diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-08-03 23:14:38 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:31:08 -0500 |
| commit | aa7d44c0d998e642d7b5b001834797d38faebfde (patch) | |
| tree | 4de15b2afbadaa183557d8bf0b0412d5e3efaeaa | |
| parent | b37b8f1a2727937b40a51acecfd125993609bd8b (diff) | |
| download | samba-aa7d44c0d998e642d7b5b001834797d38faebfde.tar.gz samba-aa7d44c0d998e642d7b5b001834797d38faebfde.tar.bz2 samba-aa7d44c0d998e642d7b5b001834797d38faebfde.zip | |
r9022: One more step in the game of whack-a-mole with the PAC.
This makes the PAC we generate match (closely) the PAC generated by my
test win2k3 DC.
Andrew Bartlett
(This used to be commit 6172b1868020ac8e828c375f17f4c33fc40eaca4)
| -rw-r--r-- | source4/auth/auth_sam_reply.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 6b16d3e610..85a54979ce 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -117,6 +117,10 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam = &sam3->base; + sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); + NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); + sam->domain_sid->num_auths--; + sam->last_logon = server_info->last_logon; sam->last_logoff = server_info->last_logoff; sam->acct_expiry = server_info->acct_expiry; @@ -139,6 +143,26 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam->groups.count = 0; sam->groups.rids = NULL; + if (server_info->n_domain_groups > 0) { + int i; + sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute, + server_info->n_domain_groups); + NT_STATUS_HAVE_NO_MEMORY(sam->groups.rids); + + for (i=0; i<server_info->n_domain_groups; i++) { + struct dom_sid *group_sid = server_info->domain_groups[i]; + + if (!dom_sid_in_domain(sam->domain_sid, group_sid)) { + continue; + } + + sam->groups.rids[sam->groups.count].rid = group_sid->sub_auths[group_sid->num_auths-1]; + sam->groups.rids[sam->groups.count].attributes = + SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sam->groups.count += 1; + } + } + sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120. We know 0x20 * as extra sids (PAC doc) but what is * 0x100? */ @@ -146,10 +170,6 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam->logon_server.string = lp_netbios_name(); sam->domain.string = server_info->domain_name; - sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); - NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); - sam->domain_sid->num_auths--; - ZERO_STRUCT(sam->unknown); ZERO_STRUCT(sam->key); @@ -165,7 +185,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam3->sidcount = 0; sam3->sids = NULL; - +#if 0 if (server_info->n_domain_groups > 0) { int i; sam3->sids = talloc_array(sam, struct netr_SidAttr, @@ -173,7 +193,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(sam3->sids); for (i=0; i<server_info->n_domain_groups; i++) { - if (!dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { + if (dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { continue; } sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); @@ -182,7 +202,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam3->sidcount += 1; } } - +#endif *_sam3 = sam3; return NT_STATUS_OK; |