summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2010-05-27 03:21:35 -0400
committerGünther Deschner <gd@samba.org>2010-05-28 01:20:09 +0200
commit2a6a696e32798f2a2aabef61dfa421da6328d069 (patch)
tree80a827f03575c96fe8ca92e697d554e3501fe251
parent606be25ecf4a31cba9f15c43ebc650aecb17e765 (diff)
downloadsamba-2a6a696e32798f2a2aabef61dfa421da6328d069.tar.gz
samba-2a6a696e32798f2a2aabef61dfa421da6328d069.tar.bz2
samba-2a6a696e32798f2a2aabef61dfa421da6328d069.zip
s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3
Signed-off-by: Günther Deschner <gd@samba.org>
-rw-r--r--source3/auth/server_info.c135
-rw-r--r--source3/include/proto.h2
2 files changed, 137 insertions, 0 deletions
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index e9ccdb6700..d9b25bda68 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -441,3 +441,138 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
return info3;
}
+
+static NTSTATUS wbcsids_to_samr_RidWithAttributeArray(
+ TALLOC_CTX *mem_ctx,
+ struct samr_RidWithAttributeArray *groups,
+ const struct dom_sid *domain_sid,
+ const struct wbcSidWithAttr *sids,
+ size_t num_sids)
+{
+ unsigned int i;
+ bool ok;
+
+ groups->rids = talloc_array(mem_ctx,
+ struct samr_RidWithAttribute, num_sids);
+ if (!groups->rids) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* a wbcDomainSid is the same as a dom_sid */
+ for (i = 0; i < num_sids; i++) {
+ ok = sid_peek_check_rid(domain_sid,
+ (const struct dom_sid *)&sids[i].sid,
+ &groups->rids[i].rid);
+ if (!ok) continue;
+
+ groups->rids[i].attributes = SE_GROUP_MANDATORY |
+ SE_GROUP_ENABLED_BY_DEFAULT |
+ SE_GROUP_ENABLED;
+ groups->count++;
+ }
+
+ return NT_STATUS_OK;
+}
+
+struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+ const struct wbcAuthUserInfo *info)
+{
+ struct netr_SamInfo3 *info3;
+ struct dom_sid user_sid;
+ struct dom_sid group_sid;
+ struct dom_sid domain_sid;
+ NTSTATUS status;
+ bool ok;
+
+ memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
+ memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
+
+ info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
+ if (!info3) return NULL;
+
+ info3->base.last_logon = info->logon_time;
+ info3->base.last_logoff = info->logoff_time;
+ info3->base.acct_expiry = info->kickoff_time;
+ info3->base.last_password_change = info->pass_last_set_time;
+ info3->base.allow_password_change = info->pass_can_change_time;
+ info3->base.force_password_change = info->pass_must_change_time;
+
+ if (info->account_name) {
+ info3->base.account_name.string =
+ talloc_strdup(info3, info->account_name);
+ RET_NOMEM(info3->base.account_name.string);
+ }
+ if (info->full_name) {
+ info3->base.full_name.string =
+ talloc_strdup(info3, info->full_name);
+ RET_NOMEM(info3->base.full_name.string);
+ }
+ if (info->logon_script) {
+ info3->base.logon_script.string =
+ talloc_strdup(info3, info->logon_script);
+ RET_NOMEM(info3->base.logon_script.string);
+ }
+ if (info->profile_path) {
+ info3->base.profile_path.string =
+ talloc_strdup(info3, info->profile_path);
+ RET_NOMEM(info3->base.profile_path.string);
+ }
+ if (info->home_directory) {
+ info3->base.home_directory.string =
+ talloc_strdup(info3, info->home_directory);
+ RET_NOMEM(info3->base.home_directory.string);
+ }
+ if (info->home_drive) {
+ info3->base.home_drive.string =
+ talloc_strdup(info3, info->home_drive);
+ RET_NOMEM(info3->base.home_drive.string);
+ }
+
+ info3->base.logon_count = info->logon_count;
+ info3->base.bad_password_count = info->bad_password_count;
+
+ sid_copy(&domain_sid, &user_sid);
+ sid_split_rid(&domain_sid, &info3->base.rid);
+
+ ok = sid_peek_check_rid(&domain_sid, &group_sid,
+ &info3->base.primary_gid);
+ if (!ok) {
+ DEBUG(1, ("The primary group sid domain does not"
+ "match user sid domain for user: %s\n",
+ info->account_name));
+ TALLOC_FREE(info3);
+ return NULL;
+ }
+
+ status = wbcsids_to_samr_RidWithAttributeArray(info3,
+ &info3->base.groups,
+ &domain_sid,
+ &info->sids[1],
+ info->num_sids - 1);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(info3);
+ return NULL;
+ }
+
+ info3->base.user_flags = info->user_flags;
+ memcpy(info3->base.key.key, info->user_session_key, 16);
+
+ if (info->logon_server) {
+ info3->base.logon_server.string =
+ talloc_strdup(info3, info->logon_server);
+ RET_NOMEM(info3->base.logon_server.string);
+ }
+ if (info->domain_name) {
+ info3->base.domain.string =
+ talloc_strdup(info3, info->domain_name);
+ RET_NOMEM(info3->base.domain.string);
+ }
+
+ info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid);
+ RET_NOMEM(info3->base.domain_sid);
+
+ memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8);
+ info3->base.acct_flags = info->acct_flags;
+
+ return info3;
+}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ff7eb9383e..8c3f05eade 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -184,6 +184,8 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
struct netr_SamInfo3 **_info3);
struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
struct netr_SamInfo3 *orig);
+struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+ const struct wbcAuthUserInfo *info);
/* The following definitions come from auth/auth_wbc.c */