r8164: - match the ordering w2k3 uses for the PAC_BUFFER:

LOGON_INFO LOGON_NAME SRV_CHECKSUM KDC_CHECKSUM - w2k3 also don't use the groupmembership array with rids it uses the othersids array metze (This used to be commit 2286fad27d749ebba14f5448f1f635bb36750c9c)
author: Stefan Metzmacher <metze@samba.org> 2005-07-05 10:57:39 +0000
committer: Gerald (Jerry) Carter <jerry@samba.org> 2007-10-10 13:19:16 -0500
commit: f1031746e51268d64559b9eb3ab1affbc436af00 (patch)
tree: 112f7a241887d4f040953dc969b7213472a24144 /source4/auth
parent: 1f01bafd44dea9dd497f67fe4c50790d4c21256f (diff)
download: samba-f1031746e51268d64559b9eb3ab1affbc436af00.tar.gz
samba-f1031746e51268d64559b9eb3ab1affbc436af00.tar.bz2
samba-f1031746e51268d64559b9eb3ab1affbc436af00.zip
2 files changed, 97 insertions, 15 deletions
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c
index 2ff071f737..6b16d3e610 100644
--- a/source4/auth/auth_sam_reply.c
+++ b/source4/auth/auth_sam_reply.c
@@ -107,3 +107,84 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx,
 	return NT_STATUS_OK;
 }	
 
+NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, 
+					   struct auth_serversupplied_info *server_info, 
+					   struct netr_SamInfo3 **_sam3)
+{
+	struct netr_SamBaseInfo *sam;
+	struct netr_SamInfo3 *sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
+	NT_STATUS_HAVE_NO_MEMORY(sam3);
+
+	sam = &sam3->base;
+
+	sam->last_logon = server_info->last_logon;
+	sam->last_logoff = server_info->last_logoff;
+	sam->acct_expiry = server_info->acct_expiry;
+	sam->last_password_change = server_info->last_password_change;
+	sam->allow_password_change = server_info->allow_password_change;
+	sam->force_password_change = server_info->force_password_change;
+
+	sam->account_name.string = server_info->account_name;
+	sam->full_name.string = server_info->full_name;
+	sam->logon_script.string = server_info->logon_script;
+	sam->profile_path.string = server_info->profile_path;
+	sam->home_directory.string = server_info->home_directory;
+	sam->home_drive.string = server_info->home_drive;
+
+	sam->logon_count = server_info->logon_count;
+	sam->bad_password_count = sam->bad_password_count;
+	sam->rid = server_info->account_sid->sub_auths[server_info->account_sid->num_auths-1];
+	sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
+
+	sam->groups.count = 0;
+	sam->groups.rids = NULL;
+
+	sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120.  We know 0x20
+			      * as extra sids (PAC doc) but what is
+			      * 0x100? */
+	sam->acct_flags = server_info->acct_flags;
+	sam->logon_server.string = lp_netbios_name();
+	sam->domain.string = server_info->domain_name;
+
+	sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid);
+	NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid);
+	sam->domain_sid->num_auths--;
+
+	ZERO_STRUCT(sam->unknown);
+
+	ZERO_STRUCT(sam->key);
+	if (server_info->user_session_key.length == sizeof(sam->key.key)) {
+		memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
+	}
+
+	ZERO_STRUCT(sam->LMSessKey);
+	if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
+		memcpy(sam->LMSessKey.key, server_info->lm_session_key.data, 
+		       sizeof(sam->LMSessKey.key));
+	}
+
+	sam3->sidcount	= 0;
+	sam3->sids	= NULL;
+
+	if (server_info->n_domain_groups > 0) {
+		int i;
+		sam3->sids = talloc_array(sam, struct netr_SidAttr,
+					  server_info->n_domain_groups);
+		NT_STATUS_HAVE_NO_MEMORY(sam3->sids);
+
+		for (i=0; i<server_info->n_domain_groups; i++) {
+			if (!dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) {
+				continue;
+			}
+			sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]);
+			sam3->sids[sam3->sidcount].attribute = 
+				SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+			sam3->sidcount += 1;
+		}
+	}
+
+	*_sam3 = sam3;
+
+	return NT_STATUS_OK;
+}	
+
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index c659db064b..b0844187e5 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -230,7 +230,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 	DATA_BLOB server_checksum_blob;
 	krb5_error_code ret;
 	struct PAC_DATA *pac_data = talloc(mem_ctx, struct PAC_DATA);
-	struct netr_SamBaseInfo *sam;
+	struct netr_SamInfo3 *sam3;
 	struct timeval tv = timeval_current();
 	union PAC_INFO *u_LOGON_INFO;
 	struct PAC_LOGON_INFO *LOGON_INFO;
@@ -244,8 +244,8 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 	enum {
 		PAC_BUF_LOGON_INFO = 0,
 		PAC_BUF_LOGON_NAME = 1,
-		PAC_BUF_KDC_CHECKSUM = 2,
-		PAC_BUF_SRV_CHECKSUM = 3,
+		PAC_BUF_SRV_CHECKSUM = 2,
+		PAC_BUF_KDC_CHECKSUM = 3,
 		PAC_BUF_NUM_BUFFERS = 4
 	};
 
@@ -283,16 +283,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 	pac_data->buffers[PAC_BUF_LOGON_NAME].info = u_LOGON_NAME;
 	LOGON_NAME = &u_LOGON_NAME->logon_name;
 
-	/* KDC_CHECKSUM */
-	u_KDC_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
-	if (!u_KDC_CHECKSUM) {
-		talloc_free(pac_data);
-		return ENOMEM;
-	}
-	pac_data->buffers[PAC_BUF_KDC_CHECKSUM].type = PAC_TYPE_KDC_CHECKSUM;
-	pac_data->buffers[PAC_BUF_KDC_CHECKSUM].info = u_KDC_CHECKSUM;
-	KDC_CHECKSUM = &u_KDC_CHECKSUM->kdc_cksum;
-
 	/* SRV_CHECKSUM */
 	u_SRV_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
 	if (!u_SRV_CHECKSUM) {
@@ -303,6 +293,16 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 	pac_data->buffers[PAC_BUF_SRV_CHECKSUM].info = u_SRV_CHECKSUM;
 	SRV_CHECKSUM = &u_SRV_CHECKSUM->srv_cksum;
 
+	/* KDC_CHECKSUM */
+	u_KDC_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
+	if (!u_KDC_CHECKSUM) {
+		talloc_free(pac_data);
+		return ENOMEM;
+	}
+	pac_data->buffers[PAC_BUF_KDC_CHECKSUM].type = PAC_TYPE_KDC_CHECKSUM;
+	pac_data->buffers[PAC_BUF_KDC_CHECKSUM].info = u_KDC_CHECKSUM;
+	KDC_CHECKSUM = &u_KDC_CHECKSUM->kdc_cksum;
+
 	/* now the real work begins... */
 
 	LOGON_INFO = talloc_zero(u_LOGON_INFO, struct PAC_LOGON_INFO);
@@ -310,7 +310,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 		talloc_free(pac_data);
 		return ENOMEM;
 	}
-	nt_status = auth_convert_server_info_sambaseinfo(LOGON_INFO, server_info, &sam);
+	nt_status = auth_convert_server_info_saminfo3(LOGON_INFO, server_info, &sam3);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(1, ("Getting Samba info failed: %s\n", nt_errstr(nt_status)));
 		talloc_free(pac_data);
@@ -318,7 +318,8 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
 	}
 
 	u_LOGON_INFO->logon_info.info		= LOGON_INFO;
-	LOGON_INFO->info3.base = *sam;
+	LOGON_INFO->info3 = *sam3;
+	LOGON_INFO->info3.base.last_logon	= timeval_to_nttime(&tv);
 
 	LOGON_NAME->account_name	= server_info->account_name;
 	LOGON_NAME->logon_time		= timeval_to_nttime(&tv);
author	Stefan Metzmacher <metze@samba.org>	2005-07-05 10:57:39 +0000
committer	Gerald (Jerry) Carter <jerry@samba.org>	2007-10-10 13:19:16 -0500
commit	f1031746e51268d64559b9eb3ab1affbc436af00 (patch)
tree	112f7a241887d4f040953dc969b7213472a24144 /source4/auth
parent	1f01bafd44dea9dd497f67fe4c50790d4c21256f (diff)
download	samba-f1031746e51268d64559b9eb3ab1affbc436af00.tar.gz samba-f1031746e51268d64559b9eb3ab1affbc436af00.tar.bz2 samba-f1031746e51268d64559b9eb3ab1affbc436af00.zip