summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_util.c89
-rw-r--r--source3/smbd/sesssetup.c6
2 files changed, 3 insertions, 92 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 99ce6620c3..14aaa4c5ee 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1088,95 +1088,6 @@ BOOL user_in_group(const char *username, const char *groupname)
/***************************************************************************
- Make (and fill) a user_info struct from a Kerberos PAC logon_info by
- conversion to a struct samu
-***************************************************************************/
-
-NTSTATUS make_server_info_pac(auth_serversupplied_info **server_info,
- char *unix_username,
- struct passwd *pwd,
- PAC_LOGON_INFO *logon_info)
-{
- NTSTATUS status;
- struct samu *sampass = NULL;
- DOM_SID user_sid, group_sid;
- fstring dom_name;
- auth_serversupplied_info *result;
- int i;
-
- if ( !(sampass = samu_new( NULL )) ) {
- return NT_STATUS_NO_MEMORY;
- }
-
- status = samu_set_unix( sampass, pwd );
- if ( !NT_STATUS_IS_OK(status) ) {
- return status;
- }
-
- result = make_server_info(NULL);
- if (result == NULL) {
- TALLOC_FREE(sampass);
- return NT_STATUS_NO_MEMORY;
- }
-
- /* only copy user_sid, group_sid and domain name out of the PAC for
- * now, we will benefit from more later - Guenther */
-
- sid_copy(&user_sid, &logon_info->info3.dom_sid.sid);
- sid_append_rid(&user_sid, logon_info->info3.user_rid);
- pdb_set_user_sid(sampass, &user_sid, PDB_SET);
-
- sid_copy(&group_sid, &logon_info->info3.dom_sid.sid);
- sid_append_rid(&group_sid, logon_info->info3.group_rid);
- pdb_set_group_sid(sampass, &group_sid, PDB_SET);
-
- unistr2_to_ascii(dom_name, &logon_info->info3.uni_logon_dom, -1);
- pdb_set_domain(sampass, dom_name, PDB_SET);
-
- pdb_set_logon_count(sampass, logon_info->info3.logon_count, PDB_SET);
-
- result->sam_account = sampass;
- result->unix_name = talloc_strdup(result, unix_username);
- result->uid = pwd->pw_uid;
- result->gid = pwd->pw_gid;
-
- result->sids = NULL;
- result->num_sids = 0;
-
- /* and create (by appending rids) the 'domain' sids */
-
- for (i = 0; i < logon_info->info3.num_groups2; i++) {
- DOM_SID sid;
- if (!sid_compose(&sid, &logon_info->info3.dom_sid.sid,
- logon_info->info3.gids[i].g_rid)) {
- DEBUG(3,("could not append additional group rid "
- "0x%x\n", logon_info->info3.gids[i].g_rid));
- TALLOC_FREE(result);
- return NT_STATUS_INVALID_PARAMETER;
- }
- add_sid_to_array(result, &sid, &result->sids,
- &result->num_sids);
- }
-
- /* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
-
- http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
- */
-
- for (i = 0; i < logon_info->info3.num_other_sids; i++) {
- add_sid_to_array(result, &logon_info->info3.other_sids[i].sid,
- &result->sids,
- &result->num_sids);
- }
-
- *server_info = result;
-
- return NT_STATUS_OK;
-}
-
-
-/***************************************************************************
Make (and fill) a user_info struct from a 'struct passwd' by conversion
to a struct samu
***************************************************************************/
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1abb800627..98146561b2 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -316,10 +316,10 @@ static int reply_spnego_kerberos(connection_struct *conn,
if ( map_domainuser_to_guest ) {
make_server_info_guest(&server_info);
} else if (logon_info) {
- ret = make_server_info_pac(&server_info, real_username, pw, logon_info);
-
+ ret = make_server_info_info3(mem_ctx, real_username, real_username, domain,
+ &server_info, &logon_info->info3);
if ( !NT_STATUS_IS_OK(ret) ) {
- DEBUG(1,("make_server_info_pac failed: %s!\n",
+ DEBUG(1,("make_server_info_info3 failed: %s!\n",
nt_errstr(ret)));
SAFE_FREE(client);
data_blob_free(&ap_rep);