#include "libcli/security/security.h"
#include "auth/auth_sam_reply.h"
-NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
- const struct auth_user_info_dc *user_info_dc,
- struct netr_SamBaseInfo **_sam)
+static NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
+ const struct auth_user_info_dc *user_info_dc,
+ struct netr_SamBaseInfo *sam)
{
NTSTATUS status;
- struct auth_user_info *info;
- struct netr_SamBaseInfo *sam = talloc_zero(mem_ctx, struct netr_SamBaseInfo);
- NT_STATUS_HAVE_NO_MEMORY(sam);
+ const struct auth_user_info *info;
+
+ ZERO_STRUCTP(sam);
if (user_info_dc->num_sids > PRIMARY_USER_SID_INDEX) {
status = dom_sid_split_rid(sam, &user_info_dc->sids[PRIMARY_USER_SID_INDEX],
sam->allow_password_change = info->allow_password_change;
sam->force_password_change = info->force_password_change;
- sam->account_name.string = info->account_name;
- sam->full_name.string = info->full_name;
- sam->logon_script.string = info->logon_script;
- sam->profile_path.string = info->profile_path;
- sam->home_directory.string = info->home_directory;
- sam->home_drive.string = info->home_drive;
+#define _COPY_STRING_TALLOC(src_name, dst_name) do { \
+ if (info->src_name != NULL) {\
+ sam->dst_name.string = talloc_strdup(mem_ctx, info->src_name); \
+ if (sam->dst_name.string == NULL) { \
+ return NT_STATUS_NO_MEMORY; \
+ } \
+ } \
+} while(0)
+ _COPY_STRING_TALLOC(account_name, account_name);
+ _COPY_STRING_TALLOC(full_name, full_name);
+ _COPY_STRING_TALLOC(logon_script, logon_script);
+ _COPY_STRING_TALLOC(profile_path, profile_path);
+ _COPY_STRING_TALLOC(home_directory, home_directory);
+ _COPY_STRING_TALLOC(home_drive, home_drive);
+ _COPY_STRING_TALLOC(logon_server, logon_server);
+ _COPY_STRING_TALLOC(domain_name, logon_domain);
+#undef _COPY_STRING_TALLOC
sam->logon_count = info->logon_count;
sam->bad_password_count = info->bad_password_count;
if (user_info_dc->num_sids > 2) {
size_t i;
- sam->groups.rids = talloc_array(sam, struct samr_RidWithAttribute,
+ sam->groups.rids = talloc_array(mem_ctx, struct samr_RidWithAttribute,
user_info_dc->num_sids);
if (sam->groups.rids == NULL)
sam->user_flags |= NETLOGON_GUEST;
}
sam->acct_flags = user_info_dc->info->acct_flags;
- sam->logon_server.string = user_info_dc->info->logon_server;
- sam->logon_domain.string = user_info_dc->info->domain_name;
sam->sub_auth_status = 0;
sam->last_successful_logon = 0;
sam->last_failed_logon = 0;
sizeof(sam->LMSessKey.key));
}
- *_sam = sam;
-
return NT_STATUS_OK;
}
struct netr_SamInfo6 **_sam6)
{
NTSTATUS status;
- struct netr_SamBaseInfo *sam = NULL;
struct netr_SamInfo6 *sam6 = NULL;
size_t i;
return NT_STATUS_NO_MEMORY;
}
- status = auth_convert_user_info_dc_sambaseinfo(sam6, user_info_dc, &sam);
+ status = auth_convert_user_info_dc_sambaseinfo(sam6,
+ user_info_dc,
+ &sam6->base);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(sam6);
return status;
}
- sam6->base = *sam;
sam6->sids = talloc_array(sam6, struct netr_SidAttr,
user_info_dc->num_sids);
/* We don't put the user and group SIDs in there */
for (i=2; i<user_info_dc->num_sids; i++) {
- if (dom_sid_in_domain(sam->domain_sid, &user_info_dc->sids[i])) {
+ if (dom_sid_in_domain(sam6->base.domain_sid, &user_info_dc->sids[i])) {
continue;
}
sam6->sids[sam6->sidcount].sid = dom_sid_dup(sam6->sids, &user_info_dc->sids[i]);
return NT_STATUS_OK;
}
+struct auth_user_info *auth_user_info_copy(TALLOC_CTX *mem_ctx,
+ const struct auth_user_info *src)
+{
+ struct auth_user_info *dst = NULL;
+
+ dst = talloc_zero(mem_ctx, struct auth_user_info);
+ if (dst == NULL) {
+ return NULL;
+ }
+
+ *dst = *src;
+#define _COPY_STRING(_mem, _str) do { \
+ if ((_str) != NULL) { \
+ (_str) = talloc_strdup((_mem), (_str)); \
+ if ((_str) == NULL) { \
+ TALLOC_FREE(dst); \
+ return NULL; \
+ } \
+ } \
+} while(0)
+ _COPY_STRING(dst, dst->account_name);
+ _COPY_STRING(dst, dst->user_principal_name);
+ _COPY_STRING(dst, dst->domain_name);
+ _COPY_STRING(dst, dst->dns_domain_name);
+ _COPY_STRING(dst, dst->full_name);
+ _COPY_STRING(dst, dst->logon_script);
+ _COPY_STRING(dst, dst->profile_path);
+ _COPY_STRING(dst, dst->home_directory);
+ _COPY_STRING(dst, dst->home_drive);
+ _COPY_STRING(dst, dst->logon_server);
+#undef _COPY_STRING
+
+ return dst;
+}
+
/**
* Make a user_info_dc struct from the info3 returned by a domain logon
*/
*/
NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
const struct PAC_LOGON_INFO *pac_logon_info,
+ const struct PAC_UPN_DNS_INFO *pac_upn_dns_info,
struct auth_user_info_dc **_user_info_dc)
{
uint32_t i;
NTSTATUS nt_status;
union netr_Validation validation;
struct auth_user_info_dc *user_info_dc;
+ const struct PAC_DOMAIN_GROUP_MEMBERSHIP *rg = NULL;
+ size_t sidcount;
+
+ rg = &pac_logon_info->resource_groups;
validation.sam3 = discard_const_p(struct netr_SamInfo3, &pac_logon_info->info3);
return nt_status;
}
- if (pac_logon_info->res_groups.count > 0) {
- size_t sidcount;
+ if (pac_logon_info->info3.base.user_flags & NETLOGON_RESOURCE_GROUPS) {
+ rg = &pac_logon_info->resource_groups;
+ }
+
+ if (rg == NULL) {
+ *_user_info_dc = user_info_dc;
+ return NT_STATUS_OK;
+ }
+
+ if (rg->groups.count > 0) {
/* The IDL layer would be a better place to check this, but to
* guard the integer addition below, we double-check */
- if (pac_logon_info->res_groups.count > 65535) {
+ if (rg->groups.count > 65535) {
talloc_free(user_info_dc);
return NT_STATUS_INVALID_PARAMETER;
}
trusted domains, and verify that the SID
matches.
*/
- if (!pac_logon_info->res_group_dom_sid) {
+ if (rg->domain_sid == NULL) {
+ talloc_free(user_info_dc);
DEBUG(0, ("Cannot operate on a PAC without a resource domain SID"));
return NT_STATUS_INVALID_PARAMETER;
}
- sidcount = user_info_dc->num_sids + pac_logon_info->res_groups.count;
+ sidcount = user_info_dc->num_sids + rg->groups.count;
user_info_dc->sids
= talloc_realloc(user_info_dc, user_info_dc->sids, struct dom_sid, sidcount);
if (user_info_dc->sids == NULL) {
return NT_STATUS_NO_MEMORY;
}
- for (i = 0; pac_logon_info->res_group_dom_sid && i < pac_logon_info->res_groups.count; i++) {
- user_info_dc->sids[user_info_dc->num_sids] = *pac_logon_info->res_group_dom_sid;
- if (!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids],
- pac_logon_info->res_groups.rids[i].rid)) {
+ for (i = 0; i < rg->groups.count; i++) {
+ bool ok;
+
+ user_info_dc->sids[user_info_dc->num_sids] = *rg->domain_sid;
+ ok = sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids],
+ rg->groups.rids[i].rid);
+ if (!ok) {
return NT_STATUS_INVALID_PARAMETER;
}
user_info_dc->num_sids++;
}
}
+
+ if (pac_upn_dns_info != NULL) {
+ user_info_dc->info->user_principal_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->upn_name);
+ if (user_info_dc->info->user_principal_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ user_info_dc->info->dns_domain_name =
+ talloc_strdup(user_info_dc->info,
+ pac_upn_dns_info->dns_domain_name);
+ if (user_info_dc->info->dns_domain_name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (pac_upn_dns_info->flags & PAC_UPN_DNS_FLAG_CONSTRUCTED) {
+ user_info_dc->info->user_principal_constructed = true;
+ }
+ }
+
*_user_info_dc = user_info_dc;
return NT_STATUS_OK;
}