s3:auth use info3 in auth_serversupplied_info

Signed-off-by: Günther Deschner <gd@samba.org>

1 files changed, 75 insertions, 202 deletions

diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index d7ab19c58b..e9ccdb6700 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -23,9 +23,10 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
+/* FIXME: do we really still need this ? */
 static int server_info_dtor(struct auth_serversupplied_info *server_info)
 {
-	TALLOC_FREE(server_info->sam_account);
+	TALLOC_FREE(server_info->info3);
 	ZERO_STRUCTP(server_info);
 	return 0;
 }
@@ -55,211 +56,45 @@ struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
 	return result;
 }
 
-/*******************************************************************
- gets a domain user's groups from their already-calculated NT_USER_TOKEN
- ********************************************************************/
-
-static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
-				       const struct dom_sid *domain_sid,
-				       size_t num_sids,
-				       const struct dom_sid *sids,
-				       int *numgroups,
-				       struct samr_RidWithAttribute **pgids)
-{
-	int i;
-
-	*numgroups=0;
-	*pgids = NULL;
-
-	for (i=0; i<num_sids; i++) {
-		struct samr_RidWithAttribute gid;
-		if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.rid)) {
-			continue;
-		}
-		gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
-			    SE_GROUP_ENABLED);
-		ADD_TO_ARRAY(mem_ctx, struct samr_RidWithAttribute,
-			     gid, pgids, numgroups);
-		if (*pgids == NULL) {
-			return NT_STATUS_NO_MEMORY;
-		}
-	}
-	return NT_STATUS_OK;
-}
-
 /****************************************************************************
- inits a netr_SamBaseInfo structure from an auth_serversupplied_info.
+ inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
+ already be initialized and is used as the talloc parent for its members.
 *****************************************************************************/
 
-static NTSTATUS serverinfo_to_SamInfo_base(TALLOC_CTX *mem_ctx,
-					   struct auth_serversupplied_info *server_info,
-					   uint8_t *pipe_session_key,
-					   size_t pipe_session_key_len,
-					   struct netr_SamBaseInfo *base)
+NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
+				uint8_t *pipe_session_key,
+				size_t pipe_session_key_len,
+				struct netr_SamInfo2 *sam2)
 {
-	struct samu *sampw;
-	struct samr_RidWithAttribute *gids = NULL;
-	const struct dom_sid *user_sid = NULL;
-	const struct dom_sid *group_sid = NULL;
-	struct dom_sid domain_sid;
-	uint32 user_rid, group_rid;
-	NTSTATUS status;
-
-	int num_gids = 0;
-	const char *my_name;
-
-	struct netr_UserSessionKey user_session_key;
-	struct netr_LMSessionKey lm_session_key;
-
-	NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
-	NTTIME allow_password_change, force_password_change;
-	struct samr_RidWithAttributeArray groups;
-	int i;
-	struct dom_sid2 *sid = NULL;
-
-	ZERO_STRUCT(user_session_key);
-	ZERO_STRUCT(lm_session_key);
-
-	sampw = server_info->sam_account;
-
-	user_sid = pdb_get_user_sid(sampw);
-	group_sid = pdb_get_group_sid(sampw);
-
-	if (pipe_session_key && pipe_session_key_len != 16) {
-		DEBUG(0,("serverinfo_to_SamInfo3: invalid "
-			 "pipe_session_key_len[%zu] != 16\n",
-			 pipe_session_key_len));
-		return NT_STATUS_INTERNAL_ERROR;
-	}
-
-	if ((user_sid == NULL) || (group_sid == NULL)) {
-		DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	sid_copy(&domain_sid, user_sid);
-	sid_split_rid(&domain_sid, &user_rid);
+	struct netr_SamInfo3 *info3;
 
-	sid = sid_dup_talloc(mem_ctx, &domain_sid);
-	if (!sid) {
+	info3 = copy_netr_SamInfo3(sam2, server_info->info3);
+	if (!info3) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
-		DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
-			  "%s\n but group sid %s.\n"
-			  "The conflicting domain portions are not "
-			  "supported for NETLOGON calls\n",
-			  pdb_get_domain(sampw),
-			  pdb_get_username(sampw),
-			  sid_string_dbg(user_sid),
-			  sid_string_dbg(group_sid)));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	if(server_info->login_server) {
-		my_name = server_info->login_server;
-	} else {
-		my_name = global_myname();
-	}
-
-	status = nt_token_to_group_list(mem_ctx, &domain_sid,
-					server_info->num_sids,
-					server_info->sids,
-					&num_gids, &gids);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	if (server_info->user_session_key.length) {
-		memcpy(user_session_key.key,
+		memcpy(info3->base.key.key,
 		       server_info->user_session_key.data,
-		       MIN(sizeof(user_session_key.key),
+		       MIN(sizeof(info3->base.key.key),
 			   server_info->user_session_key.length));
 		if (pipe_session_key) {
-			arcfour_crypt(user_session_key.key, pipe_session_key, 16);
+			arcfour_crypt(info3->base.key.key,
+				      pipe_session_key, 16);
 		}
 	}
 	if (server_info->lm_session_key.length) {
-		memcpy(lm_session_key.key,
+		memcpy(info3->base.LMSessKey.key,
 		       server_info->lm_session_key.data,
-		       MIN(sizeof(lm_session_key.key),
+		       MIN(sizeof(info3->base.LMSessKey.key),
 			   server_info->lm_session_key.length));
 		if (pipe_session_key) {
-			arcfour_crypt(lm_session_key.key, pipe_session_key, 8);
+			arcfour_crypt(info3->base.LMSessKey.key,
+				      pipe_session_key, 8);
 		}
 	}
 
-	groups.count = num_gids;
-	groups.rids = TALLOC_ARRAY(mem_ctx, struct samr_RidWithAttribute, groups.count);
-	if (!groups.rids) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	for (i=0; i < groups.count; i++) {
-		groups.rids[i].rid = gids[i].rid;
-		groups.rids[i].attributes = gids[i].attributes;
-	}
-
-	unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
-	unix_to_nt_time(&last_logoff, get_time_t_max());
-	unix_to_nt_time(&acct_expiry, get_time_t_max());
-	unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
-	unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
-	unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
-
-	base->last_logon		= last_logon;
-	base->last_logoff		= last_logoff;
-	base->acct_expiry		= acct_expiry;
-	base->last_password_change	= last_password_change;
-	base->allow_password_change	= allow_password_change;
-	base->force_password_change	= force_password_change;
-	base->account_name.string	= talloc_strdup(mem_ctx, pdb_get_username(sampw));
-	base->full_name.string		= talloc_strdup(mem_ctx, pdb_get_fullname(sampw));
-	base->logon_script.string	= talloc_strdup(mem_ctx, pdb_get_logon_script(sampw));
-	base->profile_path.string	= talloc_strdup(mem_ctx, pdb_get_profile_path(sampw));
-	base->home_directory.string	= talloc_strdup(mem_ctx, pdb_get_homedir(sampw));
-	base->home_drive.string		= talloc_strdup(mem_ctx, pdb_get_dir_drive(sampw));
-	base->logon_count		= 0; /* ?? */
-	base->bad_password_count	= 0; /* ?? */
-	base->rid			= user_rid;
-	base->primary_gid		= group_rid;
-	base->groups			= groups;
-	base->user_flags		= NETLOGON_EXTRA_SIDS;
-	base->key			= user_session_key;
-	base->logon_server.string	= talloc_strdup(mem_ctx, my_name);
-	base->domain.string		= talloc_strdup(mem_ctx, pdb_get_domain(sampw));
-	base->domain_sid		= sid;
-	base->LMSessKey			= lm_session_key;
-	base->acct_flags		= pdb_get_acct_ctrl(sampw);
-
-	ZERO_STRUCT(user_session_key);
-	ZERO_STRUCT(lm_session_key);
-
-	return NT_STATUS_OK;
-}
-
-/****************************************************************************
- inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
- already be initialized and is used as the talloc parent for its members.
-*****************************************************************************/
-
-NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
-				uint8_t *pipe_session_key,
-				size_t pipe_session_key_len,
-				struct netr_SamInfo2 *sam2)
-{
-	NTSTATUS status;
-
-	status = serverinfo_to_SamInfo_base(sam2,
-					    server_info,
-					    pipe_session_key,
-					    pipe_session_key_len,
-					    &sam2->base);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
+	sam2->base = info3->base;
 
 	return NT_STATUS_OK;
 }
@@ -274,17 +109,36 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
 				size_t pipe_session_key_len,
 				struct netr_SamInfo3 *sam3)
 {
-	NTSTATUS status;
+	struct netr_SamInfo3 *info3;
 
-	status = serverinfo_to_SamInfo_base(sam3,
-					    server_info,
-					    pipe_session_key,
-					    pipe_session_key_len,
-					    &sam3->base);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+	info3 = copy_netr_SamInfo3(sam3, server_info->info3);
+	if (!info3) {
+		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (server_info->user_session_key.length) {
+		memcpy(info3->base.key.key,
+		       server_info->user_session_key.data,
+		       MIN(sizeof(info3->base.key.key),
+			   server_info->user_session_key.length));
+		if (pipe_session_key) {
+			arcfour_crypt(info3->base.key.key,
+				      pipe_session_key, 16);
+		}
+	}
+	if (server_info->lm_session_key.length) {
+		memcpy(info3->base.LMSessKey.key,
+		       server_info->lm_session_key.data,
+		       MIN(sizeof(info3->base.LMSessKey.key),
+			   server_info->lm_session_key.length));
+		if (pipe_session_key) {
+			arcfour_crypt(info3->base.LMSessKey.key,
+				      pipe_session_key, 8);
+		}
+	}
+
+	sam3->base = info3->base;
+
 	sam3->sidcount		= 0;
 	sam3->sids		= NULL;
 
@@ -301,8 +155,8 @@ NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
 				size_t pipe_session_key_len,
 				struct netr_SamInfo6 *sam6)
 {
-	NTSTATUS status;
 	struct pdb_domain_info *dominfo;
+	struct netr_SamInfo3 *info3;
 
 	if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
 		DEBUG(10,("Not adding validation info level 6 "
@@ -315,14 +169,33 @@ NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	status = serverinfo_to_SamInfo_base(sam6,
-					    server_info,
-					    pipe_session_key,
-					    pipe_session_key_len,
-					    &sam6->base);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+	info3 = copy_netr_SamInfo3(sam6, server_info->info3);
+	if (!info3) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (server_info->user_session_key.length) {
+		memcpy(info3->base.key.key,
+		       server_info->user_session_key.data,
+		       MIN(sizeof(info3->base.key.key),
+			   server_info->user_session_key.length));
+		if (pipe_session_key) {
+			arcfour_crypt(info3->base.key.key,
+				      pipe_session_key, 16);
+		}
 	}
+	if (server_info->lm_session_key.length) {
+		memcpy(info3->base.LMSessKey.key,
+		       server_info->lm_session_key.data,
+		       MIN(sizeof(info3->base.LMSessKey.key),
+			   server_info->lm_session_key.length));
+		if (pipe_session_key) {
+			arcfour_crypt(info3->base.LMSessKey.key,
+				      pipe_session_key, 8);
+		}
+	}
+
+	sam6->base = info3->base;
 
 	sam6->sidcount		= 0;
 	sam6->sids		= NULL;
@@ -333,7 +206,7 @@ NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
 	}
 
 	sam6->principle.string	= talloc_asprintf(sam6, "%s@%s",
-						  pdb_get_username(server_info->sam_account),
+						  sam6->base.account_name.string,
 						  sam6->dns_domainname.string);
 	if (sam6->principle.string == NULL) {
 		return NT_STATUS_NO_MEMORY;