diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-03-30 21:23:46 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-04-10 21:41:00 +1000 |
commit | 03408267720cc1326be06fe1b6871b31ab18c097 (patch) | |
tree | 6bdd312dc27e70763b614010cfd49a76e7db4fd6 /source4/rpc_server/netlogon | |
parent | 4074739fe71a27feb950aa35f74bb27dc42c17f2 (diff) | |
download | samba-03408267720cc1326be06fe1b6871b31ab18c097.tar.gz samba-03408267720cc1326be06fe1b6871b31ab18c097.tar.bz2 samba-03408267720cc1326be06fe1b6871b31ab18c097.zip |
s4:rpc_server Add all SIDs into the netlogon SamLogon reply
We were missing the SIDs that are not in the domain.
Diffstat (limited to 'source4/rpc_server/netlogon')
-rw-r--r-- | source4/rpc_server/netlogon/dcerpc_netlogon.c | 84 |
1 files changed, 52 insertions, 32 deletions
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index ba27b014ea..f7df8e9452 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -617,8 +617,58 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info); NT_STATUS_NOT_OK_RETURN(nt_status); - nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam); - NT_STATUS_NOT_OK_RETURN(nt_status); + switch (r->in.validation_level) { + case 2: + nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam); + NT_STATUS_NOT_OK_RETURN(nt_status); + + sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2); + NT_STATUS_HAVE_NO_MEMORY(sam2); + sam2->base = *sam; + + /* And put into the talloc tree */ + talloc_steal(sam2, sam); + r->out.validation->sam2 = sam2; + + sam = &sam2->base; + break; + + case 3: + nt_status = auth_convert_server_info_saminfo3(mem_ctx, + server_info, + &sam3); + NT_STATUS_NOT_OK_RETURN(nt_status); + + r->out.validation->sam3 = sam3; + + sam = &sam3->base; + break; + + case 6: + nt_status = auth_convert_server_info_saminfo3(mem_ctx, + server_info, + &sam3); + NT_STATUS_NOT_OK_RETURN(nt_status); + + sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6); + NT_STATUS_HAVE_NO_MEMORY(sam6); + sam6->base = sam3->base; + sam6->sidcount = sam3->sidcount; + sam6->sids = sam3->sids; + + sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx); + sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", + sam->account_name.string, sam6->forest.string); + NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string); + /* And put into the talloc tree */ + talloc_steal(sam6, sam3); + + r->out.validation->sam6 = sam6; + break; + + default: + break; + } /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ /* It appears that level 6 is not individually encrypted */ @@ -646,36 +696,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal } } - switch (r->in.validation_level) { - case 2: - sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2); - NT_STATUS_HAVE_NO_MEMORY(sam2); - sam2->base = *sam; - r->out.validation->sam2 = sam2; - break; - - case 3: - sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3); - NT_STATUS_HAVE_NO_MEMORY(sam3); - sam3->base = *sam; - r->out.validation->sam3 = sam3; - break; - - case 6: - sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6); - NT_STATUS_HAVE_NO_MEMORY(sam6); - sam6->base = *sam; - sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx); - sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", - sam->account_name.string, sam6->forest.string); - NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string); - r->out.validation->sam6 = sam6; - break; - - default: - break; - } - *r->out.authoritative = 1; /* TODO: Describe and deal with these flags */ |