2025-01-10 01:18:15 +03:00 · 2021-01-11 14:59:46 +01:00 · 2021-01-11 14:59:46 +01:00 · 73528f26ee
commit 73528f26ee
parent df5fe2d835
1 changed files with 15 additions and 100 deletions
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@ -1803,7 +1803,6 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
 	uint32_t flags = 0;
 	uint16_t validation_level = 0;
 	union netr_Validation *validation = NULL;
-	struct netr_SamBaseInfo *base_info = NULL;
 	bool ok;

 	DEBUG(10,("winbindd_dual_pam_auth_samlogon\n"));
@ -1837,16 +1836,16 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
 		 * not authoritative (for example on the RODC).
 		 */
 		if (authoritative != 0) {
-			if (NT_STATUS_IS_OK(result)) {
-				result = map_info3_to_validation(
-						mem_ctx,
-						info3,
-						&validation_level,
-						&validation);
-				TALLOC_FREE(info3);
-				if (!NT_STATUS_IS_OK(result)) {
-					goto done;
-				}
+			if (!NT_STATUS_IS_OK(result)) {
+				return result;
+			}
+			result = map_info3_to_validation(mem_ctx,
+							 info3,
+							 &validation_level,
+							 &validation);
+			TALLOC_FREE(info3);
+			if (!NT_STATUS_IS_OK(result)) {
+				return result;
 			}

 			goto done;
@ -1872,98 +1871,14 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(
 					     &validation_level,
 					     &validation);
 	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	/* handle the case where a NT4 DC does not fill in the acct_flags in
-	 * the samlogon reply info3. When accurate info3 is required by the
-	 * caller, we look up the account flags ourselves - gd */
-
-	switch (validation_level) {
-	case 3:
-		base_info = &validation->sam3->base;
-		break;
-	case 6:
-		base_info = &validation->sam6->base;
-		break;
-	default:
-		DBG_ERR("Bad validation level %d", (int)validation_level);
-		result = NT_STATUS_INTERNAL_ERROR;
-		goto done;
-	}
-	if ((request_flags & WBFLAG_PAM_INFO3_TEXT) &&
-	    (base_info->acct_flags == 0))
-	{
-		struct rpc_pipe_client *samr_pipe;
-		struct policy_handle samr_domain_handle, user_pol;
-		union samr_UserInfo *info = NULL;
-		NTSTATUS status_tmp, result_tmp;
-		uint32_t acct_flags;
-		struct dcerpc_binding_handle *b;
-
-		status_tmp = cm_connect_sam(domain, mem_ctx, false,
-					    &samr_pipe, &samr_domain_handle);
-
-		if (!NT_STATUS_IS_OK(status_tmp)) {
-			DEBUG(3, ("could not open handle to SAMR pipe: %s\n",
-				nt_errstr(status_tmp)));
-			goto done;
-		}
-
-		b = samr_pipe->binding_handle;
-
-		status_tmp = dcerpc_samr_OpenUser(b, mem_ctx,
-						  &samr_domain_handle,
-						  MAXIMUM_ALLOWED_ACCESS,
-						  base_info->rid,
-						  &user_pol,
-						  &result_tmp);
-
-		if (!NT_STATUS_IS_OK(status_tmp)) {
-			DEBUG(3, ("could not open user handle on SAMR pipe: %s\n",
-				nt_errstr(status_tmp)));
-			goto done;
-		}
-		if (!NT_STATUS_IS_OK(result_tmp)) {
-			DEBUG(3, ("could not open user handle on SAMR pipe: %s\n",
-				nt_errstr(result_tmp)));
-			goto done;
-		}
-
-		status_tmp = dcerpc_samr_QueryUserInfo(b, mem_ctx,
-						       &user_pol,
-						       16,
-						       &info,
-						       &result_tmp);
-
-		if (any_nt_status_not_ok(status_tmp, result_tmp,
-					 &status_tmp)) {
-			DEBUG(3, ("could not query user info on SAMR pipe: %s\n",
-				nt_errstr(status_tmp)));
-			dcerpc_samr_Close(b, mem_ctx, &user_pol, &result_tmp);
-			goto done;
-		}
-
-		acct_flags = info->info16.acct_flags;
-
-		if (acct_flags == 0) {
-			dcerpc_samr_Close(b, mem_ctx, &user_pol, &result_tmp);
-			goto done;
-		}
-
-		base_info->acct_flags = acct_flags;
-
-		DEBUG(10,("successfully retrieved acct_flags 0x%x\n", acct_flags));
-
-		dcerpc_samr_Close(b, mem_ctx, &user_pol, &result_tmp);
+		return result;
 	}

 done:
-	if (NT_STATUS_IS_OK(result)) {
-		*_validation_level = validation_level;
-		*_validation = validation;
-	}
-	return result;
+	*_validation_level = validation_level;
+	*_validation = validation;
+
+	return NT_STATUS_OK;
 }

 /*