+ struct auth_session_info *session_info;
+ struct wbcUnixId *ids;
+ fstring tmp;
+
+ /* Ensure we can't possible take a code path leading to a
+ * null defref. */
+ if (!server_info) {
+ return NT_STATUS_LOGON_FAILURE;
+ }
+
+ session_info = talloc_zero(mem_ctx, struct auth_session_info);
+ if (!session_info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session_info->unix_token = talloc_zero(session_info, struct security_unix_token);
+ if (!session_info->unix_token) {
+ TALLOC_FREE(session_info);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session_info->unix_token->uid = server_info->utok.uid;
+ session_info->unix_token->gid = server_info->utok.gid;
+
+ session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix);
+ if (!session_info->unix_info) {
+ TALLOC_FREE(session_info);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session_info->unix_info->unix_name = talloc_strdup(session_info, server_info->unix_name);
+ if (!session_info->unix_info->unix_name) {
+ TALLOC_FREE(session_info);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* This is a potentially untrusted username for use in %U */
+ alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
+ session_info->unix_info->sanitized_username =
+ talloc_strdup(session_info->unix_info, tmp);
+
+ session_info->unix_info->system = server_info->system;
+
+ if (session_key) {
+ data_blob_free(&session_info->session_key);
+ session_info->session_key = data_blob_talloc(session_info,
+ session_key->data,
+ session_key->length);
+ if (!session_info->session_key.data && session_key->length) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ session_info->session_key = data_blob_talloc( session_info, server_info->session_key.data,
+ server_info->session_key.length);
+ }
+
+ /* We need to populate session_info->info with the information found in server_info->info3 */
+ status = make_user_info_SamBaseInfo(session_info, "", &server_info->info3->base,
+ server_info->guest == false,
+ &session_info->info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("conversion of info3 into auth_user_info failed!\n"));
+ TALLOC_FREE(session_info);
+ return status;
+ }
+
+ if (server_info->security_token) {
+ /* Just copy the token, it has already been finalised
+ * (nasty hack to support a cached guest session_info,
+ * and a possible strategy for auth_samba4 to pass in
+ * a finalised session) */
+
+ session_info->security_token = dup_nt_token(session_info, server_info->security_token);
+ if (!session_info->security_token) {
+ TALLOC_FREE(session_info);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ session_info->unix_token->ngroups = server_info->utok.ngroups;
+ if (server_info->utok.ngroups != 0) {
+ session_info->unix_token->groups = (gid_t *)talloc_memdup(
+ session_info->unix_token, server_info->utok.groups,
+ sizeof(gid_t)*session_info->unix_token->ngroups);
+ } else {
+ session_info->unix_token->groups = NULL;
+ }
+
+ *session_info_out = session_info;
+ return NT_STATUS_OK;
+ }