summaryrefslogtreecommitdiff
path: root/source4/auth/auth_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/auth_util.c')
-rw-r--r--source4/auth/auth_util.c125
1 files changed, 123 insertions, 2 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 839e87585b..ef008d62c5 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -437,7 +437,7 @@ NTSTATUS make_server_info(const TALLOC_CTX *mem_ctx,
/***************************************************************************
Make (and fill) a user_info struct for a guest login.
***************************************************************************/
-NTSTATUS make_server_info_guest(const TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info)
+NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status;
@@ -486,6 +486,127 @@ NTSTATUS make_server_info_guest(const TALLOC_CTX *mem_ctx, struct auth_serversup
}
/***************************************************************************
+ Make a server_info struct from the info3 returned by a domain logon
+***************************************************************************/
+
+NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
+ const char *internal_username,
+ struct auth_serversupplied_info **server_info,
+ struct netr_SamInfo3 *info3)
+{
+ NTSTATUS nt_status;
+
+ nt_status = make_server_info(mem_ctx, server_info, internal_username);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ (*server_info)->guest = False;
+
+ /*
+ Here is where we should check the list of
+ trusted domains, and verify that the SID
+ matches.
+ */
+
+ (*server_info)->user_sid = dom_sid_add_rid(*server_info, dom_sid_dup(*server_info, info3->base.domain_sid), info3->base.rid);
+ (*server_info)->primary_group_sid = dom_sid_add_rid(*server_info, dom_sid_dup(*server_info, info3->base.domain_sid), info3->base.primary_gid);
+
+ /* TODO: pull in other groups: */
+
+
+ (*server_info)->domain_groups = talloc_array_p((*server_info), struct dom_sid*, info3->base.group_count);
+ if (!(*server_info)->domain_groups) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for ((*server_info)->n_domain_groups = 0;
+ (*server_info)->n_domain_groups < info3->base.group_count;
+ (*server_info)->n_domain_groups++) {
+ struct dom_sid *sid;
+ sid = dom_sid_dup(*server_info, info3->base.domain_sid);
+ if (!sid) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ (*server_info)->domain_groups[(*server_info)->n_domain_groups]
+ = dom_sid_add_rid(*server_info, sid,
+ info3->base.groupids[(*server_info)->n_domain_groups].rid);
+ if (!(*server_info)->domain_groups[(*server_info)->n_domain_groups]) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ if (info3->base.account_name.string) {
+ (*server_info)->account_name = talloc_reference(*server_info, info3->base.account_name.string);
+ } else {
+ (*server_info)->account_name = talloc_strdup(*server_info, internal_username);
+ }
+
+ if (info3->base.domain.string) {
+ (*server_info)->domain = talloc_reference(*server_info, info3->base.domain.string);
+ } else {
+ (*server_info)->domain = NULL;
+ }
+
+ if (info3->base.full_name.string) {
+ (*server_info)->full_name = talloc_reference(*server_info, info3->base.full_name.string);
+ } else {
+ (*server_info)->full_name = NULL;
+ }
+
+ if (info3->base.logon_script.string) {
+ (*server_info)->logon_script = talloc_reference(*server_info, info3->base.logon_script.string);
+ } else {
+ (*server_info)->logon_script = NULL;
+ }
+
+ if (info3->base.profile_path.string) {
+ (*server_info)->profile_path = talloc_reference(*server_info, info3->base.profile_path.string);
+ } else {
+ (*server_info)->profile_path = NULL;
+ }
+
+ if (info3->base.home_directory.string) {
+ (*server_info)->home_directory = talloc_reference(*server_info, info3->base.home_directory.string);
+ } else {
+ (*server_info)->home_directory = NULL;
+ }
+
+ if (info3->base.home_drive.string) {
+ (*server_info)->home_drive = talloc_reference(*server_info, info3->base.home_drive.string);
+ } else {
+ (*server_info)->home_drive = NULL;
+ }
+ (*server_info)->last_logon = info3->base.last_logon;
+ (*server_info)->last_logoff = info3->base.last_logoff;
+ (*server_info)->acct_expiry = info3->base.acct_expiry;
+ (*server_info)->last_password_change = info3->base.last_password_change;
+ (*server_info)->allow_password_change = info3->base.allow_password_change;
+ (*server_info)->force_password_change = info3->base.force_password_change;
+
+ (*server_info)->logon_count = info3->base.logon_count;
+ (*server_info)->bad_password_count = info3->base.bad_password_count;
+
+ (*server_info)->acct_flags = info3->base.acct_flags;
+
+ /* ensure we are never given NULL session keys */
+
+ if (all_zero(info3->base.key.key, sizeof(info3->base.key.key))) {
+ (*server_info)->user_session_key = data_blob(NULL, 0);
+ } else {
+ (*server_info)->user_session_key = data_blob_talloc((*server_info), info3->base.key.key, sizeof(info3->base.key.key));
+ }
+
+ if (all_zero(info3->base.LMSessKey.key, sizeof(info3->base.LMSessKey.key))) {
+ (*server_info)->lm_session_key = data_blob(NULL, 0);
+ } else {
+ (*server_info)->lm_session_key = data_blob_talloc((*server_info), info3->base.LMSessKey.key, sizeof(info3->base.LMSessKey.key));
+ }
+ return NT_STATUS_OK;
+}
+
+/***************************************************************************
Free a user_info struct
***************************************************************************/
@@ -546,7 +667,7 @@ NTSTATUS make_session_info(TALLOC_CTX *mem_ctx,
}
(*session_info)->server_info = server_info;
- talloc_reference(*session_info, server_info);
+ talloc_reference(*session_info, (*session_info)->server_info);
/* unless set otherwise, the session key is the user session
* key from the auth subsystem */
generated by cgit (git 2.34.1) at 2024-07-19 22:16:23 +0000