From 9a7481bcfeff29495334eff8803878c2c238878f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 29 Jun 2005 13:55:09 +0000 Subject: r7993: Further work on the Krb5 PAC. We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466) --- source4/auth/auth_sam_reply.c | 109 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 source4/auth/auth_sam_reply.c (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c new file mode 100644 index 0000000000..2ff071f737 --- /dev/null +++ b/source4/auth/auth_sam_reply.c @@ -0,0 +1,109 @@ +/* + Unix SMB/CIFS implementation. + + Convert a server info struct into the form for PAC and NETLOGON replies + + Copyright (C) Andrew Bartlett 2004 + Copyright (C) Stefan Metzmacher 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "librpc/gen_ndr/ndr_netlogon.h" +#include "rpc_server/dcerpc_server.h" +#include "rpc_server/common/common.h" +#include "librpc/gen_ndr/ndr_dcom.h" +#include "auth/auth.h" +#include "lib/ldb/include/ldb.h" + +NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, + struct auth_serversupplied_info *server_info, + struct netr_SamBaseInfo **_sam) +{ + struct netr_SamBaseInfo *sam = talloc_zero(mem_ctx, struct netr_SamBaseInfo); + NT_STATUS_HAVE_NO_MEMORY(sam); + + sam->last_logon = server_info->last_logon; + sam->last_logoff = server_info->last_logoff; + sam->acct_expiry = server_info->acct_expiry; + sam->last_password_change = server_info->last_password_change; + sam->allow_password_change = server_info->allow_password_change; + sam->force_password_change = server_info->force_password_change; + + sam->account_name.string = server_info->account_name; + sam->full_name.string = server_info->full_name; + sam->logon_script.string = server_info->logon_script; + sam->profile_path.string = server_info->profile_path; + sam->home_directory.string = server_info->home_directory; + sam->home_drive.string = server_info->home_drive; + + sam->logon_count = server_info->logon_count; + sam->bad_password_count = sam->bad_password_count; + sam->rid = server_info->account_sid->sub_auths[server_info->account_sid->num_auths-1]; + sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1]; + + sam->groups.count = 0; + sam->groups.rids = NULL; + + if (server_info->n_domain_groups > 0) { + int i; + sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute, + server_info->n_domain_groups); + + if (sam->groups.rids == NULL) + return NT_STATUS_NO_MEMORY; + + for (i=0; in_domain_groups; i++) { + + struct dom_sid *group_sid = server_info->domain_groups[i]; + sam->groups.rids[sam->groups.count].rid = + group_sid->sub_auths[group_sid->num_auths-1]; + + sam->groups.rids[sam->groups.count].attributes = + SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sam->groups.count += 1; + } + } + + sam->user_flags = 0; /* TODO: w2k3 uses 0x120. We know 0x20 + * as extra sids (PAC doc) but what is + * 0x100? */ + sam->acct_flags = server_info->acct_flags; + sam->logon_server.string = lp_netbios_name(); + sam->domain.string = server_info->domain_name; + + sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); + NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); + sam->domain_sid->num_auths--; + + ZERO_STRUCT(sam->unknown); + + ZERO_STRUCT(sam->key); + if (server_info->user_session_key.length == sizeof(sam->key.key)) { + memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key)); + } + + ZERO_STRUCT(sam->LMSessKey); + if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) { + memcpy(sam->LMSessKey.key, server_info->lm_session_key.data, + sizeof(sam->LMSessKey.key)); + } + + *_sam = sam; + + return NT_STATUS_OK; +} + -- cgit From f1031746e51268d64559b9eb3ab1affbc436af00 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 5 Jul 2005 10:57:39 +0000 Subject: r8164: - match the ordering w2k3 uses for the PAC_BUFFER: LOGON_INFO LOGON_NAME SRV_CHECKSUM KDC_CHECKSUM - w2k3 also don't use the groupmembership array with rids it uses the othersids array metze (This used to be commit 2286fad27d749ebba14f5448f1f635bb36750c9c) --- source4/auth/auth_sam_reply.c | 81 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 2ff071f737..6b16d3e610 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -107,3 +107,84 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, + struct auth_serversupplied_info *server_info, + struct netr_SamInfo3 **_sam3) +{ + struct netr_SamBaseInfo *sam; + struct netr_SamInfo3 *sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3); + NT_STATUS_HAVE_NO_MEMORY(sam3); + + sam = &sam3->base; + + sam->last_logon = server_info->last_logon; + sam->last_logoff = server_info->last_logoff; + sam->acct_expiry = server_info->acct_expiry; + sam->last_password_change = server_info->last_password_change; + sam->allow_password_change = server_info->allow_password_change; + sam->force_password_change = server_info->force_password_change; + + sam->account_name.string = server_info->account_name; + sam->full_name.string = server_info->full_name; + sam->logon_script.string = server_info->logon_script; + sam->profile_path.string = server_info->profile_path; + sam->home_directory.string = server_info->home_directory; + sam->home_drive.string = server_info->home_drive; + + sam->logon_count = server_info->logon_count; + sam->bad_password_count = sam->bad_password_count; + sam->rid = server_info->account_sid->sub_auths[server_info->account_sid->num_auths-1]; + sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1]; + + sam->groups.count = 0; + sam->groups.rids = NULL; + + sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120. We know 0x20 + * as extra sids (PAC doc) but what is + * 0x100? */ + sam->acct_flags = server_info->acct_flags; + sam->logon_server.string = lp_netbios_name(); + sam->domain.string = server_info->domain_name; + + sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); + NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); + sam->domain_sid->num_auths--; + + ZERO_STRUCT(sam->unknown); + + ZERO_STRUCT(sam->key); + if (server_info->user_session_key.length == sizeof(sam->key.key)) { + memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key)); + } + + ZERO_STRUCT(sam->LMSessKey); + if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) { + memcpy(sam->LMSessKey.key, server_info->lm_session_key.data, + sizeof(sam->LMSessKey.key)); + } + + sam3->sidcount = 0; + sam3->sids = NULL; + + if (server_info->n_domain_groups > 0) { + int i; + sam3->sids = talloc_array(sam, struct netr_SidAttr, + server_info->n_domain_groups); + NT_STATUS_HAVE_NO_MEMORY(sam3->sids); + + for (i=0; in_domain_groups; i++) { + if (!dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { + continue; + } + sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); + sam3->sids[sam3->sidcount].attribute = + SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sam3->sidcount += 1; + } + } + + *_sam3 = sam3; + + return NT_STATUS_OK; +} + -- cgit From aa7d44c0d998e642d7b5b001834797d38faebfde Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 3 Aug 2005 23:14:38 +0000 Subject: r9022: One more step in the game of whack-a-mole with the PAC. This makes the PAC we generate match (closely) the PAC generated by my test win2k3 DC. Andrew Bartlett (This used to be commit 6172b1868020ac8e828c375f17f4c33fc40eaca4) --- source4/auth/auth_sam_reply.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 6b16d3e610..85a54979ce 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -117,6 +117,10 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam = &sam3->base; + sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); + NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); + sam->domain_sid->num_auths--; + sam->last_logon = server_info->last_logon; sam->last_logoff = server_info->last_logoff; sam->acct_expiry = server_info->acct_expiry; @@ -139,6 +143,26 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam->groups.count = 0; sam->groups.rids = NULL; + if (server_info->n_domain_groups > 0) { + int i; + sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute, + server_info->n_domain_groups); + NT_STATUS_HAVE_NO_MEMORY(sam->groups.rids); + + for (i=0; in_domain_groups; i++) { + struct dom_sid *group_sid = server_info->domain_groups[i]; + + if (!dom_sid_in_domain(sam->domain_sid, group_sid)) { + continue; + } + + sam->groups.rids[sam->groups.count].rid = group_sid->sub_auths[group_sid->num_auths-1]; + sam->groups.rids[sam->groups.count].attributes = + SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sam->groups.count += 1; + } + } + sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120. We know 0x20 * as extra sids (PAC doc) but what is * 0x100? */ @@ -146,10 +170,6 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam->logon_server.string = lp_netbios_name(); sam->domain.string = server_info->domain_name; - sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); - NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); - sam->domain_sid->num_auths--; - ZERO_STRUCT(sam->unknown); ZERO_STRUCT(sam->key); @@ -165,7 +185,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam3->sidcount = 0; sam3->sids = NULL; - +#if 0 if (server_info->n_domain_groups > 0) { int i; sam3->sids = talloc_array(sam, struct netr_SidAttr, @@ -173,7 +193,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(sam3->sids); for (i=0; in_domain_groups; i++) { - if (!dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { + if (dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { continue; } sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); @@ -182,7 +202,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, sam3->sidcount += 1; } } - +#endif *_sam3 = sam3; return NT_STATUS_OK; -- cgit From a0647a89a82e892292c421f5c968de2f28d42366 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 24 Oct 2005 07:11:40 +0000 Subject: r11272: In trying to track down why Win2k3 is again rejecting our PAC, ensure we can round-trip all the way back to a server_info structure, not just a filled in PAC_DATA. (I was worried about generated fields being incorrect, or some other logical flaw). Andrew Bartlett (This used to be commit 11b1d78cc550c60201d12f8778ca8533712a5b1e) --- source4/auth/auth_sam_reply.c | 120 +++++++++++------------------------------- 1 file changed, 32 insertions(+), 88 deletions(-) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 85a54979ce..2918dfd499 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -36,6 +36,10 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, struct netr_SamBaseInfo *sam = talloc_zero(mem_ctx, struct netr_SamBaseInfo); NT_STATUS_HAVE_NO_MEMORY(sam); + sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); + NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); + sam->domain_sid->num_auths--; + sam->last_logon = server_info->last_logon; sam->last_logoff = server_info->last_logoff; sam->acct_expiry = server_info->acct_expiry; @@ -67,8 +71,11 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; for (i=0; in_domain_groups; i++) { - struct dom_sid *group_sid = server_info->domain_groups[i]; + if (!dom_sid_in_domain(sam->domain_sid, group_sid)) { + /* We handle this elsewhere */ + continue; + } sam->groups.rids[sam->groups.count].rid = group_sid->sub_auths[group_sid->num_auths-1]; @@ -82,13 +89,9 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, * as extra sids (PAC doc) but what is * 0x100? */ sam->acct_flags = server_info->acct_flags; - sam->logon_server.string = lp_netbios_name(); + sam->logon_server.string = server_info->logon_server; sam->domain.string = server_info->domain_name; - sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); - NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); - sam->domain_sid->num_auths--; - ZERO_STRUCT(sam->unknown); ZERO_STRUCT(sam->key); @@ -113,96 +116,37 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, { struct netr_SamBaseInfo *sam; struct netr_SamInfo3 *sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3); + NTSTATUS status; + int i; NT_STATUS_HAVE_NO_MEMORY(sam3); - sam = &sam3->base; - - sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid); - NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid); - sam->domain_sid->num_auths--; - - sam->last_logon = server_info->last_logon; - sam->last_logoff = server_info->last_logoff; - sam->acct_expiry = server_info->acct_expiry; - sam->last_password_change = server_info->last_password_change; - sam->allow_password_change = server_info->allow_password_change; - sam->force_password_change = server_info->force_password_change; - - sam->account_name.string = server_info->account_name; - sam->full_name.string = server_info->full_name; - sam->logon_script.string = server_info->logon_script; - sam->profile_path.string = server_info->profile_path; - sam->home_directory.string = server_info->home_directory; - sam->home_drive.string = server_info->home_drive; - - sam->logon_count = server_info->logon_count; - sam->bad_password_count = sam->bad_password_count; - sam->rid = server_info->account_sid->sub_auths[server_info->account_sid->num_auths-1]; - sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1]; - - sam->groups.count = 0; - sam->groups.rids = NULL; - - if (server_info->n_domain_groups > 0) { - int i; - sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute, - server_info->n_domain_groups); - NT_STATUS_HAVE_NO_MEMORY(sam->groups.rids); - - for (i=0; in_domain_groups; i++) { - struct dom_sid *group_sid = server_info->domain_groups[i]; - - if (!dom_sid_in_domain(sam->domain_sid, group_sid)) { - continue; - } - - sam->groups.rids[sam->groups.count].rid = group_sid->sub_auths[group_sid->num_auths-1]; - sam->groups.rids[sam->groups.count].attributes = - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; - sam->groups.count += 1; - } + status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam); + if (!NT_STATUS_IS_OK(status)) { + return status; } - - sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120. We know 0x20 - * as extra sids (PAC doc) but what is - * 0x100? */ - sam->acct_flags = server_info->acct_flags; - sam->logon_server.string = lp_netbios_name(); - sam->domain.string = server_info->domain_name; - - ZERO_STRUCT(sam->unknown); - - ZERO_STRUCT(sam->key); - if (server_info->user_session_key.length == sizeof(sam->key.key)) { - memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key)); - } - - ZERO_STRUCT(sam->LMSessKey); - if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) { - memcpy(sam->LMSessKey.key, server_info->lm_session_key.data, - sizeof(sam->LMSessKey.key)); - } - + sam3->base = *sam; sam3->sidcount = 0; sam3->sids = NULL; -#if 0 - if (server_info->n_domain_groups > 0) { - int i; - sam3->sids = talloc_array(sam, struct netr_SidAttr, - server_info->n_domain_groups); - NT_STATUS_HAVE_NO_MEMORY(sam3->sids); - for (i=0; in_domain_groups; i++) { - if (dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { - continue; - } - sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); - sam3->sids[sam3->sidcount].attribute = - SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; - sam3->sidcount += 1; + + sam3->sids = talloc_array(sam, struct netr_SidAttr, + server_info->n_domain_groups); + NT_STATUS_HAVE_NO_MEMORY(sam3->sids); + + for (i=0; in_domain_groups; i++) { + if (dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) { + continue; } + sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); + sam3->sids[sam3->sidcount].attribute = + SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + sam3->sidcount += 1; + } + if (sam3->sidcount) { + sam3->base.user_flags |= NETLOGON_EXTRA_SIDS; + } else { + sam3->sids = NULL; } -#endif *_sam3 = sam3; return NT_STATUS_OK; -- cgit From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 Dec 2005 13:16:54 +0000 Subject: r12608: Remove some unused #include lines. (This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981) --- source4/auth/auth_sam_reply.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 2918dfd499..89b389aa83 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -22,12 +22,7 @@ */ #include "includes.h" -#include "librpc/gen_ndr/ndr_netlogon.h" -#include "rpc_server/dcerpc_server.h" -#include "rpc_server/common/common.h" -#include "librpc/gen_ndr/ndr_dcom.h" #include "auth/auth.h" -#include "lib/ldb/include/ldb.h" NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *server_info, -- cgit From 4ac2be99588b48b0652a524bf12fb1aa9c3f5fbb Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Mar 2006 11:07:23 +0000 Subject: r13924: Split more prototypes out of include/proto.h + initial work on header file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781) --- source4/auth/auth_sam_reply.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 89b389aa83..5ba2ab4306 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/auth.h" +#include "libcli/security/proto.h" NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *server_info, -- cgit From 1af925f394b1084779f5b1b5a10c2ec512d7e5be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 2 Apr 2006 12:02:01 +0000 Subject: r14860: create libcli/security/security.h metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf) --- source4/auth/auth_sam_reply.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 5ba2ab4306..0ea501d585 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -23,7 +23,7 @@ #include "includes.h" #include "auth/auth.h" -#include "libcli/security/proto.h" +#include "libcli/security/security.h" NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *server_info, -- cgit From 13dbee3ffea6065a826f010e50c9b4eb2c6ad109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:48:36 +0000 Subject: r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) --- source4/auth/auth_sam_reply.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 0ea501d585..b6e740a128 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -24,6 +24,7 @@ #include "includes.h" #include "auth/auth.h" #include "libcli/security/security.h" +#include "librpc/gen_ndr/ndr_netlogon.h" NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info *server_info, -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/auth/auth_sam_reply.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index b6e740a128..bbbda2dc89 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 0b3de65ac68d7b59deb502e341455599030e97ca Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Dec 2007 10:18:10 +0100 Subject: r26393: Fix inline comment. Guenther (This used to be commit 55c60a374325c875575b93b9792e48082934fb77) --- source4/auth/auth_sam_reply.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index bbbda2dc89..6ab220498d 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -81,9 +81,7 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx, } } - sam->user_flags = 0; /* TODO: w2k3 uses 0x120. We know 0x20 - * as extra sids (PAC doc) but what is - * 0x100? */ + sam->user_flags = 0; /* w2k3 uses NETLOGON_EXTRA_SIDS | NETLOGON_NTLMV2_ENABLED */ sam->acct_flags = server_info->acct_flags; sam->logon_server.string = server_info->logon_server; sam->domain.string = server_info->domain_name; -- cgit From a1c7b35bba183a7f274f8754a63d7d474f9f7def Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 24 Jan 2008 10:24:41 +0100 Subject: netlogon.idl: make use of bitmap samr_GroupAttrs metze (This used to be commit 6d68161e676d381600c77c3f862bd7e013968724) --- source4/auth/auth_sam_reply.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/auth/auth_sam_reply.c') diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c index 6ab220498d..ea6f0a1f60 100644 --- a/source4/auth/auth_sam_reply.c +++ b/source4/auth/auth_sam_reply.c @@ -132,7 +132,7 @@ NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx, continue; } sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]); - sam3->sids[sam3->sidcount].attribute = + sam3->sids[sam3->sidcount].attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; sam3->sidcount += 1; } -- cgit