sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

s4:auth: add authsam_update_user_info_dc() that implements SID expanding for the local domain

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This commit is contained in:
Stefan Metzmacher 2018-02-01 23:12:36 +01:00 committed by Andreas Schneider
parent d6ee065119
commit 4565ac5998
2 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source4/auth/auth.h
View File

@ -136,6 +136,9 @@ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_
struct ldb_message *msg,
DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
struct auth_user_info_dc **_user_info_dc);
NTSTATUS authsam_update_user_info_dc(TALLOC_CTX *mem_ctx,
struct ldb_context *sam_ctx,
struct auth_user_info_dc *user_info_dc);
NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info) ;

62
source4/auth/sam.c
View File

@ -589,6 +589,68 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
_PUBLIC_ NTSTATUS authsam_update_user_info_dc(TALLOC_CTX *mem_ctx,
struct ldb_context *sam_ctx,
struct auth_user_info_dc *user_info_dc)
{
char *filter = NULL;
NTSTATUS status;
uint32_t i;
uint32_t n = 0;
/*
* This function exists to expand group memberships
* in the local domain (forest), as the token
* may come from a different domain.
*/
/*
* Filter out builtin groups from this token. We will search
* for builtin groups later.
*/
status = authsam_domain_group_filter(mem_ctx, &filter);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(user_info_dc);
return status;
}
/*
* We loop only over the existing number of
* sids.
*/
n = user_info_dc->num_sids;
for (i = 0; i < n; i++) {
struct dom_sid *sid = &user_info_dc->sids[i];
char sid_buf[DOM_SID_STR_BUFLEN] = {0,};
char dn_str[DOM_SID_STR_BUFLEN*2] = {0,};
DATA_BLOB dn_blob = data_blob_null;
int len;
len = dom_sid_string_buf(sid, sid_buf, sizeof(sid_buf));
if (len+1 > sizeof(sid_buf)) {
return NT_STATUS_INVALID_SID;
}
snprintf(dn_str, sizeof(dn_str), "<SID=%s>", sid_buf);
dn_blob = data_blob_string_const(dn_str);
/*
* We already have the SID in the token, so set
* 'only childs' flag to true and add all
* groups which match the filter.
*/
status = dsdb_expand_nested_groups(sam_ctx, &dn_blob,
true, filter,
user_info_dc,
&user_info_dc->sids,
&user_info_dc->num_sids);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
return NT_STATUS_OK;
}
NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
TALLOC_CTX *mem_ctx, const char *principal,
const char **attrs,