s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()

This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index c472d86d1ede16d88f9c48dd3fb8743a2d5a1ae4..fb486941697ccd9dffcefc1665924d6f476bda89 100644 (file)
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -123,6 +123,7 @@ struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
 NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
                                           const char *netbios_name,
                                           const char *domain_name,
+                                          const char *dns_domain_name,
                                           struct ldb_dn *domain_dn,
                                           struct ldb_message *msg,
                                           DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,

diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index b223706f884ccbc4e79f9c2eafd5ed1dc89345d0..449819329d051293306a27974a2a5f10c699abcf 100644 (file)
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -611,8 +611,10 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
                return nt_status;
        }
 
-       nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
+       nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx,
+                                            lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
                                             lpcfg_sam_name(ctx->auth_ctx->lp_ctx),
+                                            lpcfg_sam_dnsname(ctx->auth_ctx->lp_ctx),
                                             domain_dn,
                                             msg,
                                             user_sess_key, lm_sess_key,

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 56b64e50093b7d85ad1f4b14ba7f16e93d948591..759585ef49c5e3d33c04e951d904ed936a2b6574 100644 (file)
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -284,6 +284,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
                                           struct ldb_context *sam_ctx,
                                           const char *netbios_name,
                                           const char *domain_name,
+                                          const char *dns_domain_name,
                                           struct ldb_dn *domain_dn, 
                                           struct ldb_message *msg,
                                           DATA_BLOB user_sess_key,
@@ -401,12 +402,33 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
        info->account_name = talloc_steal(info,
                ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL));
 
+       info->user_principal_name = talloc_steal(info,
+               ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL));
+       if (info->user_principal_name == NULL && dns_domain_name != NULL) {
+               info->user_principal_name = talloc_asprintf(info, "%s@%s",
+                                       info->account_name,
+                                       dns_domain_name);
+               if (info->user_principal_name == NULL) {
+                       TALLOC_FREE(user_info_dc);
+                       return NT_STATUS_NO_MEMORY;
+               }
+               info->user_principal_constructed = true;
+       }
+
        info->domain_name = talloc_strdup(info, domain_name);
        if (info->domain_name == NULL) {
                TALLOC_FREE(user_info_dc);
                return NT_STATUS_NO_MEMORY;
        }
 
+       if (dns_domain_name != NULL) {
+               info->dns_domain_name = talloc_strdup(info, dns_domain_name);
+               if (info->dns_domain_name == NULL) {
+                       TALLOC_FREE(user_info_dc);
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+
        str = ldb_msg_find_attr_as_string(msg, "displayName", "");
        info->full_name = talloc_strdup(info, str);
        if (info->full_name == NULL) {
@@ -630,6 +652,7 @@ NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
        nt_status = authsam_make_user_info_dc(tmp_ctx, sam_ctx,
                                             lpcfg_netbios_name(lp_ctx),
                                             lpcfg_sam_name(lp_ctx),
+                                            lpcfg_sam_dnsname(lp_ctx),
                                             domain_dn,
                                             msg,
                                             user_sess_key, lm_sess_key,

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 04d516329da3f7df16c0a94ac37cc76d5e90956a..af77fd4ec64a0d8ea589e3a8eec2ea2ee634a28d 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -241,6 +241,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
        nt_status = authsam_make_user_info_dc(mem_ctx, p->kdc_db_ctx->samdb,
                                             lpcfg_netbios_name(p->kdc_db_ctx->lp_ctx),
                                             lpcfg_sam_name(p->kdc_db_ctx->lp_ctx),
+                                            lpcfg_sam_dnsname(p->kdc_db_ctx->lp_ctx),
                                             p->realm_dn,
                                             p->msg,
                                             data_blob(NULL, 0),