From: Stefan Metzmacher Date: Thu, 7 Jan 2016 13:55:07 +0000 (+0100) Subject: s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc() X-Git-Tag: tdb-1.3.10~592 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6257003dff558f5736eb89fc909b623aadd121c9;p=thirdparty%2Fsamba.git s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc() This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO correctly. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/source4/auth/auth.h b/source4/auth/auth.h index c472d86d1ed..fb486941697 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -123,6 +123,7 @@ struct auth_session_info *system_session(struct loadparm_context *lp_ctx); NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, const char *domain_name, + const char *dns_domain_name, struct ldb_dn *domain_dn, struct ldb_message *msg, DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key, diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index b223706f884..449819329d0 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -611,8 +611,10 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx return nt_status; } - nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), + nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx, + lpcfg_netbios_name(ctx->auth_ctx->lp_ctx), lpcfg_sam_name(ctx->auth_ctx->lp_ctx), + lpcfg_sam_dnsname(ctx->auth_ctx->lp_ctx), domain_dn, msg, user_sess_key, lm_sess_key, diff --git a/source4/auth/sam.c b/source4/auth/sam.c index 56b64e50093..759585ef49c 100644 --- a/source4/auth/sam.c +++ b/source4/auth/sam.c @@ -284,6 +284,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx, const char *netbios_name, const char *domain_name, + const char *dns_domain_name, struct ldb_dn *domain_dn, struct ldb_message *msg, DATA_BLOB user_sess_key, @@ -401,12 +402,33 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, info->account_name = talloc_steal(info, ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL)); + info->user_principal_name = talloc_steal(info, + ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL)); + if (info->user_principal_name == NULL && dns_domain_name != NULL) { + info->user_principal_name = talloc_asprintf(info, "%s@%s", + info->account_name, + dns_domain_name); + if (info->user_principal_name == NULL) { + TALLOC_FREE(user_info_dc); + return NT_STATUS_NO_MEMORY; + } + info->user_principal_constructed = true; + } + info->domain_name = talloc_strdup(info, domain_name); if (info->domain_name == NULL) { TALLOC_FREE(user_info_dc); return NT_STATUS_NO_MEMORY; } + if (dns_domain_name != NULL) { + info->dns_domain_name = talloc_strdup(info, dns_domain_name); + if (info->dns_domain_name == NULL) { + TALLOC_FREE(user_info_dc); + return NT_STATUS_NO_MEMORY; + } + } + str = ldb_msg_find_attr_as_string(msg, "displayName", ""); info->full_name = talloc_strdup(info, str); if (info->full_name == NULL) { @@ -630,6 +652,7 @@ NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx, nt_status = authsam_make_user_info_dc(tmp_ctx, sam_ctx, lpcfg_netbios_name(lp_ctx), lpcfg_sam_name(lp_ctx), + lpcfg_sam_dnsname(lp_ctx), domain_dn, msg, user_sess_key, lm_sess_key, diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 04d516329da..af77fd4ec64 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -241,6 +241,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, nt_status = authsam_make_user_info_dc(mem_ctx, p->kdc_db_ctx->samdb, lpcfg_netbios_name(p->kdc_db_ctx->lp_ctx), lpcfg_sam_name(p->kdc_db_ctx->lp_ctx), + lpcfg_sam_dnsname(p->kdc_db_ctx->lp_ctx), p->realm_dn, p->msg, data_blob(NULL, 0),