summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-08-03 23:14:38 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:31:08 -0500
commitaa7d44c0d998e642d7b5b001834797d38faebfde (patch)
tree4de15b2afbadaa183557d8bf0b0412d5e3efaeaa /source4
parentb37b8f1a2727937b40a51acecfd125993609bd8b (diff)
downloadsamba-aa7d44c0d998e642d7b5b001834797d38faebfde.tar.gz
samba-aa7d44c0d998e642d7b5b001834797d38faebfde.tar.bz2
samba-aa7d44c0d998e642d7b5b001834797d38faebfde.zip
r9022: One more step in the game of whack-a-mole with the PAC.
This makes the PAC we generate match (closely) the PAC generated by my test win2k3 DC. Andrew Bartlett (This used to be commit 6172b1868020ac8e828c375f17f4c33fc40eaca4)
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth_sam_reply.c34
1 files changed, 27 insertions, 7 deletions
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c
index 6b16d3e610..85a54979ce 100644
--- a/source4/auth/auth_sam_reply.c
+++ b/source4/auth/auth_sam_reply.c
@@ -117,6 +117,10 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
sam = &sam3->base;
+ sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid);
+ NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid);
+ sam->domain_sid->num_auths--;
+
sam->last_logon = server_info->last_logon;
sam->last_logoff = server_info->last_logoff;
sam->acct_expiry = server_info->acct_expiry;
@@ -139,6 +143,26 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
sam->groups.count = 0;
sam->groups.rids = NULL;
+ if (server_info->n_domain_groups > 0) {
+ int i;
+ sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute,
+ server_info->n_domain_groups);
+ NT_STATUS_HAVE_NO_MEMORY(sam->groups.rids);
+
+ for (i=0; i<server_info->n_domain_groups; i++) {
+ struct dom_sid *group_sid = server_info->domain_groups[i];
+
+ if (!dom_sid_in_domain(sam->domain_sid, group_sid)) {
+ continue;
+ }
+
+ sam->groups.rids[sam->groups.count].rid = group_sid->sub_auths[group_sid->num_auths-1];
+ sam->groups.rids[sam->groups.count].attributes =
+ SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
+ sam->groups.count += 1;
+ }
+ }
+
sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120. We know 0x20
* as extra sids (PAC doc) but what is
* 0x100? */
@@ -146,10 +170,6 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
sam->logon_server.string = lp_netbios_name();
sam->domain.string = server_info->domain_name;
- sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid);
- NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid);
- sam->domain_sid->num_auths--;
-
ZERO_STRUCT(sam->unknown);
ZERO_STRUCT(sam->key);
@@ -165,7 +185,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
sam3->sidcount = 0;
sam3->sids = NULL;
-
+#if 0
if (server_info->n_domain_groups > 0) {
int i;
sam3->sids = talloc_array(sam, struct netr_SidAttr,
@@ -173,7 +193,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
NT_STATUS_HAVE_NO_MEMORY(sam3->sids);
for (i=0; i<server_info->n_domain_groups; i++) {
- if (!dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) {
+ if (dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) {
continue;
}
sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]);
@@ -182,7 +202,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
sam3->sidcount += 1;
}
}
-
+#endif
*_sam3 = sam3;
return NT_STATUS_OK;