diff options
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/auth_util.c | 223 |
1 files changed, 0 insertions, 223 deletions
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c index 580b96142e..db208008ae 100644 --- a/source4/auth/auth_util.c +++ b/source4/auth/auth_util.c @@ -863,228 +863,6 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info) } /*************************************************************************** - Make a server_info struct from the info3 returned by a domain logon -***************************************************************************/ - -NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, - const char *internal_username, - const char *sent_nt_username, - const char *domain, - auth_serversupplied_info **server_info, - NET_USER_INFO_3 *info3) -{ - NTSTATUS nt_status = NT_STATUS_OK; - - const char *nt_domain; - const char *nt_username; - - SAM_ACCOUNT *sam_account = NULL; - DOM_SID user_sid; - DOM_SID group_sid; - - struct passwd *passwd; - - uid_t uid; - gid_t gid; - - int n_lgroupSIDs; - DOM_SID *lgroupSIDs = NULL; - - gid_t *unix_groups = NULL; - NT_USER_TOKEN *token; - - DOM_SID *all_group_SIDs; - size_t i; - - /* - Here is where we should check the list of - trusted domains, and verify that the SID - matches. - */ - - sid_copy(&user_sid, &info3->dom_sid.sid); - if (!sid_append_rid(&user_sid, info3->user_rid)) { - return NT_STATUS_INVALID_PARAMETER; - } - - sid_copy(&group_sid, &info3->dom_sid.sid); - if (!sid_append_rid(&group_sid, info3->group_rid)) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (!(nt_username = unistr2_tdup(mem_ctx, &(info3->uni_user_name)))) { - /* If the server didn't give us one, just use the one we sent them */ - nt_username = sent_nt_username; - } - - if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) { - /* If the server didn't give us one, just use the one we sent them */ - domain = domain; - } - - if (winbind_sid_to_uid(&uid, &user_sid) - && winbind_sid_to_gid(&gid, &group_sid) - && ((passwd = getpwuid_alloc(uid)))) { - nt_status = pdb_init_sam_pw(&sam_account, passwd); - passwd_free(&passwd); - } else { - char *dom_user; - dom_user = talloc_asprintf(mem_ctx, "%s%s%s", - nt_domain, - lp_winbind_separator(), - internal_username); - - if (!dom_user) { - DEBUG(0, ("talloc_asprintf failed!\n")); - return NT_STATUS_NO_MEMORY; - } else { - - if (!(passwd = Get_Pwnam(dom_user)) - /* Only lookup local for the local - domain, we don't want this for - trusted domains */ - && strequal(nt_domain, lp_workgroup())) { - passwd = Get_Pwnam(internal_username); - } - - if (!passwd) { - return NT_STATUS_NO_SUCH_USER; - } else { - nt_status = pdb_init_sam_pw(&sam_account, passwd); - } - } - } - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0, ("make_server_info_info3: pdb_init_sam failed!\n")); - return nt_status; - } - - if (!pdb_set_user_sid(sam_account, &user_sid, PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!pdb_set_group_sid(sam_account, &group_sid, PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!pdb_set_nt_username(sam_account, nt_username, PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_NO_MEMORY; - } - - if (!pdb_set_domain(sam_account, nt_domain, PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_NO_MEMORY; - } - - if (!pdb_set_fullname(sam_account, unistr2_static(mem_ctx, &(info3->uni_full_name)), PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_NO_MEMORY; - } - - if (!pdb_set_logon_script(sam_account, unistr2_static(mem_ctx, &(info3->uni_logon_script)), PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_NO_MEMORY; - } - - if (!pdb_set_profile_path(sam_account, unistr2_static(mem_ctx, &(info3->uni_profile_path)), PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_NO_MEMORY; - } - - if (!pdb_set_homedir(sam_account, unistr2_static(mem_ctx, &(info3->uni_home_dir)), PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_NO_MEMORY; - } - - if (!pdb_set_dir_drive(sam_account, unistr2_static(mem_ctx, &(info3->uni_dir_drive)), PDB_CHANGED)) { - pdb_free_sam(&sam_account); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = make_server_info(server_info, sam_account))) { - DEBUG(4, ("make_server_info failed!\n")); - pdb_free_sam(&sam_account); - return nt_status; - } - - /* Store the user group information in the server_info - returned to the caller. */ - - if (!NT_STATUS_IS_OK(nt_status - = get_user_groups_from_local_sam(sam_account, - &n_lgroupSIDs, - &lgroupSIDs, - &unix_groups))) - { - DEBUG(4,("get_user_groups_from_local_sam failed\n")); - return nt_status; - } - - (*server_info)->groups = unix_groups; - (*server_info)->n_groups = n_lgroupSIDs; - - /* Create a 'combined' list of all SIDs we might want in the SD */ - all_group_SIDs = malloc(sizeof(DOM_SID) * - (n_lgroupSIDs + info3->num_groups2 + - info3->num_other_sids)); - if (!all_group_SIDs) { - DEBUG(0, ("create_nt_token_info3: malloc() failed for DOM_SID list!\n")); - SAFE_FREE(lgroupSIDs); - return NT_STATUS_NO_MEMORY; - } - - /* Copy the 'local' sids */ - memcpy(all_group_SIDs, lgroupSIDs, sizeof(DOM_SID) * n_lgroupSIDs); - SAFE_FREE(lgroupSIDs); - - /* and create (by appending rids) the 'domain' sids */ - for (i = 0; i < info3->num_groups2; i++) { - sid_copy(&all_group_SIDs[i+n_lgroupSIDs], &(info3->dom_sid.sid)); - if (!sid_append_rid(&all_group_SIDs[i+n_lgroupSIDs], info3->gids[i].g_rid)) { - nt_status = NT_STATUS_INVALID_PARAMETER; - DEBUG(3,("create_nt_token_info3: could not append additional group rid 0x%x\n", - info3->gids[i].g_rid)); - SAFE_FREE(lgroupSIDs); - return nt_status; - } - } - - /* Copy 'other' sids. We need to do sid filtering here to - prevent possible elevation of privileges. See: - - http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp - */ - - for (i = 0; i < info3->num_other_sids; i++) - sid_copy(&all_group_SIDs[ - n_lgroupSIDs + info3->num_groups2 + i], - &info3->other_sids[i].sid); - - /* Where are the 'global' sids... */ - - /* can the user be guest? if yes, where is it stored? */ - if (!NT_STATUS_IS_OK( - nt_status = create_nt_user_token( - &user_sid, &group_sid, - n_lgroupSIDs + info3->num_groups2 + info3->num_other_sids, - all_group_SIDs, False, &token))) { - DEBUG(4,("create_nt_user_token failed\n")); - SAFE_FREE(all_group_SIDs); - return nt_status; - } - - (*server_info)->ptok = token; - - SAFE_FREE(all_group_SIDs); - - return NT_STATUS_OK; -} - -/*************************************************************************** Free a user_info struct ***************************************************************************/ @@ -1102,7 +880,6 @@ void free_user_info(auth_usersupplied_info **user_info) SAFE_FREE((*user_info)->wksta_name.str); data_blob_free(&(*user_info)->lm_resp); data_blob_free(&(*user_info)->nt_resp); - SAFE_FREE((*user_info)->interactive_password); data_blob_clear_free(&(*user_info)->plaintext_password); ZERO_STRUCT(**user_info); } |