*/
-import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl", "netlogon.idl";
+import "misc.idl", "security.idl", "lsa.idl", "krb5pac.idl";
[
pyhelper("librpc/ndr/py_auth.c"),
helper("../librpc/ndr/ndr_auth.h"),
typedef [public] struct {
security_token *security_token;
security_unix_token *unix_token;
- netr_SamInfo3 *info3;
+ auth_user_info *info;
auth_user_info_unix *unix_info;
[value(NULL), ignore] auth_user_info_torture *torture;
#include "lib/winbind_util.h"
#include "passdb.h"
#include "../librpc/gen_ndr/ndr_auth.h"
+#include "../auth/auth_sam_reply.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
struct dom_sid tmp_sid;
struct auth3_session_info *session_info;
struct wbcUnixId *ids;
+ struct auth_user_info_dc *user_info_dc;
+ union netr_Validation val;
/* Ensure we can't possible take a code path leading to a
* null defref. */
session_info->unix_token->uid = server_info->utok.uid;
session_info->unix_token->gid = server_info->utok.gid;
- session_info->info3 = copy_netr_SamInfo3(session_info, server_info->info3);
- if (!session_info->info3) {
- TALLOC_FREE(session_info);
- return NT_STATUS_NO_MEMORY;
- }
-
session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix);
if (!session_info->unix_info) {
TALLOC_FREE(session_info);
return NT_STATUS_OK;
}
+ val.sam3 = server_info->info3;
+
+ /* Convert into something we can build a struct
+ * auth_session_info from. Most of the work here
+ * will be to convert the SIDS, which we will then ignore, but
+ * this is the easier way to handle it */
+ status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
+ TALLOC_FREE(session_info);
+ return status;
+ }
+
+ session_info->info = talloc_move(session_info, &user_info_dc->info);
+ talloc_free(user_info_dc);
+
/*
* If winbind is not around, we can not make much use of the SIDs the
* domain controller provided us with. Likewise if the user name was
all zeros! */
(*session_info)->session_key = data_blob(zeros, sizeof(zeros));
- alpha_strcpy(tmp, (*session_info)->info3->base.account_name.string,
+ alpha_strcpy(tmp, (*server_info)->info3->base.account_name.string,
". _-$", sizeof(tmp));
(*session_info)->unix_info->sanitized_username = talloc_strdup(*session_info, tmp);
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
targethost);
DEBUG(10, ("Expanded targethost to %s\n", targethost));
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
prefix);
TALLOC_FREE(prefix);
return result;
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
recycle_repository(handle));
ALLOC_CHECK(repository, done);
/* shouldn't we allow absolute path names here? --metze */
(unsigned int) strlen(service_name),
service_name,
(unsigned int)
- strlen(handle->conn->session_info->info3->base.domain.string),
- handle->conn->session_info->info3->base.domain.string,
+ strlen(handle->conn->session_info->info->domain_name),
+ handle->conn->session_info->info->domain_name,
(unsigned int) strlen(timestr),
timestr,
(unsigned int) strlen(raddr),
"\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n",
(unsigned int) s_data->len,
username,
- handle->conn->session_info->info3->base.domain.string,
+ handle->conn->session_info->info->domain_name,
Write ? 'W' : 'R',
handle->conn->connectpath,
s_data->filename,
if (!NT_STATUS_IS_OK(status) &&
(token_contains_name_in_list(uidtoname(session_info->unix_token->uid),
- session_info->info3->base.domain.string,
+ session_info->info->domain_name,
NULL, session_info->security_token,
lp_printer_admin(snum)))) {
talloc_destroy(mem_ctx);
standard_sub_advanced(sharename, server_info->unix_info->sanitized_username,
path, server_info->unix_token->gid,
server_info->unix_info->sanitized_username,
- server_info->info3->base.domain.string,
+ server_info->info->domain_name,
pjob.user, sizeof(pjob.user)-1);
/* ensure NULL termination */
pjob.user[sizeof(pjob.user)-1] = '\0';
}
} else {
username = p->session_info->unix_info->sanitized_username;
- domname = p->session_info->info3->base.domain.string;
+ domname = p->session_info->info->domain_name;
}
account_name = talloc(p->mem_ctx, struct lsa_String);
return WERR_INVALID_PARAM;
}
- acct_ctrl = p->session_info->info3->base.acct_flags;
+ acct_ctrl = p->session_info->info->acct_flags;
switch (r->in.function_code) {
case NETLOGON_CONTROL_TC_VERIFY:
struct tevent_req *subreq;
struct auth_session_info_transport *session_info_t;
struct auth_session_info *session_info_npa;
- struct auth_user_info_dc *user_info_dc;
- union netr_Validation val;
NTSTATUS status;
bool ok;
int ret;
session_info_npa->unix_token = session_info->unix_token;
session_info_npa->unix_info = session_info->unix_info;
- val.sam3 = session_info->info3;
-
- /* Convert into something we can build a struct
- * auth_session_info from. Most of the work here
- * will be to convert the SIDS, which we will then ignore, but
- * this is the easier way to handle it */
- status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
- goto fail;
- }
-
- session_info_npa->info = talloc_move(session_info_npa, &user_info_dc->info);
- talloc_free(user_info_dc);
+ session_info_npa->info = session_info->info;
session_info_t = talloc_zero(talloc_tos(), struct auth_session_info_transport);
if (session_info_npa == NULL) {
{
struct auth_session_info *i;
struct auth3_session_info *s;
- struct auth_user_info_dc *u;
- union netr_Validation val;
NTSTATUS status;
i = talloc_zero(mem_ctx, struct auth_session_info);
i->security_token = s->security_token;
i->session_key = s->session_key;
-
- val.sam3 = s->info3;
-
- status = make_user_info_dc_netlogon_validation(mem_ctx,
- "",
- 3,
- &val,
- &u);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
- return status;
- }
- i->info = talloc_move(i, &u->info);
- talloc_free(u);
+ i->info = s->info;
*session_info = i;
struct pipes_struct **_p,
int *perrno)
{
- struct netr_SamInfo3 *info3;
- struct auth_user_info_dc *auth_user_info_dc;
struct pipes_struct *p;
NTSTATUS status;
p->endian = RPC_LITTLE_ENDIAN;
- /* Fake up an auth_user_info_dc for now, to make an info3, to make the session_info structure */
- auth_user_info_dc = talloc_zero(p, struct auth_user_info_dc);
- if (!auth_user_info_dc) {
- TALLOC_FREE(p);
- *perrno = ENOMEM;
- return -1;
- }
-
- auth_user_info_dc->num_sids = session_info->security_token->num_sids;
- auth_user_info_dc->sids = session_info->security_token->sids;
- auth_user_info_dc->info = session_info->info;
- auth_user_info_dc->user_session_key = session_info->session_key;
-
- /* This creates the input structure that make_server_info_info3 is looking for */
- status = auth_convert_user_info_dc_saminfo3(p, auth_user_info_dc,
- &info3);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to convert auth_user_info_dc into netr_SamInfo3\n"));
- TALLOC_FREE(p);
- *perrno = EINVAL;
- return -1;
- }
-
if (session_info->unix_token && session_info->unix_info && session_info->security_token) {
/* Don't call create_local_token(), we already have the full details here */
p->session_info = talloc_zero(p, struct auth3_session_info);
p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token);
p->session_info->unix_token = talloc_move(p->session_info, &session_info->unix_token);
p->session_info->unix_info = talloc_move(p->session_info, &session_info->unix_info);
- p->session_info->info3 = talloc_move(p->session_info, &info3);
+ p->session_info->info = talloc_move(p->session_info, &session_info->info);
p->session_info->session_key = session_info->session_key;
p->session_info->session_key.data = talloc_move(p->session_info, &session_info->session_key.data);
} else {
+ struct auth_user_info_dc *auth_user_info_dc;
struct auth_serversupplied_info *server_info;
+ struct netr_SamInfo3 *info3;
+
+ /* Fake up an auth_user_info_dc for now, to make an info3, to make the session_info structure */
+ auth_user_info_dc = talloc_zero(p, struct auth_user_info_dc);
+ if (!auth_user_info_dc) {
+ TALLOC_FREE(p);
+ *perrno = ENOMEM;
+ return -1;
+ }
+
+ auth_user_info_dc->num_sids = session_info->security_token->num_sids;
+ auth_user_info_dc->sids = session_info->security_token->sids;
+ auth_user_info_dc->info = session_info->info;
+ auth_user_info_dc->user_session_key = session_info->session_key;
+
+ /* This creates the input structure that make_server_info_info3 is looking for */
+ status = auth_convert_user_info_dc_saminfo3(p, auth_user_info_dc,
+ &info3);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to convert auth_user_info_dc into netr_SamInfo3\n"));
+ TALLOC_FREE(p);
+ *perrno = EINVAL;
+ return -1;
+ }
status = make_server_info_info3(p,
info3->base.account_name.string,
!nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) &&
!token_contains_name_in_list(
uidtoname(p->session_info->unix_token->uid),
- p->session_info->info3->base.domain.string,
+ p->session_info->info->domain_name,
NULL,
p->session_info->security_token,
lp_printer_admin(snum))) {
&& !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->session_info->unix_token->uid),
- p->session_info->info3->base.domain.string,
+ p->session_info->info->domain_name,
NULL,
p->session_info->security_token,
lp_printer_admin(-1)) )
&& !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
uidtoname(p->session_info->unix_token->uid),
- p->session_info->info3->base.domain.string,
+ p->session_info->info->domain_name,
NULL,
p->session_info->security_token, lp_printer_admin(-1)) )
{
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
- p->session_info->info3->base.domain.string,
+ p->session_info->info->domain_name,
NULL,
p->session_info->security_token,
lp_printer_admin(snum))) {
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
- p->session_info->info3->base.domain.string,
+ p->session_info->info->domain_name,
NULL,
p->session_info->security_token,
lp_printer_admin(snum))) {
if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
- p->session_info->info3->base.domain.string,
+ p->session_info->info->domain_name,
NULL,
p->session_info->security_token,
lp_printer_admin(snum))) {
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
buf);
if (!buf) {
*p_space_remaining = 0;
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
buf);
if (!buf) {
return 0;
PACKS(&desc,"z",lp_workgroup());/* domain */
PACKS(&desc,"z", vuser ?
- vuser->session_info->info3->base.logon_script.string
+ vuser->session_info->info->logon_script
: ""); /* script path */
PACKI(&desc,"D",0x00000000); /* reserved */
}
(unsigned int)vuser->session_info->unix_token->gid,
vuser->session_info->unix_info->unix_name,
vuser->session_info->unix_info->sanitized_username,
- vuser->session_info->info3->base.domain.string,
+ vuser->session_info->info->domain_name,
vuser->session_info->unix_info->guest ));
DEBUG(3, ("register_existing_vuid: User name: %s\t"
"Real name: %s\n", vuser->session_info->unix_info->unix_name,
- vuser->session_info->info3->base.full_name.string));
+ vuser->session_info->info->full_name));
if (!vuser->session_info->security_token) {
DEBUG(1, ("register_existing_vuid: session_info does not "
set_current_user_info(
vuser->session_info->unix_info->sanitized_username,
vuser->session_info->unix_info->unix_name,
- vuser->session_info->info3->base.domain.string);
+ vuser->session_info->info->domain_name);
return vuser->vuid;
set_current_user_info(
vuser->session_info->unix_info->sanitized_username,
vuser->session_info->unix_info->unix_name,
- vuser->session_info->info3->base.domain.string);
+ vuser->session_info->info->domain_name);
}
}
}
}
} else {
if (!user_ok_token(vuid_serverinfo->unix_info->unix_name,
- vuid_serverinfo->info3->base.domain.string,
+ vuid_serverinfo->info->domain_name,
vuid_serverinfo->security_token, snum)) {
DEBUG(2, ("user '%s' (from session setup) not "
"permitted to access this share "
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
lp_pathname(snum));
if (!s) {
*pstatus = NT_STATUS_NO_MEMORY;
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
lp_rootpreexec(snum));
DEBUG(5,("cmd=%s\n",cmd));
ret = smbrun(cmd,NULL);
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
lp_preexec(snum));
ret = smbrun(cmd,NULL);
TALLOC_FREE(cmd);
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
lp_postexec(SNUM(conn)));
smbrun(cmd,NULL);
TALLOC_FREE(cmd);
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
- conn->session_info->info3->base.domain.string,
+ conn->session_info->info->domain_name,
lp_rootpostexec(SNUM(conn)));
smbrun(cmd,NULL);
TALLOC_FREE(cmd);
set_current_user_info(session->session_info->unix_info->sanitized_username,
session->session_info->unix_info->unix_name,
- session->session_info->info3->base.domain.string);
+ session->session_info->info->domain_name);
req->session = session;
}
if (!user_ok_token(session_info->unix_info->unix_name,
- session_info->info3->base.domain.string,
+ session_info->info->domain_name,
session_info->security_token, snum))
return(False);
readonly_share = is_share_read_only_for_token(
session_info->unix_info->unix_name,
- session_info->info3->base.domain.string,
+ session_info->info->domain_name,
session_info->security_token,
conn);
admin_user = token_contains_name_in_list(
session_info->unix_info->unix_name,
- session_info->info3->base.domain.string,
+ session_info->info->domain_name,
NULL, session_info->security_token, lp_admin_users(snum));
if (valid_vuid) {