auth: Split out make_user_info_SamBaseInfo and add authenticated argument
authorAndrew Bartlett <abartlet@samba.org>
Mon, 18 Jul 2011 03:55:20 +0000 (13:55 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 19 Jul 2011 23:17:14 +0000 (09:17 +1000)
This will allow the source3 auth code to call this without needing to
double-parse the SIDs

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
auth/auth_sam_reply.c
auth/auth_sam_reply.h
source3/auth/auth_util.c
source4/auth/gensec/gensec_krb5.c
source4/auth/ntlm/auth_winbind.c
source4/torture/auth/pac.c
source4/torture/rpc/remote_pac.c

index 5cd4530..1644278 100644 (file)
@@ -174,6 +174,53 @@ NTSTATUS auth_convert_user_info_dc_saminfo3(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
+/**
+ * Make a user_info struct from the info3 or similar returned by a domain logon.
+ *
+ * The netr_SamInfo3 is also a key structure in the source3 auth subsystem
+ */
+
+NTSTATUS make_user_info_SamBaseInfo(TALLOC_CTX *mem_ctx,
+                                   const char *account_name,
+                                   struct netr_SamBaseInfo *base,
+                                   bool authenticated,
+                                   struct auth_user_info **_user_info)
+{
+       struct auth_user_info *info;
+
+       info = talloc_zero(mem_ctx, struct auth_user_info);
+       NT_STATUS_HAVE_NO_MEMORY(info);
+
+       if (base->account_name.string) {
+               info->account_name = talloc_reference(info, base->account_name.string);
+       } else {
+               info->account_name = talloc_strdup(info, account_name);
+               NT_STATUS_HAVE_NO_MEMORY(info->account_name);
+       }
+
+       info->domain_name = talloc_reference(info, base->domain.string);
+       info->full_name = talloc_reference(info, base->full_name.string);
+       info->logon_script = talloc_reference(info, base->logon_script.string);
+       info->profile_path = talloc_reference(info, base->profile_path.string);
+       info->home_directory = talloc_reference(info, base->home_directory.string);
+       info->home_drive = talloc_reference(info, base->home_drive.string);
+       info->logon_server = talloc_reference(info, base->logon_server.string);
+       info->last_logon = base->last_logon;
+       info->last_logoff = base->last_logoff;
+       info->acct_expiry = base->acct_expiry;
+       info->last_password_change = base->last_password_change;
+       info->allow_password_change = base->allow_password_change;
+       info->force_password_change = base->force_password_change;
+       info->logon_count = base->logon_count;
+       info->bad_password_count = base->bad_password_count;
+       info->acct_flags = base->acct_flags;
+
+       info->authenticated = authenticated;
+
+       *_user_info = info;
+       return NT_STATUS_OK;
+}
+
 /**
  * Make a user_info_dc struct from the info3 returned by a domain logon
  */
@@ -181,10 +228,11 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
                                              const char *account_name,
                                              uint16_t validation_level,
                                              union netr_Validation *validation,
+                                              bool authenticated,
                                              struct auth_user_info_dc **_user_info_dc)
 {
+       NTSTATUS status;
        struct auth_user_info_dc *user_info_dc;
-       struct auth_user_info *info;
        struct netr_SamBaseInfo *base = NULL;
        uint32_t i;
 
@@ -287,35 +335,11 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
                /* Where are the 'global' sids?... */
        }
 
-       user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
-       NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
-
-       if (base->account_name.string) {
-               info->account_name = talloc_reference(info, base->account_name.string);
-       } else {
-               info->account_name = talloc_strdup(info, account_name);
-               NT_STATUS_HAVE_NO_MEMORY(info->account_name);
+       status = make_user_info_SamBaseInfo(user_info_dc, account_name, base, authenticated, &user_info_dc->info);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
        }
 
-       info->domain_name = talloc_reference(info, base->domain.string);
-       info->full_name = talloc_reference(info, base->full_name.string);
-       info->logon_script = talloc_reference(info, base->logon_script.string);
-       info->profile_path = talloc_reference(info, base->profile_path.string);
-       info->home_directory = talloc_reference(info, base->home_directory.string);
-       info->home_drive = talloc_reference(info, base->home_drive.string);
-       info->logon_server = talloc_reference(info, base->logon_server.string);
-       info->last_logon = base->last_logon;
-       info->last_logoff = base->last_logoff;
-       info->acct_expiry = base->acct_expiry;
-       info->last_password_change = base->last_password_change;
-       info->allow_password_change = base->allow_password_change;
-       info->force_password_change = base->force_password_change;
-       info->logon_count = base->logon_count;
-       info->bad_password_count = base->bad_password_count;
-       info->acct_flags = base->acct_flags;
-
-       info->authenticated = true;
-
        /* ensure we are never given NULL session keys */
 
        if (all_zero(base->key.key, sizeof(base->key.key))) {
@@ -350,7 +374,9 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
 
        validation.sam3 = &pac_logon_info->info3;
 
-       nt_status = make_user_info_dc_netlogon_validation(mem_ctx, "", 3, &validation, &user_info_dc);
+       nt_status = make_user_info_dc_netlogon_validation(mem_ctx, "", 3, &validation,
+                                                         true, /* This user was authenticated */
+                                                         &user_info_dc);
        if (!NT_STATUS_IS_OK(nt_status)) {
                return nt_status;
        }
index bd92872..c782c1c 100644 (file)
 
 /* The following definitions come from auth/auth_sam_reply.c  */
 
+NTSTATUS make_user_info_SamBaseInfo(TALLOC_CTX *mem_ctx,
+                                   const char *account_name,
+                                   struct netr_SamBaseInfo *base,
+                                   bool authenticated,
+                                   struct auth_user_info **_user_info);
+
 NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
                                              struct auth_user_info_dc *user_info_dc,
                                              struct netr_SamBaseInfo **_sam);
@@ -46,6 +52,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
                                              const char *account_name,
                                              uint16_t validation_level,
                                              union netr_Validation *validation,
+                                              bool authenticated,
                                              struct auth_user_info_dc **_user_info_dc);
 
 /**
index 0ef7df8..0627911 100644 (file)
@@ -465,8 +465,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
        struct dom_sid tmp_sid;
        struct auth_session_info *session_info;
        struct wbcUnixId *ids;
-       struct auth_user_info_dc *user_info_dc;
-       union netr_Validation val;
 
        /* Ensure we can't possible take a code path leading to a
         * null defref. */
@@ -547,22 +545,16 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
                return NT_STATUS_OK;
        }
 
-       val.sam3 = server_info->info3;
-
-       /* Convert into something we can build a struct
-        * auth_session_info from.  Most of the work here
-        * will be to convert the SIDS, which we will then ignore, but
-        * this is the easier way to handle it */
-       status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc);
+       /* We need to populate session_info->info with the information found in server_info->info3 */
+       status = make_user_info_SamBaseInfo(session_info, "", &server_info->info3->base,
+                                           server_info->guest == false,
+                                           &session_info->info);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));
+               DEBUG(0, ("conversion of info3 into auth_user_info failed!\n"));
                TALLOC_FREE(session_info);
                return status;
        }
 
-       session_info->info = talloc_move(session_info, &user_info_dc->info);
-       talloc_free(user_info_dc);
-
        /*
         * If winbind is not around, we can not make much use of the SIDs the
         * domain controller provided us with. Likewise if the user name was
index c3e3b98..d47bc77 100644 (file)
@@ -714,6 +714,7 @@ static NTSTATUS gensec_krb5_session_info(struct gensec_security *gensec_security
                nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
                                                                 NULL,
                                                                 3, &validation,
+                                                                 true, /* This user was authenticated */
                                                                 &user_info_dc);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        free(principal_string);
index da152e7..63827ef 100644 (file)
@@ -220,6 +220,7 @@ static NTSTATUS winbind_check_password(struct auth_method_context *ctx,
                                                      user_info->client.account_name,
                                                      s->req.in.validation_level,
                                                      &s->req.out.validation,
+                                                      true, /* This user was authenticated */
                                                      user_info_dc);
        NT_STATUS_NOT_OK_RETURN(status);
 
@@ -304,8 +305,10 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
 
        validation.sam3 = &info3;
        nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
-                                       user_info->client.account_name,
-                                       3, &validation, user_info_dc);
+                                                         user_info->client.account_name,
+                                                         3, &validation,
+                                                         true, /* This user was authenticated */
+                                                         user_info_dc);
        return nt_status;
 
 }
index f09e039..4840a79 100644 (file)
@@ -223,7 +223,8 @@ static bool torture_pac_self_check(struct torture_context *tctx)
        nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
                                                         "",
                                                         3, &validation,
-                                                        &user_info_dc_out);
+                                                         true, /* This user was authenticated */
+                                                &user_info_dc_out);
        if (!NT_STATUS_IS_OK(nt_status)) {
                torture_fail(tctx, 
                             talloc_asprintf(tctx, 
@@ -487,6 +488,7 @@ static bool torture_pac_saved_check(struct torture_context *tctx)
        nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
                                                         "",
                                                         3, &validation,
+                                                         true, /* This user was authenticated */
                                                         &user_info_dc_out);
        if (!NT_STATUS_IS_OK(nt_status)) {
                krb5_free_keyblock_contents(smb_krb5_context->krb5_context, 
index 7091278..37fb8af 100644 (file)
@@ -598,6 +598,7 @@ static bool test_S2U4Self(struct torture_context *tctx,
                                                      ninfo.identity_info.account_name.string,
                                                      r.in.validation_level,
                                                      r.out.validation,
+                                                         true, /* This user was authenticated */
                                                      &netlogon_user_info_dc);
 
        torture_assert_ntstatus_ok(tctx, status, "make_user_info_dc_netlogon_validation failed");