From 03408267720cc1326be06fe1b6871b31ab18c097 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Mar 2010 21:23:46 +1100 Subject: s4:rpc_server Add all SIDs into the netlogon SamLogon reply We were missing the SIDs that are not in the domain. --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 84 +++++++++++++++++---------- 1 file changed, 52 insertions(+), 32 deletions(-) (limited to 'source4') diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index ba27b014ea..f7df8e9452 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -617,8 +617,58 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal nt_status = auth_check_password(auth_context, mem_ctx, user_info, &server_info); NT_STATUS_NOT_OK_RETURN(nt_status); - nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam); - NT_STATUS_NOT_OK_RETURN(nt_status); + switch (r->in.validation_level) { + case 2: + nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, &sam); + NT_STATUS_NOT_OK_RETURN(nt_status); + + sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2); + NT_STATUS_HAVE_NO_MEMORY(sam2); + sam2->base = *sam; + + /* And put into the talloc tree */ + talloc_steal(sam2, sam); + r->out.validation->sam2 = sam2; + + sam = &sam2->base; + break; + + case 3: + nt_status = auth_convert_server_info_saminfo3(mem_ctx, + server_info, + &sam3); + NT_STATUS_NOT_OK_RETURN(nt_status); + + r->out.validation->sam3 = sam3; + + sam = &sam3->base; + break; + + case 6: + nt_status = auth_convert_server_info_saminfo3(mem_ctx, + server_info, + &sam3); + NT_STATUS_NOT_OK_RETURN(nt_status); + + sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6); + NT_STATUS_HAVE_NO_MEMORY(sam6); + sam6->base = sam3->base; + sam6->sidcount = sam3->sidcount; + sam6->sids = sam3->sids; + + sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx); + sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", + sam->account_name.string, sam6->forest.string); + NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string); + /* And put into the talloc tree */ + talloc_steal(sam6, sam3); + + r->out.validation->sam6 = sam6; + break; + + default: + break; + } /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ /* It appears that level 6 is not individually encrypted */ @@ -646,36 +696,6 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal } } - switch (r->in.validation_level) { - case 2: - sam2 = talloc_zero(mem_ctx, struct netr_SamInfo2); - NT_STATUS_HAVE_NO_MEMORY(sam2); - sam2->base = *sam; - r->out.validation->sam2 = sam2; - break; - - case 3: - sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3); - NT_STATUS_HAVE_NO_MEMORY(sam3); - sam3->base = *sam; - r->out.validation->sam3 = sam3; - break; - - case 6: - sam6 = talloc_zero(mem_ctx, struct netr_SamInfo6); - NT_STATUS_HAVE_NO_MEMORY(sam6); - sam6->base = *sam; - sam6->forest.string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx); - sam6->principle.string = talloc_asprintf(mem_ctx, "%s@%s", - sam->account_name.string, sam6->forest.string); - NT_STATUS_HAVE_NO_MEMORY(sam6->principle.string); - r->out.validation->sam6 = sam6; - break; - - default: - break; - } - *r->out.authoritative = 1; /* TODO: Describe and deal with these flags */ -- cgit