diff options
author | Volker Lendecke <vl@samba.org> | 2008-05-17 22:44:35 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2008-05-17 23:17:40 +0200 |
commit | 968a00655557ceedbb4b2438778ff8818b52c3b2 (patch) | |
tree | 8268082ee1710d934901285823f20bc5623dd817 /source3/rpc_server | |
parent | 12dc451163b9a277504f24bc9bcde6be9cf514df (diff) | |
download | samba-968a00655557ceedbb4b2438778ff8818b52c3b2.tar.gz samba-968a00655557ceedbb4b2438778ff8818b52c3b2.tar.bz2 samba-968a00655557ceedbb4b2438778ff8818b52c3b2.zip |
Factor out generation of an info3 struct from a serversupplied_info
(This used to be commit e60faccc1bdd2b80e039ec8c93683be10752f937)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 195 |
1 files changed, 12 insertions, 183 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 203f5382a8..863c62acc4 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -747,36 +747,6 @@ NTSTATUS _netr_LogonSamLogoff(pipes_struct *p, return NT_STATUS_OK; } -/******************************************************************* - gets a domain user's groups from their already-calculated NT_USER_TOKEN - ********************************************************************/ - -static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, - const DOM_SID *domain_sid, - size_t num_sids, - const DOM_SID *sids, - int *numgroups, DOM_GID **pgids) -{ - int i; - - *numgroups=0; - *pgids = NULL; - - for (i=0; i<num_sids; i++) { - DOM_GID gid; - if (!sid_peek_check_rid(domain_sid, &sids[i], &gid.g_rid)) { - continue; - } - gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| - SE_GROUP_ENABLED); - ADD_TO_ARRAY(mem_ctx, DOM_GID, gid, pgids, numgroups); - if (*pgids == NULL) { - return NT_STATUS_NO_MEMORY; - } - } - return NT_STATUS_OK; -} - /************************************************************************* _netr_LogonSamLogon *************************************************************************/ @@ -790,8 +760,8 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p, fstring nt_username, nt_domain, nt_workstation; auth_usersupplied_info *user_info = NULL; auth_serversupplied_info *server_info = NULL; - struct samu *sampw; struct auth_context *auth_context = NULL; + uint8_t pipe_session_key[16]; bool process_creds = true; switch (p->hdr_req.opnum) { @@ -1008,160 +978,19 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p, the SAM Local Security Authority should record that the user is logged in to the domain. */ - { - DOM_GID *gids = NULL; - const DOM_SID *user_sid = NULL; - const DOM_SID *group_sid = NULL; - DOM_SID domain_sid; - uint32 user_rid, group_rid; - - int num_gids = 0; - const char *my_name; - - struct netr_UserSessionKey user_session_key; - struct netr_LMSessionKey lm_session_key; - unsigned char pipe_session_key[16]; - - NTTIME last_logon, last_logoff, acct_expiry, last_password_change; - NTTIME allow_password_change, force_password_change; - struct samr_RidWithAttributeArray groups; - int i; - struct dom_sid2 *sid = NULL; - - ZERO_STRUCT(user_session_key); - ZERO_STRUCT(lm_session_key); - - sampw = server_info->sam_account; - - user_sid = pdb_get_user_sid(sampw); - group_sid = pdb_get_group_sid(sampw); - - if ((user_sid == NULL) || (group_sid == NULL)) { - DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - sid_copy(&domain_sid, user_sid); - sid_split_rid(&domain_sid, &user_rid); - - sid = sid_dup_talloc(p->mem_ctx, &domain_sid); - if (!sid) { - return NT_STATUS_NO_MEMORY; - } - - if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) { - DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid " - "%s\n but group sid %s.\n" - "The conflicting domain portions are not " - "supported for NETLOGON calls\n", - pdb_get_domain(sampw), - pdb_get_username(sampw), - sid_string_dbg(user_sid), - sid_string_dbg(group_sid))); - return NT_STATUS_UNSUCCESSFUL; - } - - if(server_info->login_server) { - my_name = server_info->login_server; - } else { - my_name = global_myname(); - } - - status = nt_token_to_group_list(p->mem_ctx, &domain_sid, - server_info->num_sids, - server_info->sids, - &num_gids, &gids); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (server_info->user_session_key.length) { - memcpy(user_session_key.key, - server_info->user_session_key.data, - MIN(sizeof(user_session_key.key), - server_info->user_session_key.length)); - if (process_creds) { - /* Get the pipe session key from the creds. */ - memcpy(pipe_session_key, p->dc->sess_key, 16); - } else { - /* Get the pipe session key from the schannel. */ - if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL || p->auth.a_u.schannel_auth == NULL) { - return NT_STATUS_INVALID_HANDLE; - } - memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16); - } - SamOEMhash(user_session_key.key, pipe_session_key, 16); - memset(pipe_session_key, '\0', 16); - } - if (server_info->lm_session_key.length) { - memcpy(lm_session_key.key, - server_info->lm_session_key.data, - MIN(sizeof(lm_session_key.key), - server_info->lm_session_key.length)); - if (process_creds) { - /* Get the pipe session key from the creds. */ - memcpy(pipe_session_key, p->dc->sess_key, 16); - } else { - /* Get the pipe session key from the schannel. */ - if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL || p->auth.a_u.schannel_auth == NULL) { - return NT_STATUS_INVALID_HANDLE; - } - memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16); - } - SamOEMhash(lm_session_key.key, pipe_session_key, 8); - memset(pipe_session_key, '\0', 16); - } - - groups.count = num_gids; - groups.rids = TALLOC_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, - groups.count); - if (!groups.rids) { - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i < groups.count; i++) { - groups.rids[i].rid = gids[i].g_rid; - groups.rids[i].attributes = gids[i].attr; + if (process_creds) { + /* Get the pipe session key from the creds. */ + memcpy(pipe_session_key, p->dc->sess_key, 16); + } else { + /* Get the pipe session key from the schannel. */ + if ((p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) + || (p->auth.a_u.schannel_auth == NULL)) { + return NT_STATUS_INVALID_HANDLE; } - - unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw)); - unix_to_nt_time(&last_logoff, get_time_t_max()); - unix_to_nt_time(&acct_expiry, get_time_t_max()); - unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw)); - unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw)); - unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw)); - - init_netr_SamInfo3(sam3, - last_logon, - last_logoff, - acct_expiry, - last_password_change, - allow_password_change, - force_password_change, - talloc_strdup(p->mem_ctx, pdb_get_username(sampw)), - talloc_strdup(p->mem_ctx, pdb_get_fullname(sampw)), - talloc_strdup(p->mem_ctx, pdb_get_logon_script(sampw)), - talloc_strdup(p->mem_ctx, pdb_get_profile_path(sampw)), - talloc_strdup(p->mem_ctx, pdb_get_homedir(sampw)), - talloc_strdup(p->mem_ctx, pdb_get_dir_drive(sampw)), - 0, /* logon_count */ - 0, /* bad_password_count */ - user_rid, - group_rid, - groups, - NETLOGON_EXTRA_SIDS, - user_session_key, - my_name, - talloc_strdup(p->mem_ctx, pdb_get_domain(sampw)), - sid, - lm_session_key, - pdb_get_acct_ctrl(sampw), - 0, /* sidcount */ - NULL); /* struct netr_SidAttr *sids */ - ZERO_STRUCT(user_session_key); - ZERO_STRUCT(lm_session_key); + memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16); } + + status = serverinfo_to_SamInfo3(server_info, pipe_session_key, sam3); TALLOC_FREE(server_info); return status; } |