diff options
-rw-r--r-- | source3/auth/auth_util.c | 43 |
1 files changed, 13 insertions, 30 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index b41fac8039..6f99173850 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1404,11 +1404,11 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, char *found_username = NULL; const char *nt_domain; const char *nt_username; + struct dom_sid user_sid; + struct dom_sid group_sid; bool username_was_mapped; struct passwd *pwd; struct auth_serversupplied_info *result; - struct dom_sid *group_sid; - struct netr_SamInfo3 *i3; /* Here is where we should check the list of @@ -1416,6 +1416,15 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, matches. */ + if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!sid_compose(&group_sid, info3->base.domain_sid, + info3->base.primary_gid)) { + return NT_STATUS_INVALID_PARAMETER; + } + nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string); if (!nt_username) { /* If the server didn't give us one, just use the one we sent @@ -1460,43 +1469,17 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, result->unix_name = talloc_strdup(result, found_username); /* copy in the info3 */ - result->info3 = i3 = copy_netr_SamInfo3(result, info3); + result->info3 = copy_netr_SamInfo3(result, info3); if (result->info3 == NULL) { TALLOC_FREE(result); return NT_STATUS_NO_MEMORY; } /* Fill in the unix info we found on the way */ + result->utok.uid = pwd->pw_uid; result->utok.gid = pwd->pw_gid; - /* We can't just trust that the primary group sid sent us is something - * we can really use. Obtain the usable sid, and store the original - * one as an additional group if it had to be replaced */ - nt_status = get_primary_group_sid(mem_ctx, found_username, - &pwd, &group_sid); - if (!NT_STATUS_IS_OK(nt_status)) { - TALLOC_FREE(result); - return nt_status; - } - - /* store and check if it is the same we got originally */ - sid_peek_rid(group_sid, &i3->base.primary_gid); - if (i3->base.primary_gid != info3->base.primary_gid) { - uint32_t n = i3->base.groups.count; - /* not the same, store the original as an additional group */ - i3->base.groups.rids = - talloc_realloc(i3, i3->base.groups.rids, - struct samr_RidWithAttribute, n + 1); - if (i3->base.groups.rids == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; - } - i3->base.groups.rids[n].rid = info3->base.primary_gid; - i3->base.groups.rids[n].attributes = SE_GROUP_ENABLED; - i3->base.groups.count = n + 1; - } - /* ensure we are never given NULL session keys */ if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) { |