diff options
-rw-r--r-- | source3/auth/auth_util.c | 89 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 6 |
2 files changed, 3 insertions, 92 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 99ce6620c3..14aaa4c5ee 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1088,95 +1088,6 @@ BOOL user_in_group(const char *username, const char *groupname) /*************************************************************************** - Make (and fill) a user_info struct from a Kerberos PAC logon_info by - conversion to a struct samu -***************************************************************************/ - -NTSTATUS make_server_info_pac(auth_serversupplied_info **server_info, - char *unix_username, - struct passwd *pwd, - PAC_LOGON_INFO *logon_info) -{ - NTSTATUS status; - struct samu *sampass = NULL; - DOM_SID user_sid, group_sid; - fstring dom_name; - auth_serversupplied_info *result; - int i; - - if ( !(sampass = samu_new( NULL )) ) { - return NT_STATUS_NO_MEMORY; - } - - status = samu_set_unix( sampass, pwd ); - if ( !NT_STATUS_IS_OK(status) ) { - return status; - } - - result = make_server_info(NULL); - if (result == NULL) { - TALLOC_FREE(sampass); - return NT_STATUS_NO_MEMORY; - } - - /* only copy user_sid, group_sid and domain name out of the PAC for - * now, we will benefit from more later - Guenther */ - - sid_copy(&user_sid, &logon_info->info3.dom_sid.sid); - sid_append_rid(&user_sid, logon_info->info3.user_rid); - pdb_set_user_sid(sampass, &user_sid, PDB_SET); - - sid_copy(&group_sid, &logon_info->info3.dom_sid.sid); - sid_append_rid(&group_sid, logon_info->info3.group_rid); - pdb_set_group_sid(sampass, &group_sid, PDB_SET); - - unistr2_to_ascii(dom_name, &logon_info->info3.uni_logon_dom, -1); - pdb_set_domain(sampass, dom_name, PDB_SET); - - pdb_set_logon_count(sampass, logon_info->info3.logon_count, PDB_SET); - - result->sam_account = sampass; - result->unix_name = talloc_strdup(result, unix_username); - result->uid = pwd->pw_uid; - result->gid = pwd->pw_gid; - - result->sids = NULL; - result->num_sids = 0; - - /* and create (by appending rids) the 'domain' sids */ - - for (i = 0; i < logon_info->info3.num_groups2; i++) { - DOM_SID sid; - if (!sid_compose(&sid, &logon_info->info3.dom_sid.sid, - logon_info->info3.gids[i].g_rid)) { - DEBUG(3,("could not append additional group rid " - "0x%x\n", logon_info->info3.gids[i].g_rid)); - TALLOC_FREE(result); - return NT_STATUS_INVALID_PARAMETER; - } - add_sid_to_array(result, &sid, &result->sids, - &result->num_sids); - } - - /* Copy 'other' sids. We need to do sid filtering here to - prevent possible elevation of privileges. See: - - http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp - */ - - for (i = 0; i < logon_info->info3.num_other_sids; i++) { - add_sid_to_array(result, &logon_info->info3.other_sids[i].sid, - &result->sids, - &result->num_sids); - } - - *server_info = result; - - return NT_STATUS_OK; -} - - -/*************************************************************************** Make (and fill) a user_info struct from a 'struct passwd' by conversion to a struct samu ***************************************************************************/ diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 1abb800627..98146561b2 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -316,10 +316,10 @@ static int reply_spnego_kerberos(connection_struct *conn, if ( map_domainuser_to_guest ) { make_server_info_guest(&server_info); } else if (logon_info) { - ret = make_server_info_pac(&server_info, real_username, pw, logon_info); - + ret = make_server_info_info3(mem_ctx, real_username, real_username, domain, + &server_info, &logon_info->info3); if ( !NT_STATUS_IS_OK(ret) ) { - DEBUG(1,("make_server_info_pac failed: %s!\n", + DEBUG(1,("make_server_info_info3 failed: %s!\n", nt_errstr(ret))); SAFE_FREE(client); data_blob_free(&ap_rep); |