s3:auth handle unix domain sids in samu

When we generate a user out of thin air we may end up adding sids
that are not part of the sam domain (unix domain sids).
Handle the case and preserve these sids as extra sids.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 14 insertions, 1 deletions

diff --git a/source3/include/auth.h b/source3/include/auth.h
index 52e5141379..2e22ca70c5 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -40,6 +40,11 @@ struct auth_usersupplied_info {
 
 };
 
+struct extra_auth_info {
+	struct dom_sid user_sid;
+	struct dom_sid pgid_sid;
+};
+
 struct auth_serversupplied_info {
 	bool guest;
 	bool system;
@@ -69,6 +74,13 @@ struct auth_serversupplied_info {
 
 	struct netr_SamInfo3 *info3;
 
+	/* this structure is filled *only* in pathological cases where the user
+	 * sid or the primary group sid are not sids of the domain. Normally
+	 * this happens only for unix accounts that have unix domain sids.
+	 * This is checked only when info3.rid and/or info3.primary_gid are set
+	 * to the special invalid value of 0xFFFFFFFF */
+	struct extra_auth_info extra;
+
 	void *pam_handle;
 
 	/*
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 86a725ade8..9a53749646 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -221,7 +221,8 @@ NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
 NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
 			  struct samu *samu,
 			  const char *login_server,
-			  struct netr_SamInfo3 **_info3);
+			  struct netr_SamInfo3 **_info3,
+			  struct extra_auth_info *extra);
 struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
 					 struct netr_SamInfo3 *orig);
 struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,