diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-08-03 23:14:38 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:31:08 -0500 |
commit | aa7d44c0d998e642d7b5b001834797d38faebfde (patch) | |
tree | 4de15b2afbadaa183557d8bf0b0412d5e3efaeaa /source4/auth | |
parent | b37b8f1a2727937b40a51acecfd125993609bd8b (diff) | |
download | samba-aa7d44c0d998e642d7b5b001834797d38faebfde.tar.gz samba-aa7d44c0d998e642d7b5b001834797d38faebfde.tar.bz2 samba-aa7d44c0d998e642d7b5b001834797d38faebfde.zip |
r9022: One more step in the game of whack-a-mole with the PAC.
This makes the PAC we generate match (closely) the PAC generated by my
test win2k3 DC.
Andrew Bartlett
(This used to be commit 6172b1868020ac8e828c375f17f4c33fc40eaca4)
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/auth_sam_reply.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 6b16d3e610..85a54979ce 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -117,6 +117,10 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam = &sam3->base; + sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); + NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); + sam->domain_sid->num_auths--; + sam->last_logon = server_info->last_logon; sam->last_logoff = server_info->last_logoff; sam->acct_expiry = server_info->acct_expiry; @@ -139,6 +143,26 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam->groups.count = 0; sam->groups.rids = NULL; + if (server_info->n_domain_groups > 0) { + int i; + sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute, + server_info->n_domain_groups); + NT_STATUS_HAVE_NO_MEMORY(sam->groups.rids); + + for (i=0; i<server_info->n_domain_groups; i++) { + struct dom_sid *group_sid = server_info->domain_groups[i]; + + if (!dom_sid_in_domain(sam->domain_sid, group_sid)) { + continue; + } + + sam->groups.rids[sam->groups.count].rid = group_sid->sub_auths[group_sid->num_auths-1]; + sam->groups.rids[sam->groups.count].attributes = + SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sam->groups.count += 1; + } + } + sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120. We know 0x20 * as extra sids (PAC doc) but what is * 0x100? */ @@ -146,10 +170,6 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam->logon_server.string = lp_netbios_name(); sam->domain.string = server_info->domain_name; - sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); - NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); - sam->domain_sid->num_auths--; - ZERO_STRUCT(sam->unknown); ZERO_STRUCT(sam->key); @@ -165,7 +185,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam3->sidcount = 0; sam3->sids = NULL; - +#if 0 if (server_info->n_domain_groups > 0) { int i; sam3->sids = talloc_array(sam, struct netr_SidAttr, @@ -173,7 +193,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(sam3->sids); for (i=0; i<server_info->n_domain_groups; i++) { - if (!dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { + if (dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { continue; } sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); @@ -182,7 +202,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam3->sidcount += 1; } } - +#endif *_sam3 = sam3; return NT_STATUS_OK; |