r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to use

Samba3's winbind.  This is also the start of domain membership code in
Samba4, as we now (partially) parse the info3, and use it like Samba3
does.

Andrew Bartlett
(This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)

1 files changed, 123 insertions, 2 deletions

diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 839e87585b..ef008d62c5 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -437,7 +437,7 @@ NTSTATUS make_server_info(const TALLOC_CTX *mem_ctx,
 /***************************************************************************
  Make (and fill) a user_info struct for a guest login.
 ***************************************************************************/
-NTSTATUS make_server_info_guest(const TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info)
+NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status;
 
@@ -486,6 +486,127 @@ NTSTATUS make_server_info_guest(const TALLOC_CTX *mem_ctx, struct auth_serversup
 }
 
 /***************************************************************************
+ Make a server_info struct from the info3 returned by a domain logon 
+***************************************************************************/
+
+NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, 
+				const char *internal_username,
+				struct auth_serversupplied_info **server_info, 
+				struct netr_SamInfo3 *info3) 
+{
+	NTSTATUS nt_status;
+
+	nt_status = make_server_info(mem_ctx, server_info, internal_username);
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+	
+	(*server_info)->guest = False;
+
+	/* 
+	   Here is where we should check the list of
+	   trusted domains, and verify that the SID 
+	   matches.
+	*/
+
+	(*server_info)->user_sid = dom_sid_add_rid(*server_info, dom_sid_dup(*server_info, info3->base.domain_sid), info3->base.rid);
+	(*server_info)->primary_group_sid = dom_sid_add_rid(*server_info, dom_sid_dup(*server_info, info3->base.domain_sid), info3->base.primary_gid);
+
+	/* TODO: pull in other groups: */
+
+	
+	(*server_info)->domain_groups = talloc_array_p((*server_info), struct dom_sid*, info3->base.group_count);
+	if (!(*server_info)->domain_groups) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	
+	for ((*server_info)->n_domain_groups = 0;
+	     (*server_info)->n_domain_groups < info3->base.group_count; 
+	     (*server_info)->n_domain_groups++) {
+		struct dom_sid *sid;
+		sid = dom_sid_dup(*server_info, info3->base.domain_sid);
+		if (!sid) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		(*server_info)->domain_groups[(*server_info)->n_domain_groups]
+			= dom_sid_add_rid(*server_info, sid, 
+					  info3->base.groupids[(*server_info)->n_domain_groups].rid);
+		if (!(*server_info)->domain_groups[(*server_info)->n_domain_groups]) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	if (info3->base.account_name.string) {
+		(*server_info)->account_name = talloc_reference(*server_info, info3->base.account_name.string);
+	} else {
+		(*server_info)->account_name = talloc_strdup(*server_info, internal_username);
+	}
+
+	if (info3->base.domain.string) {
+		(*server_info)->domain = talloc_reference(*server_info, info3->base.domain.string);
+	} else {
+		(*server_info)->domain = NULL;
+	}
+
+	if (info3->base.full_name.string) {
+	(*server_info)->full_name = talloc_reference(*server_info, info3->base.full_name.string);
+	} else {
+		(*server_info)->full_name = NULL;
+	}
+
+	if (info3->base.logon_script.string) {
+		(*server_info)->logon_script = talloc_reference(*server_info, info3->base.logon_script.string);
+	} else {
+		(*server_info)->logon_script = NULL;
+	}
+
+	if (info3->base.profile_path.string) {
+		(*server_info)->profile_path = talloc_reference(*server_info, info3->base.profile_path.string);
+	} else {
+		(*server_info)->profile_path = NULL;
+	}
+	
+	if (info3->base.home_directory.string) {
+		(*server_info)->home_directory = talloc_reference(*server_info, info3->base.home_directory.string);
+	} else {
+		(*server_info)->home_directory = NULL;
+	}
+
+	if (info3->base.home_drive.string) {
+		(*server_info)->home_drive = talloc_reference(*server_info, info3->base.home_drive.string);
+	} else {
+		(*server_info)->home_drive = NULL;
+	}
+	(*server_info)->last_logon = info3->base.last_logon;
+	(*server_info)->last_logoff = info3->base.last_logoff;
+	(*server_info)->acct_expiry = info3->base.acct_expiry;
+	(*server_info)->last_password_change = info3->base.last_password_change;
+	(*server_info)->allow_password_change = info3->base.allow_password_change;
+	(*server_info)->force_password_change = info3->base.force_password_change;
+
+	(*server_info)->logon_count = info3->base.logon_count;
+	(*server_info)->bad_password_count = info3->base.bad_password_count;
+
+	(*server_info)->acct_flags = info3->base.acct_flags;
+
+	/* ensure we are never given NULL session keys */
+	
+	if (all_zero(info3->base.key.key, sizeof(info3->base.key.key))) {
+		(*server_info)->user_session_key = data_blob(NULL, 0);
+	} else {
+		(*server_info)->user_session_key = data_blob_talloc((*server_info), info3->base.key.key, sizeof(info3->base.key.key));
+	}
+
+	if (all_zero(info3->base.LMSessKey.key, sizeof(info3->base.LMSessKey.key))) {
+		(*server_info)->lm_session_key = data_blob(NULL, 0);
+	} else {
+		(*server_info)->lm_session_key = data_blob_talloc((*server_info), info3->base.LMSessKey.key, sizeof(info3->base.LMSessKey.key));
+	}
+	return NT_STATUS_OK;
+}
+
+/***************************************************************************
  Free a user_info struct
 ***************************************************************************/
 
@@ -546,7 +667,7 @@ NTSTATUS make_session_info(TALLOC_CTX *mem_ctx,
 	}
 	
 	(*session_info)->server_info = server_info;
-	talloc_reference(*session_info, server_info);
+	talloc_reference(*session_info, (*session_info)->server_info);
 
 	/* unless set otherwise, the session key is the user session
 	 * key from the auth subsystem */