summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/cldap_server/netlogon.c28
1 files changed, 21 insertions, 7 deletions
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 37d3b8386b..414f08a6f6 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -388,7 +388,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
const char *host = NULL;
const char *user = NULL;
const char *domain_guid = NULL;
- const char *domain_sid = NULL;
+ struct dom_sid *domain_sid = NULL;
int acct_control = -1;
int version = -1;
struct netlogon_samlogon_response netlogon;
@@ -420,9 +420,20 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
}
}
if (strcasecmp(t->u.equality.attr, "DomainSid") == 0) {
- domain_sid = talloc_strndup(tmp_ctx,
- (const char *)t->u.equality.value.data,
- t->u.equality.value.length);
+ enum ndr_err_code ndr_err;
+
+ domain_sid = talloc(tmp_ctx, struct dom_sid);
+ if (domain_sid == NULL) {
+ goto failed;
+ }
+ ndr_err = ndr_pull_struct_blob(&t->u.equality.value,
+ domain_sid, NULL,
+ domain_sid,
+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(domain_sid);
+ goto failed;
+ }
}
if (strcasecmp(t->u.equality.attr, "User") == 0) {
user = talloc_strndup(tmp_ctx,
@@ -439,7 +450,7 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
}
}
- if (domain_guid == NULL && domain == NULL) {
+ if ((domain == NULL) && (domain_guid == NULL) && (domain_sid == NULL)) {
domain = lp_dnsdomain(cldapd->task->lp_ctx);
}
@@ -450,10 +461,13 @@ void cldapd_netlogon_request(struct cldap_socket *cldap,
DEBUG(5,("cldap netlogon query domain=%s host=%s user=%s version=%d guid=%s\n",
domain, host, user, version, domain_guid));
- status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid,
+ status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx,
+ domain, NULL, domain_sid,
+ domain_guid,
user, acct_control,
tsocket_address_inet_addr_string(src, tmp_ctx),
- version, cldapd->task->lp_ctx, &netlogon, false);
+ version, cldapd->task->lp_ctx,
+ &netlogon, false);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}