mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
r8164: - match the ordering w2k3 uses for the PAC_BUFFER:
LOGON_INFO LOGON_NAME SRV_CHECKSUM KDC_CHECKSUM - w2k3 also don't use the groupmembership array with rids it uses the othersids array metze
This commit is contained in:
parent
a9ff35a1a2
commit
2286fad27d
@ -107,3 +107,84 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
|
||||
struct auth_serversupplied_info *server_info,
|
||||
struct netr_SamInfo3 **_sam3)
|
||||
{
|
||||
struct netr_SamBaseInfo *sam;
|
||||
struct netr_SamInfo3 *sam3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
|
||||
NT_STATUS_HAVE_NO_MEMORY(sam3);
|
||||
|
||||
sam = &sam3->base;
|
||||
|
||||
sam->last_logon = server_info->last_logon;
|
||||
sam->last_logoff = server_info->last_logoff;
|
||||
sam->acct_expiry = server_info->acct_expiry;
|
||||
sam->last_password_change = server_info->last_password_change;
|
||||
sam->allow_password_change = server_info->allow_password_change;
|
||||
sam->force_password_change = server_info->force_password_change;
|
||||
|
||||
sam->account_name.string = server_info->account_name;
|
||||
sam->full_name.string = server_info->full_name;
|
||||
sam->logon_script.string = server_info->logon_script;
|
||||
sam->profile_path.string = server_info->profile_path;
|
||||
sam->home_directory.string = server_info->home_directory;
|
||||
sam->home_drive.string = server_info->home_drive;
|
||||
|
||||
sam->logon_count = server_info->logon_count;
|
||||
sam->bad_password_count = sam->bad_password_count;
|
||||
sam->rid = server_info->account_sid->sub_auths[server_info->account_sid->num_auths-1];
|
||||
sam->primary_gid = server_info->primary_group_sid->sub_auths[server_info->primary_group_sid->num_auths-1];
|
||||
|
||||
sam->groups.count = 0;
|
||||
sam->groups.rids = NULL;
|
||||
|
||||
sam->user_flags = 0x20; /* TODO: w2k3 uses 0x120. We know 0x20
|
||||
* as extra sids (PAC doc) but what is
|
||||
* 0x100? */
|
||||
sam->acct_flags = server_info->acct_flags;
|
||||
sam->logon_server.string = lp_netbios_name();
|
||||
sam->domain.string = server_info->domain_name;
|
||||
|
||||
sam->domain_sid = dom_sid_dup(mem_ctx, server_info->account_sid);
|
||||
NT_STATUS_HAVE_NO_MEMORY(sam->domain_sid);
|
||||
sam->domain_sid->num_auths--;
|
||||
|
||||
ZERO_STRUCT(sam->unknown);
|
||||
|
||||
ZERO_STRUCT(sam->key);
|
||||
if (server_info->user_session_key.length == sizeof(sam->key.key)) {
|
||||
memcpy(sam->key.key, server_info->user_session_key.data, sizeof(sam->key.key));
|
||||
}
|
||||
|
||||
ZERO_STRUCT(sam->LMSessKey);
|
||||
if (server_info->lm_session_key.length == sizeof(sam->LMSessKey.key)) {
|
||||
memcpy(sam->LMSessKey.key, server_info->lm_session_key.data,
|
||||
sizeof(sam->LMSessKey.key));
|
||||
}
|
||||
|
||||
sam3->sidcount = 0;
|
||||
sam3->sids = NULL;
|
||||
|
||||
if (server_info->n_domain_groups > 0) {
|
||||
int i;
|
||||
sam3->sids = talloc_array(sam, struct netr_SidAttr,
|
||||
server_info->n_domain_groups);
|
||||
NT_STATUS_HAVE_NO_MEMORY(sam3->sids);
|
||||
|
||||
for (i=0; i<server_info->n_domain_groups; i++) {
|
||||
if (!dom_sid_in_domain(sam->domain_sid, server_info->domain_groups[i])) {
|
||||
continue;
|
||||
}
|
||||
sam3->sids[sam3->sidcount].sid = talloc_reference(sam3->sids,server_info->domain_groups[i]);
|
||||
sam3->sids[sam3->sidcount].attribute =
|
||||
SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED;
|
||||
sam3->sidcount += 1;
|
||||
}
|
||||
}
|
||||
|
||||
*_sam3 = sam3;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
@ -230,7 +230,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
DATA_BLOB server_checksum_blob;
|
||||
krb5_error_code ret;
|
||||
struct PAC_DATA *pac_data = talloc(mem_ctx, struct PAC_DATA);
|
||||
struct netr_SamBaseInfo *sam;
|
||||
struct netr_SamInfo3 *sam3;
|
||||
struct timeval tv = timeval_current();
|
||||
union PAC_INFO *u_LOGON_INFO;
|
||||
struct PAC_LOGON_INFO *LOGON_INFO;
|
||||
@ -244,8 +244,8 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
enum {
|
||||
PAC_BUF_LOGON_INFO = 0,
|
||||
PAC_BUF_LOGON_NAME = 1,
|
||||
PAC_BUF_KDC_CHECKSUM = 2,
|
||||
PAC_BUF_SRV_CHECKSUM = 3,
|
||||
PAC_BUF_SRV_CHECKSUM = 2,
|
||||
PAC_BUF_KDC_CHECKSUM = 3,
|
||||
PAC_BUF_NUM_BUFFERS = 4
|
||||
};
|
||||
|
||||
@ -283,16 +283,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
pac_data->buffers[PAC_BUF_LOGON_NAME].info = u_LOGON_NAME;
|
||||
LOGON_NAME = &u_LOGON_NAME->logon_name;
|
||||
|
||||
/* KDC_CHECKSUM */
|
||||
u_KDC_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
|
||||
if (!u_KDC_CHECKSUM) {
|
||||
talloc_free(pac_data);
|
||||
return ENOMEM;
|
||||
}
|
||||
pac_data->buffers[PAC_BUF_KDC_CHECKSUM].type = PAC_TYPE_KDC_CHECKSUM;
|
||||
pac_data->buffers[PAC_BUF_KDC_CHECKSUM].info = u_KDC_CHECKSUM;
|
||||
KDC_CHECKSUM = &u_KDC_CHECKSUM->kdc_cksum;
|
||||
|
||||
/* SRV_CHECKSUM */
|
||||
u_SRV_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
|
||||
if (!u_SRV_CHECKSUM) {
|
||||
@ -303,6 +293,16 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
pac_data->buffers[PAC_BUF_SRV_CHECKSUM].info = u_SRV_CHECKSUM;
|
||||
SRV_CHECKSUM = &u_SRV_CHECKSUM->srv_cksum;
|
||||
|
||||
/* KDC_CHECKSUM */
|
||||
u_KDC_CHECKSUM = talloc_zero(pac_data->buffers, union PAC_INFO);
|
||||
if (!u_KDC_CHECKSUM) {
|
||||
talloc_free(pac_data);
|
||||
return ENOMEM;
|
||||
}
|
||||
pac_data->buffers[PAC_BUF_KDC_CHECKSUM].type = PAC_TYPE_KDC_CHECKSUM;
|
||||
pac_data->buffers[PAC_BUF_KDC_CHECKSUM].info = u_KDC_CHECKSUM;
|
||||
KDC_CHECKSUM = &u_KDC_CHECKSUM->kdc_cksum;
|
||||
|
||||
/* now the real work begins... */
|
||||
|
||||
LOGON_INFO = talloc_zero(u_LOGON_INFO, struct PAC_LOGON_INFO);
|
||||
@ -310,7 +310,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
talloc_free(pac_data);
|
||||
return ENOMEM;
|
||||
}
|
||||
nt_status = auth_convert_server_info_sambaseinfo(LOGON_INFO, server_info, &sam);
|
||||
nt_status = auth_convert_server_info_saminfo3(LOGON_INFO, server_info, &sam3);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(1, ("Getting Samba info failed: %s\n", nt_errstr(nt_status)));
|
||||
talloc_free(pac_data);
|
||||
@ -318,7 +318,8 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
|
||||
}
|
||||
|
||||
u_LOGON_INFO->logon_info.info = LOGON_INFO;
|
||||
LOGON_INFO->info3.base = *sam;
|
||||
LOGON_INFO->info3 = *sam3;
|
||||
LOGON_INFO->info3.base.last_logon = timeval_to_nttime(&tv);
|
||||
|
||||
LOGON_NAME->account_name = server_info->account_name;
|
||||
LOGON_NAME->logon_time = timeval_to_nttime(&tv);
|
||||
|
@ -104,6 +104,7 @@ struct netr_Credential;
|
||||
struct netr_Authenticator;
|
||||
union netr_Validation;
|
||||
struct netr_SamBaseInfo;
|
||||
struct netr_SamInfo3;
|
||||
|
||||
struct iface_struct;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user