summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c43
1 files changed, 30 insertions, 13 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index cb9c4b22fc..a93d44fe91 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1047,11 +1047,11 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
char *found_username = NULL;
const char *nt_domain;
const char *nt_username;
- struct dom_sid user_sid;
- struct dom_sid group_sid;
bool username_was_mapped;
struct passwd *pwd;
struct auth_serversupplied_info *result;
+ struct dom_sid *group_sid;
+ struct netr_SamInfo3 *i3;
/*
Here is where we should check the list of
@@ -1059,15 +1059,6 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
matches.
*/
- if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!sid_compose(&group_sid, info3->base.domain_sid,
- info3->base.primary_gid)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string);
if (!nt_username) {
/* If the server didn't give us one, just use the one we sent
@@ -1119,13 +1110,39 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
}
/* copy in the info3 */
- result->info3 = copy_netr_SamInfo3(result, info3);
+ result->info3 = i3 = copy_netr_SamInfo3(result, info3);
/* Fill in the unix info we found on the way */
-
result->utok.uid = pwd->pw_uid;
result->utok.gid = pwd->pw_gid;
+ /* We can't just trust that the primary group sid sent us is something
+ * we can really use. Obtain the useable sid, and store the original
+ * one as an additional group if it had to be replaced */
+ nt_status = get_primary_group_sid(mem_ctx, found_username,
+ &pwd, &group_sid);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(result);
+ return nt_status;
+ }
+
+ /* store and check if it is the same we got originally */
+ sid_peek_rid(group_sid, &i3->base.primary_gid);
+ if (i3->base.primary_gid != info3->base.primary_gid) {
+ uint32_t n = i3->base.groups.count;
+ /* not the same, store the original as an additional group */
+ i3->base.groups.rids =
+ talloc_realloc(i3, i3->base.groups.rids,
+ struct samr_RidWithAttribute, n + 1);
+ if (i3->base.groups.rids == NULL) {
+ TALLOC_FREE(result);
+ return NT_STATUS_NO_MEMORY;
+ }
+ i3->base.groups.rids[n].rid = info3->base.primary_gid;
+ i3->base.groups.rids[n].attributes = SE_GROUP_ENABLED;
+ i3->base.groups.count = n + 1;
+ }
+
/* ensure we are never given NULL session keys */
if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) {