mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
This includes user_principal_name and dns_domain_name. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
b8068e0199
commit
3eba60aa65
@ -66,7 +66,7 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
|
||||
|
||||
struct wbcAuthUserInfo;
|
||||
|
||||
struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
|
||||
struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx,
|
||||
const struct wbcAuthUserInfo *info);
|
||||
|
||||
#undef _PRINTF_ATTRIBUTE
|
||||
|
@ -106,14 +106,14 @@ static NTSTATUS wbcsids_to_netr_SidAttrArray(
|
||||
|
||||
#define RET_NOMEM(ptr) do { \
|
||||
if (!ptr) { \
|
||||
TALLOC_FREE(info3); \
|
||||
TALLOC_FREE(info6); \
|
||||
return NULL; \
|
||||
} } while(0)
|
||||
|
||||
struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
|
||||
struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx,
|
||||
const struct wbcAuthUserInfo *info)
|
||||
{
|
||||
struct netr_SamInfo3 *info3;
|
||||
struct netr_SamInfo6 *info6;
|
||||
struct dom_sid user_sid;
|
||||
struct dom_sid group_sid;
|
||||
struct dom_sid domain_sid;
|
||||
@ -123,110 +123,120 @@ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
|
||||
memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
|
||||
memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
|
||||
|
||||
info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
|
||||
if (!info3) return NULL;
|
||||
info6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
|
||||
if (!info6) return NULL;
|
||||
|
||||
unix_to_nt_time(&info3->base.logon_time, info->logon_time);
|
||||
unix_to_nt_time(&info3->base.logoff_time, info->logoff_time);
|
||||
unix_to_nt_time(&info3->base.kickoff_time, info->kickoff_time);
|
||||
unix_to_nt_time(&info3->base.last_password_change, info->pass_last_set_time);
|
||||
unix_to_nt_time(&info3->base.allow_password_change,
|
||||
unix_to_nt_time(&info6->base.logon_time, info->logon_time);
|
||||
unix_to_nt_time(&info6->base.logoff_time, info->logoff_time);
|
||||
unix_to_nt_time(&info6->base.kickoff_time, info->kickoff_time);
|
||||
unix_to_nt_time(&info6->base.last_password_change, info->pass_last_set_time);
|
||||
unix_to_nt_time(&info6->base.allow_password_change,
|
||||
info->pass_can_change_time);
|
||||
unix_to_nt_time(&info3->base.force_password_change,
|
||||
unix_to_nt_time(&info6->base.force_password_change,
|
||||
info->pass_must_change_time);
|
||||
|
||||
if (info->account_name) {
|
||||
info3->base.account_name.string =
|
||||
talloc_strdup(info3, info->account_name);
|
||||
RET_NOMEM(info3->base.account_name.string);
|
||||
info6->base.account_name.string =
|
||||
talloc_strdup(info6, info->account_name);
|
||||
RET_NOMEM(info6->base.account_name.string);
|
||||
}
|
||||
if (info->user_principal) {
|
||||
info6->principal_name.string =
|
||||
talloc_strdup(info6, info->user_principal);
|
||||
RET_NOMEM(info6->principal_name.string);
|
||||
}
|
||||
if (info->full_name) {
|
||||
info3->base.full_name.string =
|
||||
talloc_strdup(info3, info->full_name);
|
||||
RET_NOMEM(info3->base.full_name.string);
|
||||
info6->base.full_name.string =
|
||||
talloc_strdup(info6, info->full_name);
|
||||
RET_NOMEM(info6->base.full_name.string);
|
||||
}
|
||||
if (info->domain_name) {
|
||||
info3->base.logon_domain.string =
|
||||
talloc_strdup(info3, info->domain_name);
|
||||
RET_NOMEM(info3->base.logon_domain.string);
|
||||
info6->base.logon_domain.string =
|
||||
talloc_strdup(info6, info->domain_name);
|
||||
RET_NOMEM(info6->base.logon_domain.string);
|
||||
}
|
||||
if (info->dns_domain_name) {
|
||||
info6->dns_domainname.string =
|
||||
talloc_strdup(info6, info->dns_domain_name);
|
||||
RET_NOMEM(info6->dns_domainname.string);
|
||||
}
|
||||
if (info->logon_script) {
|
||||
info3->base.logon_script.string =
|
||||
talloc_strdup(info3, info->logon_script);
|
||||
RET_NOMEM(info3->base.logon_script.string);
|
||||
info6->base.logon_script.string =
|
||||
talloc_strdup(info6, info->logon_script);
|
||||
RET_NOMEM(info6->base.logon_script.string);
|
||||
}
|
||||
if (info->profile_path) {
|
||||
info3->base.profile_path.string =
|
||||
talloc_strdup(info3, info->profile_path);
|
||||
RET_NOMEM(info3->base.profile_path.string);
|
||||
info6->base.profile_path.string =
|
||||
talloc_strdup(info6, info->profile_path);
|
||||
RET_NOMEM(info6->base.profile_path.string);
|
||||
}
|
||||
if (info->home_directory) {
|
||||
info3->base.home_directory.string =
|
||||
talloc_strdup(info3, info->home_directory);
|
||||
RET_NOMEM(info3->base.home_directory.string);
|
||||
info6->base.home_directory.string =
|
||||
talloc_strdup(info6, info->home_directory);
|
||||
RET_NOMEM(info6->base.home_directory.string);
|
||||
}
|
||||
if (info->home_drive) {
|
||||
info3->base.home_drive.string =
|
||||
talloc_strdup(info3, info->home_drive);
|
||||
RET_NOMEM(info3->base.home_drive.string);
|
||||
info6->base.home_drive.string =
|
||||
talloc_strdup(info6, info->home_drive);
|
||||
RET_NOMEM(info6->base.home_drive.string);
|
||||
}
|
||||
|
||||
info3->base.logon_count = info->logon_count;
|
||||
info3->base.bad_password_count = info->bad_password_count;
|
||||
info6->base.logon_count = info->logon_count;
|
||||
info6->base.bad_password_count = info->bad_password_count;
|
||||
|
||||
sid_copy(&domain_sid, &user_sid);
|
||||
sid_split_rid(&domain_sid, &info3->base.rid);
|
||||
sid_split_rid(&domain_sid, &info6->base.rid);
|
||||
|
||||
ok = sid_peek_check_rid(&domain_sid, &group_sid,
|
||||
&info3->base.primary_gid);
|
||||
&info6->base.primary_gid);
|
||||
if (!ok) {
|
||||
DEBUG(1, ("The primary group sid domain does not"
|
||||
"match user sid domain for user: %s\n",
|
||||
info->account_name));
|
||||
TALLOC_FREE(info3);
|
||||
TALLOC_FREE(info6);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
status = wbcsids_to_samr_RidWithAttributeArray(info3,
|
||||
&info3->base.groups,
|
||||
status = wbcsids_to_samr_RidWithAttributeArray(info6,
|
||||
&info6->base.groups,
|
||||
&domain_sid,
|
||||
&info->sids[1],
|
||||
info->num_sids - 1);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
TALLOC_FREE(info3);
|
||||
TALLOC_FREE(info6);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
status = wbcsids_to_netr_SidAttrArray(&domain_sid,
|
||||
&info->sids[1],
|
||||
info->num_sids - 1,
|
||||
info3,
|
||||
&info3->sids,
|
||||
&info3->sidcount);
|
||||
info6,
|
||||
&info6->sids,
|
||||
&info6->sidcount);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
TALLOC_FREE(info3);
|
||||
TALLOC_FREE(info6);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
info3->base.user_flags = info->user_flags;
|
||||
memcpy(info3->base.key.key, info->user_session_key, 16);
|
||||
info6->base.user_flags = info->user_flags;
|
||||
memcpy(info6->base.key.key, info->user_session_key, 16);
|
||||
|
||||
if (info->logon_server) {
|
||||
info3->base.logon_server.string =
|
||||
talloc_strdup(info3, info->logon_server);
|
||||
RET_NOMEM(info3->base.logon_server.string);
|
||||
info6->base.logon_server.string =
|
||||
talloc_strdup(info6, info->logon_server);
|
||||
RET_NOMEM(info6->base.logon_server.string);
|
||||
}
|
||||
if (info->domain_name) {
|
||||
info3->base.logon_domain.string =
|
||||
talloc_strdup(info3, info->domain_name);
|
||||
RET_NOMEM(info3->base.logon_domain.string);
|
||||
info6->base.logon_domain.string =
|
||||
talloc_strdup(info6, info->domain_name);
|
||||
RET_NOMEM(info6->base.logon_domain.string);
|
||||
}
|
||||
|
||||
info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
|
||||
RET_NOMEM(info3->base.domain_sid);
|
||||
info6->base.domain_sid = dom_sid_dup(info6, &domain_sid);
|
||||
RET_NOMEM(info6->base.domain_sid);
|
||||
|
||||
memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8);
|
||||
info3->base.acct_flags = info->acct_flags;
|
||||
memcpy(info6->base.LMSessKey.key, info->lm_session_key, 8);
|
||||
info6->base.acct_flags = info->acct_flags;
|
||||
|
||||
return info3;
|
||||
return info6;
|
||||
}
|
||||
|
@ -1494,16 +1494,21 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
|
||||
const struct wbcAuthUserInfo *info,
|
||||
struct auth_serversupplied_info **server_info)
|
||||
{
|
||||
struct netr_SamInfo3 *info3;
|
||||
struct netr_SamInfo3 info3;
|
||||
struct netr_SamInfo6 *info6;
|
||||
|
||||
info3 = wbcAuthUserInfo_to_netr_SamInfo3(mem_ctx, info);
|
||||
if (!info3) {
|
||||
info6 = wbcAuthUserInfo_to_netr_SamInfo6(mem_ctx, info);
|
||||
if (!info6) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
info3.base = info6->base;
|
||||
info3.sidcount = info6->sidcount;
|
||||
info3.sids = info6->sids;
|
||||
|
||||
return make_server_info_info3(mem_ctx,
|
||||
sent_nt_username, domain,
|
||||
server_info, info3);
|
||||
server_info, &info3);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -166,10 +166,9 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
|
||||
struct wbcAuthErrorInfo *err = NULL;
|
||||
wbcErr wbc_status;
|
||||
NTSTATUS nt_status;
|
||||
struct netr_SamInfo3 *info3;
|
||||
struct netr_SamInfo6 *info6 = NULL;
|
||||
union netr_Validation validation;
|
||||
|
||||
|
||||
/* Send off request */
|
||||
const struct auth_usersupplied_info *user_info_temp;
|
||||
nt_status = encrypt_user_info(mem_ctx, ctx->auth_ctx,
|
||||
@ -181,7 +180,7 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
|
||||
user_info = user_info_temp;
|
||||
|
||||
ZERO_STRUCT(params);
|
||||
ZERO_STRUCT(info3);
|
||||
ZERO_STRUCT(validation);
|
||||
/*params.flags = WBFLAG_PAM_INFO3_NDR;*/
|
||||
|
||||
params.parameter_control = user_info->logon_parameters;
|
||||
@ -231,17 +230,17 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
|
||||
}
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
info3 = wbcAuthUserInfo_to_netr_SamInfo3(mem_ctx, info);
|
||||
info6 = wbcAuthUserInfo_to_netr_SamInfo6(mem_ctx, info);
|
||||
wbcFreeMemory(info);
|
||||
if (!info3) {
|
||||
DEBUG(1, ("wbcAuthUserInfo_to_netr_SamInfo3 failed\n"));
|
||||
if (!info6) {
|
||||
DEBUG(1, ("wbcAuthUserInfo_to_netr_SamInfo6 failed\n"));
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
validation.sam3 = info3;
|
||||
validation.sam6 = info6;
|
||||
nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
|
||||
user_info->client.account_name,
|
||||
3, &validation,
|
||||
6, &validation,
|
||||
true, /* This user was authenticated */
|
||||
user_info_dc);
|
||||
return nt_status;
|
||||
|
Loading…
Reference in New Issue
Block a user