From: Stefan Metzmacher Date: Thu, 7 Jan 2016 14:10:26 +0000 (+0100) Subject: auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6 X-Git-Tag: tdb-1.3.10~588 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3eba60aa65e23d31cc97021305a19ff0e25b111c;p=thirdparty%2Fsamba.git auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6 This includes user_principal_name and dns_domain_name. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/auth/auth_sam_reply.h b/auth/auth_sam_reply.h index efa02f33a4d..d9573242129 100644 --- a/auth/auth_sam_reply.h +++ b/auth/auth_sam_reply.h @@ -66,7 +66,7 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx, struct wbcAuthUserInfo; -struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, +struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx, const struct wbcAuthUserInfo *info); #undef _PRINTF_ATTRIBUTE diff --git a/auth/wbc_auth_util.c b/auth/wbc_auth_util.c index bce28175504..52573e2a773 100644 --- a/auth/wbc_auth_util.c +++ b/auth/wbc_auth_util.c @@ -106,14 +106,14 @@ static NTSTATUS wbcsids_to_netr_SidAttrArray( #define RET_NOMEM(ptr) do { \ if (!ptr) { \ - TALLOC_FREE(info3); \ + TALLOC_FREE(info6); \ return NULL; \ } } while(0) -struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, +struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx, const struct wbcAuthUserInfo *info) { - struct netr_SamInfo3 *info3; + struct netr_SamInfo6 *info6; struct dom_sid user_sid; struct dom_sid group_sid; struct dom_sid domain_sid; @@ -123,110 +123,120 @@ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid)); memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid)); - info3 = talloc_zero(mem_ctx, struct netr_SamInfo3); - if (!info3) return NULL; + info6 = talloc_zero(mem_ctx, struct netr_SamInfo6); + if (!info6) return NULL; - unix_to_nt_time(&info3->base.logon_time, info->logon_time); - unix_to_nt_time(&info3->base.logoff_time, info->logoff_time); - unix_to_nt_time(&info3->base.kickoff_time, info->kickoff_time); - unix_to_nt_time(&info3->base.last_password_change, info->pass_last_set_time); - unix_to_nt_time(&info3->base.allow_password_change, + unix_to_nt_time(&info6->base.logon_time, info->logon_time); + unix_to_nt_time(&info6->base.logoff_time, info->logoff_time); + unix_to_nt_time(&info6->base.kickoff_time, info->kickoff_time); + unix_to_nt_time(&info6->base.last_password_change, info->pass_last_set_time); + unix_to_nt_time(&info6->base.allow_password_change, info->pass_can_change_time); - unix_to_nt_time(&info3->base.force_password_change, + unix_to_nt_time(&info6->base.force_password_change, info->pass_must_change_time); if (info->account_name) { - info3->base.account_name.string = - talloc_strdup(info3, info->account_name); - RET_NOMEM(info3->base.account_name.string); + info6->base.account_name.string = + talloc_strdup(info6, info->account_name); + RET_NOMEM(info6->base.account_name.string); + } + if (info->user_principal) { + info6->principal_name.string = + talloc_strdup(info6, info->user_principal); + RET_NOMEM(info6->principal_name.string); } if (info->full_name) { - info3->base.full_name.string = - talloc_strdup(info3, info->full_name); - RET_NOMEM(info3->base.full_name.string); + info6->base.full_name.string = + talloc_strdup(info6, info->full_name); + RET_NOMEM(info6->base.full_name.string); } if (info->domain_name) { - info3->base.logon_domain.string = - talloc_strdup(info3, info->domain_name); - RET_NOMEM(info3->base.logon_domain.string); + info6->base.logon_domain.string = + talloc_strdup(info6, info->domain_name); + RET_NOMEM(info6->base.logon_domain.string); + } + if (info->dns_domain_name) { + info6->dns_domainname.string = + talloc_strdup(info6, info->dns_domain_name); + RET_NOMEM(info6->dns_domainname.string); } if (info->logon_script) { - info3->base.logon_script.string = - talloc_strdup(info3, info->logon_script); - RET_NOMEM(info3->base.logon_script.string); + info6->base.logon_script.string = + talloc_strdup(info6, info->logon_script); + RET_NOMEM(info6->base.logon_script.string); } if (info->profile_path) { - info3->base.profile_path.string = - talloc_strdup(info3, info->profile_path); - RET_NOMEM(info3->base.profile_path.string); + info6->base.profile_path.string = + talloc_strdup(info6, info->profile_path); + RET_NOMEM(info6->base.profile_path.string); } if (info->home_directory) { - info3->base.home_directory.string = - talloc_strdup(info3, info->home_directory); - RET_NOMEM(info3->base.home_directory.string); + info6->base.home_directory.string = + talloc_strdup(info6, info->home_directory); + RET_NOMEM(info6->base.home_directory.string); } if (info->home_drive) { - info3->base.home_drive.string = - talloc_strdup(info3, info->home_drive); - RET_NOMEM(info3->base.home_drive.string); + info6->base.home_drive.string = + talloc_strdup(info6, info->home_drive); + RET_NOMEM(info6->base.home_drive.string); } - info3->base.logon_count = info->logon_count; - info3->base.bad_password_count = info->bad_password_count; + info6->base.logon_count = info->logon_count; + info6->base.bad_password_count = info->bad_password_count; sid_copy(&domain_sid, &user_sid); - sid_split_rid(&domain_sid, &info3->base.rid); + sid_split_rid(&domain_sid, &info6->base.rid); ok = sid_peek_check_rid(&domain_sid, &group_sid, - &info3->base.primary_gid); + &info6->base.primary_gid); if (!ok) { DEBUG(1, ("The primary group sid domain does not" "match user sid domain for user: %s\n", info->account_name)); - TALLOC_FREE(info3); + TALLOC_FREE(info6); return NULL; } - status = wbcsids_to_samr_RidWithAttributeArray(info3, - &info3->base.groups, + status = wbcsids_to_samr_RidWithAttributeArray(info6, + &info6->base.groups, &domain_sid, &info->sids[1], info->num_sids - 1); if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(info3); + TALLOC_FREE(info6); return NULL; } status = wbcsids_to_netr_SidAttrArray(&domain_sid, &info->sids[1], info->num_sids - 1, - info3, - &info3->sids, - &info3->sidcount); + info6, + &info6->sids, + &info6->sidcount); if (!NT_STATUS_IS_OK(status)) { - TALLOC_FREE(info3); + TALLOC_FREE(info6); return NULL; } - info3->base.user_flags = info->user_flags; - memcpy(info3->base.key.key, info->user_session_key, 16); + info6->base.user_flags = info->user_flags; + memcpy(info6->base.key.key, info->user_session_key, 16); if (info->logon_server) { - info3->base.logon_server.string = - talloc_strdup(info3, info->logon_server); - RET_NOMEM(info3->base.logon_server.string); + info6->base.logon_server.string = + talloc_strdup(info6, info->logon_server); + RET_NOMEM(info6->base.logon_server.string); } if (info->domain_name) { - info3->base.logon_domain.string = - talloc_strdup(info3, info->domain_name); - RET_NOMEM(info3->base.logon_domain.string); + info6->base.logon_domain.string = + talloc_strdup(info6, info->domain_name); + RET_NOMEM(info6->base.logon_domain.string); } - info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); - RET_NOMEM(info3->base.domain_sid); + info6->base.domain_sid = dom_sid_dup(info6, &domain_sid); + RET_NOMEM(info6->base.domain_sid); - memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8); - info3->base.acct_flags = info->acct_flags; + memcpy(info6->base.LMSessKey.key, info->lm_session_key, 8); + info6->base.acct_flags = info->acct_flags; - return info3; + return info6; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index c23de7e2b76..663c0bc7431 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1494,16 +1494,21 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, const struct wbcAuthUserInfo *info, struct auth_serversupplied_info **server_info) { - struct netr_SamInfo3 *info3; + struct netr_SamInfo3 info3; + struct netr_SamInfo6 *info6; - info3 = wbcAuthUserInfo_to_netr_SamInfo3(mem_ctx, info); - if (!info3) { + info6 = wbcAuthUserInfo_to_netr_SamInfo6(mem_ctx, info); + if (!info6) { return NT_STATUS_NO_MEMORY; } + info3.base = info6->base; + info3.sidcount = info6->sidcount; + info3.sids = info6->sids; + return make_server_info_info3(mem_ctx, sent_nt_username, domain, - server_info, info3); + server_info, &info3); } /** diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index 447c0dee981..8b9a1ef3af9 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -166,10 +166,9 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, struct wbcAuthErrorInfo *err = NULL; wbcErr wbc_status; NTSTATUS nt_status; - struct netr_SamInfo3 *info3; + struct netr_SamInfo6 *info6 = NULL; union netr_Validation validation; - /* Send off request */ const struct auth_usersupplied_info *user_info_temp; nt_status = encrypt_user_info(mem_ctx, ctx->auth_ctx, @@ -181,7 +180,7 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, user_info = user_info_temp; ZERO_STRUCT(params); - ZERO_STRUCT(info3); + ZERO_STRUCT(validation); /*params.flags = WBFLAG_PAM_INFO3_NDR;*/ params.parameter_control = user_info->logon_parameters; @@ -231,17 +230,17 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, } return NT_STATUS_LOGON_FAILURE; } - info3 = wbcAuthUserInfo_to_netr_SamInfo3(mem_ctx, info); + info6 = wbcAuthUserInfo_to_netr_SamInfo6(mem_ctx, info); wbcFreeMemory(info); - if (!info3) { - DEBUG(1, ("wbcAuthUserInfo_to_netr_SamInfo3 failed\n")); + if (!info6) { + DEBUG(1, ("wbcAuthUserInfo_to_netr_SamInfo6 failed\n")); return NT_STATUS_NO_MEMORY; } - validation.sam3 = info3; + validation.sam6 = info6; nt_status = make_user_info_dc_netlogon_validation(mem_ctx, user_info->client.account_name, - 3, &validation, + 6, &validation, true, /* This user was authenticated */ user_info_dc); return nt_status;