kdc hdb: Generate and pass logon ID

Generate and pass the logon_id in SamLogon calls

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 638179e880605b6c672b6efefb5092c7eb975407..c42d742a50facac8564fb146d8da4afc582c9775 100644 (file)
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -361,7 +361,7 @@ static void send_bad_password_netlogon(TALLOC_CTX *mem_ctx,
 
        identity_info->domain_name.string = user_info->mapped.domain_name;
        identity_info->parameter_control = user_info->logon_parameters; /* TODO */
-       identity_info->logon_id = 0;
+       identity_info->logon_id = user_info->logon_id;
        identity_info->account_name.string = user_info->mapped.account_name;
        identity_info->workstation.string
                = talloc_asprintf(identity_info, "krb5-bad-pw on RODC from %s",
@@ -396,6 +396,7 @@ static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db,
                                                                        struct samba_kdc_db_context);
 
        struct ldb_dn *domain_dn = ldb_get_default_basedn(kdc_db_ctx->samdb);
+       uint64_t logon_id = generate_random_u64();
 
        /*
         * Forcing this via the NTLM auth structure is not ideal, but
@@ -411,7 +412,8 @@ static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db,
                },
                .service_description = "Kerberos KDC",
                .auth_description = "ENC-TS Pre-authentication",
-               .password_type = auth_type
+               .password_type = auth_type,
+               .logon_id = logon_id
        };
 
        size_t sa_socklen = 0;