return NT_STATUS_OK;
}
+struct auth_user_info *auth_user_info_copy(TALLOC_CTX *mem_ctx,
+ const struct auth_user_info *src)
+{
+ struct auth_user_info *dst = NULL;
+
+ dst = talloc_zero(mem_ctx, struct auth_user_info);
+ if (dst == NULL) {
+ return NULL;
+ }
+
+ *dst = *src;
+#define _COPY_STRING(_mem, _str) do { \
+ if ((_str) != NULL) { \
+ (_str) = talloc_strdup((_mem), (_str)); \
+ if ((_str) == NULL) { \
+ TALLOC_FREE(dst); \
+ return NULL; \
+ } \
+ } \
+} while(0)
+ _COPY_STRING(dst, dst->account_name);
+ _COPY_STRING(dst, dst->user_principal_name);
+ _COPY_STRING(dst, dst->domain_name);
+ _COPY_STRING(dst, dst->dns_domain_name);
+ _COPY_STRING(dst, dst->full_name);
+ _COPY_STRING(dst, dst->logon_script);
+ _COPY_STRING(dst, dst->profile_path);
+ _COPY_STRING(dst, dst->home_directory);
+ _COPY_STRING(dst, dst->home_drive);
+ _COPY_STRING(dst, dst->logon_server);
+#undef _COPY_STRING
+
+ return dst;
+}
+
/**
* Make a user_info_dc struct from the info3 returned by a domain logon
*/
*/
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
const struct PAC_LOGON_INFO *pac_logon_info,
+ const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
struct auth_user_info_dc **_user_info_dc)
{
uint32_t i;
NTSTATUS nt_status;
union netr_Validation validation;
struct auth_user_info_dc *user_info_dc;
+ const struct PAC_DOMAIN_GROUP_MEMBERSHIP *rg = NULL;
+ size_t sidcount;
+
+ rg = &pac_logon_info->resource_groups;
validation.sam3 = discard_const_p(struct netr_SamInfo3, &pac_logon_info->info3);
return nt_status;
}
- if (pac_logon_info->res_groups.count > 0) {
- size_t sidcount;
+ if (pac_logon_info->info3.base.user_flags & NETLOGON_RESOURCE_GROUPS) {
+ rg = &pac_logon_info->resource_groups;
+ }
+
+ if (rg == NULL) {
+ *_user_info_dc = user_info_dc;
+ return NT_STATUS_OK;
+ }
+
+ if (rg->groups.count > 0) {
/* The IDL layer would be a better place to check this, but to
* guard the integer addition below, we double-check */
- if (pac_logon_info->res_groups.count > 65535) {
+ if (rg->groups.count > 65535) {
talloc_free(user_info_dc);
return NT_STATUS_INVALID_PARAMETER;
}
trusted domains, and verify that the SID
matches.
*/
- if (!pac_logon_info->res_group_dom_sid) {
+ if (rg->domain_sid == NULL) {
+ talloc_free(user_info_dc);
DEBUG(0, ("Cannot operate on a PAC without a resource domain SID"));
return NT_STATUS_INVALID_PARAMETER;
}
- sidcount = user_info_dc->num_sids + pac_logon_info->res_groups.count;
+ sidcount = user_info_dc->num_sids + rg->groups.count;
user_info_dc->sids
= talloc_realloc(user_info_dc, user_info_dc->sids, struct dom_sid, sidcount);
if (user_info_dc->sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
- for (i = 0; pac_logon_info->res_group_dom_sid && i < pac_logon_info->res_groups.count; i++) {
- user_info_dc->sids[user_info_dc->num_sids] = *pac_logon_info->res_group_dom_sid;
- if (!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids],
- pac_logon_info->res_groups.rids[i].rid)) {
+ for (i = 0; i < rg->groups.count; i++) {
+ bool ok;
+
+ user_info_dc->sids[user_info_dc->num_sids] = *rg->domain_sid;
+ ok = sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids],
+ rg->groups.rids[i].rid);
+ if (!ok) {
return NT_STATUS_INVALID_PARAMETER;
}
user_info_dc->num_sids++;
}
}
+
+ if (pac_upn_dns_info != NULL) {
+ user_info_dc->info->user_principal_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->upn_name);
+ if (user_info_dc->info->user_principal_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ user_info_dc->info->dns_domain_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->dns_domain_name);
+ if (user_info_dc->info->dns_domain_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (pac_upn_dns_info->flags & PAC_UPN_DNS_FLAG_CONSTRUCTED) {
+ user_info_dc->info->user_principal_constructed = true;
+ }
+ }
+
*_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}