summaryrefslogtreecommitdiff
path: root/source4/auth/auth_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/auth_util.c')
-rw-r--r--source4/auth/auth_util.c223
1 files changed, 0 insertions, 223 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 580b96142e..db208008ae 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -863,228 +863,6 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
}
/***************************************************************************
- Make a server_info struct from the info3 returned by a domain logon
-***************************************************************************/
-
-NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
- const char *internal_username,
- const char *sent_nt_username,
- const char *domain,
- auth_serversupplied_info **server_info,
- NET_USER_INFO_3 *info3)
-{
- NTSTATUS nt_status = NT_STATUS_OK;
-
- const char *nt_domain;
- const char *nt_username;
-
- SAM_ACCOUNT *sam_account = NULL;
- DOM_SID user_sid;
- DOM_SID group_sid;
-
- struct passwd *passwd;
-
- uid_t uid;
- gid_t gid;
-
- int n_lgroupSIDs;
- DOM_SID *lgroupSIDs = NULL;
-
- gid_t *unix_groups = NULL;
- NT_USER_TOKEN *token;
-
- DOM_SID *all_group_SIDs;
- size_t i;
-
- /*
- Here is where we should check the list of
- trusted domains, and verify that the SID
- matches.
- */
-
- sid_copy(&user_sid, &info3->dom_sid.sid);
- if (!sid_append_rid(&user_sid, info3->user_rid)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- sid_copy(&group_sid, &info3->dom_sid.sid);
- if (!sid_append_rid(&group_sid, info3->group_rid)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!(nt_username = unistr2_tdup(mem_ctx, &(info3->uni_user_name)))) {
- /* If the server didn't give us one, just use the one we sent them */
- nt_username = sent_nt_username;
- }
-
- if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) {
- /* If the server didn't give us one, just use the one we sent them */
- domain = domain;
- }
-
- if (winbind_sid_to_uid(&uid, &user_sid)
- && winbind_sid_to_gid(&gid, &group_sid)
- && ((passwd = getpwuid_alloc(uid)))) {
- nt_status = pdb_init_sam_pw(&sam_account, passwd);
- passwd_free(&passwd);
- } else {
- char *dom_user;
- dom_user = talloc_asprintf(mem_ctx, "%s%s%s",
- nt_domain,
- lp_winbind_separator(),
- internal_username);
-
- if (!dom_user) {
- DEBUG(0, ("talloc_asprintf failed!\n"));
- return NT_STATUS_NO_MEMORY;
- } else {
-
- if (!(passwd = Get_Pwnam(dom_user))
- /* Only lookup local for the local
- domain, we don't want this for
- trusted domains */
- && strequal(nt_domain, lp_workgroup())) {
- passwd = Get_Pwnam(internal_username);
- }
-
- if (!passwd) {
- return NT_STATUS_NO_SUCH_USER;
- } else {
- nt_status = pdb_init_sam_pw(&sam_account, passwd);
- }
- }
- }
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(0, ("make_server_info_info3: pdb_init_sam failed!\n"));
- return nt_status;
- }
-
- if (!pdb_set_user_sid(sam_account, &user_sid, PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!pdb_set_group_sid(sam_account, &group_sid, PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!pdb_set_nt_username(sam_account, nt_username, PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!pdb_set_domain(sam_account, nt_domain, PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!pdb_set_fullname(sam_account, unistr2_static(mem_ctx, &(info3->uni_full_name)), PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!pdb_set_logon_script(sam_account, unistr2_static(mem_ctx, &(info3->uni_logon_script)), PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!pdb_set_profile_path(sam_account, unistr2_static(mem_ctx, &(info3->uni_profile_path)), PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!pdb_set_homedir(sam_account, unistr2_static(mem_ctx, &(info3->uni_home_dir)), PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!pdb_set_dir_drive(sam_account, unistr2_static(mem_ctx, &(info3->uni_dir_drive)), PDB_CHANGED)) {
- pdb_free_sam(&sam_account);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sam_account))) {
- DEBUG(4, ("make_server_info failed!\n"));
- pdb_free_sam(&sam_account);
- return nt_status;
- }
-
- /* Store the user group information in the server_info
- returned to the caller. */
-
- if (!NT_STATUS_IS_OK(nt_status
- = get_user_groups_from_local_sam(sam_account,
- &n_lgroupSIDs,
- &lgroupSIDs,
- &unix_groups)))
- {
- DEBUG(4,("get_user_groups_from_local_sam failed\n"));
- return nt_status;
- }
-
- (*server_info)->groups = unix_groups;
- (*server_info)->n_groups = n_lgroupSIDs;
-
- /* Create a 'combined' list of all SIDs we might want in the SD */
- all_group_SIDs = malloc(sizeof(DOM_SID) *
- (n_lgroupSIDs + info3->num_groups2 +
- info3->num_other_sids));
- if (!all_group_SIDs) {
- DEBUG(0, ("create_nt_token_info3: malloc() failed for DOM_SID list!\n"));
- SAFE_FREE(lgroupSIDs);
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Copy the 'local' sids */
- memcpy(all_group_SIDs, lgroupSIDs, sizeof(DOM_SID) * n_lgroupSIDs);
- SAFE_FREE(lgroupSIDs);
-
- /* and create (by appending rids) the 'domain' sids */
- for (i = 0; i < info3->num_groups2; i++) {
- sid_copy(&all_group_SIDs[i+n_lgroupSIDs], &(info3->dom_sid.sid));
- if (!sid_append_rid(&all_group_SIDs[i+n_lgroupSIDs], info3->gids[i].g_rid)) {
- nt_status = NT_STATUS_INVALID_PARAMETER;
- DEBUG(3,("create_nt_token_info3: could not append additional group rid 0x%x\n",
- info3->gids[i].g_rid));
- SAFE_FREE(lgroupSIDs);
- return nt_status;
- }
- }
-
- /* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
-
- http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
- */
-
- for (i = 0; i < info3->num_other_sids; i++)
- sid_copy(&all_group_SIDs[
- n_lgroupSIDs + info3->num_groups2 + i],
- &info3->other_sids[i].sid);
-
- /* Where are the 'global' sids... */
-
- /* can the user be guest? if yes, where is it stored? */
- if (!NT_STATUS_IS_OK(
- nt_status = create_nt_user_token(
- &user_sid, &group_sid,
- n_lgroupSIDs + info3->num_groups2 + info3->num_other_sids,
- all_group_SIDs, False, &token))) {
- DEBUG(4,("create_nt_user_token failed\n"));
- SAFE_FREE(all_group_SIDs);
- return nt_status;
- }
-
- (*server_info)->ptok = token;
-
- SAFE_FREE(all_group_SIDs);
-
- return NT_STATUS_OK;
-}
-
-/***************************************************************************
Free a user_info struct
***************************************************************************/
@@ -1102,7 +880,6 @@ void free_user_info(auth_usersupplied_info **user_info)
SAFE_FREE((*user_info)->wksta_name.str);
data_blob_free(&(*user_info)->lm_resp);
data_blob_free(&(*user_info)->nt_resp);
- SAFE_FREE((*user_info)->interactive_password);
data_blob_clear_free(&(*user_info)->plaintext_password);
ZERO_STRUCT(**user_info);
}