From 2a6a696e32798f2a2aabef61dfa421da6328d069 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 27 May 2010 03:21:35 -0400 Subject: s3:auth add function to convert wbcAuthUserInfo to netr_SamInfo3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/auth/server_info.c | 135 +++++++++++++++++++++++++++++++++++++++++++++ source3/include/proto.h | 2 + 2 files changed, 137 insertions(+) diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index e9ccdb6700..d9b25bda68 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -441,3 +441,138 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, return info3; } + +static NTSTATUS wbcsids_to_samr_RidWithAttributeArray( + TALLOC_CTX *mem_ctx, + struct samr_RidWithAttributeArray *groups, + const struct dom_sid *domain_sid, + const struct wbcSidWithAttr *sids, + size_t num_sids) +{ + unsigned int i; + bool ok; + + groups->rids = talloc_array(mem_ctx, + struct samr_RidWithAttribute, num_sids); + if (!groups->rids) { + return NT_STATUS_NO_MEMORY; + } + + /* a wbcDomainSid is the same as a dom_sid */ + for (i = 0; i < num_sids; i++) { + ok = sid_peek_check_rid(domain_sid, + (const struct dom_sid *)&sids[i].sid, + &groups->rids[i].rid); + if (!ok) continue; + + groups->rids[i].attributes = SE_GROUP_MANDATORY | + SE_GROUP_ENABLED_BY_DEFAULT | + SE_GROUP_ENABLED; + groups->count++; + } + + return NT_STATUS_OK; +} + +struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, + const struct wbcAuthUserInfo *info) +{ + struct netr_SamInfo3 *info3; + struct dom_sid user_sid; + struct dom_sid group_sid; + struct dom_sid domain_sid; + NTSTATUS status; + bool ok; + + memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid)); + memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid)); + + info3 = talloc_zero(mem_ctx, struct netr_SamInfo3); + if (!info3) return NULL; + + info3->base.last_logon = info->logon_time; + info3->base.last_logoff = info->logoff_time; + info3->base.acct_expiry = info->kickoff_time; + info3->base.last_password_change = info->pass_last_set_time; + info3->base.allow_password_change = info->pass_can_change_time; + info3->base.force_password_change = info->pass_must_change_time; + + if (info->account_name) { + info3->base.account_name.string = + talloc_strdup(info3, info->account_name); + RET_NOMEM(info3->base.account_name.string); + } + if (info->full_name) { + info3->base.full_name.string = + talloc_strdup(info3, info->full_name); + RET_NOMEM(info3->base.full_name.string); + } + if (info->logon_script) { + info3->base.logon_script.string = + talloc_strdup(info3, info->logon_script); + RET_NOMEM(info3->base.logon_script.string); + } + if (info->profile_path) { + info3->base.profile_path.string = + talloc_strdup(info3, info->profile_path); + RET_NOMEM(info3->base.profile_path.string); + } + if (info->home_directory) { + info3->base.home_directory.string = + talloc_strdup(info3, info->home_directory); + RET_NOMEM(info3->base.home_directory.string); + } + if (info->home_drive) { + info3->base.home_drive.string = + talloc_strdup(info3, info->home_drive); + RET_NOMEM(info3->base.home_drive.string); + } + + info3->base.logon_count = info->logon_count; + info3->base.bad_password_count = info->bad_password_count; + + sid_copy(&domain_sid, &user_sid); + sid_split_rid(&domain_sid, &info3->base.rid); + + ok = sid_peek_check_rid(&domain_sid, &group_sid, + &info3->base.primary_gid); + if (!ok) { + DEBUG(1, ("The primary group sid domain does not" + "match user sid domain for user: %s\n", + info->account_name)); + TALLOC_FREE(info3); + return NULL; + } + + status = wbcsids_to_samr_RidWithAttributeArray(info3, + &info3->base.groups, + &domain_sid, + &info->sids[1], + info->num_sids - 1); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(info3); + return NULL; + } + + info3->base.user_flags = info->user_flags; + memcpy(info3->base.key.key, info->user_session_key, 16); + + if (info->logon_server) { + info3->base.logon_server.string = + talloc_strdup(info3, info->logon_server); + RET_NOMEM(info3->base.logon_server.string); + } + if (info->domain_name) { + info3->base.domain.string = + talloc_strdup(info3, info->domain_name); + RET_NOMEM(info3->base.domain.string); + } + + info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid); + RET_NOMEM(info3->base.domain_sid); + + memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8); + info3->base.acct_flags = info->acct_flags; + + return info3; +} diff --git a/source3/include/proto.h b/source3/include/proto.h index ff7eb9383e..8c3f05eade 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -184,6 +184,8 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, struct netr_SamInfo3 **_info3); struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, struct netr_SamInfo3 *orig); +struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, + const struct wbcAuthUserInfo *info); /* The following definitions come from auth/auth_wbc.c */ -- cgit