From: Gary Lockyer <gary@catalyst.net.nz>
Date: Fri, 1 Feb 2019 00:46:01 +0000 (+1300)
Subject: kdc hdb: Generate and pass logon ID
X-Git-Tag: ldb-1.6.1~65
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=e8e4f35bb1d7328ef7871c02d7fbb78d970fa71d

kdc hdb: Generate and pass logon ID

Generate and pass the logon_id in SamLogon calls

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 638179e8806..c42d742a50f 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -361,7 +361,7 @@ static void send_bad_password_netlogon(TALLOC_CTX *mem_ctx,
 
 	identity_info->domain_name.string = user_info->mapped.domain_name;
 	identity_info->parameter_control = user_info->logon_parameters; /* TODO */
-	identity_info->logon_id = 0;
+	identity_info->logon_id = user_info->logon_id;
 	identity_info->account_name.string = user_info->mapped.account_name;
 	identity_info->workstation.string
 		= talloc_asprintf(identity_info, "krb5-bad-pw on RODC from %s",
@@ -396,6 +396,7 @@ static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db,
 									struct samba_kdc_db_context);
 
 	struct ldb_dn *domain_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
+	uint64_t logon_id = generate_random_u64();
 
 	/*
 	 * Forcing this via the NTLM auth structure is not ideal, but
@@ -411,7 +412,8 @@ static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db,
 		},
 		.service_description = "Kerberos KDC",
 		.auth_description = "ENC-TS Pre-authentication",
-		.password_type = auth_type
+		.password_type = auth_type,
+		.logon_id = logon_id
 	};
 
 	size_t sa_socklen = 0;