5 files changed, 149 insertions, 109 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index f22ca348e6..60807deac4 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -170,6 +170,11 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 	DEBUG(3, ("check_ntlm_password:  mapped user is: [%s]\\[%s]@[%s]\n", 
 		  user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str));
 
+	if (auth_context->challenge.length == 0) {
+		/* get a challenge, if we have not asked for one yet */
+		get_ntlm_challenge(auth_context);
+	}
+
 	if (auth_context->challenge.length != 8) {
 		DEBUG(0, ("check_ntlm_password:  Invalid challenge stored for this auth context - cannot continue\n"));
 		return NT_STATUS_LOGON_FAILURE;
@@ -251,10 +256,10 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
  Clear out a auth_context, and destroy the attached TALLOC_CTX
 ***************************************************************************/
 
-static void free_auth_context(struct auth_context **auth_context)
+void free_auth_context(struct auth_context **auth_context)
 {
 	struct auth_methods *auth_method;
-
+	
 	if (*auth_context) {
 		/* Free private data of context's authentication methods */
 		for (auth_method = (*auth_context)->auth_method_list; auth_method; auth_method = auth_method->next) {
@@ -290,7 +295,6 @@ static NTSTATUS make_auth_context(struct auth_context **auth_context)
 	(*auth_context)->mem_ctx = mem_ctx;
 	(*auth_context)->check_ntlm_password = check_ntlm_password;
 	(*auth_context)->get_ntlm_challenge = get_ntlm_challenge;
-	(*auth_context)->free = free_auth_context;
 	
 	return NT_STATUS_OK;
 }
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 8ef8ffcc18..dea068f078 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -71,20 +71,22 @@ struct auth_serversupplied_info
 	DATA_BLOB user_session_key;
 	DATA_BLOB lm_session_key;
 
-	char *account_name;
-	char *full_name;
-	char *logon_script;
-	char *profile_path;
-	char *home_dir;
-	char *home_drive;
+	const char *account_name;
+	const char *domain;
+
+	const char *full_name;
+	const char *logon_script;
+	const char *profile_path;
+	const char *home_directory;
+	const char *home_drive;
+	
+	NTTIME last_logon;
+	NTTIME last_logoff;
+	NTTIME acct_expiry;
+	NTTIME last_password_change;
+	NTTIME allow_password_change;
+	NTTIME force_password_change;
 	
-	NTTIME logon_time;
-	NTTIME logoff_time;
-	NTTIME kickoff_time;
-	NTTIME password_last_set;
-	NTTIME password_can_change;
-	NTTIME password_must_change;
-
 	uint16 logon_count;
 	uint16 bad_password_count;
 	
@@ -121,7 +123,6 @@ struct auth_context {
 					const struct auth_usersupplied_info *user_info, 
 					struct auth_serversupplied_info **server_info);
 	NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
-	void (*free)(struct auth_context **auth_context);
 };
 
 struct auth_methods
diff --git a/source4/auth/auth_ntlmssp.c b/source4/auth/auth_ntlmssp.c
index 50ec07fe41..622a89c939 100644
--- a/source4/auth/auth_ntlmssp.c
+++ b/source4/auth/auth_ntlmssp.c
@@ -174,7 +174,7 @@ void auth_ntlmssp_end(struct auth_ntlmssp_state **auth_ntlmssp_state)
 		ntlmssp_end(&(*auth_ntlmssp_state)->ntlmssp_state);
 	}
 	if ((*auth_ntlmssp_state)->auth_context) {
-		((*auth_ntlmssp_state)->auth_context->free)(&(*auth_ntlmssp_state)->auth_context);
+		free_auth_context(&(*auth_ntlmssp_state)->auth_context);
 	}
 	if ((*auth_ntlmssp_state)->server_info) {
 		free_server_info(&(*auth_ntlmssp_state)->server_info);
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 2481b97ce6..e7f428c922 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -196,6 +196,19 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 			       "accountExpires",
 			       "objectSid",
 			       "userWorkstations",
+			       
+			       /* required for server_info, not access control: */
+			       "sAMAaccountName",
+			       "displayName",
+			       "scriptPath",
+			       "profilePath",
+			       "homeDirectory",
+			       "homeDrive",
+			       "lastLogon",
+			       "lastLogoff",
+			       "accountExpires",
+			       "badPwdCount",
+			       "logonCount",
 			       NULL,
 	};
 
@@ -346,14 +359,67 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 		
 		(*server_info)->n_domain_groups = group_ret;
 		(*server_info)->domain_groups = groupSIDs;
-
 	}
 
+	(*server_info)->account_name 
+		= talloc_strdup((*server_info)->mem_ctx, 
+				samdb_result_string(msgs[0], "sAMAccountName", ""));
+
+	(*server_info)->domain
+		= talloc_strdup((*server_info)->mem_ctx, 
+				samdb_result_string(msgs_domain[0], "name", ""));
+
+	(*server_info)->full_name 
+		= talloc_strdup((*server_info)->mem_ctx, 
+				samdb_result_string(msgs[0], "displayName", ""));
+
+	(*server_info)->logon_script 
+		= talloc_strdup((*server_info)->mem_ctx, 
+				samdb_result_string(msgs[0], "scriptPath", ""));
+	(*server_info)->profile_path 
+		= talloc_strdup((*server_info)->mem_ctx, 
+				samdb_result_string(msgs[0], "profilePath", ""));
+	(*server_info)->home_directory 
+		= talloc_strdup((*server_info)->mem_ctx, 
+				samdb_result_string(msgs[0], "homeDirectory", ""));
+
+	(*server_info)->home_drive 
+		= talloc_strdup((*server_info)->mem_ctx, 
+				samdb_result_string(msgs[0], "homeDrive", ""));
+
+	(*server_info)->last_logon = samdb_result_nttime(msgs[0], "lastLogon", 0);
+	(*server_info)->last_logoff = samdb_result_nttime(msgs[0], "lastLogoff", 0);
+	(*server_info)->acct_expiry = samdb_result_nttime(msgs[0], "accountExpires", 0);
+	(*server_info)->last_password_change = samdb_result_nttime(msgs[0], "pwdLastSet", 0);
+	(*server_info)->allow_password_change
+		= samdb_result_allow_password_change(sam_ctx, mem_ctx, 
+						     domain_dn, msgs[0], "pwdLastSet");
+	(*server_info)->allow_password_change
+		= samdb_result_force_password_change(sam_ctx, mem_ctx, 
+						     domain_dn, msgs[0], "pwdLastSet");
+
+	(*server_info)->logon_count = samdb_result_uint(msgs[0], "logonCount", 0);
+	(*server_info)->bad_password_count = samdb_result_uint(msgs[0], "badPwdCount", 0);
+
+	(*server_info)->acct_flags = samdb_result_acct_flags(msgs[0], "userAccountControl");
+
 	(*server_info)->guest = False;
 
 	(*server_info)->user_session_key = user_sess_key;
 	(*server_info)->lm_session_key = lm_sess_key;
 
+	if (!(*server_info)->account_name 
+	    || !(*server_info)->full_name 
+	    || !(*server_info)->logon_script
+	    || !(*server_info)->profile_path
+	    || !(*server_info)->home_directory
+	    || !(*server_info)->home_drive) {
+		talloc_destroy((*server_info)->mem_ctx);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	samdb_close(sam_ctx);
+
 	return nt_status;
 }
 
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 8fc1d2ac59..c505d4a88e 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -157,14 +157,13 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
  Decrypt and encrypt the passwords.
 ****************************************************************************/
 
-BOOL make_user_info_netlogon_network(struct auth_usersupplied_info **user_info, 
+NTSTATUS make_user_info_netlogon_network(struct auth_usersupplied_info **user_info, 
 				     const char *smb_name, 
 				     const char *client_domain, 
 				     const char *wksta_name, 
 				     const uint8_t *lm_network_password, int lm_password_len,
 				     const uint8_t *nt_network_password, int nt_password_len)
 {
-	BOOL ret;
 	NTSTATUS nt_status;
 	DATA_BLOB lm_blob = data_blob(lm_network_password, lm_password_len);
 	DATA_BLOB nt_blob = data_blob(nt_network_password, nt_password_len);
@@ -177,11 +176,9 @@ BOOL make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
 				       NULL, NULL, NULL,
 				       True);
 	
-	ret = NT_STATUS_IS_OK(nt_status) ? True : False;
-		
 	data_blob_free(&lm_blob);
 	data_blob_free(&nt_blob);
-	return ret;
+	return nt_status;
 }
 
 /****************************************************************************
@@ -189,99 +186,51 @@ BOOL make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
  Decrypt and encrypt the passwords.
 ****************************************************************************/
 
-BOOL make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info, 
-					 const char *smb_name, 
-					 const char *client_domain, 
-					 const char *wksta_name, 
-					 const uint8_t chal[8], 
-					 const uint8_t lm_interactive_password[16], 
-					 const uint8_t nt_interactive_password[16], 
-					 const uint8_t *dc_sess_key)
+NTSTATUS make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info, 
+					     const char *smb_name, 
+					     const char *client_domain, 
+					     const char *wksta_name, 
+					     const uint8_t chal[8], 
+					     const struct samr_Password *lm_interactive_password, 
+					     const struct samr_Password *nt_interactive_password)
 {
-	char lm_password[16];
-	char nt_password[16];
+	NTSTATUS nt_status;
+	DATA_BLOB local_lm_blob;
+	DATA_BLOB local_nt_blob;
+	
+	DATA_BLOB lm_interactive_blob;
+	DATA_BLOB nt_interactive_blob;
 	uint8_t local_lm_response[24];
 	uint8_t local_nt_response[24];
-	uint8_t key[16];
-	
-	ZERO_STRUCT(key);
-	memcpy(key, dc_sess_key, 8);
-	
-	if (lm_interactive_password) memcpy(lm_password, lm_interactive_password, sizeof(lm_password));
-	if (nt_interactive_password) memcpy(nt_password, nt_interactive_password, sizeof(nt_password));
-	
-#ifdef DEBUG_PASSWORD
-	DEBUG(100,("key:"));
-	dump_data(100, (char *)key, sizeof(key));
 	
-	DEBUG(100,("lm owf password:"));
-	dump_data(100, lm_password, sizeof(lm_password));
+	SMBOWFencrypt(lm_interactive_password->hash, chal, local_lm_response);
+	SMBOWFencrypt(nt_interactive_password->hash, chal, local_nt_response);
 	
-	DEBUG(100,("nt owf password:"));
-	dump_data(100, nt_password, sizeof(nt_password));
-#endif
+	local_lm_blob = data_blob(local_lm_response, 
+				  sizeof(local_lm_response));
+	lm_interactive_blob = data_blob(lm_interactive_password, 
+					sizeof(lm_interactive_password));
 	
-	if (lm_interactive_password)
-		arcfour_crypt((uint8_t *)lm_password, key, sizeof(lm_password));
-	
-	if (nt_interactive_password)
-		arcfour_crypt((uint8_t *)nt_password, key, sizeof(nt_password));
-	
-#ifdef DEBUG_PASSWORD
-	DEBUG(100,("decrypt of lm owf password:"));
-	dump_data(100, lm_password, sizeof(lm_password));
-	
-	DEBUG(100,("decrypt of nt owf password:"));
-	dump_data(100, nt_password, sizeof(nt_password));
-#endif
+	local_nt_blob = data_blob(local_nt_response, 
+				  sizeof(local_nt_response));
+	nt_interactive_blob = data_blob(nt_interactive_password, 
+					sizeof(nt_interactive_password));
 	
-	if (lm_interactive_password)
-		SMBOWFencrypt((const uint8_t *)lm_password, chal, local_lm_response);
-
-	if (nt_interactive_password)
-		SMBOWFencrypt((const uint8_t *)nt_password, chal, local_nt_response);
+	nt_status = make_user_info_map(user_info, 
+				       smb_name, client_domain, 
+				       wksta_name, 
+				       &local_lm_blob,
+				       &local_nt_blob,
+				       &lm_interactive_blob,
+				       &nt_interactive_blob,
+				       NULL,
+				       True);
 	
-	/* Password info paranoia */
-	ZERO_STRUCT(key);
-
-	{
-		BOOL ret;
-		NTSTATUS nt_status;
-		DATA_BLOB local_lm_blob;
-		DATA_BLOB local_nt_blob;
-
-		DATA_BLOB lm_interactive_blob;
-		DATA_BLOB nt_interactive_blob;
-		
-		if (lm_interactive_password) {
-			local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response));
-			lm_interactive_blob = data_blob(lm_password, sizeof(lm_password));
-			ZERO_STRUCT(lm_password);
-		}
-		
-		if (nt_interactive_password) {
-			local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response));
-			nt_interactive_blob = data_blob(nt_password, sizeof(nt_password));
-			ZERO_STRUCT(nt_password);
-		}
-
-		nt_status = make_user_info_map(user_info, 
-		                               smb_name, client_domain, 
-		                               wksta_name, 
-		                               lm_interactive_password ? &local_lm_blob : NULL,
-		                               nt_interactive_password ? &local_nt_blob : NULL,
-		                               lm_interactive_password ? &lm_interactive_blob : NULL,
-		                               nt_interactive_password ? &nt_interactive_blob : NULL,
-		                               NULL,
-		                               True);
-
-		ret = NT_STATUS_IS_OK(nt_status) ? True : False;
-		data_blob_free(&local_lm_blob);
-		data_blob_free(&local_nt_blob);
-		data_blob_free(&lm_interactive_blob);
-		data_blob_free(&nt_interactive_blob);
-		return ret;
-	}
+	data_blob_free(&local_lm_blob);
+	data_blob_free(&local_nt_blob);
+	data_blob_free(&lm_interactive_blob);
+	data_blob_free(&nt_interactive_blob);
+	return nt_status;
 }
 
 
@@ -532,6 +481,26 @@ NTSTATUS make_server_info_guest(struct auth_serversupplied_info **server_info)
 	(*server_info)->user_session_key = data_blob(zeros, sizeof(zeros));
 	(*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros));
 
+	(*server_info)->account_name = "";
+	(*server_info)->domain = "";
+	(*server_info)->full_name = "Anonymous";
+	(*server_info)->logon_script = "";
+	(*server_info)->profile_path = "";
+	(*server_info)->home_directory = "";
+	(*server_info)->home_drive = "";
+
+	(*server_info)->last_logon = 0;
+	(*server_info)->last_logoff = 0;
+	(*server_info)->acct_expiry = 0;
+	(*server_info)->last_password_change = 0;
+	(*server_info)->allow_password_change = 0;
+	(*server_info)->force_password_change = 0;
+
+	(*server_info)->logon_count = 0;
+	(*server_info)->bad_password_count = 0;
+
+	(*server_info)->acct_flags = ACB_NORMAL;
+
 	return nt_status;
 }