mirror of
https://github.com/samba-team/samba.git
synced 2025-02-01 05:47:28 +03:00
auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO correctly. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
1854252816
commit
8b1f5cad95
@ -506,6 +506,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
|
||||
*/
|
||||
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
|
||||
const struct PAC_LOGON_INFO *pac_logon_info,
|
||||
const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
|
||||
struct auth_user_info_dc **_user_info_dc)
|
||||
{
|
||||
uint32_t i;
|
||||
@ -574,6 +575,27 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
|
||||
user_info_dc->num_sids++;
|
||||
}
|
||||
}
|
||||
|
||||
if (pac_upn_dns_info != NULL) {
|
||||
user_info_dc->info->user_principal_name =
|
||||
talloc_strdup(user_info_dc->info,
|
||||
pac_upn_dns_info->upn_name);
|
||||
if (user_info_dc->info->user_principal_name == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
user_info_dc->info->dns_domain_name =
|
||||
talloc_strdup(user_info_dc->info,
|
||||
pac_upn_dns_info->dns_domain_name);
|
||||
if (user_info_dc->info->dns_domain_name == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (pac_upn_dns_info->flags & PAC_UPN_DNS_FLAG_CONSTRUCTED) {
|
||||
user_info_dc->info->user_principal_constructed = true;
|
||||
}
|
||||
}
|
||||
|
||||
*_user_info_dc = user_info_dc;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
@ -63,6 +63,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
|
||||
*/
|
||||
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
|
||||
const struct PAC_LOGON_INFO *pac_logon_info,
|
||||
const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
|
||||
struct auth_user_info_dc **_user_info_dc);
|
||||
|
||||
/* The following definitions come from auth/wbc_auth_util.c */
|
||||
|
@ -288,8 +288,12 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
|
||||
|
||||
DATA_BLOB pac_logon_info_in, pac_srv_checksum_in, pac_kdc_checksum_in;
|
||||
krb5_data k5pac_logon_info_in, k5pac_srv_checksum_in, k5pac_kdc_checksum_in;
|
||||
DATA_BLOB pac_upn_dns_info_in;
|
||||
krb5_data k5pac_upn_dns_info_in;
|
||||
|
||||
union PAC_INFO info;
|
||||
union PAC_INFO _upn_dns_info;
|
||||
const struct PAC_UPN_DNS_INFO *upn_dns_info = NULL;
|
||||
struct auth_user_info_dc *user_info_dc_out;
|
||||
|
||||
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
|
||||
@ -322,9 +326,40 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_UPN_DNS_INFO,
|
||||
&k5pac_upn_dns_info_in);
|
||||
if (ret == ENOENT) {
|
||||
ZERO_STRUCT(k5pac_upn_dns_info_in);
|
||||
ret = 0;
|
||||
}
|
||||
if (ret != 0) {
|
||||
talloc_free(tmp_ctx);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
pac_upn_dns_info_in = data_blob_const(k5pac_upn_dns_info_in.data,
|
||||
k5pac_upn_dns_info_in.length);
|
||||
|
||||
if (pac_upn_dns_info_in.length != 0) {
|
||||
ndr_err = ndr_pull_union_blob(&pac_upn_dns_info_in, tmp_ctx,
|
||||
&_upn_dns_info,
|
||||
PAC_TYPE_UPN_DNS_INFO,
|
||||
(ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
|
||||
kerberos_free_data_contents(context, &k5pac_upn_dns_info_in);
|
||||
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
|
||||
nt_status = ndr_map_error2ntstatus(ndr_err);
|
||||
DEBUG(0,("can't parse the PAC UPN_DNS_INFO: %s\n",
|
||||
nt_errstr(nt_status)));
|
||||
talloc_free(tmp_ctx);
|
||||
return EINVAL;
|
||||
}
|
||||
upn_dns_info = &_upn_dns_info.upn_dns_info;
|
||||
}
|
||||
|
||||
/* Pull this right into the normal auth sysstem structures */
|
||||
nt_status = make_user_info_dc_pac(mem_ctx,
|
||||
info.logon_info.info,
|
||||
upn_dns_info,
|
||||
&user_info_dc_out);
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
talloc_free(tmp_ctx);
|
||||
|
Loading…
x
Reference in New Issue
Block a user