summaryrefslogtreecommitdiff
path: root/source3/libsmb/domain_client_validate.c
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2001-10-31 06:20:58 +0000
committerTim Potter <tpot@samba.org>2001-10-31 06:20:58 +0000
commit6f0b8a38ec036a0027e9f938834e241b41db40c5 (patch)
tree3ed3e06329649d6843ed9b3f43f18e4cdf1d60f2 /source3/libsmb/domain_client_validate.c
parenteab05eac3998eeb9fb6fb635771370d645b5ff06 (diff)
downloadsamba-6f0b8a38ec036a0027e9f938834e241b41db40c5.tar.gz
samba-6f0b8a38ec036a0027e9f938834e241b41db40c5.tar.bz2
samba-6f0b8a38ec036a0027e9f938834e241b41db40c5.zip
Added some extra fields to the auth_serversupplied_info structure.
To obtain the full group membership of a user (i.e nested groups on a win2k native mode server) it is necessary to merge this list of groups with the groups returned by winbindd when creating an nt access token. This breaks winbindd linking while AB and I sync up our changes to the authentication subsystem. (This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)
Diffstat (limited to 'source3/libsmb/domain_client_validate.c')
-rw-r--r--source3/libsmb/domain_client_validate.c25
1 files changed, 23 insertions, 2 deletions
diff --git a/source3/libsmb/domain_client_validate.c b/source3/libsmb/domain_client_validate.c
index 26f53f0297..26a727b1f1 100644
--- a/source3/libsmb/domain_client_validate.c
+++ b/source3/libsmb/domain_client_validate.c
@@ -326,6 +326,7 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
status = cli_nt_login_network(&cli, user_info, smb_uid_low,
&ctr, &info3);
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("domain_client_validate: unable to validate password "
"for user %s in domain %s to Domain controller %s. "
@@ -335,8 +336,28 @@ NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info,
}
/*
- * Here, if we really want it, we have lots of info about the user in info3.
- */
+ * Here, if we really want it, we have lots of info about the user
+ * in info3.
+ */
+
+ /* Store the user group information in the server_info returned to
+ the caller. */
+
+ if ((server_info->group_rids = malloc(info3.num_groups2 *
+ sizeof(uint32))) == NULL) {
+ DEBUG(1, ("out of memory allocating rid group membership\n"));
+ status = NT_STATUS_NO_MEMORY;
+ } else {
+ int i;
+
+ server_info->n_rids = info3.num_groups2;
+
+ for (i = 0; i < server_info->n_rids; i++) {
+ server_info->group_rids[i] = info3.gids[i].g_rid;
+ DEBUG(5, ("** adding group rid 0x%x\n",
+ info3.gids[i].g_rid));
+ }
+ }
#if 0
/*