1
0
mirror of https://github.com/samba-team/samba.git synced 2025-02-01 05:47:28 +03:00

auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()

This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2016-01-07 14:55:07 +01:00 committed by Andrew Bartlett
parent 1854252816
commit 8b1f5cad95
3 changed files with 58 additions and 0 deletions

View File

@ -506,6 +506,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
*/
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
const struct PAC_LOGON_INFO *pac_logon_info,
const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
struct auth_user_info_dc **_user_info_dc)
{
uint32_t i;
@ -574,6 +575,27 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
user_info_dc->num_sids++;
}
}
if (pac_upn_dns_info != NULL) {
user_info_dc->info->user_principal_name =
talloc_strdup(user_info_dc->info,
pac_upn_dns_info->upn_name);
if (user_info_dc->info->user_principal_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
user_info_dc->info->dns_domain_name =
talloc_strdup(user_info_dc->info,
pac_upn_dns_info->dns_domain_name);
if (user_info_dc->info->dns_domain_name == NULL) {
return NT_STATUS_NO_MEMORY;
}
if (pac_upn_dns_info->flags & PAC_UPN_DNS_FLAG_CONSTRUCTED) {
user_info_dc->info->user_principal_constructed = true;
}
}
*_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}

View File

@ -63,6 +63,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
*/
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
const struct PAC_LOGON_INFO *pac_logon_info,
const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
struct auth_user_info_dc **_user_info_dc);
/* The following definitions come from auth/wbc_auth_util.c */

View File

@ -288,8 +288,12 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
DATA_BLOB pac_logon_info_in, pac_srv_checksum_in, pac_kdc_checksum_in;
krb5_data k5pac_logon_info_in, k5pac_srv_checksum_in, k5pac_kdc_checksum_in;
DATA_BLOB pac_upn_dns_info_in;
krb5_data k5pac_upn_dns_info_in;
union PAC_INFO info;
union PAC_INFO _upn_dns_info;
const struct PAC_UPN_DNS_INFO *upn_dns_info = NULL;
struct auth_user_info_dc *user_info_dc_out;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
@ -322,9 +326,40 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
return EINVAL;
}
ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_UPN_DNS_INFO,
&k5pac_upn_dns_info_in);
if (ret == ENOENT) {
ZERO_STRUCT(k5pac_upn_dns_info_in);
ret = 0;
}
if (ret != 0) {
talloc_free(tmp_ctx);
return EINVAL;
}
pac_upn_dns_info_in = data_blob_const(k5pac_upn_dns_info_in.data,
k5pac_upn_dns_info_in.length);
if (pac_upn_dns_info_in.length != 0) {
ndr_err = ndr_pull_union_blob(&pac_upn_dns_info_in, tmp_ctx,
&_upn_dns_info,
PAC_TYPE_UPN_DNS_INFO,
(ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
kerberos_free_data_contents(context, &k5pac_upn_dns_info_in);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
nt_status = ndr_map_error2ntstatus(ndr_err);
DEBUG(0,("can't parse the PAC UPN_DNS_INFO: %s\n",
nt_errstr(nt_status)));
talloc_free(tmp_ctx);
return EINVAL;
}
upn_dns_info = &_upn_dns_info.upn_dns_info;
}
/* Pull this right into the normal auth sysstem structures */
nt_status = make_user_info_dc_pac(mem_ctx,
info.logon_info.info,
upn_dns_info,
&user_info_dc_out);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);