summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-06-25 12:00:20 +0200
committerGünther Deschner <gd@samba.org>2009-06-25 12:19:10 +0200
commitf62d9f5b5774c6066229ce029bc7c96f8478a3b1 (patch)
treec1fbe0affe65047014aeaa5cde5a9cbb927b85fa
parentebf0af0bc7647df3093a2d92767095114512bdd8 (diff)
downloadsamba-f62d9f5b5774c6066229ce029bc7c96f8478a3b1.tar.gz
samba-f62d9f5b5774c6066229ce029bc7c96f8478a3b1.tar.bz2
samba-f62d9f5b5774c6066229ce029bc7c96f8478a3b1.zip
s3-netlogon: fix validation level 2 support in netr_SamLogon and friends.
Guenther
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/rpc_server/srv_netlog_nt.c38
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c121
3 files changed, 116 insertions, 47 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index d55d6c1976..17d754c832 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5605,6 +5605,10 @@ void init_netr_SamInfo3(struct netr_SamInfo3 *r,
uint32_t acct_flags,
uint32_t sidcount,
struct netr_SidAttr *sids);
+NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamInfo2 *sam2);
NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
uint8_t *pipe_session_key,
size_t pipe_session_key_len,
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 906de04147..c74d2acc4a 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -851,7 +851,6 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
struct netr_LogonSamLogon *r)
{
NTSTATUS status = NT_STATUS_OK;
- struct netr_SamInfo3 *sam3 = NULL;
union netr_LogonLevel *logon = r->in.logon;
fstring nt_username, nt_domain, nt_workstation;
auth_usersupplied_info *user_info = NULL;
@@ -883,20 +882,26 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
}
*r->out.authoritative = true; /* authoritative response */
- if (r->in.validation_level != 2 && r->in.validation_level != 3) {
+
+ switch (r->in.validation_level) {
+ case 2:
+ r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);
+ if (!r->out.validation->sam2) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ break;
+ case 3:
+ r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
+ if (!r->out.validation->sam3) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ break;
+ default:
DEBUG(0,("%s: bad validation_level value %d.\n",
fn, (int)r->in.validation_level));
return NT_STATUS_INVALID_INFO_CLASS;
}
- sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
- if (!sam3) {
- return NT_STATUS_NO_MEMORY;
- }
-
- /* store the user information, if there is any. */
- r->out.validation->sam3 = sam3;
-
if (process_creds) {
/* Get the remote machine name for the creds store. */
@@ -1082,8 +1087,19 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
}
- status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16, sam3);
+ switch (r->in.validation_level) {
+ case 2:
+ status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,
+ r->out.validation->sam2);
+ break;
+ case 3:
+ status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,
+ r->out.validation->sam3);
+ break;
+ }
+
TALLOC_FREE(server_info);
+
return status;
}
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index a17adfb7a0..d79c3f5491 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -1514,14 +1514,14 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
}
/****************************************************************************
- inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
- already be initialized and is used as the talloc parent for its members.
+ inits a netr_SamBaseInfo structure from an auth_serversupplied_info.
*****************************************************************************/
-NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
- uint8_t *pipe_session_key,
- size_t pipe_session_key_len,
- struct netr_SamInfo3 *sam3)
+static NTSTATUS serverinfo_to_SamInfo_base(TALLOC_CTX *mem_ctx,
+ struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamBaseInfo *base)
{
struct samu *sampw;
struct samr_RidWithAttribute *gids = NULL;
@@ -1566,7 +1566,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
sid_copy(&domain_sid, user_sid);
sid_split_rid(&domain_sid, &user_rid);
- sid = sid_dup_talloc(sam3, &domain_sid);
+ sid = sid_dup_talloc(mem_ctx, &domain_sid);
if (!sid) {
return NT_STATUS_NO_MEMORY;
}
@@ -1589,7 +1589,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
my_name = global_myname();
}
- status = nt_token_to_group_list(sam3, &domain_sid,
+ status = nt_token_to_group_list(mem_ctx, &domain_sid,
server_info->num_sids,
server_info->sids,
&num_gids, &gids);
@@ -1618,7 +1618,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
}
groups.count = num_gids;
- groups.rids = TALLOC_ARRAY(sam3, struct samr_RidWithAttribute, groups.count);
+ groups.rids = TALLOC_ARRAY(mem_ctx, struct samr_RidWithAttribute, groups.count);
if (!groups.rids) {
return NT_STATUS_NO_MEMORY;
}
@@ -1635,35 +1635,84 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
- init_netr_SamInfo3(sam3,
- last_logon,
- last_logoff,
- acct_expiry,
- last_password_change,
- allow_password_change,
- force_password_change,
- talloc_strdup(sam3, pdb_get_username(sampw)),
- talloc_strdup(sam3, pdb_get_fullname(sampw)),
- talloc_strdup(sam3, pdb_get_logon_script(sampw)),
- talloc_strdup(sam3, pdb_get_profile_path(sampw)),
- talloc_strdup(sam3, pdb_get_homedir(sampw)),
- talloc_strdup(sam3, pdb_get_dir_drive(sampw)),
- 0, /* logon_count */
- 0, /* bad_password_count */
- user_rid,
- group_rid,
- groups,
- NETLOGON_EXTRA_SIDS,
- user_session_key,
- my_name,
- talloc_strdup(sam3, pdb_get_domain(sampw)),
- sid,
- lm_session_key,
- pdb_get_acct_ctrl(sampw),
- 0, /* sidcount */
- NULL); /* struct netr_SidAttr *sids */
+ init_netr_SamBaseInfo(base,
+ last_logon,
+ last_logoff,
+ acct_expiry,
+ last_password_change,
+ allow_password_change,
+ force_password_change,
+ talloc_strdup(mem_ctx, pdb_get_username(sampw)),
+ talloc_strdup(mem_ctx, pdb_get_fullname(sampw)),
+ talloc_strdup(mem_ctx, pdb_get_logon_script(sampw)),
+ talloc_strdup(mem_ctx, pdb_get_profile_path(sampw)),
+ talloc_strdup(mem_ctx, pdb_get_homedir(sampw)),
+ talloc_strdup(mem_ctx, pdb_get_dir_drive(sampw)),
+ 0, /* logon_count */
+ 0, /* bad_password_count */
+ user_rid,
+ group_rid,
+ groups,
+ NETLOGON_EXTRA_SIDS,
+ user_session_key,
+ my_name,
+ talloc_strdup(mem_ctx, pdb_get_domain(sampw)),
+ sid,
+ lm_session_key,
+ pdb_get_acct_ctrl(sampw));
ZERO_STRUCT(user_session_key);
ZERO_STRUCT(lm_session_key);
return NT_STATUS_OK;
}
+
+/****************************************************************************
+ inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
+ already be initialized and is used as the talloc parent for its members.
+*****************************************************************************/
+
+NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamInfo2 *sam2)
+{
+ NTSTATUS status;
+
+ status = serverinfo_to_SamInfo_base(sam2,
+ server_info,
+ pipe_session_key,
+ pipe_session_key_len,
+ &sam2->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
+ already be initialized and is used as the talloc parent for its members.
+*****************************************************************************/
+
+NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
+ uint8_t *pipe_session_key,
+ size_t pipe_session_key_len,
+ struct netr_SamInfo3 *sam3)
+{
+ NTSTATUS status;
+
+ status = serverinfo_to_SamInfo_base(sam3,
+ server_info,
+ pipe_session_key,
+ pipe_session_key_len,
+ &sam3->base);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ sam3->sidcount = 0;
+ sam3->sids = NULL;
+
+ return NT_STATUS_OK;
+}