216e5e32d7d0c4c34436e5ed811db1cf98471bab
[kai/samba.git] / source3 / auth / server_info.c
1 /*
2    Unix SMB/CIFS implementation.
3    Authentication utility functions
4    Copyright (C) Volker Lendecke 2010
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "auth.h"
22 #include "../lib/crypto/arcfour.h"
23 #include "../librpc/gen_ndr/netlogon.h"
24 #include "../libcli/security/security.h"
25 #include "rpc_client/util_netlogon.h"
26 #include "nsswitch/libwbclient/wbclient.h"
27 #include "passdb.h"
28
29 #undef DBGC_CLASS
30 #define DBGC_CLASS DBGC_AUTH
31
32 /***************************************************************************
33  Make a server_info struct. Free with TALLOC_FREE().
34 ***************************************************************************/
35
36 struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
37 {
38         struct auth_serversupplied_info *result;
39
40         result = talloc_zero(mem_ctx, struct auth_serversupplied_info);
41         if (result == NULL) {
42                 DEBUG(0, ("talloc failed\n"));
43                 return NULL;
44         }
45
46         /* Initialise the uid and gid values to something non-zero
47            which may save us from giving away root access if there
48            is a bug in allocating these fields. */
49
50         result->utok.uid = -1;
51         result->utok.gid = -1;
52
53         return result;
54 }
55
56 /****************************************************************************
57  inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
58  already be initialized and is used as the talloc parent for its members.
59 *****************************************************************************/
60
61 NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
62                                 uint8_t *pipe_session_key,
63                                 size_t pipe_session_key_len,
64                                 struct netr_SamInfo2 *sam2)
65 {
66         struct netr_SamInfo3 *info3;
67
68         info3 = copy_netr_SamInfo3(sam2, server_info->info3);
69         if (!info3) {
70                 return NT_STATUS_NO_MEMORY;
71         }
72
73         if (server_info->session_key.length) {
74                 memcpy(info3->base.key.key,
75                        server_info->session_key.data,
76                        MIN(sizeof(info3->base.key.key),
77                            server_info->session_key.length));
78                 if (pipe_session_key) {
79                         arcfour_crypt(info3->base.key.key,
80                                       pipe_session_key, 16);
81                 }
82         }
83         if (server_info->lm_session_key.length) {
84                 memcpy(info3->base.LMSessKey.key,
85                        server_info->lm_session_key.data,
86                        MIN(sizeof(info3->base.LMSessKey.key),
87                            server_info->lm_session_key.length));
88                 if (pipe_session_key) {
89                         arcfour_crypt(info3->base.LMSessKey.key,
90                                       pipe_session_key, 8);
91                 }
92         }
93
94         sam2->base = info3->base;
95
96         return NT_STATUS_OK;
97 }
98
99 /****************************************************************************
100  inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
101  already be initialized and is used as the talloc parent for its members.
102 *****************************************************************************/
103
104 NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
105                                 uint8_t *pipe_session_key,
106                                 size_t pipe_session_key_len,
107                                 struct netr_SamInfo3 *sam3)
108 {
109         struct netr_SamInfo3 *info3;
110
111         info3 = copy_netr_SamInfo3(sam3, server_info->info3);
112         if (!info3) {
113                 return NT_STATUS_NO_MEMORY;
114         }
115
116         if (server_info->session_key.length) {
117                 memcpy(info3->base.key.key,
118                        server_info->session_key.data,
119                        MIN(sizeof(info3->base.key.key),
120                            server_info->session_key.length));
121                 if (pipe_session_key) {
122                         arcfour_crypt(info3->base.key.key,
123                                       pipe_session_key, 16);
124                 }
125         }
126         if (server_info->lm_session_key.length) {
127                 memcpy(info3->base.LMSessKey.key,
128                        server_info->lm_session_key.data,
129                        MIN(sizeof(info3->base.LMSessKey.key),
130                            server_info->lm_session_key.length));
131                 if (pipe_session_key) {
132                         arcfour_crypt(info3->base.LMSessKey.key,
133                                       pipe_session_key, 8);
134                 }
135         }
136
137         sam3->base = info3->base;
138
139         sam3->sidcount          = 0;
140         sam3->sids              = NULL;
141
142         return NT_STATUS_OK;
143 }
144
145 /****************************************************************************
146  inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must
147  already be initialized and is used as the talloc parent for its members.
148 *****************************************************************************/
149
150 NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
151                                 uint8_t *pipe_session_key,
152                                 size_t pipe_session_key_len,
153                                 struct netr_SamInfo6 *sam6)
154 {
155         struct pdb_domain_info *dominfo;
156         struct netr_SamInfo3 *info3;
157
158         if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
159                 DEBUG(10,("Not adding validation info level 6 "
160                            "without ADS passdb backend\n"));
161                 return NT_STATUS_INVALID_INFO_CLASS;
162         }
163
164         dominfo = pdb_get_domain_info(sam6);
165         if (dominfo == NULL) {
166                 return NT_STATUS_NO_MEMORY;
167         }
168
169         info3 = copy_netr_SamInfo3(sam6, server_info->info3);
170         if (!info3) {
171                 return NT_STATUS_NO_MEMORY;
172         }
173
174         if (server_info->session_key.length) {
175                 memcpy(info3->base.key.key,
176                        server_info->session_key.data,
177                        MIN(sizeof(info3->base.key.key),
178                            server_info->session_key.length));
179                 if (pipe_session_key) {
180                         arcfour_crypt(info3->base.key.key,
181                                       pipe_session_key, 16);
182                 }
183         }
184         if (server_info->lm_session_key.length) {
185                 memcpy(info3->base.LMSessKey.key,
186                        server_info->lm_session_key.data,
187                        MIN(sizeof(info3->base.LMSessKey.key),
188                            server_info->lm_session_key.length));
189                 if (pipe_session_key) {
190                         arcfour_crypt(info3->base.LMSessKey.key,
191                                       pipe_session_key, 8);
192                 }
193         }
194
195         sam6->base = info3->base;
196
197         sam6->sidcount          = 0;
198         sam6->sids              = NULL;
199
200         sam6->dns_domainname.string = talloc_strdup(sam6, dominfo->dns_domain);
201         if (sam6->dns_domainname.string == NULL) {
202                 return NT_STATUS_NO_MEMORY;
203         }
204
205         sam6->principle.string  = talloc_asprintf(sam6, "%s@%s",
206                                                   sam6->base.account_name.string,
207                                                   sam6->dns_domainname.string);
208         if (sam6->principle.string == NULL) {
209                 return NT_STATUS_NO_MEMORY;
210         }
211
212         return NT_STATUS_OK;
213 }
214
215 static NTSTATUS append_netr_SidAttr(TALLOC_CTX *mem_ctx,
216                                     struct netr_SidAttr **sids,
217                                     uint32_t *count,
218                                     const struct dom_sid2 *asid,
219                                     uint32_t attributes)
220 {
221         uint32_t t = *count;
222
223         *sids = talloc_realloc(mem_ctx, *sids, struct netr_SidAttr, t + 1);
224         if (*sids == NULL) {
225                 return NT_STATUS_NO_MEMORY;
226         }
227         (*sids)[t].sid = dom_sid_dup(*sids, asid);
228         if ((*sids)[t].sid == NULL) {
229                 return NT_STATUS_NO_MEMORY;
230         }
231         (*sids)[t].attributes = attributes;
232         *count = t + 1;
233
234         return NT_STATUS_OK;
235 }
236
237 /* Fills the samr_RidWithAttributeArray with the provided sids.
238  * If it happens that we have additional groups that do not belong
239  * to the domain, add their sids as extra sids */
240 static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3,
241                                     const struct dom_sid *sids,
242                                     size_t num_sids)
243 {
244         uint32_t attributes = SE_GROUP_MANDATORY |
245                                 SE_GROUP_ENABLED_BY_DEFAULT |
246                                 SE_GROUP_ENABLED;
247         struct samr_RidWithAttributeArray *groups;
248         struct dom_sid *domain_sid;
249         unsigned int i;
250         NTSTATUS status;
251         uint32_t rid;
252         bool ok;
253
254         domain_sid = info3->base.domain_sid;
255         groups = &info3->base.groups;
256
257         groups->rids = talloc_array(info3,
258                                     struct samr_RidWithAttribute, num_sids);
259         if (!groups->rids) {
260                 return NT_STATUS_NO_MEMORY;
261         }
262
263         for (i = 0; i < num_sids; i++) {
264                 ok = sid_peek_check_rid(domain_sid, &sids[i], &rid);
265                 if (ok) {
266                         /* store domain group rid */
267                         groups->rids[groups->count].rid = rid;
268                         groups->rids[groups->count].attributes = attributes;
269                         groups->count++;
270                         continue;
271                 }
272
273                 /* if this wasn't a domain sid, add it as extra sid */
274                 status = append_netr_SidAttr(info3, &info3->sids,
275                                              &info3->sidcount,
276                                              &sids[i], attributes);
277                 if (!NT_STATUS_IS_OK(status)) {
278                         return status;
279                 }
280         }
281
282         return NT_STATUS_OK;
283 }
284
285 #define RET_NOMEM(ptr) do { \
286         if (!ptr) { \
287                 TALLOC_FREE(info3); \
288                 return NT_STATUS_NO_MEMORY; \
289         } } while(0)
290
291 NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
292                           struct samu *samu,
293                           const char *login_server,
294                           struct netr_SamInfo3 **_info3,
295                           struct extra_auth_info *extra)
296 {
297         struct netr_SamInfo3 *info3;
298         const struct dom_sid *user_sid;
299         const struct dom_sid *group_sid;
300         struct dom_sid domain_sid;
301         struct dom_sid *group_sids;
302         uint32_t num_group_sids = 0;
303         const char *tmp;
304         gid_t *gids;
305         NTSTATUS status;
306         bool ok;
307
308         user_sid = pdb_get_user_sid(samu);
309         group_sid = pdb_get_group_sid(samu);
310
311         if (!user_sid || !group_sid) {
312                 DEBUG(1, ("Sam account is missing sids!\n"));
313                 return NT_STATUS_UNSUCCESSFUL;
314         }
315
316         info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
317         if (!info3) {
318                 return NT_STATUS_NO_MEMORY;
319         }
320
321         ZERO_STRUCT(domain_sid);
322
323         /* check if this is a "Unix Users" domain user,
324          * we need to handle it in a special way if that's the case */
325         if (sid_check_is_in_unix_users(user_sid)) {
326                 /* in info3 you can only set rids for the user and the
327                  * primary group, and the domain sid must be that of
328                  * the sam domain.
329                  *
330                  * Store a completely bogus value here.
331                  * The real SID is stored in the extra sids.
332                  * Other code will know to look there if (-1) is found
333                  */
334                 info3->base.rid = (uint32_t)(-1);
335                 sid_copy(&extra->user_sid, user_sid);
336
337                 DEBUG(10, ("Unix User found in struct samu. Rid marked as "
338                            "special and sid (%s) saved as extra sid\n",
339                            sid_string_dbg(user_sid)));
340         } else {
341                 sid_copy(&domain_sid, user_sid);
342                 sid_split_rid(&domain_sid, &info3->base.rid);
343         }
344
345         if (is_null_sid(&domain_sid)) {
346                 sid_copy(&domain_sid, get_global_sam_sid());
347         }
348
349         /* check if this is a "Unix Groups" domain group,
350          * if so we need special handling */
351         if (sid_check_is_in_unix_groups(group_sid)) {
352                 /* in info3 you can only set rids for the user and the
353                  * primary group, and the domain sid must be that of
354                  * the sam domain.
355                  *
356                  * Store a completely bogus value here.
357                  * The real SID is stored in the extra sids.
358                  * Other code will know to look there if (-1) is found
359                  */
360                 info3->base.primary_gid = (uint32_t)(-1);
361                 sid_copy(&extra->pgid_sid, group_sid);
362
363                 DEBUG(10, ("Unix Group found in struct samu. Rid marked as "
364                            "special and sid (%s) saved as extra sid\n",
365                            sid_string_dbg(group_sid)));
366
367         } else {
368                 ok = sid_peek_check_rid(&domain_sid, group_sid,
369                                         &info3->base.primary_gid);
370                 if (!ok) {
371                         DEBUG(1, ("The primary group domain sid(%s) does not "
372                                   "match the domain sid(%s) for %s(%s)\n",
373                                   sid_string_dbg(group_sid),
374                                   sid_string_dbg(&domain_sid),
375                                   pdb_get_username(samu),
376                                   sid_string_dbg(user_sid)));
377                         TALLOC_FREE(info3);
378                         return NT_STATUS_UNSUCCESSFUL;
379                 }
380         }
381
382         unix_to_nt_time(&info3->base.logon_time, pdb_get_logon_time(samu));
383         unix_to_nt_time(&info3->base.logoff_time, get_time_t_max());
384         unix_to_nt_time(&info3->base.kickoff_time, get_time_t_max());
385         unix_to_nt_time(&info3->base.last_password_change,
386                         pdb_get_pass_last_set_time(samu));
387         unix_to_nt_time(&info3->base.allow_password_change,
388                         pdb_get_pass_can_change_time(samu));
389         unix_to_nt_time(&info3->base.force_password_change,
390                         pdb_get_pass_must_change_time(samu));
391
392         tmp = pdb_get_username(samu);
393         if (tmp) {
394                 info3->base.account_name.string = talloc_strdup(info3, tmp);
395                 RET_NOMEM(info3->base.account_name.string);
396         }
397         tmp = pdb_get_fullname(samu);
398         if (tmp) {
399                 info3->base.full_name.string = talloc_strdup(info3, tmp);
400                 RET_NOMEM(info3->base.full_name.string);
401         }
402         tmp = pdb_get_logon_script(samu);
403         if (tmp) {
404                 info3->base.logon_script.string = talloc_strdup(info3, tmp);
405                 RET_NOMEM(info3->base.logon_script.string);
406         }
407         tmp = pdb_get_profile_path(samu);
408         if (tmp) {
409                 info3->base.profile_path.string = talloc_strdup(info3, tmp);
410                 RET_NOMEM(info3->base.profile_path.string);
411         }
412         tmp = pdb_get_homedir(samu);
413         if (tmp) {
414                 info3->base.home_directory.string = talloc_strdup(info3, tmp);
415                 RET_NOMEM(info3->base.home_directory.string);
416         }
417         tmp = pdb_get_dir_drive(samu);
418         if (tmp) {
419                 info3->base.home_drive.string = talloc_strdup(info3, tmp);
420                 RET_NOMEM(info3->base.home_drive.string);
421         }
422
423         info3->base.logon_count = pdb_get_logon_count(samu);
424         info3->base.bad_password_count = pdb_get_bad_password_count(samu);
425
426         info3->base.logon_domain.string = talloc_strdup(info3,
427                                                   pdb_get_domain(samu));
428         RET_NOMEM(info3->base.logon_domain.string);
429
430         info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
431         RET_NOMEM(info3->base.domain_sid);
432
433         status = pdb_enum_group_memberships(mem_ctx, samu,
434                                             &group_sids, &gids,
435                                             &num_group_sids);
436         if (!NT_STATUS_IS_OK(status)) {
437                 DEBUG(1, ("Failed to get groups from sam account.\n"));
438                 TALLOC_FREE(info3);
439                 return status;
440         }
441
442         if (num_group_sids) {
443                 status = group_sids_to_info3(info3, group_sids, num_group_sids);
444                 if (!NT_STATUS_IS_OK(status)) {
445                         TALLOC_FREE(info3);
446                         return status;
447                 }
448         }
449
450         /* We don't need sids and gids after the conversion */
451         TALLOC_FREE(group_sids);
452         TALLOC_FREE(gids);
453         num_group_sids = 0;
454
455         /* FIXME: should we add other flags ? */
456         info3->base.user_flags = NETLOGON_EXTRA_SIDS;
457
458         if (login_server) {
459                 info3->base.logon_server.string = talloc_strdup(info3, login_server);
460                 RET_NOMEM(info3->base.logon_server.string);
461         }
462
463         info3->base.acct_flags = pdb_get_acct_ctrl(samu);
464
465         *_info3 = info3;
466         return NT_STATUS_OK;
467 }
468
469 #undef RET_NOMEM
470
471 #define RET_NOMEM(ptr) do { \
472         if (!ptr) { \
473                 TALLOC_FREE(info3); \
474                 return NULL; \
475         } } while(0)
476
477 struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
478                                          struct netr_SamInfo3 *orig)
479 {
480         struct netr_SamInfo3 *info3;
481         unsigned int i;
482         NTSTATUS status;
483
484         info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
485         if (!info3) return NULL;
486
487         status = copy_netr_SamBaseInfo(info3, &orig->base, &info3->base);
488         if (!NT_STATUS_IS_OK(status)) {
489                 TALLOC_FREE(info3);
490                 return NULL;
491         }
492
493         if (orig->sidcount) {
494                 info3->sidcount = orig->sidcount;
495                 info3->sids = talloc_array(info3, struct netr_SidAttr,
496                                            orig->sidcount);
497                 RET_NOMEM(info3->sids);
498                 for (i = 0; i < orig->sidcount; i++) {
499                         info3->sids[i].sid = dom_sid_dup(info3->sids,
500                                                             orig->sids[i].sid);
501                         RET_NOMEM(info3->sids[i].sid);
502                         info3->sids[i].attributes =
503                                 orig->sids[i].attributes;
504                 }
505         }
506
507         return info3;
508 }
509
510 static NTSTATUS wbcsids_to_samr_RidWithAttributeArray(
511                                 TALLOC_CTX *mem_ctx,
512                                 struct samr_RidWithAttributeArray *groups,
513                                 const struct dom_sid *domain_sid,
514                                 const struct wbcSidWithAttr *sids,
515                                 size_t num_sids)
516 {
517         unsigned int i, j = 0;
518         bool ok;
519
520         groups->rids = talloc_array(mem_ctx,
521                                     struct samr_RidWithAttribute, num_sids);
522         if (!groups->rids) {
523                 return NT_STATUS_NO_MEMORY;
524         }
525
526         /* a wbcDomainSid is the same as a dom_sid */
527         for (i = 0; i < num_sids; i++) {
528                 ok = sid_peek_check_rid(domain_sid,
529                                         (const struct dom_sid *)&sids[i].sid,
530                                         &groups->rids[j].rid);
531                 if (!ok) continue;
532
533                 groups->rids[j].attributes = SE_GROUP_MANDATORY |
534                                              SE_GROUP_ENABLED_BY_DEFAULT |
535                                              SE_GROUP_ENABLED;
536                 j++;
537         }
538
539         groups->count = j;
540         return NT_STATUS_OK;
541 }
542
543 static NTSTATUS wbcsids_to_netr_SidAttrArray(
544                                 const struct dom_sid *domain_sid,
545                                 const struct wbcSidWithAttr *sids,
546                                 size_t num_sids,
547                                 TALLOC_CTX *mem_ctx,
548                                 struct netr_SidAttr **_info3_sids,
549                                 uint32_t *info3_num_sids)
550 {
551         unsigned int i, j = 0;
552         struct netr_SidAttr *info3_sids;
553
554         info3_sids = talloc_array(mem_ctx, struct netr_SidAttr, num_sids);
555         if (info3_sids == NULL) {
556                 return NT_STATUS_NO_MEMORY;
557         }
558
559         /* a wbcDomainSid is the same as a dom_sid */
560         for (i = 0; i < num_sids; i++) {
561                 const struct dom_sid *sid;
562
563                 sid = (const struct dom_sid *)&sids[i].sid;
564
565                 if (dom_sid_in_domain(domain_sid, sid)) {
566                         continue;
567                 }
568
569                 info3_sids[j].sid = dom_sid_dup(info3_sids, sid);
570                 if (info3_sids[j].sid == NULL) {
571                         talloc_free(info3_sids);
572                         return NT_STATUS_NO_MEMORY;
573                 }
574                 info3_sids[j].attributes = SE_GROUP_MANDATORY |
575                                            SE_GROUP_ENABLED_BY_DEFAULT |
576                                            SE_GROUP_ENABLED;
577                 j++;
578         }
579
580         *info3_num_sids = j;
581         *_info3_sids = info3_sids;
582         return NT_STATUS_OK;
583 }
584
585 struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
586                                         const struct wbcAuthUserInfo *info)
587 {
588         struct netr_SamInfo3 *info3;
589         struct dom_sid user_sid;
590         struct dom_sid group_sid;
591         struct dom_sid domain_sid;
592         NTSTATUS status;
593         bool ok;
594
595         memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
596         memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
597
598         info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
599         if (!info3) return NULL;
600
601         info3->base.logon_time = info->logon_time;
602         info3->base.logoff_time = info->logoff_time;
603         info3->base.kickoff_time = info->kickoff_time;
604         unix_to_nt_time(&info3->base.last_password_change, info->pass_last_set_time);
605         unix_to_nt_time(&info3->base.allow_password_change,
606                         info->pass_can_change_time);
607         unix_to_nt_time(&info3->base.force_password_change,
608                         info->pass_must_change_time);
609
610         if (info->account_name) {
611                 info3->base.account_name.string =
612                                 talloc_strdup(info3, info->account_name);
613                 RET_NOMEM(info3->base.account_name.string);
614         }
615         if (info->full_name) {
616                 info3->base.full_name.string =
617                                 talloc_strdup(info3, info->full_name);
618                 RET_NOMEM(info3->base.full_name.string);
619         }
620         if (info->logon_script) {
621                 info3->base.logon_script.string =
622                                 talloc_strdup(info3, info->logon_script);
623                 RET_NOMEM(info3->base.logon_script.string);
624         }
625         if (info->profile_path) {
626                 info3->base.profile_path.string =
627                                 talloc_strdup(info3, info->profile_path);
628                 RET_NOMEM(info3->base.profile_path.string);
629         }
630         if (info->home_directory) {
631                 info3->base.home_directory.string =
632                                 talloc_strdup(info3, info->home_directory);
633                 RET_NOMEM(info3->base.home_directory.string);
634         }
635         if (info->home_drive) {
636                 info3->base.home_drive.string =
637                                 talloc_strdup(info3, info->home_drive);
638                 RET_NOMEM(info3->base.home_drive.string);
639         }
640
641         info3->base.logon_count = info->logon_count;
642         info3->base.bad_password_count = info->bad_password_count;
643
644         sid_copy(&domain_sid, &user_sid);
645         sid_split_rid(&domain_sid, &info3->base.rid);
646
647         ok = sid_peek_check_rid(&domain_sid, &group_sid,
648                                 &info3->base.primary_gid);
649         if (!ok) {
650                 DEBUG(1, ("The primary group sid domain does not"
651                           "match user sid domain for user: %s\n",
652                           info->account_name));
653                 TALLOC_FREE(info3);
654                 return NULL;
655         }
656
657         status = wbcsids_to_samr_RidWithAttributeArray(info3,
658                                                        &info3->base.groups,
659                                                        &domain_sid,
660                                                        &info->sids[1],
661                                                        info->num_sids - 1);
662         if (!NT_STATUS_IS_OK(status)) {
663                 TALLOC_FREE(info3);
664                 return NULL;
665         }
666
667         status = wbcsids_to_netr_SidAttrArray(&domain_sid,
668                                               &info->sids[1],
669                                               info->num_sids - 1,
670                                               info3,
671                                               &info3->sids,
672                                               &info3->sidcount);
673         if (!NT_STATUS_IS_OK(status)) {
674                 TALLOC_FREE(info3);
675                 return NULL;
676         }
677
678         info3->base.user_flags = info->user_flags;
679         memcpy(info3->base.key.key, info->user_session_key, 16);
680
681         if (info->logon_server) {
682                 info3->base.logon_server.string =
683                                 talloc_strdup(info3, info->logon_server);
684                 RET_NOMEM(info3->base.logon_server.string);
685         }
686         if (info->domain_name) {
687                 info3->base.logon_domain.string =
688                                 talloc_strdup(info3, info->domain_name);
689                 RET_NOMEM(info3->base.logon_domain.string);
690         }
691
692         info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
693         RET_NOMEM(info3->base.domain_sid);
694
695         memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8);
696         info3->base.acct_flags = info->acct_flags;
697
698         return info3;
699 }