summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-03-30 21:23:46 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-04-10 21:41:00 +1000
commit03408267720cc1326be06fe1b6871b31ab18c097 (patch)
tree6bdd312dc27e70763b614010cfd49a76e7db4fd6
parent4074739fe71a27feb950aa35f74bb27dc42c17f2 (diff)
downloadsamba-03408267720cc1326be06fe1b6871b31ab18c097.tar.gz
samba-03408267720cc1326be06fe1b6871b31ab18c097.tar.bz2
samba-03408267720cc1326be06fe1b6871b31ab18c097.zip
s4:rpc_server Add all SIDs into the netlogon SamLogon reply
We were missing the SIDs that are not in the domain.
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c84
1 files changed, 52 insertions, 32 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index ba27b014ea..f7df8e9452 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -617,8 +617,58 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
- nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
- NT_STATUS_NOT_OK_RETURN(nt_status);
+ switch (r->in.validation_level) {
+ case 2:
+ nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
+ NT_STATUS_HAVE_NO_MEMORY(sam2);
+ sam2->base = *sam;
+
+ /* And put into the talloc tree */
+ talloc_steal(sam2, sam);
+ r->out.validation->sam2 = sam2;
+
+ sam = &sam2->base;
+ break;
+
+ case 3:
+ nt_status = auth_convert_server_info_saminfo3(mem_ctx,
+ server_info,
+ &sam3);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ r->out.validation->sam3 = sam3;
+
+ sam = &sam3->base;
+ break;
+
+ case 6:
+ nt_status = auth_convert_server_info_saminfo3(mem_ctx,
+ server_info,
+ &sam3);
+ NT_STATUS_NOT_OK_RETURN(nt_status);
+
+ sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
+ NT_STATUS_HAVE_NO_MEMORY(sam6);
+ sam6->base = sam3->base;
+ sam6->sidcount = sam3->sidcount;
+ sam6->sids = sam3->sids;
+
+ sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
+ sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
+ sam->account_name.string, sam6->forest.string);
+ NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
+ /* And put into the talloc tree */
+ talloc_steal(sam6, sam3);
+
+ r->out.validation->sam6 = sam6;
+ break;
+
+ default:
+ break;
+ }
/* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */
/* It appears that level 6 is not individually encrypted */
@@ -646,36 +696,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
}
}
- switch (r->in.validation_level) {
- case 2:
- sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
- NT_STATUS_HAVE_NO_MEMORY(sam2);
- sam2->base = *sam;
- r->out.validation->sam2 = sam2;
- break;
-
- case 3:
- sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
- NT_STATUS_HAVE_NO_MEMORY(sam3);
- sam3->base = *sam;
- r->out.validation->sam3 = sam3;
- break;
-
- case 6:
- sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
- NT_STATUS_HAVE_NO_MEMORY(sam6);
- sam6->base = *sam;
- sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
- sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s",
- sam->account_name.string, sam6->forest.string);
- NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string);
- r->out.validation->sam6 = sam6;
- break;
-
- default:
- break;
- }
-
*r->out.authoritative = 1;
/* TODO: Describe and deal with these flags */