summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-02-08 16:53:13 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-02-09 01:11:06 +0100
commita2ce53c1f5301ffcf990dbab837c328ea22739b6 (patch)
tree52dde7c4bb16c0d885b8691a4c5c87f8213b0599
parentf1c0e9532d8e3fb0d8942e4d4e1a122429266b16 (diff)
downloadsamba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.tar.gz
samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.tar.bz2
samba-a2ce53c1f5301ffcf990dbab837c328ea22739b6.zip
s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
-rw-r--r--source4/auth/auth.h79
-rw-r--r--source4/auth/auth_sam_reply.c218
-rw-r--r--source4/auth/gensec/gensec.c8
-rw-r--r--source4/auth/gensec/gensec.h2
-rw-r--r--source4/auth/gensec/gensec_gssapi.c39
-rw-r--r--source4/auth/gensec/gensec_krb5.c14
-rw-r--r--source4/auth/kerberos/kerberos.h4
-rw-r--r--source4/auth/kerberos/kerberos_pac.c103
-rw-r--r--source4/auth/ntlm/auth.c50
-rw-r--r--source4/auth/ntlm/auth_anonymous.c4
-rw-r--r--source4/auth/ntlm/auth_developer.c82
-rw-r--r--source4/auth/ntlm/auth_sam.c20
-rw-r--r--source4/auth/ntlm/auth_server.c70
-rw-r--r--source4/auth/ntlm/auth_simple.c8
-rw-r--r--source4/auth/ntlm/auth_unix.c99
-rw-r--r--source4/auth/ntlm/auth_winbind.c12
-rw-r--r--source4/auth/ntlmssp/ntlmssp.h2
-rw-r--r--source4/auth/ntlmssp/ntlmssp_server.c20
-rw-r--r--source4/auth/sam.c164
-rw-r--r--source4/auth/session.c43
-rw-r--r--source4/auth/session.h16
-rw-r--r--source4/auth/system_session.c314
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl_util.c4
-rw-r--r--source4/kdc/kpasswdd.c10
-rw-r--r--source4/kdc/pac-glue.c21
-rw-r--r--source4/ntvfs/ipc/vfs_ipc.c14
-rw-r--r--source4/rpc_server/lsa/dcesrv_lsa.c4
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c14
-rw-r--r--source4/samba_tool/gpo.c10
-rw-r--r--source4/smb_server/management.c4
-rw-r--r--source4/smb_server/smb/sesssetup.c21
-rw-r--r--source4/smbd/service_named_pipe.c12
-rw-r--r--source4/torture/auth/pac.c62
-rw-r--r--source4/torture/rpc/remote_pac.c76
-rw-r--r--source4/utils/ntlm_auth.c4
35 files changed, 840 insertions, 787 deletions
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 0699ddb11d..10818dc79b 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -49,41 +49,6 @@ struct loadparm_context;
#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */
#define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between users and privilages, rather than a DB */
-struct auth_serversupplied_info
-{
- size_t num_sids;
- struct dom_sid *sids;
-
- DATA_BLOB user_session_key;
- DATA_BLOB lm_session_key;
-
- const char *account_name;
- const char *domain_name;
-
- const char *full_name;
- const char *logon_script;
- const char *profile_path;
- const char *home_directory;
- const char *home_drive;
- const char *logon_server;
-
- NTTIME last_logon;
- NTTIME last_logoff;
- NTTIME acct_expiry;
- NTTIME last_password_change;
- NTTIME allow_password_change;
- NTTIME force_password_change;
-
- uint16_t logon_count;
- uint16_t bad_password_count;
-
- uint32_t acct_flags;
-
- bool authenticated;
-
- struct PAC_SIGNATURE_DATA pac_srv_sig, pac_kdc_sig;
-};
-
struct auth_method_context;
struct auth_check_password_request;
struct auth_context;
@@ -109,14 +74,14 @@ struct auth_operations {
NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info);
-
- /* Lookup a 'server info' return based only on the principal */
- NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx,
- struct auth_context *auth_context,
- const char *principal,
- struct ldb_dn *user_dn,
- struct auth_serversupplied_info **server_info);
+ struct auth_user_info_dc **interim_info);
+
+ /* Lookup a 'session info interim' return based only on the principal or DN */
+ NTSTATUS (*get_user_info_dc_principal)(TALLOC_CTX *mem_ctx,
+ struct auth_context *auth_context,
+ const char *principal,
+ struct ldb_dn *user_dn,
+ struct auth_user_info_dc **interim_info);
};
struct auth_method_context {
@@ -155,7 +120,7 @@ struct auth_context {
NTSTATUS (*check_password)(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info);
+ struct auth_user_info_dc **user_info_dc);
NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, uint8_t chal[8]);
@@ -163,15 +128,15 @@ struct auth_context {
NTSTATUS (*set_challenge)(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
- NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx,
- struct auth_context *auth_ctx,
- const char *principal,
- struct ldb_dn *user_dn,
- struct auth_serversupplied_info **server_info);
+ NTSTATUS (*get_user_info_dc_principal)(TALLOC_CTX *mem_ctx,
+ struct auth_context *auth_ctx,
+ const char *principal,
+ struct ldb_dn *user_dn,
+ struct auth_user_info_dc **user_info_dc);
NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
struct auth_context *auth_context,
- struct auth_serversupplied_info *server_info,
+ struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info);
};
@@ -183,7 +148,7 @@ struct auth_critical_sizes {
int sizeof_auth_methods;
int sizeof_auth_context;
int sizeof_auth_usersupplied_info;
- int sizeof_auth_serversupplied_info;
+ int sizeof_auth_user_info_dc;
};
NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
@@ -213,13 +178,13 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
TALLOC_CTX *res_sids_ctx, struct dom_sid ***res_sids,
unsigned int *num_res_sids);
struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
-NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
+NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
const char *netbios_name,
const char *domain_name,
struct ldb_dn *domain_dn,
struct ldb_message *msg,
DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
- struct auth_serversupplied_info **_server_info);
+ struct auth_user_info_dc **_user_info_dc);
NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info) ;
@@ -243,7 +208,7 @@ NTSTATUS auth_context_create_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *l
NTSTATUS auth_check_password(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info);
+ struct auth_user_info_dc **user_info_dc);
NTSTATUS auth_init(void);
NTSTATUS auth_register(const struct auth_operations *ops);
NTSTATUS server_service_auth_init(void);
@@ -263,16 +228,16 @@ struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info);
NTSTATUS auth_check_password_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info **server_info);
+ struct auth_user_info_dc **user_info_dc);
bool auth_challenge_may_be_modified(struct auth_context *auth_ctx);
NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
-NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx,
+NTSTATUS auth_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
struct auth_context *auth_ctx,
const char *principal,
struct ldb_dn *user_dn,
- struct auth_serversupplied_info **server_info);
+ struct auth_user_info_dc **user_info_dc);
NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,
struct tevent_context *event_ctx,
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c
index bb2b6eb534..11f88701e2 100644
--- a/source4/auth/auth_sam_reply.c
+++ b/source4/auth/auth_sam_reply.c
@@ -25,16 +25,17 @@
#include "libcli/security/security.h"
#include "auth/auth_sam_reply.h"
-NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info *server_info,
+NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
+ struct auth_user_info_dc *user_info_dc,
struct netr_SamBaseInfo **_sam)
{
NTSTATUS status;
+ struct auth_user_info *info;
struct netr_SamBaseInfo *sam = talloc_zero(mem_ctx, struct netr_SamBaseInfo);
NT_STATUS_HAVE_NO_MEMORY(sam);
- if (server_info->num_sids > PRIMARY_USER_SID_INDEX) {
- status = dom_sid_split_rid(sam, &server_info->sids[PRIMARY_USER_SID_INDEX],
+ if (user_info_dc->num_sids > PRIMARY_USER_SID_INDEX) {
+ status = dom_sid_split_rid(sam, &user_info_dc->sids[PRIMARY_USER_SID_INDEX],
&sam->domain_sid, &sam->rid);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -43,8 +44,8 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- if (server_info->num_sids > PRIMARY_GROUP_SID_INDEX) {
- status = dom_sid_split_rid(NULL, &server_info->sids[PRIMARY_GROUP_SID_INDEX],
+ if (user_info_dc->num_sids > PRIMARY_GROUP_SID_INDEX) {
+ status = dom_sid_split_rid(NULL, &user_info_dc->sids[PRIMARY_GROUP_SID_INDEX],
NULL, &sam->primary_gid);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -56,35 +57,37 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx,
sam->primary_gid = sam->rid;
}
- sam->last_logon = server_info->last_logon;
- sam->last_logoff = server_info->last_logoff;
- sam->acct_expiry = server_info->acct_expiry;
- sam->last_password_change = server_info->last_password_change;
- sam->allow_password_change = server_info->allow_password_change;
- sam->force_password_change = server_info->force_password_change;
-
- sam->account_name.string = server_info->account_name;
- sam->full_name.string = server_info->full_name;
- sam->logon_script.string = server_info->logon_script;
- sam->profile_path.string = server_info->profile_path;
- sam->home_directory.string = server_info->home_directory;
- sam->home_drive.string = server_info->home_drive;
-
- sam->logon_count = server_info->logon_count;
+ info = user_info_dc->info;
+
+ sam->last_logon = info->last_logon;
+ sam->last_logoff = info->last_logoff;
+ sam->acct_expiry = info->acct_expiry;
+ sam->last_password_change = info->last_password_change;
+ sam->allow_password_change = info->allow_password_change;
+ sam->force_password_change = info->force_password_change;
+
+ sam->account_name.string = info->account_name;
+ sam->full_name.string = info->full_name;
+ sam->logon_script.string = info->logon_script;
+ sam->profile_path.string = info->profile_path;
+ sam->home_directory.string = info->home_directory;
+ sam->home_drive.string = info->home_drive;
+
+ sam->logon_count = info->logon_count;
sam->bad_password_count = sam->bad_password_count;
sam->groups.count = 0;
sam->groups.rids = NULL;
- if (server_info->num_sids > 2) {
+ if (user_info_dc->num_sids > 2) {
size_t i;
sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute,
- server_info->num_sids);
+ user_info_dc->num_sids);
if (sam->groups.rids == NULL)
return NT_STATUS_NO_MEMORY;
- for (i=2; i<server_info->num_sids; i++) {
- struct dom_sid *group_sid = &server_info->sids[i];
+ for (i=2; i<user_info_dc->num_sids; i++) {
+ struct dom_sid *group_sid = &user_info_dc->sids[i];
if (!dom_sid_in_domain(sam->domain_sid, group_sid)) {
/* We handle this elsewhere */
continue;
@@ -99,20 +102,20 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx,
}
sam->user_flags = 0; /* w2k3 uses NETLOGON_EXTRA_SIDS | NETLOGON_NTLMV2_ENABLED */
- sam->acct_flags = server_info->acct_flags;
- sam->logon_server.string = server_info->logon_server;
- sam->domain.string = server_info->domain_name;
+ sam->acct_flags = user_info_dc->info->acct_flags;
+ sam->logon_server.string = user_info_dc->info->logon_server;
+ sam->domain.string = user_info_dc->info->domain_name;
ZERO_STRUCT(sam->unknown);
ZERO_STRUCT(sam->key);
- if (server_info->user_session_key.length == sizeof(sam->key.key)) {
- memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
+ if (user_info_dc->user_session_key.length == sizeof(sam->key.key)) {
+ memcpy(sam->key.key, user_info_dc->user_session_key.data, sizeof(sam->key.key));
}
ZERO_STRUCT(sam->LMSessKey);
- if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
- memcpy(sam->LMSessKey.key, server_info->lm_session_key.data,
+ if (user_info_dc->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
+ memcpy(sam->LMSessKey.key, user_info_dc->lm_session_key.data,
sizeof(sam->LMSessKey.key));
}
@@ -122,9 +125,9 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx,
}
/* Note that the validity of the _sam3 structure is only as long as
- * the server_info it was generated from */
-NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info *server_info,
+ * the user_info_dc it was generated from */
+NTSTATUS auth_convert_user_info_dc_saminfo3(TALLOC_CTX *mem_ctx,
+ struct auth_user_info_dc *user_info_dc,
struct netr_SamInfo3 **_sam3)
{
struct netr_SamBaseInfo *sam;
@@ -133,7 +136,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
size_t i;
NT_STATUS_HAVE_NO_MEMORY(sam3);
- status = auth_convert_server_info_sambaseinfo(sam3, server_info, &sam);
+ status = auth_convert_user_info_dc_sambaseinfo(sam3, user_info_dc, &sam);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(sam3);
return status;
@@ -144,15 +147,15 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
sam3->sids = talloc_array(sam, struct netr_SidAttr,
- server_info->num_sids);
+ user_info_dc->num_sids);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sam3->sids, sam3);
/* We don't put the user and group SIDs in there */
- for (i=2; i<server_info->num_sids; i++) {
- if (dom_sid_in_domain(sam->domain_sid, &server_info->sids[i])) {
+ for (i=2; i<user_info_dc->num_sids; i++) {
+ if (dom_sid_in_domain(sam->domain_sid, &user_info_dc->sids[i])) {
continue;
}
- sam3->sids[sam3->sidcount].sid = dom_sid_dup(sam3->sids, &server_info->sids[i]);
+ sam3->sids[sam3->sidcount].sid = dom_sid_dup(sam3->sids, &user_info_dc->sids[i]);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sam3->sids[sam3->sidcount].sid, sam3);
sam3->sids[sam3->sidcount].attributes =
SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
@@ -169,15 +172,16 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
}
/**
- * Make a server_info struct from the info3 returned by a domain logon
+ * Make a user_info_dc struct from the info3 returned by a domain logon
*/
-NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
+NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
const char *account_name,
uint16_t validation_level,
union netr_Validation *validation,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
struct netr_SamBaseInfo *base = NULL;
uint32_t i;
@@ -204,8 +208,8 @@ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_LEVEL;
}
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
/*
Here is where we should check the list of
@@ -223,27 +227,27 @@ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- server_info->num_sids = 2;
+ user_info_dc->num_sids = 2;
- server_info->sids = talloc_array(server_info, struct dom_sid, server_info->num_sids + base->groups.count);
- NT_STATUS_HAVE_NO_MEMORY(server_info->sids);
+ user_info_dc->sids = talloc_array(user_info_dc, struct dom_sid, user_info_dc->num_sids + base->groups.count);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
- server_info->sids[PRIMARY_USER_SID_INDEX] = *base->domain_sid;
- if (!sid_append_rid(&server_info->sids[PRIMARY_USER_SID_INDEX], base->rid)) {
+ user_info_dc->sids[PRIMARY_USER_SID_INDEX] = *base->domain_sid;
+ if (!sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX], base->rid)) {
return NT_STATUS_INVALID_PARAMETER;
}
- server_info->sids[PRIMARY_GROUP_SID_INDEX] = *base->domain_sid;
- if (!sid_append_rid(&server_info->sids[PRIMARY_GROUP_SID_INDEX], base->primary_gid)) {
+ user_info_dc->sids[PRIMARY_GROUP_SID_INDEX] = *base->domain_sid;
+ if (!sid_append_rid(&user_info_dc->sids[PRIMARY_GROUP_SID_INDEX], base->primary_gid)) {
return NT_STATUS_INVALID_PARAMETER;
}
for (i = 0; i < base->groups.count; i++) {
- server_info->sids[server_info->num_sids] = *base->domain_sid;
- if (!sid_append_rid(&server_info->sids[server_info->num_sids], base->groups.rids[i].rid)) {
+ user_info_dc->sids[user_info_dc->num_sids] = *base->domain_sid;
+ if (!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids], base->groups.rids[i].rid)) {
return NT_STATUS_INVALID_PARAMETER;
}
- server_info->num_sids++;
+ user_info_dc->num_sids++;
}
/* Copy 'other' sids. We need to do sid filtering here to
@@ -253,7 +257,7 @@ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
*/
if (validation_level == 3) {
- struct dom_sid *dgrps = server_info->sids;
+ struct dom_sid *dgrps = user_info_dc->sids;
size_t sidcount;
/* The IDL layer would be a better place to check this, but to
@@ -262,88 +266,88 @@ NTSTATUS make_server_info_netlogon_validation(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- sidcount = server_info->num_sids + validation->sam3->sidcount;
+ sidcount = user_info_dc->num_sids + validation->sam3->sidcount;
if (validation->sam3->sidcount > 0) {
- dgrps = talloc_realloc(server_info, dgrps, struct dom_sid, sidcount);
+ dgrps = talloc_realloc(user_info_dc, dgrps, struct dom_sid, sidcount);
NT_STATUS_HAVE_NO_MEMORY(dgrps);
for (i = 0; i < validation->sam3->sidcount; i++) {
if (validation->sam3->sids[i].sid) {
- dgrps[server_info->num_sids] = *validation->sam3->sids[i].sid;
- server_info->num_sids++;
+ dgrps[user_info_dc->num_sids] = *validation->sam3->sids[i].sid;
+ user_info_dc->num_sids++;
}
}
}
- server_info->sids = dgrps;
+ user_info_dc->sids = dgrps;
/* Where are the 'global' sids?... */
}
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
+
if (base->account_name.string) {
- server_info->account_name = talloc_reference(server_info, base->account_name.string);
+ info->account_name = talloc_reference(info, base->account_name.string);
} else {
- server_info->account_name = talloc_strdup(server_info, account_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ info->account_name = talloc_strdup(info, account_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
}
- server_info->domain_name = talloc_reference(server_info, base->domain.string);
- server_info->full_name = talloc_reference(server_info, base->full_name.string);
- server_info->logon_script = talloc_reference(server_info, base->logon_script.string);
- server_info->profile_path = talloc_reference(server_info, base->profile_path.string);
- server_info->home_directory = talloc_reference(server_info, base->home_directory.string);
- server_info->home_drive = talloc_reference(server_info, base->home_drive.string);
- server_info->logon_server = talloc_reference(server_info, base->logon_server.string);
- server_info->last_logon = base->last_logon;
- server_info->last_logoff = base->last_logoff;
- server_info->acct_expiry = base->acct_expiry;
- server_info->last_password_change = base->last_password_change;
- server_info->allow_password_change = base->allow_password_change;
- server_info->force_password_change = base->force_password_change;
- server_info->logon_count = base->logon_count;
- server_info->bad_password_count = base->bad_password_count;
- server_info->acct_flags = base->acct_flags;
-
- server_info->authenticated = true;
+ info->domain_name = talloc_reference(info, base->domain.string);
+ info->full_name = talloc_reference(info, base->full_name.string);
+ info->logon_script = talloc_reference(info, base->logon_script.string);
+ info->profile_path = talloc_reference(info, base->profile_path.string);
+ info->home_directory = talloc_reference(info, base->home_directory.string);
+ info->home_drive = talloc_reference(info, base->home_drive.string);
+ info->logon_server = talloc_reference(info, base->logon_server.string);
+ info->last_logon = base->last_logon;
+ info->last_logoff = base->last_logoff;
+ info->acct_expiry = base->acct_expiry;
+ info->last_password_change = base->last_password_change;
+ info->allow_password_change = base->allow_password_change;
+ info->force_password_change = base->force_password_change;
+ info->logon_count = base->logon_count;
+ info->bad_password_count = base->bad_password_count;
+ info->acct_flags = base->acct_flags;
+
+ info->authenticated = true;
/* ensure we are never given NULL session keys */
if (all_zero(base->key.key, sizeof(base->key.key))) {
- server_info->user_session_key = data_blob(NULL, 0);
+ user_info_dc->user_session_key = data_blob(NULL, 0);
} else {
- server_info->user_session_key = data_blob_talloc(server_info, base->key.key, sizeof(base->key.key));
- NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+ user_info_dc->user_session_key = data_blob_talloc(user_info_dc, base->key.key, sizeof(base->key.key));
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
}
if (all_zero(base->LMSessKey.key, sizeof(base->LMSessKey.key))) {
- server_info->lm_session_key = data_blob(NULL, 0);
+ user_info_dc->lm_session_key = data_blob(NULL, 0);
} else {
- server_info->lm_session_key = data_blob_talloc(server_info, base->LMSessKey.key, sizeof(base->LMSessKey.key));
- NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+ user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, base->LMSessKey.key, sizeof(base->LMSessKey.key));
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
}
- ZERO_STRUCT(server_info->pac_srv_sig);
- ZERO_STRUCT(server_info->pac_kdc_sig);
-
- *_server_info = server_info;
+ *_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
/**
- * Make a server_info struct from the PAC_LOGON_INFO supplied in the krb5 logon
+ * Make a user_info_dc struct from the PAC_LOGON_INFO supplied in the krb5 logon
*/
-NTSTATUS make_server_info_pac(TALLOC_CTX *mem_ctx,
+NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
struct PAC_LOGON_INFO *pac_logon_info,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
uint32_t i;
NTSTATUS nt_status;
union netr_Validation validation;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
validation.sam3 = &pac_logon_info->info3;
- nt_status = make_server_info_netlogon_validation(mem_ctx, "", 3, &validation, &server_info);
+ nt_status = make_user_info_dc_netlogon_validation(mem_ctx, "", 3, &validation, &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
@@ -353,7 +357,7 @@ NTSTATUS make_server_info_pac(TALLOC_CTX *mem_ctx,
/* The IDL layer would be a better place to check this, but to
* guard the integer addition below, we double-check */
if (pac_logon_info->res_groups.count > 65535) {
- talloc_free(server_info);
+ talloc_free(user_info_dc);
return NT_STATUS_INVALID_PARAMETER;
}
@@ -367,20 +371,20 @@ NTSTATUS make_server_info_pac(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- sidcount = server_info->num_sids + pac_logon_info->res_groups.count;
- server_info->sids
- = talloc_realloc(server_info, server_info->sids, struct dom_sid, sidcount);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->sids, server_info);
+ sidcount = user_info_dc->num_sids + pac_logon_info->res_groups.count;
+ user_info_dc->sids
+ = talloc_realloc(user_info_dc, user_info_dc->sids, struct dom_sid, sidcount);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc->sids, user_info_dc);
for (i = 0; pac_logon_info->res_group_dom_sid && i < pac_logon_info->res_groups.count; i++) {
- server_info->sids[server_info->num_sids] = *pac_logon_info->res_group_dom_sid;
- if (!sid_append_rid(&server_info->sids[server_info->num_sids],
+ user_info_dc->sids[user_info_dc->num_sids] = *pac_logon_info->res_group_dom_sid;
+ if (!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids],
pac_logon_info->res_groups.rids[i].rid)) {
return NT_STATUS_INVALID_PARAMETER;
}
- server_info->num_sids++;
+ user_info_dc->num_sids++;
}
}
- *_server_info = server_info;
+ *_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index c732c6e8de..b9385debc3 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -1315,17 +1315,17 @@ const char *gensec_get_target_principal(struct gensec_security *gensec_security)
NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
struct gensec_security *gensec_security,
- struct auth_serversupplied_info *server_info,
+ struct auth_user_info_dc *user_info_dc,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
- if (server_info->authenticated) {
+ if (user_info_dc->info->authenticated) {
flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
if (gensec_security->auth_context) {
nt_status = gensec_security->auth_context->generate_session_info(mem_ctx, gensec_security->auth_context,
- server_info,
+ user_info_dc,
flags,
session_info);
} else {
@@ -1333,7 +1333,7 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
nt_status = auth_generate_session_info(mem_ctx,
NULL,
NULL,
- server_info, flags,
+ user_info_dc, flags,
session_info);
}
return nt_status;
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 62d8a45491..ad581e2fa5 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -180,7 +180,7 @@ struct gensec_critical_sizes {
struct gensec_security;
struct socket_context;
struct auth_context;
-struct auth_serversupplied_info;
+struct auth_user_info_dc;
NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 132ea7d8ae..ed0597ca98 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -1257,11 +1257,13 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
TALLOC_CTX *mem_ctx;
struct gensec_gssapi_state *gensec_gssapi_state
= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
- struct auth_serversupplied_info *server_info = NULL;
+ struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info = NULL;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc pac;
DATA_BLOB pac_blob;
+ struct PAC_SIGNATURE_DATA *pac_srv_sig = NULL;
+ struct PAC_SIGNATURE_DATA *pac_kdc_sig = NULL;
if ((gensec_gssapi_state->gss_oid->length != gss_mech_krb5->length)
|| (memcmp(gensec_gssapi_state->gss_oid->elements, gss_mech_krb5->elements,
@@ -1292,10 +1294,23 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
* kind...
*/
if (pac_blob.length) {
- nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
- pac_blob,
- gensec_gssapi_state->smb_krb5_context->krb5_context,
- &server_info);
+ pac_srv_sig = talloc(mem_ctx, struct PAC_SIGNATURE_DATA);
+ if (!pac_srv_sig) {
+ talloc_free(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+ pac_kdc_sig = talloc(mem_ctx, struct PAC_SIGNATURE_DATA);
+ if (!pac_kdc_sig) {
+ talloc_free(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
+ pac_blob,
+ gensec_gssapi_state->smb_krb5_context->krb5_context,
+ &user_info_dc,
+ pac_srv_sig,
+ pac_kdc_sig);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
@@ -1330,11 +1345,11 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
!gensec_setting_bool(gensec_security->settings, "gensec", "require_pac", false)) {
DEBUG(1, ("Unable to find PAC, resorting to local user lookup: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
- nt_status = gensec_security->auth_context->get_server_info_principal(mem_ctx,
+ nt_status = gensec_security->auth_context->get_user_info_dc_principal(mem_ctx,
gensec_security->auth_context,
principal_string,
NULL,
- &server_info);
+ &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
@@ -1348,9 +1363,9 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
}
}
- /* references the server_info into the session_info */
+ /* references the user_info_dc into the session_info */
nt_status = gensec_generate_session_info(mem_ctx, gensec_security,
- server_info, &session_info);
+ user_info_dc, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
@@ -1362,6 +1377,12 @@ static NTSTATUS gensec_gssapi_session_info(struct gensec_security *gensec_securi
return nt_status;
}
+ /* Allow torture tests to check the PAC signatures */
+ if (session_info->torture) {
+ session_info->torture->pac_srv_sig = talloc_steal(session_info->torture, pac_srv_sig);
+ session_info->torture->pac_kdc_sig = talloc_steal(session_info->torture, pac_kdc_sig);
+ }
+
if (!(gensec_gssapi_state->got_flags & GSS_C_DELEG_FLAG)) {
DEBUG(10, ("gensec_gssapi: NO delegated credentials supplied by client\n"));
} else {
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index fc96e3851c..4f452a07ee 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -603,7 +603,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
struct gensec_krb5_state *gensec_krb5_state = (struct gensec_krb5_state *)gensec_security->private_data;
krb5_context context = gensec_krb5_state->smb_krb5_context->krb5_context;
- struct auth_serversupplied_info *server_info = NULL;
+ struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info = NULL;
struct PAC_LOGON_INFO *logon_info;
@@ -663,10 +663,10 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
DEBUG(1, ("Unable to find PAC for %s, resorting to local user lookup: %s",
principal_string, smb_get_krb5_error_message(context,
ret, mem_ctx)));
- nt_status = gensec_security->auth_context->get_server_info_principal(mem_ctx,
+ nt_status = gensec_security->auth_context->get_user_info_dc_principal(mem_ctx,
gensec_security->auth_context,
principal_string,
- NULL, &server_info);
+ NULL, &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
free(principal_string);
krb5_free_principal(context, client_principal);
@@ -709,10 +709,10 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
}
validation.sam3 = &logon_info->info3;
- nt_status = make_server_info_netlogon_validation(mem_ctx,
+ nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
NULL,
3, &validation,
- &server_info);
+ &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
free(principal_string);
krb5_free_principal(context, client_principal);
@@ -724,8 +724,8 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
free(principal_string);
krb5_free_principal(context, client_principal);
- /* references the server_info into the session_info */
- nt_status = gensec_generate_session_info(mem_ctx, gensec_security, server_info, &session_info);
+ /* references the user_info_dc into the session_info */
+ nt_status = gensec_generate_session_info(mem_ctx, gensec_security, user_info_dc, &session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index 94de096543..501a4653d7 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -23,7 +23,7 @@
#include "auth/kerberos/krb5_init_context.h"
#include "librpc/gen_ndr/krb5pac.h"
-struct auth_serversupplied_info;
+struct auth_user_info_dc;
struct cli_credentials;
struct ccache_container {
@@ -134,7 +134,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
const krb5_keyblock *service_keyblock,
DATA_BLOB *pac);
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info *server_info,
+ struct auth_user_info_dc *user_info_dc,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 23b875056b..9620a80d02 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -524,7 +524,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_error_code kerberos_create_pac(TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info *server_info,
+ struct auth_user_info_dc *user_info_dc,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
@@ -612,7 +612,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
talloc_free(pac_data);
return ENOMEM;
}
- nt_status = auth_convert_server_info_saminfo3(LOGON_INFO, server_info, &sam3);
+ nt_status = auth_convert_user_info_dc_saminfo3(LOGON_INFO, user_info_dc, &sam3);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("Getting Samba info failed: %s\n", nt_errstr(nt_status)));
talloc_free(pac_data);
@@ -645,10 +645,12 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
return ret;
}
-krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
- krb5_pac pac,
- krb5_context context,
- struct auth_serversupplied_info **server_info)
+krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
+ krb5_pac pac,
+ krb5_context context,
+ struct auth_user_info_dc **user_info_dc,
+ struct PAC_SIGNATURE_DATA *pac_srv_sig,
+ struct PAC_SIGNATURE_DATA *pac_kdc_sig)
{
NTSTATUS nt_status;
enum ndr_err_code ndr_err;
@@ -658,7 +660,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
krb5_data k5pac_logon_info_in, k5pac_srv_checksum_in, k5pac_kdc_checksum_in;
union PAC_INFO info;
- struct auth_serversupplied_info *server_info_out;
+ struct auth_user_info_dc *user_info_dc_out;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
@@ -686,62 +688,67 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
}
/* Pull this right into the normal auth sysstem structures */
- nt_status = make_server_info_pac(mem_ctx,
+ nt_status = make_user_info_dc_pac(mem_ctx,
info.logon_info.info,
- &server_info_out);
+ &user_info_dc_out);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return EINVAL;
}
- ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_SRV_CHECKSUM, &k5pac_srv_checksum_in);
- if (ret != 0) {
- talloc_free(tmp_ctx);
- return ret;
- }
-
- pac_srv_checksum_in = data_blob_const(k5pac_srv_checksum_in.data, k5pac_srv_checksum_in.length);
-
- ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, server_info_out,
- &server_info_out->pac_srv_sig,
- (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
- krb5_data_free(&k5pac_srv_checksum_in);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- nt_status = ndr_map_error2ntstatus(ndr_err);
- DEBUG(0,("can't parse the KDC signature: %s\n",
- nt_errstr(nt_status)));
- return EINVAL;
- }
+ if (pac_srv_sig) {
+ ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_SRV_CHECKSUM, &k5pac_srv_checksum_in);
+ if (ret != 0) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
- ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_KDC_CHECKSUM, &k5pac_kdc_checksum_in);
- if (ret != 0) {
- talloc_free(tmp_ctx);
- return ret;
+ pac_srv_checksum_in = data_blob_const(k5pac_srv_checksum_in.data, k5pac_srv_checksum_in.length);
+
+ ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, pac_srv_sig,
+ pac_srv_sig,
+ (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
+ krb5_data_free(&k5pac_srv_checksum_in);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ nt_status = ndr_map_error2ntstatus(ndr_err);
+ DEBUG(0,("can't parse the KDC signature: %s\n",
+ nt_errstr(nt_status)));
+ return EINVAL;
+ }
}
- pac_kdc_checksum_in = data_blob_const(k5pac_kdc_checksum_in.data, k5pac_kdc_checksum_in.length);
+ if (pac_kdc_sig) {
+ ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_KDC_CHECKSUM, &k5pac_kdc_checksum_in);
+ if (ret != 0) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
- ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, server_info_out,
- &server_info_out->pac_kdc_sig,
- (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
- krb5_data_free(&k5pac_kdc_checksum_in);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- nt_status = ndr_map_error2ntstatus(ndr_err);
- DEBUG(0,("can't parse the KDC signature: %s\n",
- nt_errstr(nt_status)));
- return EINVAL;
+ pac_kdc_checksum_in = data_blob_const(k5pac_kdc_checksum_in.data, k5pac_kdc_checksum_in.length);
+
+ ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, pac_kdc_sig,
+ pac_kdc_sig,
+ (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
+ krb5_data_free(&k5pac_kdc_checksum_in);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ nt_status = ndr_map_error2ntstatus(ndr_err);
+ DEBUG(0,("can't parse the KDC signature: %s\n",
+ nt_errstr(nt_status)));
+ return EINVAL;
+ }
}
-
- *server_info = server_info_out;
+ *user_info_dc = user_info_dc_out;
return 0;
}
-NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx,
- DATA_BLOB pac_blob,
- krb5_context context,
- struct auth_serversupplied_info **server_info)
+NTSTATUS kerberos_pac_blob_to_user_info_dc(TALLOC_CTX *mem_ctx,
+ DATA_BLOB pac_blob,
+ krb5_context context,
+ struct auth_user_info_dc **user_info_dc,
+ struct PAC_SIGNATURE_DATA *pac_srv_sig,
+ struct PAC_SIGNATURE_DATA *pac_kdc_sig)
{
krb5_error_code ret;
krb5_pac pac;
@@ -753,7 +760,7 @@ NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx,
}
- ret = kerberos_pac_to_server_info(mem_ctx, pac, context, server_info);
+ ret = kerberos_pac_to_user_info_dc(mem_ctx, pac, context, user_info_dc, pac_srv_sig, pac_kdc_sig);
krb5_pac_free(context, pac);
if (ret) {
return map_nt_error_from_unix(ret);
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 1a98fb414f..1558cfdebe 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -103,21 +103,21 @@ PAC isn't available, and for tokenGroups in the DSDB stack.
Supply either a principal or a DN
****************************************************************************/
-_PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS auth_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
struct auth_context *auth_ctx,
const char *principal,
struct ldb_dn *user_dn,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
NTSTATUS nt_status;
struct auth_method_context *method;
for (method = auth_ctx->methods; method; method = method->next) {
- if (!method->ops->get_server_info_principal) {
+ if (!method->ops->get_user_info_dc_principal) {
continue;
}
- nt_status = method->ops->get_server_info_principal(mem_ctx, auth_ctx, principal, user_dn, server_info);
+ nt_status = method->ops->get_user_info_dc_principal(mem_ctx, auth_ctx, principal, user_dn, user_info_dc);
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) {
continue;
}
@@ -133,9 +133,9 @@ _PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx,
* (sync version)
*
* Check a user's password, as given in the user_info struct and return various
- * interesting details in the server_info struct.
+ * interesting details in the user_info_dc struct.
*
- * The return value takes precedence over the contents of the server_info
+ * The return value takes precedence over the contents of the user_info_dc
* struct. When the return is other than NT_STATUS_OK the contents
* of that structure is undefined.
*
@@ -146,9 +146,9 @@ _PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx,
*
* @param user_info Contains the user supplied components, including the passwords.
*
- * @param mem_ctx The parent memory context for the server_info structure
+ * @param mem_ctx The parent memory context for the user_info_dc structure
*
- * @param server_info If successful, contains information about the authentication,
+ * @param user_info_dc If successful, contains information about the authentication,
* including a SAM_ACCOUNT struct describing the user.
*
* @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
@@ -158,7 +158,7 @@ _PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx,
_PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
struct tevent_req *subreq;
struct tevent_context *ev;
@@ -181,7 +181,7 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx,
return NT_STATUS_INTERNAL_ERROR;
}
- status = auth_check_password_recv(subreq, mem_ctx, server_info);
+ status = auth_check_password_recv(subreq, mem_ctx, user_info_dc);
TALLOC_FREE(subreq);
return status;
@@ -190,7 +190,7 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx,
struct auth_check_password_state {
struct auth_context *auth_ctx;
const struct auth_usersupplied_info *user_info;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
struct auth_method_context *method;
};
@@ -202,9 +202,9 @@ static void auth_check_password_async_trigger(struct tevent_context *ev,
* async send hook
*
* Check a user's password, as given in the user_info struct and return various
- * interesting details in the server_info struct.
+ * interesting details in the user_info_dc struct.
*
- * The return value takes precedence over the contents of the server_info
+ * The return value takes precedence over the contents of the user_info_dc
* struct. When the return is other than NT_STATUS_OK the contents
* of that structure is undefined.
*
@@ -334,7 +334,7 @@ static void auth_check_password_async_trigger(struct tevent_context *ev,
status = method->ops->check_password(method,
state,
state->user_info,
- &state->server_info);
+ &state->user_info_dc);
if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
/* the backend has handled the request */
break;
@@ -358,16 +358,16 @@ static void auth_check_password_async_trigger(struct tevent_context *ev,
* Check a user's Plaintext, LM or NTLM password.
* async receive function
*
- * The return value takes precedence over the contents of the server_info
+ * The return value takes precedence over the contents of the user_info_dc
* struct. When the return is other than NT_STATUS_OK the contents
* of that structure is undefined.
*
*
* @param req The async request state
*
- * @param mem_ctx The parent memory context for the server_info structure
+ * @param mem_ctx The parent memory context for the user_info_dc structure
*
- * @param server_info If successful, contains information about the authentication,
+ * @param user_info_dc If successful, contains information about the authentication,
* including a SAM_ACCOUNT struct describing the user.
*
* @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
@@ -376,7 +376,7 @@ static void auth_check_password_async_trigger(struct tevent_context *ev,
_PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
struct auth_check_password_state *state =
tevent_req_data(req, struct auth_check_password_state);
@@ -397,10 +397,10 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
DEBUG(5,("auth_check_password_recv: "
"%s authentication for user [%s\\%s] succeeded\n",
state->method->ops->name,
- state->server_info->domain_name,
- state->server_info->account_name));
+ state->user_info_dc->info->domain_name,
+ state->user_info_dc->info->account_name));
- *server_info = talloc_move(mem_ctx, &state->server_info);
+ *user_info_dc = talloc_move(mem_ctx, &state->user_info_dc);
tevent_req_received(req);
return NT_STATUS_OK;
@@ -410,12 +410,12 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
* know that session_info is generated from the main ldb */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth_context *auth_context,
- struct auth_serversupplied_info *server_info,
+ struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
return auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
- auth_context->sam_ctx, server_info,
+ auth_context->sam_ctx, user_info_dc,
session_info_flags, session_info);
}
@@ -477,7 +477,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
ctx->get_challenge = auth_get_challenge;
ctx->set_challenge = auth_context_set_challenge;
ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
- ctx->get_server_info_principal = auth_get_server_info_principal;
+ ctx->get_user_info_dc_principal = auth_get_user_info_dc_principal;
ctx->generate_session_info = auth_generate_session_info_wrapper;
*auth_ctx = ctx;
@@ -625,7 +625,7 @@ const struct auth_critical_sizes *auth_interface_version(void)
sizeof(struct auth_method_context),
sizeof(struct auth_context),
sizeof(struct auth_usersupplied_info),
- sizeof(struct auth_serversupplied_info)
+ sizeof(struct auth_user_info_dc)
};
return &critical_sizes;
diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index d5f1df2891..7535777b60 100644
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -52,9 +52,9 @@ static NTSTATUS anonymous_want_check(struct auth_method_context *ctx,
static NTSTATUS anonymous_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
- return auth_anonymous_server_info(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), _server_info);
+ return auth_anonymous_user_info_dc(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), _user_info_dc);
}
static const struct auth_operations anonymous_auth_ops = {
diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index 6384d98986..255f97fd23 100644
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -47,10 +47,11 @@ static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
uint32_t error_num;
const char *user;
@@ -65,62 +66,65 @@ static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
}
NT_STATUS_NOT_OK_RETURN(nt_status);
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
/* This returns a pointer to a struct dom_sid, which is the
* same as a 1 element list of struct dom_sid */
- server_info->num_sids = 1;
- server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
- NT_STATUS_HAVE_NO_MEMORY(server_info->sids);
+ user_info_dc->num_sids = 1;
+ user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_ANONYMOUS);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
/* annoying, but the Anonymous really does have a session key,
and it is all zeros! */
- server_info->user_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+ user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
- server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+ user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
- data_blob_clear(&server_info->user_session_key);
- data_blob_clear(&server_info->lm_session_key);
+ data_blob_clear(&user_info_dc->user_session_key);
+ data_blob_clear(&user_info_dc->lm_session_key);
- server_info->account_name = talloc_asprintf(server_info, "NAME TO NTSTATUS %s ANONYMOUS LOGON", user);
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
- server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY");
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+ info->account_name = talloc_asprintf(user_info_dc, "NAME TO NTSTATUS %s ANONYMOUS LOGON", user);
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
- server_info->full_name = talloc_asprintf(server_info, "NAME TO NTSTATUS %s Anonymous Logon", user);
- NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
+ info->domain_name = talloc_strdup(user_info_dc, "NT AUTHORITY");
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
- server_info->logon_script = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+ info->full_name = talloc_asprintf(user_info_dc, "NAME TO NTSTATUS %s Anonymous Logon", user);
+ NT_STATUS_HAVE_NO_MEMORY(info->full_name);
- server_info->profile_path = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+ info->logon_script = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
- server_info->home_directory = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+ info->profile_path = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
- server_info->home_drive = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+ info->home_directory = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
- server_info->last_logon = 0;
- server_info->last_logoff = 0;
- server_info->acct_expiry = 0;
- server_info->last_password_change = 0;
- server_info->allow_password_change = 0;
- server_info->force_password_change = 0;
+ info->home_drive = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
- server_info->logon_count = 0;
- server_info->bad_password_count = 0;
+ info->last_logon = 0;
+ info->last_logoff = 0;
+ info->acct_expiry = 0;
+ info->last_password_change = 0;
+ info->allow_password_change = 0;
+ info->force_password_change = 0;
- server_info->acct_flags = ACB_NORMAL;
+ info->logon_count = 0;
+ info->bad_password_count = 0;
- server_info->authenticated = false;
+ info->acct_flags = ACB_NORMAL;
- *_server_info = server_info;
+ info->authenticated = true;
+
+ *_user_info_dc = user_info_dc;
return nt_status;
}
@@ -166,7 +170,7 @@ static NTSTATUS fixed_challenge_want_check(struct auth_method_context *ctx,
static NTSTATUS fixed_challenge_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
/* don't handle any users */
return NT_STATUS_NO_SUCH_USER;
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index d9aec66d52..ef4932e87c 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -237,7 +237,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context,
static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
NTSTATUS nt_status;
const char *account_name = user_info->mapped.account_name;
@@ -280,18 +280,18 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
return nt_status;
}
- nt_status = authsam_make_server_info(tmp_ctx, ctx->auth_ctx->sam_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
+ nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
lpcfg_sam_name(ctx->auth_ctx->lp_ctx),
domain_dn,
msg,
user_sess_key, lm_sess_key,
- server_info);
+ user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
}
- talloc_steal(mem_ctx, *server_info);
+ talloc_steal(mem_ctx, *user_info_dc);
talloc_free(tmp_ctx);
return NT_STATUS_OK;
@@ -354,21 +354,21 @@ static NTSTATUS authsam_want_check(struct auth_method_context *ctx,
/* Wrapper for the auth subsystem pointer */
-static NTSTATUS authsam_get_server_info_principal_wrapper(TALLOC_CTX *mem_ctx,
+static NTSTATUS authsam_get_user_info_dc_principal_wrapper(TALLOC_CTX *mem_ctx,
struct auth_context *auth_context,
const char *principal,
struct ldb_dn *user_dn,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
- return authsam_get_server_info_principal(mem_ctx, auth_context->lp_ctx, auth_context->sam_ctx,
- principal, user_dn, server_info);
+ return authsam_get_user_info_dc_principal(mem_ctx, auth_context->lp_ctx, auth_context->sam_ctx,
+ principal, user_dn, user_info_dc);
}
static const struct auth_operations sam_ignoredomain_ops = {
.name = "sam_ignoredomain",
.get_challenge = auth_get_challenge_not_implemented,
.want_check = authsam_ignoredomain_want_check,
.check_password = authsam_check_password_internals,
- .get_server_info_principal = authsam_get_server_info_principal_wrapper
+ .get_user_info_dc_principal = authsam_get_user_info_dc_principal_wrapper
};
static const struct auth_operations sam_ops = {
@@ -376,7 +376,7 @@ static const struct auth_operations sam_ops = {
.get_challenge = auth_get_challenge_not_implemented,
.want_check = authsam_want_check,
.check_password = authsam_check_password_internals,
- .get_server_info_principal = authsam_get_server_info_principal_wrapper
+ .get_user_info_dc_principal = authsam_get_user_info_dc_principal_wrapper
};
_PUBLIC_ NTSTATUS auth_sam_init(void)
diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c
index 8e9e73c43d..106bc6c15b 100644
--- a/source4/auth/ntlm/auth_server.c
+++ b/source4/auth/ntlm/auth_server.c
@@ -111,10 +111,11 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX
static NTSTATUS server_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
struct cli_credentials *creds;
struct smb_composite_sesssetup session_setup;
@@ -156,56 +157,59 @@ static NTSTATUS server_check_password(struct auth_method_context *ctx,
return nt_status;
}
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
- server_info->num_sids = 1;
+ user_info_dc->num_sids = 1;
/* This returns a pointer to a struct dom_sid, which is the
* same as a 1 element list of struct dom_sid */
- server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
- NT_STATUS_HAVE_NO_MEMORY(server_info->sids);
+ user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_ANONYMOUS);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
/* annoying, but the Anonymous really does have a session key,
and it is all zeros! */
- server_info->user_session_key = data_blob(NULL, 0);
- server_info->lm_session_key = data_blob(NULL, 0);
+ user_info_dc->user_session_key = data_blob(NULL, 0);
+ user_info_dc->lm_session_key = data_blob(NULL, 0);
- server_info->account_name = talloc_strdup(server_info, user_info->client.account_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
- server_info->domain_name = talloc_strdup(server_info, user_info->client.domain_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+ info->account_name = talloc_strdup(user_info_dc, user_info->client.account_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
- server_info->full_name = NULL;
+ info->domain_name = talloc_strdup(user_info_dc, user_info->client.domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
- server_info->logon_script = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+ info->full_name = NULL;
- server_info->profile_path = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+ info->logon_script = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
- server_info->home_directory = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+ info->profile_path = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
- server_info->home_drive = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+ info->home_directory = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
- server_info->last_logon = 0;
- server_info->last_logoff = 0;
- server_info->acct_expiry = 0;
- server_info->last_password_change = 0;
- server_info->allow_password_change = 0;
- server_info->force_password_change = 0;
+ info->home_drive = talloc_strdup(user_info_dc, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
- server_info->logon_count = 0;
- server_info->bad_password_count = 0;
+ info->last_logon = 0;
+ info->last_logoff = 0;
+ info->acct_expiry = 0;
+ info->last_password_change = 0;
+ info->allow_password_change = 0;
+ info->force_password_change = 0;
- server_info->acct_flags = ACB_NORMAL;
+ info->logon_count = 0;
+ info->bad_password_count = 0;
- server_info->authenticated = false;
+ info->acct_flags = ACB_NORMAL;
- *_server_info = server_info;
+ info->authenticated = false;
+
+ *_user_info_dc = user_info_dc;
return nt_status;
}
diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c
index 1079fba527..75eabe855b 100644
--- a/source4/auth/ntlm/auth_simple.c
+++ b/source4/auth/ntlm/auth_simple.c
@@ -40,7 +40,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
NTSTATUS nt_status;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
@@ -83,7 +83,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
MSV1_0_CLEARTEXT_PASSWORD_ALLOWED |
MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED;
- nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info);
+ nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
@@ -91,11 +91,11 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
if (session_info) {
uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
- if (server_info->authenticated) {
+ if (user_info_dc->info->authenticated) {
flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
nt_status = auth_context->generate_session_info(tmp_ctx, auth_context,
- server_info,
+ user_info_dc,
flags,
session_info);
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index 08759aba67..8b41983eef 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -31,68 +31,75 @@
/* TODO: look at how to best fill in parms retrieveing a struct passwd info
* except in case USER_INFO_DONT_CHECK_UNIX_ACCOUNT is set
*/
-static NTSTATUS authunix_make_server_info(TALLOC_CTX *mem_ctx,
+static NTSTATUS authunix_make_user_info_dc(TALLOC_CTX *mem_ctx,
const char *netbios_name,
const struct auth_usersupplied_info *user_info,
struct passwd *pwd,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
NTSTATUS status;
/* This is a real, real hack */
if (pwd->pw_uid == 0) {
- status = auth_system_server_info(mem_ctx, netbios_name, &server_info);
+ status = auth_system_user_info_dc(mem_ctx, netbios_name, &user_info_dc);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- server_info->account_name = talloc_steal(server_info, pwd->pw_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
+
+ info->account_name = talloc_steal(info, pwd->pw_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
- server_info->domain_name = talloc_strdup(server_info, "unix");
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+ info->domain_name = talloc_strdup(info, "unix");
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
} else {
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
- server_info->authenticated = true;
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
+
+ info->authenticated = true;
- server_info->account_name = talloc_steal(server_info, pwd->pw_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ info->account_name = talloc_steal(info, pwd->pw_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
- server_info->domain_name = talloc_strdup(server_info, "unix");
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+ info->domain_name = talloc_strdup(info, "unix");
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
/* This isn't in any way correct.. */
- server_info->num_sids = 0;
- server_info->sids = NULL;
- }
- server_info->user_session_key = data_blob(NULL,0);
- server_info->lm_session_key = data_blob(NULL,0);
-
- server_info->full_name = talloc_steal(server_info, pwd->pw_gecos);
- NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
- server_info->logon_script = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
- server_info->profile_path = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
- server_info->home_directory = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
- server_info->home_drive = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
-
- server_info->last_logon = 0;
- server_info->last_logoff = 0;
- server_info->acct_expiry = 0;
- server_info->last_password_change = 0;
- server_info->allow_password_change = 0;
- server_info->force_password_change = 0;
- server_info->logon_count = 0;
- server_info->bad_password_count = 0;
- server_info->acct_flags = 0;
-
- *_server_info = server_info;
+ user_info_dc->num_sids = 0;
+ user_info_dc->sids = NULL;
+ }
+ user_info_dc->user_session_key = data_blob(NULL,0);
+ user_info_dc->lm_session_key = data_blob(NULL,0);
+
+ info->full_name = talloc_steal(info, pwd->pw_gecos);
+ NT_STATUS_HAVE_NO_MEMORY(info->full_name);
+ info->logon_script = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
+ info->profile_path = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
+ info->home_directory = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
+ info->home_drive = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
+
+ info->last_logon = 0;
+ info->last_logoff = 0;
+ info->acct_expiry = 0;
+ info->last_password_change = 0;
+ info->allow_password_change = 0;
+ info->force_password_change = 0;
+ info->logon_count = 0;
+ info->bad_password_count = 0;
+ info->acct_flags = 0;
+
+ *_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
@@ -791,7 +798,7 @@ static NTSTATUS authunix_want_check(struct auth_method_context *ctx,
static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
TALLOC_CTX *check_ctx;
NTSTATUS nt_status;
@@ -812,8 +819,8 @@ static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
return nt_status;
}
- nt_status = authunix_make_server_info(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
- user_info, pwd, server_info);
+ nt_status = authunix_make_user_info_dc(mem_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
+ user_info, pwd, user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(check_ctx);
return nt_status;
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index b6bf516a4f..30a2f01585 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -131,7 +131,7 @@ struct winbind_check_password_state {
static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
NTSTATUS status;
struct dcerpc_binding_handle *irpc_handle;
@@ -214,11 +214,11 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
status = dcerpc_winbind_SamLogon_r(irpc_handle, s, &s->req);
NT_STATUS_NOT_OK_RETURN(status);
- status = make_server_info_netlogon_validation(mem_ctx,
+ status = make_user_info_dc_netlogon_validation(mem_ctx,
user_info->client.account_name,
s->req.in.validation_level,
&s->req.out.validation,
- server_info);
+ user_info_dc);
NT_STATUS_NOT_OK_RETURN(status);
return NT_STATUS_OK;
@@ -231,7 +231,7 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
struct wbcAuthUserParams params;
struct wbcAuthUserInfo *info = NULL;
@@ -301,9 +301,9 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
NT_STATUS_NOT_OK_RETURN(nt_status);
validation.sam3 = &info3;
- nt_status = make_server_info_netlogon_validation(mem_ctx,
+ nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
user_info->client.account_name,
- 3, &validation, server_info);
+ 3, &validation, user_info_dc);
return nt_status;
}
diff --git a/source4/auth/ntlmssp/ntlmssp.h b/source4/auth/ntlmssp/ntlmssp.h
index 0adf75f812..ff30317f55 100644
--- a/source4/auth/ntlmssp/ntlmssp.h
+++ b/source4/auth/ntlmssp/ntlmssp.h
@@ -27,7 +27,7 @@ struct gensec_ntlmssp_context {
struct gensec_security *gensec_security;
struct ntlmssp_state *ntlmssp_state;
struct auth_context *auth_context;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
};
struct loadparm_context;
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c
index a5ff13eaa4..9db3b560c1 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -181,23 +181,23 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
nt_status = auth_context->check_password(auth_context,
gensec_ntlmssp,
user_info,
- &gensec_ntlmssp->server_info);
+ &gensec_ntlmssp->user_info_dc);
talloc_free(user_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
- if (gensec_ntlmssp->server_info->user_session_key.length) {
+ if (gensec_ntlmssp->user_info_dc->user_session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
- (unsigned)gensec_ntlmssp->server_info->user_session_key.length));
- *user_session_key = gensec_ntlmssp->server_info->user_session_key;
+ (unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length));
+ *user_session_key = gensec_ntlmssp->user_info_dc->user_session_key;
talloc_steal(mem_ctx, user_session_key->data);
- gensec_ntlmssp->server_info->user_session_key = data_blob_null;
+ gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null;
}
- if (gensec_ntlmssp->server_info->lm_session_key.length) {
+ if (gensec_ntlmssp->user_info_dc->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
- (unsigned)gensec_ntlmssp->server_info->lm_session_key.length));
- *lm_session_key = gensec_ntlmssp->server_info->lm_session_key;
+ (unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length));
+ *lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key;
talloc_steal(mem_ctx, lm_session_key->data);
- gensec_ntlmssp->server_info->lm_session_key = data_blob_null;
+ gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null;
}
return nt_status;
}
@@ -223,7 +223,7 @@ NTSTATUS gensec_ntlmssp_session_info(struct gensec_security *gensec_security,
nt_status = gensec_generate_session_info(ntlmssp_state,
gensec_security,
- gensec_ntlmssp->server_info,
+ gensec_ntlmssp->user_info_dc,
session_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index c9ce644cbf..83ed790054 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -68,7 +68,7 @@ const char *user_attrs[] = {
/* check 'allowed workstations' */
"userWorkstations",
- /* required for server_info, not access control: */
+ /* required for user_info_dc, not access control: */
"displayName",
"scriptPath",
"profilePath",
@@ -267,7 +267,7 @@ _PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-_PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
struct ldb_context *sam_ctx,
const char *netbios_name,
const char *domain_name,
@@ -275,10 +275,11 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
struct ldb_message *msg,
DATA_BLOB user_sess_key,
DATA_BLOB lm_sess_key,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
NTSTATUS status;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
const char *str, *filter;
/* SIDs for the account and his primary group */
struct dom_sid *account_sid;
@@ -292,23 +293,23 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
TALLOC_CTX *tmp_ctx;
struct ldb_message_element *el;
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
- tmp_ctx = talloc_new(server_info);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info, server_info);
+ tmp_ctx = talloc_new(user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc, user_info_dc);
- sids = talloc_array(server_info, struct dom_sid, 2);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sids, server_info);
+ sids = talloc_array(user_info_dc, struct dom_sid, 2);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sids, user_info_dc);
num_sids = 2;
- account_sid = samdb_result_dom_sid(server_info, msg, "objectSid");
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(account_sid, server_info);
+ account_sid = samdb_result_dom_sid(user_info_dc, msg, "objectSid");
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(account_sid, user_info_dc);
status = dom_sid_split_rid(tmp_ctx, account_sid, &domain_sid, NULL);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(server_info);
+ talloc_free(user_info_dc);
return status;
}
@@ -320,13 +321,13 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
* for builtin groups later, and not include them in the PAC
* on SamLogon validation info */
filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(!(groupType:1.2.840.113556.1.4.803:=%u))(groupType:1.2.840.113556.1.4.803:=%u))", GROUP_TYPE_BUILTIN_LOCAL_GROUP, GROUP_TYPE_SECURITY_ENABLED);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(filter, server_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(filter, user_info_dc);
primary_group_string = dom_sid_string(tmp_ctx, &sids[PRIMARY_GROUP_SID_INDEX]);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_string, server_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_string, user_info_dc);
primary_group_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", primary_group_string);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_dn, server_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(primary_group_dn, user_info_dc);
primary_group_blob = data_blob_string_const(primary_group_dn);
@@ -340,9 +341,9 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
* 'only childs' flag to true
*/
status = dsdb_expand_nested_groups(sam_ctx, &primary_group_blob, true, filter,
- server_info, &sids, &num_sids);
+ user_info_dc, &sids, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(server_info);
+ talloc_free(user_info_dc);
return status;
}
@@ -353,113 +354,116 @@ _PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx,
* them, as long as they meet the filter - so only
* domain groups, not builtin groups */
status = dsdb_expand_nested_groups(sam_ctx, &el->values[i], false, filter,
- server_info, &sids, &num_sids);
+ user_info_dc, &sids, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(server_info);
+ talloc_free(user_info_dc);
return status;
}
}
- server_info->sids = sids;
- server_info->num_sids = num_sids;
+ user_info_dc->sids = sids;
+ user_info_dc->num_sids = num_sids;
- server_info->account_name = talloc_steal(server_info,
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
+
+ info->account_name = talloc_steal(info,
ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL));
- server_info->domain_name = talloc_strdup(server_info, domain_name);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->domain_name,
- server_info);
+ info->domain_name = talloc_strdup(info, domain_name);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(info->domain_name,
+ user_info_dc);
str = ldb_msg_find_attr_as_string(msg, "displayName", "");
- server_info->full_name = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->full_name, server_info);
+ info->full_name = talloc_strdup(info, str);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(info->full_name, user_info_dc);
str = ldb_msg_find_attr_as_string(msg, "scriptPath", "");
- server_info->logon_script = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->logon_script,
- server_info);
+ info->logon_script = talloc_strdup(info, str);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(info->logon_script,
+ user_info_dc);
str = ldb_msg_find_attr_as_string(msg, "profilePath", "");
- server_info->profile_path = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->profile_path,
- server_info);
+ info->profile_path = talloc_strdup(info, str);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(info->profile_path,
+ user_info_dc);
str = ldb_msg_find_attr_as_string(msg, "homeDirectory", "");
- server_info->home_directory = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->home_directory,
- server_info);
+ info->home_directory = talloc_strdup(info, str);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(info->home_directory,
+ user_info_dc);
str = ldb_msg_find_attr_as_string(msg, "homeDrive", "");
- server_info->home_drive = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->home_drive, server_info);
+ info->home_drive = talloc_strdup(info, str);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(info->home_drive, user_info_dc);
- server_info->logon_server = talloc_strdup(server_info, netbios_name);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->logon_server,
- server_info);
+ info->logon_server = talloc_strdup(info, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(info->logon_server,
+ user_info_dc);
- server_info->last_logon = samdb_result_nttime(msg, "lastLogon", 0);
- server_info->last_logoff = samdb_result_last_logoff(msg);
- server_info->acct_expiry = samdb_result_account_expires(msg);
- server_info->last_password_change = samdb_result_nttime(msg,
+ info->last_logon = samdb_result_nttime(msg, "lastLogon", 0);
+ info->last_logoff = samdb_result_last_logoff(msg);
+ info->acct_expiry = samdb_result_account_expires(msg);
+ info->last_password_change = samdb_result_nttime(msg,
"pwdLastSet", 0);
- server_info->allow_password_change
+ info->allow_password_change
= samdb_result_allow_password_change(sam_ctx, mem_ctx,
domain_dn, msg, "pwdLastSet");
- server_info->force_password_change
+ info->force_password_change
= samdb_result_force_password_change(sam_ctx, mem_ctx,
domain_dn, msg);
- server_info->logon_count = ldb_msg_find_attr_as_uint(msg, "logonCount", 0);
- server_info->bad_password_count = ldb_msg_find_attr_as_uint(msg, "badPwdCount",
+ info->logon_count = ldb_msg_find_attr_as_uint(msg, "logonCount", 0);
+ info->bad_password_count = ldb_msg_find_attr_as_uint(msg, "badPwdCount",
0);
- server_info->acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx,
+ info->acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx,
msg, domain_dn);
- server_info->user_session_key = data_blob_talloc(server_info,
+ user_info_dc->user_session_key = data_blob_talloc(user_info_dc,
user_sess_key.data,
user_sess_key.length);
if (user_sess_key.data) {
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->user_session_key.data,
- server_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc->user_session_key.data,
+ user_info_dc);
}
- server_info->lm_session_key = data_blob_talloc(server_info,
+ user_info_dc->lm_session_key = data_blob_talloc(user_info_dc,
lm_sess_key.data,
lm_sess_key.length);
if (lm_sess_key.data) {
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->lm_session_key.data,
- server_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc->lm_session_key.data,
+ user_info_dc);
}
- if (server_info->acct_flags & ACB_SVRTRUST) {
+ if (info->acct_flags & ACB_SVRTRUST) {
/* the SID_NT_ENTERPRISE_DCS SID gets added into the
PAC */
- server_info->sids = talloc_realloc(server_info,
- server_info->sids,
+ user_info_dc->sids = talloc_realloc(user_info_dc,
+ user_info_dc->sids,
struct dom_sid,
- server_info->num_sids+1);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->sids, server_info);
- server_info->sids[server_info->num_sids] = global_sid_Enterprise_DCs;
- server_info->num_sids++;
+ user_info_dc->num_sids+1);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc->sids, user_info_dc);
+ user_info_dc->sids[user_info_dc->num_sids] = global_sid_Enterprise_DCs;
+ user_info_dc->num_sids++;
}
- if ((server_info->acct_flags & (ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) ==
+ if ((info->acct_flags & (ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) ==
(ACB_PARTIAL_SECRETS_ACCOUNT | ACB_WSTRUST)) {
/* the DOMAIN_RID_ENTERPRISE_READONLY_DCS PAC */
- server_info->sids = talloc_realloc(server_info,
- server_info->sids,
+ user_info_dc->sids = talloc_realloc(user_info_dc,
+ user_info_dc->sids,
struct dom_sid,
- server_info->num_sids+1);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(server_info->sids, server_info);
- server_info->sids[server_info->num_sids] = *domain_sid;
- sid_append_rid(&server_info->sids[server_info->num_sids],
+ user_info_dc->num_sids+1);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info_dc->sids, user_info_dc);
+ user_info_dc->sids[user_info_dc->num_sids] = *domain_sid;
+ sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids],
DOMAIN_RID_ENTERPRISE_READONLY_DCS);
- server_info->num_sids++;
+ user_info_dc->num_sids++;
}
- server_info->authenticated = true;
+ info->authenticated = true;
talloc_free(tmp_ctx);
- *_server_info = server_info;
+ *_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
@@ -504,12 +508,12 @@ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
Supply either a principal or a DN
*/
-NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
+NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct ldb_context *sam_ctx,
const char *principal,
struct ldb_dn *user_dn,
- struct auth_serversupplied_info **server_info)
+ struct auth_user_info_dc **user_info_dc)
{
NTSTATUS nt_status;
DATA_BLOB user_sess_key = data_blob(NULL, 0);
@@ -555,7 +559,7 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
"(&(objectSid=%s)(objectClass=domain))",
ldap_encode_ndr_dom_sid(tmp_ctx, domain_sid));
if (!domain_dn) {
- DEBUG(3, ("authsam_get_server_info_principal: Failed to find domain with: SID %s\n",
+ DEBUG(3, ("authsam_get_user_info_dc_principal: Failed to find domain with: SID %s\n",
dom_sid_string(tmp_ctx, domain_sid)));
return NT_STATUS_NO_SUCH_USER;
}
@@ -564,19 +568,19 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- nt_status = authsam_make_server_info(tmp_ctx, sam_ctx,
+ nt_status = authsam_make_user_info_dc(tmp_ctx, sam_ctx,
lpcfg_netbios_name(lp_ctx),
lpcfg_workgroup(lp_ctx),
domain_dn,
msg,
user_sess_key, lm_sess_key,
- server_info);
+ user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
}
- talloc_steal(mem_ctx, *server_info);
+ talloc_steal(mem_ctx, *user_info_dc);
talloc_free(tmp_ctx);
return NT_STATUS_OK;
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 060f6d2eb6..a6b8b2688c 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -44,7 +44,7 @@ _PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx, /* Optional, if you don't want privilages */
struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
- struct auth_serversupplied_info *server_info,
+ struct auth_user_info_dc *user_info_dc,
uint32_t session_info_flags,
struct auth_session_info **_session_info)
{
@@ -63,11 +63,20 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
session_info = talloc(tmp_ctx, struct auth_session_info);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info, tmp_ctx);
- session_info->server_info = talloc_reference(session_info, server_info);
+ session_info->info = talloc_reference(session_info, user_info_dc->info);
+
+ session_info->torture = talloc_zero(session_info, struct auth_user_info_torture);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info->torture, tmp_ctx);
+ session_info->torture->num_dc_sids = user_info_dc->num_sids;
+ session_info->torture->dc_sids = talloc_reference(session_info, user_info_dc->sids);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info->torture->dc_sids, tmp_ctx);
/* unless set otherwise, the session key is the user session
* key from the auth subsystem */
- session_info->session_key = server_info->user_session_key;
+ session_info->session_key = data_blob_talloc(session_info, user_info_dc->user_session_key.data, user_info_dc->user_session_key.length);
+ if (!session_info->session_key.data && session_info->session_key.length) {
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info->session_key.data, tmp_ctx);
+ }
anonymous_sid = dom_sid_parse_talloc(tmp_ctx, SID_NT_ANONYMOUS);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(anonymous_sid, tmp_ctx);
@@ -75,40 +84,40 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
system_sid = dom_sid_parse_talloc(tmp_ctx, SID_NT_SYSTEM);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(system_sid, tmp_ctx);
- sids = talloc_array(tmp_ctx, struct dom_sid, server_info->num_sids);
+ sids = talloc_array(tmp_ctx, struct dom_sid, user_info_dc->num_sids);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sids, tmp_ctx);
if (!sids) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- num_sids = server_info->num_sids;
+ num_sids = user_info_dc->num_sids;
- for (i=0; i < server_info->num_sids; i++) {
- sids[i] = server_info->sids[i];
+ for (i=0; i < user_info_dc->num_sids; i++) {
+ sids[i] = user_info_dc->sids[i];
}
- if (server_info->num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(anonymous_sid, &server_info->sids[PRIMARY_USER_SID_INDEX])) {
+ if (user_info_dc->num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(anonymous_sid, &user_info_dc->sids[PRIMARY_USER_SID_INDEX])) {
/* Don't expand nested groups of system, anonymous etc*/
- } else if (server_info->num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(system_sid, &server_info->sids[PRIMARY_USER_SID_INDEX])) {
+ } else if (user_info_dc->num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(system_sid, &user_info_dc->sids[PRIMARY_USER_SID_INDEX])) {
/* Don't expand nested groups of system, anonymous etc*/
} else if (sam_ctx) {
filter = talloc_asprintf(tmp_ctx, "(&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=%u))",
GROUP_TYPE_BUILTIN_LOCAL_GROUP);
/* Search for each group in the token */
- for (i = 0; i < server_info->num_sids; i++) {
+ for (i = 0; i < user_info_dc->num_sids; i++) {
char *sid_string;
const char *sid_dn;
DATA_BLOB sid_blob;
sid_string = dom_sid_string(tmp_ctx,
- &server_info->sids[i]);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid_string, server_info);
+ &user_info_dc->sids[i]);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid_string, user_info_dc);
sid_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", sid_string);
talloc_free(sid_string);
- NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid_dn, server_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid_dn, user_info_dc);
sid_blob = data_blob_string_const(sid_dn);
/* This function takes in memberOf values and expands
@@ -156,21 +165,21 @@ NTSTATUS authsam_get_session_info_principal(TALLOC_CTX *mem_ctx,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return NT_STATUS_NO_MEMORY;
}
- nt_status = authsam_get_server_info_principal(tmp_ctx, lp_ctx, sam_ctx,
+ nt_status = authsam_get_user_info_dc_principal(tmp_ctx, lp_ctx, sam_ctx,
principal, user_dn,
- &server_info);
+ &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return nt_status;
}
nt_status = auth_generate_session_info(tmp_ctx, lp_ctx, sam_ctx,
- server_info, session_info_flags,
+ user_info_dc, session_info_flags,
session_info);
if (NT_STATUS_IS_OK(nt_status)) {
diff --git a/source4/auth/session.h b/source4/auth/session.h
index caedbc8028..d8c00a39a4 100644
--- a/source4/auth/session.h
+++ b/source4/auth/session.h
@@ -23,12 +23,14 @@
struct auth_session_info {
struct security_token *security_token;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info *info;
+ struct auth_user_info_torture *torture;
DATA_BLOB session_key;
struct cli_credentials *credentials;
};
#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/auth.h"
struct tevent_context;
struct ldb_context;
@@ -38,18 +40,18 @@ struct ldb_dn;
* the off-host credentials */
struct auth_session_info *system_session(struct loadparm_context *lp_ctx) ;
-NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
- const char *netbios_name,
- struct auth_serversupplied_info **_server_info) ;
+NTSTATUS auth_anonymous_user_info_dc(TALLOC_CTX *mem_ctx,
+ const char *netbios_name,
+ struct auth_user_info_dc **interim_info);
NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx, /* Optional, if you don't want privilages */
struct ldb_context *sam_ctx, /* Optional, if you don't want local groups */
- struct auth_serversupplied_info *server_info,
+ struct auth_user_info_dc *interim_info,
uint32_t session_info_flags,
- struct auth_session_info **_session_info);
+ struct auth_session_info **session_info);
NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
struct loadparm_context *lp_ctx,
- struct auth_session_info **_session_info);
+ struct auth_session_info **session_info);
/* Produce a session_info for an arbitary DN or principal in the local
* DB, assuming the local DB holds all the groups
*
diff --git a/source4/auth/system_session.c b/source4/auth/system_session.c
index 6df12fb701..ad0dab6262 100644
--- a/source4/auth/system_session.c
+++ b/source4/auth/system_session.c
@@ -25,7 +25,7 @@
#include "libcli/security/security.h"
#include "auth/credentials/credentials.h"
#include "param/param.h"
-#include "auth/auth.h" /* for auth_serversupplied_info */
+#include "auth/auth.h" /* for auth_user_info_dc */
#include "auth/session.h"
#include "auth/system_session_proto.h"
@@ -68,19 +68,19 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
struct auth_session_info **_session_info)
{
NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info = NULL;
+ struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info = NULL;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
- nt_status = auth_system_server_info(mem_ctx, lpcfg_netbios_name(lp_ctx),
- &server_info);
+ nt_status = auth_system_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx),
+ &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
}
- /* references the server_info into the session_info */
- nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, server_info, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
+ /* references the user_info_dc into the session_info */
+ nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -98,155 +98,163 @@ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
return NT_STATUS_OK;
}
-NTSTATUS auth_system_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name,
- struct auth_serversupplied_info **_server_info)
+NTSTATUS auth_system_user_info_dc(TALLOC_CTX *mem_ctx, const char *netbios_name,
+ struct auth_user_info_dc **_user_info_dc)
{
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
/* This returns a pointer to a struct dom_sid, which is the
* same as a 1 element list of struct dom_sid */
- server_info->num_sids = 1;
- server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_SYSTEM);
- NT_STATUS_HAVE_NO_MEMORY(server_info->sids);
+ user_info_dc->num_sids = 1;
+ user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_SYSTEM);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
/* annoying, but the Anonymous really does have a session key,
and it is all zeros! */
- server_info->user_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+ user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
- server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+ user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
- data_blob_clear(&server_info->user_session_key);
- data_blob_clear(&server_info->lm_session_key);
+ data_blob_clear(&user_info_dc->user_session_key);
+ data_blob_clear(&user_info_dc->lm_session_key);
- server_info->account_name = talloc_strdup(server_info, "SYSTEM");
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
- server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY");
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+ info->account_name = talloc_strdup(info, "SYSTEM");
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
- server_info->full_name = talloc_strdup(server_info, "System");
- NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
+ info->domain_name = talloc_strdup(info, "NT AUTHORITY");
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
- server_info->logon_script = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+ info->full_name = talloc_strdup(info, "System");
+ NT_STATUS_HAVE_NO_MEMORY(info->full_name);
- server_info->profile_path = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+ info->logon_script = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
- server_info->home_directory = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+ info->profile_path = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
- server_info->home_drive = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+ info->home_directory = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
- server_info->logon_server = talloc_strdup(server_info, netbios_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server);
+ info->home_drive = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
- server_info->last_logon = 0;
- server_info->last_logoff = 0;
- server_info->acct_expiry = 0;
- server_info->last_password_change = 0;
- server_info->allow_password_change = 0;
- server_info->force_password_change = 0;
+ info->logon_server = talloc_strdup(info, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_server);
- server_info->logon_count = 0;
- server_info->bad_password_count = 0;
+ info->last_logon = 0;
+ info->last_logoff = 0;
+ info->acct_expiry = 0;
+ info->last_password_change = 0;
+ info->allow_password_change = 0;
+ info->force_password_change = 0;
- server_info->acct_flags = ACB_NORMAL;
+ info->logon_count = 0;
+ info->bad_password_count = 0;
- server_info->authenticated = true;
+ info->acct_flags = ACB_NORMAL;
- *_server_info = server_info;
+ info->authenticated = true;
+
+ *_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
-static NTSTATUS auth_domain_admin_server_info(TALLOC_CTX *mem_ctx,
+static NTSTATUS auth_domain_admin_user_info_dc(TALLOC_CTX *mem_ctx,
const char *netbios_name,
const char *domain_name,
struct dom_sid *domain_sid,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
- server_info->num_sids = 7;
- server_info->sids = talloc_array(server_info, struct dom_sid, server_info->num_sids);
+ user_info_dc->num_sids = 7;
+ user_info_dc->sids = talloc_array(user_info_dc, struct dom_sid, user_info_dc->num_sids);
- server_info->sids[PRIMARY_USER_SID_INDEX] = *domain_sid;
- sid_append_rid(&server_info->sids[PRIMARY_USER_SID_INDEX], DOMAIN_RID_ADMINISTRATOR);
+ user_info_dc->sids[PRIMARY_USER_SID_INDEX] = *domain_sid;
+ sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX], DOMAIN_RID_ADMINISTRATOR);
- server_info->sids[PRIMARY_GROUP_SID_INDEX] = *domain_sid;
- sid_append_rid(&server_info->sids[PRIMARY_USER_SID_INDEX], DOMAIN_RID_USERS);
+ user_info_dc->sids[PRIMARY_GROUP_SID_INDEX] = *domain_sid;
+ sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX], DOMAIN_RID_USERS);
- server_info->sids[2] = global_sid_Builtin_Administrators;
+ user_info_dc->sids[2] = global_sid_Builtin_Administrators;
- server_info->sids[3] = *domain_sid;
- sid_append_rid(&server_info->sids[3], DOMAIN_RID_ADMINS);
- server_info->sids[4] = *domain_sid;
- sid_append_rid(&server_info->sids[4], DOMAIN_RID_ENTERPRISE_ADMINS);
- server_info->sids[5] = *domain_sid;
- sid_append_rid(&server_info->sids[5], DOMAIN_RID_POLICY_ADMINS);
- server_info->sids[6] = *domain_sid;
- sid_append_rid(&server_info->sids[6], DOMAIN_RID_SCHEMA_ADMINS);
+ user_info_dc->sids[3] = *domain_sid;
+ sid_append_rid(&user_info_dc->sids[3], DOMAIN_RID_ADMINS);
+ user_info_dc->sids[4] = *domain_sid;
+ sid_append_rid(&user_info_dc->sids[4], DOMAIN_RID_ENTERPRISE_ADMINS);
+ user_info_dc->sids[5] = *domain_sid;
+ sid_append_rid(&user_info_dc->sids[5], DOMAIN_RID_POLICY_ADMINS);
+ user_info_dc->sids[6] = *domain_sid;
+ sid_append_rid(&user_info_dc->sids[6], DOMAIN_RID_SCHEMA_ADMINS);
/* What should the session key be?*/
- server_info->user_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+ user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
+
+ user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
- server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+ data_blob_clear(&user_info_dc->user_session_key);
+ data_blob_clear(&user_info_dc->lm_session_key);
- data_blob_clear(&server_info->user_session_key);
- data_blob_clear(&server_info->lm_session_key);
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
- server_info->account_name = talloc_strdup(server_info, "Administrator");
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ info->account_name = talloc_strdup(info, "Administrator");
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
- server_info->domain_name = talloc_strdup(server_info, domain_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+ info->domain_name = talloc_strdup(info, domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
- server_info->full_name = talloc_strdup(server_info, "Administrator");
- NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
+ info->full_name = talloc_strdup(info, "Administrator");
+ NT_STATUS_HAVE_NO_MEMORY(info->full_name);
- server_info->logon_script = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+ info->logon_script = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
- server_info->profile_path = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+ info->profile_path = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
- server_info->home_directory = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+ info->home_directory = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
- server_info->home_drive = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+ info->home_drive = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
- server_info->logon_server = talloc_strdup(server_info, netbios_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server);
+ info->logon_server = talloc_strdup(info, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_server);
- server_info->last_logon = 0;
- server_info->last_logoff = 0;
- server_info->acct_expiry = 0;
- server_info->last_password_change = 0;
- server_info->allow_password_change = 0;
- server_info->force_password_change = 0;
+ info->last_logon = 0;
+ info->last_logoff = 0;
+ info->acct_expiry = 0;
+ info->last_password_change = 0;
+ info->allow_password_change = 0;
+ info->force_password_change = 0;
- server_info->logon_count = 0;
- server_info->bad_password_count = 0;
+ info->logon_count = 0;
+ info->bad_password_count = 0;
- server_info->acct_flags = ACB_NORMAL;
+ info->acct_flags = ACB_NORMAL;
- server_info->authenticated = true;
+ info->authenticated = true;
- *_server_info = server_info;
+ *_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
@@ -257,21 +265,21 @@ static NTSTATUS auth_domain_admin_session_info(TALLOC_CTX *parent_ctx,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info = NULL;
+ struct auth_user_info_dc *user_info_dc = NULL;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
- nt_status = auth_domain_admin_server_info(mem_ctx, lpcfg_netbios_name(lp_ctx),
+ nt_status = auth_domain_admin_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx),
lpcfg_workgroup(lp_ctx), domain_sid,
- &server_info);
+ &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
}
- nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, server_info,
+ nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
AUTH_SESSION_INFO_SIMPLE_PRIVILEGES|AUTH_SESSION_INFO_AUTHENTICATED|AUTH_SESSION_INFO_DEFAULT_GROUPS,
session_info);
- /* There is already a reference between the sesion_info and server_info */
+ /* There is already a reference between the sesion_info and user_info_dc */
if (NT_STATUS_IS_OK(nt_status)) {
talloc_steal(parent_ctx, *session_info);
}
@@ -298,20 +306,20 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
struct auth_session_info **_session_info)
{
NTSTATUS nt_status;
- struct auth_serversupplied_info *server_info = NULL;
+ struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info = NULL;
TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
- nt_status = auth_anonymous_server_info(mem_ctx,
+ nt_status = auth_anonymous_user_info_dc(mem_ctx,
lpcfg_netbios_name(lp_ctx),
- &server_info);
+ &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return nt_status;
}
- /* references the server_info into the session_info */
- nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, server_info, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
+ /* references the user_info_dc into the session_info */
+ nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
talloc_free(mem_ctx);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -329,70 +337,74 @@ _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
return NT_STATUS_OK;
}
-_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx,
+_PUBLIC_ NTSTATUS auth_anonymous_user_info_dc(TALLOC_CTX *mem_ctx,
const char *netbios_name,
- struct auth_serversupplied_info **_server_info)
+ struct auth_user_info_dc **_user_info_dc)
{
- struct auth_serversupplied_info *server_info;
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info *info;
+ user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
/* This returns a pointer to a struct dom_sid, which is the
* same as a 1 element list of struct dom_sid */
- server_info->num_sids = 1;
- server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
- NT_STATUS_HAVE_NO_MEMORY(server_info->sids);
+ user_info_dc->num_sids = 1;
+ user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_ANONYMOUS);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
/* annoying, but the Anonymous really does have a session key... */
- server_info->user_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
+ user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
- server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16);
- NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
+ user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
/* and it is all zeros! */
- data_blob_clear(&server_info->user_session_key);
- data_blob_clear(&server_info->lm_session_key);
+ data_blob_clear(&user_info_dc->user_session_key);
+ data_blob_clear(&user_info_dc->lm_session_key);
+
+ user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
+ NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
- server_info->account_name = talloc_strdup(server_info, "ANONYMOUS LOGON");
- NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
+ info->account_name = talloc_strdup(info, "ANONYMOUS LOGON");
+ NT_STATUS_HAVE_NO_MEMORY(info->account_name);
- server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY");
- NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
+ info->domain_name = talloc_strdup(info, "NT AUTHORITY");
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
- server_info->full_name = talloc_strdup(server_info, "Anonymous Logon");
- NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
+ info->full_name = talloc_strdup(info, "Anonymous Logon");
+ NT_STATUS_HAVE_NO_MEMORY(info->full_name);
- server_info->logon_script = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+ info->logon_script = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
- server_info->profile_path = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+ info->profile_path = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
- server_info->home_directory = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+ info->home_directory = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
- server_info->home_drive = talloc_strdup(server_info, "");
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+ info->home_drive = talloc_strdup(info, "");
+ NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
- server_info->logon_server = talloc_strdup(server_info, netbios_name);
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server);
+ info->logon_server = talloc_strdup(info, netbios_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->logon_server);
- server_info->last_logon = 0;
- server_info->last_logoff = 0;
- server_info->acct_expiry = 0;
- server_info->last_password_change = 0;
- server_info->allow_password_change = 0;
- server_info->force_password_change = 0;
+ info->last_logon = 0;
+ info->last_logoff = 0;
+ info->acct_expiry = 0;
+ info->last_password_change = 0;
+ info->allow_password_change = 0;
+ info->force_password_change = 0;
- server_info->logon_count = 0;
- server_info->bad_password_count = 0;
+ info->logon_count = 0;
+ info->bad_password_count = 0;
- server_info->acct_flags = ACB_NORMAL;
+ info->acct_flags = ACB_NORMAL;
- server_info->authenticated = false;
+ info->authenticated = false;
- *_server_info = server_info;
+ *_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index a7bc331f8e..58d3ecde30 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -235,6 +235,6 @@ const char *acl_user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module)
}
return talloc_asprintf(mem_ctx, "%s\\%s",
- session_info->server_info->domain_name,
- session_info->server_info->account_name);
+ session_info->info->domain_name,
+ session_info->info->account_name);
}
diff --git a/source4/kdc/kpasswdd.c b/source4/kdc/kpasswdd.c
index 800d560b44..117cab095d 100644
--- a/source4/kdc/kpasswdd.c
+++ b/source4/kdc/kpasswdd.c
@@ -169,7 +169,7 @@ static bool kpasswdd_change_password(struct kdc_server *kdc,
* seem to be the case here. */
ret = gendb_search(kdc->samdb, mem_ctx, NULL, &res, attrs,
"(&(objectClass=user)(sAMAccountName=%s))",
- session_info->server_info->account_name);
+ session_info->info->account_name);
if (ret != 1) {
return kpasswdd_make_error_reply(kdc, mem_ctx,
KRB5_KPASSWD_ACCESSDENIED,
@@ -197,8 +197,8 @@ static bool kpasswdd_change_password(struct kdc_server *kdc,
}
DEBUG(3, ("Changing password of %s\\%s (%s)\n",
- session_info->server_info->domain_name,
- session_info->server_info->account_name,
+ session_info->info->domain_name,
+ session_info->info->account_name,
dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX])));
/* Performs the password change */
@@ -359,8 +359,8 @@ static bool kpasswd_process_request(struct kdc_server *kdc,
}
DEBUG(3, ("%s\\%s (%s) is changing password of %s\n",
- session_info->server_info->domain_name,
- session_info->server_info->account_name,
+ session_info->info->domain_name,
+ session_info->info->account_name,
dom_sid_string(mem_ctx, &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]),
set_password_on_princ));
ret = ldb_transaction_start(samdb);
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 6dbeb354e0..18d29a10cb 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -28,10 +28,11 @@
#include "auth/auth_sam_reply.h"
#include "kdc/kdc-glue.h"
#include "param/param.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
static
NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx,
- struct auth_serversupplied_info *info,
+ struct auth_user_info_dc *info,
DATA_BLOB *pac_data)
{
struct netr_SamInfo3 *info3;
@@ -41,7 +42,7 @@ NTSTATUS samba_get_logon_info_pac_blob(TALLOC_CTX *mem_ctx,
ZERO_STRUCT(pac_info);
- nt_status = auth_convert_server_info_saminfo3(mem_ctx, info, &info3);
+ nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx, info, &info3);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(1, ("Getting Samba info failed: %s\n",
nt_errstr(nt_status)));
@@ -139,7 +140,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
DATA_BLOB **_pac_blob)
{
struct samba_kdc_entry *p = talloc_get_type(client->ctx, struct samba_kdc_entry);
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
DATA_BLOB *pac_blob;
NTSTATUS nt_status;
@@ -154,21 +155,21 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- nt_status = authsam_make_server_info(mem_ctx, p->kdc_db_ctx->samdb,
+ nt_status = authsam_make_user_info_dc(mem_ctx, p->kdc_db_ctx->samdb,
lpcfg_netbios_name(p->kdc_db_ctx->lp_ctx),
lpcfg_sam_name(p->kdc_db_ctx->lp_ctx),
p->realm_dn,
p->msg,
data_blob(NULL, 0),
data_blob(NULL, 0),
- &server_info);
+ &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Getting user info for PAC failed: %s\n",
nt_errstr(nt_status)));
return nt_status;
}
- nt_status = samba_get_logon_info_pac_blob(mem_ctx, server_info, pac_blob);
+ nt_status = samba_get_logon_info_pac_blob(mem_ctx, user_info_dc, pac_blob);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Building PAC failed: %s\n",
nt_errstr(nt_status)));
@@ -183,18 +184,18 @@ NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_pac *pac, DATA_BLOB *pac_blob)
{
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
krb5_error_code ret;
NTSTATUS nt_status;
- ret = kerberos_pac_to_server_info(mem_ctx, *pac,
- context, &server_info);
+ ret = kerberos_pac_to_user_info_dc(mem_ctx, *pac,
+ context, &user_info_dc, NULL, NULL);
if (ret) {
return NT_STATUS_UNSUCCESSFUL;
}
nt_status = samba_get_logon_info_pac_blob(mem_ctx,
- server_info, pac_blob);
+ user_info_dc, pac_blob);
return nt_status;
}
diff --git a/source4/ntvfs/ipc/vfs_ipc.c b/source4/ntvfs/ipc/vfs_ipc.c
index 972de2723c..19127a29bc 100644
--- a/source4/ntvfs/ipc/vfs_ipc.c
+++ b/source4/ntvfs/ipc/vfs_ipc.c
@@ -255,6 +255,7 @@ static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs,
const struct tsocket_address *server_addr;
int ret;
DATA_BLOB delegated_creds = data_blob_null;
+ struct auth_user_info_dc user_info_dc;
switch (oi->generic.level) {
case RAW_OPEN_NTCREATEX:
@@ -309,9 +310,16 @@ static NTSTATUS ipc_open(struct ntvfs_module_context *ntvfs,
state->req = req;
state->oi = oi;
- status = auth_convert_server_info_saminfo3(state,
- req->session_info->server_info,
- &state->info3);
+ /* Disgusting hack to recreate the user_info_dc that should
+ * not be used that this layer in this way */
+ ZERO_STRUCT(user_info_dc);
+ user_info_dc.info = req->session_info->info;
+ user_info_dc.num_sids = req->session_info->torture->num_dc_sids;
+ user_info_dc.sids = req->session_info->torture->dc_sids;
+
+ status = auth_convert_user_info_dc_saminfo3(state,
+ &user_info_dc,
+ &state->info3);
NT_STATUS_NOT_OK_RETURN(status);
client_addr = ntvfs_get_local_address(ipriv->ntvfs);
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 6ec078bd4e..5cd532ea13 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -3637,8 +3637,8 @@ static NTSTATUS dcesrv_lsa_GetUserName(struct dcesrv_call_state *dce_call, TALLO
return NT_STATUS_INVALID_PARAMETER;
}
- account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->account_name);
- authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->server_info->domain_name);
+ account_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->info->account_name);
+ authority_name = talloc_reference(mem_ctx, dce_call->conn->auth_state.session_info->info->domain_name);
_account_name = talloc(mem_ctx, struct lsa_String);
NT_STATUS_HAVE_NO_MEMORY(_account_name);
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index e060380402..4d5382f37e 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -602,7 +602,7 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
NTSTATUS nt_status;
static const char zeros[16];
struct netr_SamBaseInfo *sam;
@@ -734,13 +734,13 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
return NT_STATUS_INVALID_PARAMETER;
}
- nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info);
+ nt_status = auth_check_password(auth_context, mem_ctx, user_info, &user_info_dc);
/* TODO: set *r->out.authoritative = 0 on specific errors */
NT_STATUS_NOT_OK_RETURN(nt_status);
switch (r->in.validation_level) {
case 2:
- nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam);
+ nt_status = auth_convert_user_info_dc_sambaseinfo(mem_ctx, user_info_dc, &sam);
NT_STATUS_NOT_OK_RETURN(nt_status);
sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2);
@@ -755,8 +755,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
break;
case 3:
- nt_status = auth_convert_server_info_saminfo3(mem_ctx,
- server_info,
+ nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
+ user_info_dc,
&sam3);
NT_STATUS_NOT_OK_RETURN(nt_status);
@@ -766,8 +766,8 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal
break;
case 6:
- nt_status = auth_convert_server_info_saminfo3(mem_ctx,
- server_info,
+ nt_status = auth_convert_user_info_dc_saminfo3(mem_ctx,
+ user_info_dc,
&sam3);
NT_STATUS_NOT_OK_RETURN(nt_status);
diff --git a/source4/samba_tool/gpo.c b/source4/samba_tool/gpo.c
index 93aae60983..46243a07b6 100644
--- a/source4/samba_tool/gpo.c
+++ b/source4/samba_tool/gpo.c
@@ -208,7 +208,7 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
{
struct gp_context *gp_ctx;
struct ldb_result *result;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
struct auth_session_info *session_info;
DATA_BLOB dummy = { NULL, 0 };
const char **gpos;
@@ -227,7 +227,7 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
}
/* Find the user in the directory. We need extended DN's for group expansion
- * in authsam_make_server_info */
+ * in authsam_make_user_info_dc */
rv = dsdb_search(gp_ctx->ldb_ctx,
gp_ctx,
&result,
@@ -251,7 +251,7 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
/* We need the server info, as this will contain the groups of this
* user, needed for a token */
- status = authsam_make_server_info(gp_ctx,
+ status = authsam_make_user_info_dc(gp_ctx,
gp_ctx->ldb_ctx,
lpcfg_netbios_name(gp_ctx->lp_ctx),
lpcfg_sam_name(gp_ctx->lp_ctx),
@@ -259,7 +259,7 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
result->msgs[0],
dummy,
dummy,
- &server_info);
+ &user_info_dc);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to make server information: %s\n", get_friendly_nt_error_msg(status)));
talloc_free(gp_ctx);
@@ -267,7 +267,7 @@ static int net_gpo_list(struct net_context *ctx, int argc, const char **argv)
}
/* The session info will contain the security token for this user */
- status = auth_generate_session_info(gp_ctx, gp_ctx->lp_ctx, gp_ctx->ldb_ctx, server_info, 0, &session_info);
+ status = auth_generate_session_info(gp_ctx, gp_ctx->lp_ctx, gp_ctx->ldb_ctx, user_info_dc, 0, &session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Failed to generate session information: %s\n", get_friendly_nt_error_msg(status)));
talloc_free(gp_ctx);
diff --git a/source4/smb_server/management.c b/source4/smb_server/management.c
index 05373595c0..af993717ef 100644
--- a/source4/smb_server/management.c
+++ b/source4/smb_server/management.c
@@ -59,8 +59,8 @@ static NTSTATUS smbsrv_session_information(struct irpc_message *msg,
info->client_ip = client_addr_string;
info->vuid = sess->vuid;
- info->account_name = sess->session_info->server_info->account_name;
- info->domain_name = sess->session_info->server_info->domain_name;
+ info->account_name = sess->session_info->info->account_name;
+ info->domain_name = sess->session_info->info->domain_name;
info->connect_time = timeval_to_nttime(&sess->statistics.connect_time);
info->auth_time = timeval_to_nttime(&sess->statistics.auth_time);
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index 6b50bcb48e..5e4e3e514f 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -68,24 +68,24 @@ static void sesssetup_old_send(struct tevent_req *subreq)
struct smbsrv_request *req = state->req;
union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
- struct auth_serversupplied_info *server_info = NULL;
+ struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info;
struct smbsrv_session *smb_sess;
NTSTATUS status;
uint32_t flags;
- status = auth_check_password_recv(subreq, req, &server_info);
+ status = auth_check_password_recv(subreq, req, &user_info_dc);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) goto failed;
flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
- if (server_info->authenticated) {
+ if (user_info_dc->info->authenticated) {
flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
- /* This references server_info into session_info */
+ /* This references user_info_dc into session_info */
status = req->smb_conn->negotiate.auth_context->generate_session_info(req,
req->smb_conn->negotiate.auth_context,
- server_info, flags, &session_info);
+ user_info_dc, flags, &session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
/* allocate a new session */
@@ -198,26 +198,25 @@ static void sesssetup_nt1_send(struct tevent_req *subreq)
struct sesssetup_context *state = tevent_req_callback_data(subreq, struct sesssetup_context);
struct smbsrv_request *req = state->req;
union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
- struct auth_serversupplied_info *server_info = NULL;
+ struct auth_user_info_dc *user_info_dc = NULL;
struct auth_session_info *session_info;
struct smbsrv_session *smb_sess;
uint32_t flags;
NTSTATUS status;
- status = auth_check_password_recv(subreq, req, &server_info);
+ status = auth_check_password_recv(subreq, req, &user_info_dc);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) goto failed;
flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
- if (server_info->authenticated) {
+ if (user_info_dc->info->authenticated) {
flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
-
- /* This references server_info into session_info */
+ /* This references user_info_dc into session_info */
status = state->auth_context->generate_session_info(req,
state->auth_context,
- server_info,
+ user_info_dc,
flags,
&session_info);
if (!NT_STATUS_IS_OK(status)) goto failed;
diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c
index d9e09f1209..148d4fdf80 100644
--- a/source4/smbd/service_named_pipe.c
+++ b/source4/smbd/service_named_pipe.c
@@ -98,7 +98,7 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
DATA_BLOB delegated_creds;
union netr_Validation val;
- struct auth_serversupplied_info *server_info;
+ struct auth_user_info_dc *user_info_dc;
struct auth_context *auth_context;
uint32_t session_flags = 0;
struct dom_sid *anonymous_sid;
@@ -140,12 +140,12 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
if (info3) {
val.sam3 = info3;
- status = make_server_info_netlogon_validation(conn,
+ status = make_user_info_dc_netlogon_validation(conn,
val.sam3->base.account_name.string,
- 3, &val, &server_info);
+ 3, &val, &user_info_dc);
if (!NT_STATUS_IS_OK(status)) {
reason = talloc_asprintf(conn,
- "make_server_info_netlogon_validation "
+ "make_user_info_dc_netlogon_validation "
"returned: %s", nt_errstr(status));
goto out;
}
@@ -169,7 +169,7 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
}
session_flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
- if (server_info->num_sids > 1 && !dom_sid_equal(anonymous_sid, &server_info->sids[0])) {
+ if (user_info_dc->num_sids > 1 && !dom_sid_equal(anonymous_sid, &user_info_dc->sids[0])) {
session_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
@@ -177,7 +177,7 @@ static void named_pipe_accept_done(struct tevent_req *subreq)
/* setup the session_info on the connection */
status = auth_context->generate_session_info(conn,
auth_context,
- server_info,
+ user_info_dc,
session_flags,
&conn->session_info);
talloc_free(auth_context);
diff --git a/source4/torture/auth/pac.c b/source4/torture/auth/pac.c
index e76f0820d4..5c547d71bc 100644
--- a/source4/torture/auth/pac.c
+++ b/source4/torture/auth/pac.c
@@ -29,6 +29,7 @@
#include "torture/torture.h"
#include "auth/auth_sam_reply.h"
#include "param/param.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
static bool torture_pac_self_check(struct torture_context *tctx)
{
@@ -48,8 +49,8 @@ static bool torture_pac_self_check(struct torture_context *tctx)
struct smb_krb5_context *smb_krb5_context;
- struct auth_serversupplied_info *server_info;
- struct auth_serversupplied_info *server_info_out;
+ struct auth_user_info_dc *user_info_dc;
+ struct auth_user_info_dc *user_info_dc_out;
krb5_principal client_principal;
time_t logon_time = time(NULL);
@@ -90,18 +91,18 @@ static bool torture_pac_self_check(struct torture_context *tctx)
}
/* We need an input, and this one requires no underlying database */
- nt_status = auth_anonymous_server_info(mem_ctx, lpcfg_netbios_name(tctx->lp_ctx), &server_info);
+ nt_status = auth_anonymous_user_info_dc(mem_ctx, lpcfg_netbios_name(tctx->lp_ctx), &user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&server_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
- torture_fail(tctx, "auth_anonymous_server_info");
+ torture_fail(tctx, "auth_anonymous_user_info_dc");
}
ret = krb5_parse_name_flags(smb_krb5_context->krb5_context,
- server_info->account_name,
+ user_info_dc->info->account_name,
KRB5_PRINCIPAL_PARSE_NO_REALM,
&client_principal);
if (ret) {
@@ -114,7 +115,7 @@ static bool torture_pac_self_check(struct torture_context *tctx)
/* OK, go ahead and make a PAC */
ret = kerberos_create_pac(mem_ctx,
- server_info,
+ user_info_dc,
smb_krb5_context->krb5_context,
&krbtgt_keyblock,
&server_keyblock,
@@ -162,14 +163,14 @@ static bool torture_pac_self_check(struct torture_context *tctx)
}
/* Now check we can read it back (using Heimdal's pac parsing) */
- nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
+ nt_status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
tmp_blob,
smb_krb5_context->krb5_context,
- &server_info_out);
+ &user_info_dc_out, NULL, NULL);
/* The user's SID is the first element in the list */
- if (!dom_sid_equal(server_info->sids,
- server_info_out->sids)) {
+ if (!dom_sid_equal(user_info_dc->sids,
+ user_info_dc_out->sids)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
&krbtgt_keyblock);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -180,10 +181,10 @@ static bool torture_pac_self_check(struct torture_context *tctx)
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC Decode resulted in *different* domain SID: %s != %s",
- dom_sid_string(mem_ctx, server_info->sids),
- dom_sid_string(mem_ctx, server_info_out->sids)));
+ dom_sid_string(mem_ctx, user_info_dc->sids),
+ dom_sid_string(mem_ctx, user_info_dc_out->sids)));
}
- talloc_free(server_info_out);
+ talloc_free(user_info_dc_out);
/* Now check that we can read it back (yet again) */
nt_status = kerberos_pac_logon_info(mem_ctx,
@@ -219,10 +220,10 @@ static bool torture_pac_self_check(struct torture_context *tctx)
/* And make a server info from the samba-parsed PAC */
validation.sam3 = &logon_info->info3;
- nt_status = make_server_info_netlogon_validation(mem_ctx,
+ nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
"",
3, &validation,
- &server_info_out);
+ &user_info_dc_out);
if (!NT_STATUS_IS_OK(nt_status)) {
torture_fail(tctx,
talloc_asprintf(tctx,
@@ -230,13 +231,13 @@ static bool torture_pac_self_check(struct torture_context *tctx)
nt_errstr(nt_status)));
}
- if (!dom_sid_equal(server_info->sids,
- server_info_out->sids)) {
+ if (!dom_sid_equal(user_info_dc->sids,
+ user_info_dc_out->sids)) {
torture_fail(tctx,
talloc_asprintf(tctx,
"(self test) PAC Decode resulted in *different* domain SID: %s != %s",
- dom_sid_string(mem_ctx, server_info->sids),
- dom_sid_string(mem_ctx, server_info_out->sids)));
+ dom_sid_string(mem_ctx, user_info_dc->sids),
+ dom_sid_string(mem_ctx, user_info_dc_out->sids)));
}
return true;
}
@@ -298,7 +299,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
struct PAC_LOGON_INFO *logon_info;
union netr_Validation validation;
const char *pac_file, *pac_kdc_key, *pac_member_key;
- struct auth_serversupplied_info *server_info_out;
+ struct auth_user_info_dc *user_info_dc_out;
krb5_keyblock server_keyblock;
krb5_keyblock krbtgt_keyblock, *krbtgt_keyblock_p;
@@ -425,10 +426,11 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
/* Now check we can read it back (using Heimdal's pac parsing) */
- nt_status = kerberos_pac_blob_to_server_info(mem_ctx,
+ nt_status = kerberos_pac_blob_to_user_info_dc(mem_ctx,
tmp_blob,
smb_krb5_context->krb5_context,
- &server_info_out);
+ &user_info_dc_out,
+ NULL, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -445,7 +447,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
if (!pac_file &&
!dom_sid_equal(dom_sid_parse_talloc(mem_ctx,
"S-1-5-21-3048156945-3961193616-3706469200-1005"),
- server_info_out->sids)) {
+ user_info_dc_out->sids)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -456,10 +458,10 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
talloc_asprintf(tctx,
"(saved test) Heimdal PAC Decode resulted in *different* domain SID: %s != %s",
"S-1-5-21-3048156945-3961193616-3706469200-1005",
- dom_sid_string(mem_ctx, server_info_out->sids)));
+ dom_sid_string(mem_ctx, user_info_dc_out->sids)));
}
- talloc_free(server_info_out);
+ talloc_free(user_info_dc_out);
/* Parse the PAC again, for the logon info this time (using Samba4's parsing) */
nt_status = kerberos_pac_logon_info(mem_ctx,
@@ -484,10 +486,10 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
validation.sam3 = &logon_info->info3;
- nt_status = make_server_info_netlogon_validation(mem_ctx,
+ nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
"",
3, &validation,
- &server_info_out);
+ &user_info_dc_out);
if (!NT_STATUS_IS_OK(nt_status)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
@@ -504,7 +506,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
if (!pac_file &&
!dom_sid_equal(dom_sid_parse_talloc(mem_ctx,
"S-1-5-21-3048156945-3961193616-3706469200-1005"),
- server_info_out->sids)) {
+ user_info_dc_out->sids)) {
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
krbtgt_keyblock_p);
krb5_free_keyblock_contents(smb_krb5_context->krb5_context,
@@ -515,7 +517,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
talloc_asprintf(tctx,
"(saved test) PAC Decode resulted in *different* domain SID: %s != %s",
"S-1-5-21-3048156945-3961193616-3706469200-1005",
- dom_sid_string(mem_ctx, server_info_out->sids)));
+ dom_sid_string(mem_ctx, user_info_dc_out->sids)));
}
if (krbtgt_bytes == NULL) {
@@ -578,7 +580,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
}
ret = kerberos_create_pac(mem_ctx,
- server_info_out,
+ user_info_dc_out,
smb_krb5_context->krb5_context,
krbtgt_keyblock_p,
&server_keyblock,
diff --git a/source4/torture/rpc/remote_pac.c b/source4/torture/rpc/remote_pac.c
index 73e62a3b6f..c4efabcebc 100644
--- a/source4/torture/rpc/remote_pac.c
+++ b/source4/torture/rpc/remote_pac.c
@@ -32,6 +32,7 @@
#include "libcli/auth/libcli_auth.h"
#include "libcli/security/security.h"
#include "librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "librpc/gen_ndr/ndr_samr_c.h"
#include "param/param.h"
@@ -130,19 +131,22 @@ static bool test_PACVerify(struct torture_context *tctx,
status = gensec_session_info(gensec_server_context, &session_info);
torture_assert_ntstatus_ok(tctx, status, "gensec_session_info failed");
-
- pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length;
- pac_wrapped_struct.SignatureType = session_info->server_info->pac_kdc_sig.type;
- pac_wrapped_struct.SignatureLength = session_info->server_info->pac_kdc_sig.signature.length;
+ torture_assert(tctx, session_info->torture != NULL, "gensec_session_info failed to fill in torture sub struct");
+ torture_assert(tctx, session_info->torture->pac_srv_sig != NULL, "pac_srv_sig not present");
+ torture_assert(tctx, session_info->torture->pac_kdc_sig != NULL, "pac_kdc_sig not present");
+
+ pac_wrapped_struct.ChecksumLength = session_info->torture->pac_srv_sig->signature.length;
+ pac_wrapped_struct.SignatureType = session_info->torture->pac_kdc_sig->type;
+ pac_wrapped_struct.SignatureLength = session_info->torture->pac_kdc_sig->signature.length;
pac_wrapped_struct.ChecksumAndSignature = payload
= data_blob_talloc(tmp_ctx, NULL,
pac_wrapped_struct.ChecksumLength
+ pac_wrapped_struct.SignatureLength);
memcpy(&payload.data[0],
- session_info->server_info->pac_srv_sig.signature.data,
+ session_info->torture->pac_srv_sig->signature.data,
pac_wrapped_struct.ChecksumLength);
memcpy(&payload.data[pac_wrapped_struct.ChecksumLength],
- session_info->server_info->pac_kdc_sig.signature.data,
+ session_info->torture->pac_kdc_sig->signature.data,
pac_wrapped_struct.SignatureLength);
ndr_err = ndr_push_struct_blob(&pac_wrapped, tmp_ctx, &pac_wrapped_struct,
@@ -160,8 +164,8 @@ static bool test_PACVerify(struct torture_context *tctx,
generic.identity_info.parameter_control = 0;
generic.identity_info.logon_id_high = 0;
generic.identity_info.logon_id_low = 0;
- generic.identity_info.domain_name.string = session_info->server_info->domain_name;
- generic.identity_info.account_name.string = session_info->server_info->account_name;
+ generic.identity_info.domain_name.string = session_info->info->domain_name;
+ generic.identity_info.account_name.string = session_info->info->account_name;
generic.identity_info.workstation.string = test_machine_name;
generic.package_name.string = "Kerberos";
@@ -233,22 +237,22 @@ static bool test_PACVerify(struct torture_context *tctx,
&r.out.return_authenticator->cred),
"Credential chaining failed");
- pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length;
- pac_wrapped_struct.SignatureType = session_info->server_info->pac_kdc_sig.type;
+ pac_wrapped_struct.ChecksumLength = session_info->torture->pac_srv_sig->signature.length;
+ pac_wrapped_struct.SignatureType = session_info->torture->pac_kdc_sig->type;
/* Break the SignatureType */
pac_wrapped_struct.SignatureType++;
- pac_wrapped_struct.SignatureLength = session_info->server_info->pac_kdc_sig.signature.length;
+ pac_wrapped_struct.SignatureLength = session_info->torture->pac_kdc_sig->signature.length;
pac_wrapped_struct.ChecksumAndSignature = payload
= data_blob_talloc(tmp_ctx, NULL,
pac_wrapped_struct.ChecksumLength
+ pac_wrapped_struct.SignatureLength);
memcpy(&payload.data[0],
- session_info->server_info->pac_srv_sig.signature.data,
+ session_info->torture->pac_srv_sig->signature.data,
pac_wrapped_struct.ChecksumLength);
memcpy(&payload.data[pac_wrapped_struct.ChecksumLength],
- session_info->server_info->pac_kdc_sig.signature.data,
+ session_info->torture->pac_kdc_sig->signature.data,
pac_wrapped_struct.SignatureLength);
ndr_err = ndr_push_struct_blob(&pac_wrapped, tmp_ctx, &pac_wrapped_struct,
@@ -281,19 +285,19 @@ static bool test_PACVerify(struct torture_context *tctx,
torture_assert(tctx, netlogon_creds_client_check(creds, &r.out.return_authenticator->cred),
"Credential chaining failed");
- pac_wrapped_struct.ChecksumLength = session_info->server_info->pac_srv_sig.signature.length;
- pac_wrapped_struct.SignatureType = session_info->server_info->pac_kdc_sig.type;
- pac_wrapped_struct.SignatureLength = session_info->server_info->pac_kdc_sig.signature.length;
+ pac_wrapped_struct.ChecksumLength = session_info->torture->pac_srv_sig->signature.length;
+ pac_wrapped_struct.SignatureType = session_info->torture->pac_kdc_sig->type;
+ pac_wrapped_struct.SignatureLength = session_info->torture->pac_kdc_sig->signature.length;
pac_wrapped_struct.ChecksumAndSignature = payload
= data_blob_talloc(tmp_ctx, NULL,
pac_wrapped_struct.ChecksumLength
+ pac_wrapped_struct.SignatureLength);
memcpy(&payload.data[0],
- session_info->server_info->pac_srv_sig.signature.data,
+ session_info->torture->pac_srv_sig->signature.data,
pac_wrapped_struct.ChecksumLength);
memcpy(&payload.data[pac_wrapped_struct.ChecksumLength],
- session_info->server_info->pac_kdc_sig.signature.data,
+ session_info->torture->pac_kdc_sig->signature.data,
pac_wrapped_struct.SignatureLength);
/* Break the signature length */
@@ -405,7 +409,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
struct auth_session_info *kinit_session_info;
struct auth_session_info *s2u4self_session_info;
- struct auth_serversupplied_info *netlogon_server_info;
+ struct auth_user_info_dc *netlogon_user_info_dc;
struct netr_NetworkInfo ninfo;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
@@ -589,31 +593,31 @@ static bool test_S2U4Self(struct torture_context *tctx,
&r.out.return_authenticator->cred),
"Credential chaining failed");
- status = make_server_info_netlogon_validation(tmp_ctx,
+ status = make_user_info_dc_netlogon_validation(tmp_ctx,
ninfo.identity_info.account_name.string,
r.in.validation_level,
r.out.validation,
- &netlogon_server_info);
+ &netlogon_user_info_dc);
- torture_assert_ntstatus_ok(tctx, status, "make_server_info_netlogon_validation failed");
+ torture_assert_ntstatus_ok(tctx, status, "make_user_info_dc_netlogon_validation failed");
- torture_assert_str_equal(tctx, netlogon_server_info->account_name == NULL ? "" : netlogon_server_info->account_name,
- kinit_session_info->server_info->account_name, "Account name differs for kinit-based PAC");
- torture_assert_str_equal(tctx,netlogon_server_info->account_name == NULL ? "" : netlogon_server_info->account_name,
- s2u4self_session_info->server_info->account_name, "Account name differs for S2U4Self");
- torture_assert_str_equal(tctx, netlogon_server_info->full_name == NULL ? "" : netlogon_server_info->full_name, kinit_session_info->server_info->full_name, "Full name differs for kinit-based PAC");
- torture_assert_str_equal(tctx, netlogon_server_info->full_name == NULL ? "" : netlogon_server_info->full_name, s2u4self_session_info->server_info->full_name, "Full name differs for S2U4Self");
- torture_assert_int_equal(tctx, netlogon_server_info->num_sids, kinit_session_info->server_info->num_sids, "Different numbers of domain groups for kinit-based PAC");
- torture_assert_int_equal(tctx, netlogon_server_info->num_sids, s2u4self_session_info->server_info->num_sids, "Different numbers of domain groups for S2U4Self");
+ torture_assert_str_equal(tctx, netlogon_user_info_dc->info->account_name == NULL ? "" : netlogon_user_info_dc->info->account_name,
+ kinit_session_info->info->account_name, "Account name differs for kinit-based PAC");
+ torture_assert_str_equal(tctx,netlogon_user_info_dc->info->account_name == NULL ? "" : netlogon_user_info_dc->info->account_name,
+ s2u4self_session_info->info->account_name, "Account name differs for S2U4Self");
+ torture_assert_str_equal(tctx, netlogon_user_info_dc->info->full_name == NULL ? "" : netlogon_user_info_dc->info->full_name, kinit_session_info->info->full_name, "Full name differs for kinit-based PAC");
+ torture_assert_str_equal(tctx, netlogon_user_info_dc->info->full_name == NULL ? "" : netlogon_user_info_dc->info->full_name, s2u4self_session_info->info->full_name, "Full name differs for S2U4Self");
+ torture_assert_int_equal(tctx, netlogon_user_info_dc->num_sids, kinit_session_info->torture->num_dc_sids, "Different numbers of domain groups for kinit-based PAC");
+ torture_assert_int_equal(tctx, netlogon_user_info_dc->num_sids, s2u4self_session_info->torture->num_dc_sids, "Different numbers of domain groups for S2U4Self");
builtin_domain = dom_sid_parse_talloc(tmp_ctx, SID_BUILTIN);
- for (i = 0; i < kinit_session_info->server_info->num_sids; i++) {
- torture_assert(tctx, dom_sid_equal(&netlogon_server_info->sids[i], &kinit_session_info->server_info->sids[i]), "Different domain groups for kinit-based PAC");
- torture_assert(tctx, dom_sid_equal(&netlogon_server_info->sids[i], &s2u4self_session_info->server_info->sids[i]), "Different domain groups for S2U4Self");
- torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &s2u4self_session_info->server_info->sids[i]), "Returned BUILTIN domain in groups for S2U4Self");
- torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &kinit_session_info->server_info->sids[i]), "Returned BUILTIN domain in groups kinit-based PAC");
- torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &netlogon_server_info->sids[i]), "Returned BUILTIN domian in groups from NETLOGON SamLogon reply");
+ for (i = 0; i < kinit_session_info->torture->num_dc_sids; i++) {
+ torture_assert(tctx, dom_sid_equal(&netlogon_user_info_dc->sids[i], &kinit_session_info->torture->dc_sids[i]), "Different domain groups for kinit-based PAC");
+ torture_assert(tctx, dom_sid_equal(&netlogon_user_info_dc->sids[i], &s2u4self_session_info->torture->dc_sids[i]), "Different domain groups for S2U4Self");
+ torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &s2u4self_session_info->torture->dc_sids[i]), "Returned BUILTIN domain in groups for S2U4Self");
+ torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &kinit_session_info->torture->dc_sids[i]), "Returned BUILTIN domain in groups kinit-based PAC");
+ torture_assert(tctx, !dom_sid_in_domain(builtin_domain, &netlogon_user_info_dc->sids[i]), "Returned BUILTIN domian in groups from NETLOGON SamLogon reply");
}
return true;
diff --git a/source4/utils/ntlm_auth.c b/source4/utils/ntlm_auth.c
index 0d3e2cfb0d..9c73d3c79e 100644
--- a/source4/utils/ntlm_auth.c
+++ b/source4/utils/ntlm_auth.c
@@ -707,8 +707,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
reply_code = "AF";
reply_arg = talloc_asprintf(state->gensec_state,
- "%s%s%s", session_info->server_info->domain_name,
- lpcfg_winbind_separator(lp_ctx), session_info->server_info->account_name);
+ "%s%s%s", session_info->info->domain_name,
+ lpcfg_winbind_separator(lp_ctx), session_info->info->account_name);
talloc_free(session_info);
}
} else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {