sub_auths[server_info->account_sid->num_auths-1];
- sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
-
- sam->groups.count = 0;
- sam->groups.rids = NULL;
-
- if (server_info->n_domain_groups > 0) {
- int i;
- sam->groups.rids = talloc_array(mem_ctx, struct samr_RidWithType,
- server_info->n_domain_groups);
-
- if (sam->groups.rids == NULL)
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<server_info->n_domain_groups; i++) {
-
- struct dom_sid *group_sid = server_info->domain_groups[i];
- sam->groups.rids[sam->groups.count].rid =
- group_sid->sub_auths[group_sid->num_auths-1];
- sam->groups.rids[sam->groups.count].type = 7;
- sam->groups.count += 1;
- }
- }
-
- sam->user_flags = 0; /* TODO: w2k3 uses 0x120 - what is this? */
- sam->acct_flags = server_info->acct_flags;
- sam->logon_server.string = lp_netbios_name();
- sam->domain.string = server_info->domain_name;
-
- sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid);
- NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid);
- sam->domain_sid->num_auths--;
-
- ZERO_STRUCT(sam->unknown);
+ nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
- ZERO_STRUCT(sam->key);
- if (server_info->user_session_key.length == sizeof(sam->key.key)) {
- memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
- }
+ NT_STATUS_NOT_OK_RETURN(nt_status);
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
/* It appears that level 6 is not individually encrypted */
@@ -576,12 +521,6 @@ static NTSTATUS netr_LogonSamLogonEx(struct dcesrv_call_state *dce_call, TALLOC_
}
}
- ZERO_STRUCT(sam->LMSessKey);
- if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
- memcpy(sam->LMSessKey.key, server_info->lm_session_key.data,
- sizeof(sam->LMSessKey.key));
- }
-
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
/* It appears that level 6 is not individually encrypted */
if ((r->in.validation_level != 6)
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index cce446533d0..66f327b6f96 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -2757,7 +2757,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
struct samr_domain_state *d_state;
struct ldb_message **res;
const char * const attrs[2] = { "objectSid", NULL };
- struct samr_RidWithTypeArray *array;
+ struct samr_RidWithAttributeArray *array;
int count;
DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
@@ -2774,7 +2774,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
if (count < 0)
return NT_STATUS_INTERNAL_DB_CORRUPTION;
- array = talloc(mem_ctx, struct samr_RidWithTypeArray);
+ array = talloc(mem_ctx, struct samr_RidWithAttributeArray);
if (array == NULL)
return NT_STATUS_NO_MEMORY;
@@ -2783,7 +2783,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
if (count > 0) {
int i;
- array->rids = talloc_array(mem_ctx, struct samr_RidWithType,
+ array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute,
count);
if (array->rids == NULL)
@@ -2801,7 +2801,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC
array->rids[array->count].rid =
group_sid->sub_auths[group_sid->num_auths-1];
- array->rids[array->count].type = 7;
+ array->rids[array->count].attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
array->count += 1;
}
}