From 52b28ec813ff3696606fc8f3a6bf4759a1a104e5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 18 Jul 2011 13:55:20 +1000 Subject: auth: Split out make_user_info_SamBaseInfo and add authenticated argument This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell --- auth/auth_sam_reply.c | 84 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 55 insertions(+), 29 deletions(-) (limited to 'auth/auth_sam_reply.c') diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c index 5cd4530eff..1644278bf0 100644 --- a/auth/auth_sam_reply.c +++ b/auth/auth_sam_reply.c @@ -174,6 +174,53 @@ NTSTATUS auth_convert_user_info_dc_saminfo3(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/** + * Make a user_info struct from the info3 or similar returned by a domain logon. + * + * The netr_SamInfo3 is also a key structure in the source3 auth subsystem + */ + +NTSTATUS make_user_info_SamBaseInfo(TALLOC_CTX *mem_ctx, + const char *account_name, + struct netr_SamBaseInfo *base, + bool authenticated, + struct auth_user_info **_user_info) +{ + struct auth_user_info *info; + + info = talloc_zero(mem_ctx, struct auth_user_info); + NT_STATUS_HAVE_NO_MEMORY(info); + + if (base->account_name.string) { + info->account_name = talloc_reference(info, base->account_name.string); + } else { + info->account_name = talloc_strdup(info, account_name); + NT_STATUS_HAVE_NO_MEMORY(info->account_name); + } + + info->domain_name = talloc_reference(info, base->domain.string); + info->full_name = talloc_reference(info, base->full_name.string); + info->logon_script = talloc_reference(info, base->logon_script.string); + info->profile_path = talloc_reference(info, base->profile_path.string); + info->home_directory = talloc_reference(info, base->home_directory.string); + info->home_drive = talloc_reference(info, base->home_drive.string); + info->logon_server = talloc_reference(info, base->logon_server.string); + info->last_logon = base->last_logon; + info->last_logoff = base->last_logoff; + info->acct_expiry = base->acct_expiry; + info->last_password_change = base->last_password_change; + info->allow_password_change = base->allow_password_change; + info->force_password_change = base->force_password_change; + info->logon_count = base->logon_count; + info->bad_password_count = base->bad_password_count; + info->acct_flags = base->acct_flags; + + info->authenticated = authenticated; + + *_user_info = info; + return NT_STATUS_OK; +} + /** * Make a user_info_dc struct from the info3 returned by a domain logon */ @@ -181,10 +228,11 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, const char *account_name, uint16_t validation_level, union netr_Validation *validation, + bool authenticated, struct auth_user_info_dc **_user_info_dc) { + NTSTATUS status; struct auth_user_info_dc *user_info_dc; - struct auth_user_info *info; struct netr_SamBaseInfo *base = NULL; uint32_t i; @@ -287,35 +335,11 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, /* Where are the 'global' sids?... */ } - user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); - NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); - - if (base->account_name.string) { - info->account_name = talloc_reference(info, base->account_name.string); - } else { - info->account_name = talloc_strdup(info, account_name); - NT_STATUS_HAVE_NO_MEMORY(info->account_name); + status = make_user_info_SamBaseInfo(user_info_dc, account_name, base, authenticated, &user_info_dc->info); + if (!NT_STATUS_IS_OK(status)) { + return status; } - info->domain_name = talloc_reference(info, base->domain.string); - info->full_name = talloc_reference(info, base->full_name.string); - info->logon_script = talloc_reference(info, base->logon_script.string); - info->profile_path = talloc_reference(info, base->profile_path.string); - info->home_directory = talloc_reference(info, base->home_directory.string); - info->home_drive = talloc_reference(info, base->home_drive.string); - info->logon_server = talloc_reference(info, base->logon_server.string); - info->last_logon = base->last_logon; - info->last_logoff = base->last_logoff; - info->acct_expiry = base->acct_expiry; - info->last_password_change = base->last_password_change; - info->allow_password_change = base->allow_password_change; - info->force_password_change = base->force_password_change; - info->logon_count = base->logon_count; - info->bad_password_count = base->bad_password_count; - info->acct_flags = base->acct_flags; - - info->authenticated = true; - /* ensure we are never given NULL session keys */ if (all_zero(base->key.key, sizeof(base->key.key))) { @@ -350,7 +374,9 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx, validation.sam3 = &pac_logon_info->info3; - nt_status = make_user_info_dc_netlogon_validation(mem_ctx, "", 3, &validation, &user_info_dc); + nt_status = make_user_info_dc_netlogon_validation(mem_ctx, "", 3, &validation, + true, /* This user was authenticated */ + &user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } -- cgit