s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
[kai/samba.git] / source3 / auth / server_info.c
1 /*
2    Unix SMB/CIFS implementation.
3    Authentication utility functions
4    Copyright (C) Volker Lendecke 2010
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 3 of the License, or
9    (at your option) any later version.
10
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15
16    You should have received a copy of the GNU General Public License
17    along with this program.  If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "auth.h"
22 #include "../lib/crypto/arcfour.h"
23 #include "../librpc/gen_ndr/netlogon.h"
24 #include "../libcli/security/security.h"
25 #include "rpc_client/util_netlogon.h"
26 #include "nsswitch/libwbclient/wbclient.h"
27 #include "passdb.h"
28
29 #undef DBGC_CLASS
30 #define DBGC_CLASS DBGC_AUTH
31
32 /***************************************************************************
33  Make a server_info struct. Free with TALLOC_FREE().
34 ***************************************************************************/
35
36 struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
37 {
38         struct auth_serversupplied_info *result;
39
40         result = talloc_zero(mem_ctx, struct auth_serversupplied_info);
41         if (result == NULL) {
42                 DEBUG(0, ("talloc failed\n"));
43                 return NULL;
44         }
45
46         /* Initialise the uid and gid values to something non-zero
47            which may save us from giving away root access if there
48            is a bug in allocating these fields. */
49
50         result->utok.uid = -1;
51         result->utok.gid = -1;
52
53         return result;
54 }
55
56 /****************************************************************************
57  inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
58  already be initialized and is used as the talloc parent for its members.
59 *****************************************************************************/
60
61 NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
62                                 struct netr_SamInfo2 *sam2)
63 {
64         struct netr_SamInfo3 *info3;
65
66         info3 = copy_netr_SamInfo3(sam2, server_info->info3);
67         if (!info3) {
68                 return NT_STATUS_NO_MEMORY;
69         }
70
71         if (server_info->session_key.length) {
72                 memcpy(info3->base.key.key,
73                        server_info->session_key.data,
74                        MIN(sizeof(info3->base.key.key),
75                            server_info->session_key.length));
76         }
77         if (server_info->lm_session_key.length) {
78                 memcpy(info3->base.LMSessKey.key,
79                        server_info->lm_session_key.data,
80                        MIN(sizeof(info3->base.LMSessKey.key),
81                            server_info->lm_session_key.length));
82         }
83
84         sam2->base = info3->base;
85
86         return NT_STATUS_OK;
87 }
88
89 /****************************************************************************
90  inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
91  already be initialized and is used as the talloc parent for its members.
92 *****************************************************************************/
93
94 NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
95                                 struct netr_SamInfo3 *sam3)
96 {
97         struct netr_SamInfo3 *info3;
98
99         info3 = copy_netr_SamInfo3(sam3, server_info->info3);
100         if (!info3) {
101                 return NT_STATUS_NO_MEMORY;
102         }
103
104         if (server_info->session_key.length) {
105                 memcpy(info3->base.key.key,
106                        server_info->session_key.data,
107                        MIN(sizeof(info3->base.key.key),
108                            server_info->session_key.length));
109         }
110         if (server_info->lm_session_key.length) {
111                 memcpy(info3->base.LMSessKey.key,
112                        server_info->lm_session_key.data,
113                        MIN(sizeof(info3->base.LMSessKey.key),
114                            server_info->lm_session_key.length));
115         }
116
117         sam3->base = info3->base;
118
119         sam3->sidcount          = 0;
120         sam3->sids              = NULL;
121
122         return NT_STATUS_OK;
123 }
124
125 /****************************************************************************
126  inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must
127  already be initialized and is used as the talloc parent for its members.
128 *****************************************************************************/
129
130 NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
131                                 struct netr_SamInfo6 *sam6)
132 {
133         struct pdb_domain_info *dominfo;
134         struct netr_SamInfo3 *info3;
135
136         if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
137                 DEBUG(10,("Not adding validation info level 6 "
138                            "without ADS passdb backend\n"));
139                 return NT_STATUS_INVALID_INFO_CLASS;
140         }
141
142         dominfo = pdb_get_domain_info(sam6);
143         if (dominfo == NULL) {
144                 return NT_STATUS_NO_MEMORY;
145         }
146
147         info3 = copy_netr_SamInfo3(sam6, server_info->info3);
148         if (!info3) {
149                 return NT_STATUS_NO_MEMORY;
150         }
151
152         if (server_info->session_key.length) {
153                 memcpy(info3->base.key.key,
154                        server_info->session_key.data,
155                        MIN(sizeof(info3->base.key.key),
156                            server_info->session_key.length));
157         }
158         if (server_info->lm_session_key.length) {
159                 memcpy(info3->base.LMSessKey.key,
160                        server_info->lm_session_key.data,
161                        MIN(sizeof(info3->base.LMSessKey.key),
162                            server_info->lm_session_key.length));
163         }
164
165         sam6->base = info3->base;
166
167         sam6->sidcount          = 0;
168         sam6->sids              = NULL;
169
170         sam6->dns_domainname.string = talloc_strdup(sam6, dominfo->dns_domain);
171         if (sam6->dns_domainname.string == NULL) {
172                 return NT_STATUS_NO_MEMORY;
173         }
174
175         sam6->principle.string  = talloc_asprintf(sam6, "%s@%s",
176                                                   sam6->base.account_name.string,
177                                                   sam6->dns_domainname.string);
178         if (sam6->principle.string == NULL) {
179                 return NT_STATUS_NO_MEMORY;
180         }
181
182         return NT_STATUS_OK;
183 }
184
185 static NTSTATUS append_netr_SidAttr(TALLOC_CTX *mem_ctx,
186                                     struct netr_SidAttr **sids,
187                                     uint32_t *count,
188                                     const struct dom_sid2 *asid,
189                                     uint32_t attributes)
190 {
191         uint32_t t = *count;
192
193         *sids = talloc_realloc(mem_ctx, *sids, struct netr_SidAttr, t + 1);
194         if (*sids == NULL) {
195                 return NT_STATUS_NO_MEMORY;
196         }
197         (*sids)[t].sid = dom_sid_dup(*sids, asid);
198         if ((*sids)[t].sid == NULL) {
199                 return NT_STATUS_NO_MEMORY;
200         }
201         (*sids)[t].attributes = attributes;
202         *count = t + 1;
203
204         return NT_STATUS_OK;
205 }
206
207 /* Fills the samr_RidWithAttributeArray with the provided sids.
208  * If it happens that we have additional groups that do not belong
209  * to the domain, add their sids as extra sids */
210 static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3,
211                                     const struct dom_sid *sids,
212                                     size_t num_sids)
213 {
214         uint32_t attributes = SE_GROUP_MANDATORY |
215                                 SE_GROUP_ENABLED_BY_DEFAULT |
216                                 SE_GROUP_ENABLED;
217         struct samr_RidWithAttributeArray *groups;
218         struct dom_sid *domain_sid;
219         unsigned int i;
220         NTSTATUS status;
221         uint32_t rid;
222         bool ok;
223
224         domain_sid = info3->base.domain_sid;
225         groups = &info3->base.groups;
226
227         groups->rids = talloc_array(info3,
228                                     struct samr_RidWithAttribute, num_sids);
229         if (!groups->rids) {
230                 return NT_STATUS_NO_MEMORY;
231         }
232
233         for (i = 0; i < num_sids; i++) {
234                 ok = sid_peek_check_rid(domain_sid, &sids[i], &rid);
235                 if (ok) {
236                         /* store domain group rid */
237                         groups->rids[groups->count].rid = rid;
238                         groups->rids[groups->count].attributes = attributes;
239                         groups->count++;
240                         continue;
241                 }
242
243                 /* if this wasn't a domain sid, add it as extra sid */
244                 status = append_netr_SidAttr(info3, &info3->sids,
245                                              &info3->sidcount,
246                                              &sids[i], attributes);
247                 if (!NT_STATUS_IS_OK(status)) {
248                         return status;
249                 }
250         }
251
252         return NT_STATUS_OK;
253 }
254
255 #define RET_NOMEM(ptr) do { \
256         if (!ptr) { \
257                 TALLOC_FREE(info3); \
258                 return NT_STATUS_NO_MEMORY; \
259         } } while(0)
260
261 NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
262                           struct samu *samu,
263                           const char *login_server,
264                           struct netr_SamInfo3 **_info3,
265                           struct extra_auth_info *extra)
266 {
267         struct netr_SamInfo3 *info3;
268         const struct dom_sid *user_sid;
269         const struct dom_sid *group_sid;
270         struct dom_sid domain_sid;
271         struct dom_sid *group_sids;
272         uint32_t num_group_sids = 0;
273         const char *tmp;
274         gid_t *gids;
275         NTSTATUS status;
276         bool ok;
277
278         user_sid = pdb_get_user_sid(samu);
279         group_sid = pdb_get_group_sid(samu);
280
281         if (!user_sid || !group_sid) {
282                 DEBUG(1, ("Sam account is missing sids!\n"));
283                 return NT_STATUS_UNSUCCESSFUL;
284         }
285
286         info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
287         if (!info3) {
288                 return NT_STATUS_NO_MEMORY;
289         }
290
291         ZERO_STRUCT(domain_sid);
292
293         /* check if this is a "Unix Users" domain user,
294          * we need to handle it in a special way if that's the case */
295         if (sid_check_is_in_unix_users(user_sid)) {
296                 /* in info3 you can only set rids for the user and the
297                  * primary group, and the domain sid must be that of
298                  * the sam domain.
299                  *
300                  * Store a completely bogus value here.
301                  * The real SID is stored in the extra sids.
302                  * Other code will know to look there if (-1) is found
303                  */
304                 info3->base.rid = (uint32_t)(-1);
305                 sid_copy(&extra->user_sid, user_sid);
306
307                 DEBUG(10, ("Unix User found in struct samu. Rid marked as "
308                            "special and sid (%s) saved as extra sid\n",
309                            sid_string_dbg(user_sid)));
310         } else {
311                 sid_copy(&domain_sid, user_sid);
312                 sid_split_rid(&domain_sid, &info3->base.rid);
313         }
314
315         if (is_null_sid(&domain_sid)) {
316                 sid_copy(&domain_sid, get_global_sam_sid());
317         }
318
319         /* check if this is a "Unix Groups" domain group,
320          * if so we need special handling */
321         if (sid_check_is_in_unix_groups(group_sid)) {
322                 /* in info3 you can only set rids for the user and the
323                  * primary group, and the domain sid must be that of
324                  * the sam domain.
325                  *
326                  * Store a completely bogus value here.
327                  * The real SID is stored in the extra sids.
328                  * Other code will know to look there if (-1) is found
329                  */
330                 info3->base.primary_gid = (uint32_t)(-1);
331                 sid_copy(&extra->pgid_sid, group_sid);
332
333                 DEBUG(10, ("Unix Group found in struct samu. Rid marked as "
334                            "special and sid (%s) saved as extra sid\n",
335                            sid_string_dbg(group_sid)));
336
337         } else {
338                 ok = sid_peek_check_rid(&domain_sid, group_sid,
339                                         &info3->base.primary_gid);
340                 if (!ok) {
341                         DEBUG(1, ("The primary group domain sid(%s) does not "
342                                   "match the domain sid(%s) for %s(%s)\n",
343                                   sid_string_dbg(group_sid),
344                                   sid_string_dbg(&domain_sid),
345                                   pdb_get_username(samu),
346                                   sid_string_dbg(user_sid)));
347                         TALLOC_FREE(info3);
348                         return NT_STATUS_UNSUCCESSFUL;
349                 }
350         }
351
352         unix_to_nt_time(&info3->base.logon_time, pdb_get_logon_time(samu));
353         unix_to_nt_time(&info3->base.logoff_time, get_time_t_max());
354         unix_to_nt_time(&info3->base.kickoff_time, get_time_t_max());
355         unix_to_nt_time(&info3->base.last_password_change,
356                         pdb_get_pass_last_set_time(samu));
357         unix_to_nt_time(&info3->base.allow_password_change,
358                         pdb_get_pass_can_change_time(samu));
359         unix_to_nt_time(&info3->base.force_password_change,
360                         pdb_get_pass_must_change_time(samu));
361
362         tmp = pdb_get_username(samu);
363         if (tmp) {
364                 info3->base.account_name.string = talloc_strdup(info3, tmp);
365                 RET_NOMEM(info3->base.account_name.string);
366         }
367         tmp = pdb_get_fullname(samu);
368         if (tmp) {
369                 info3->base.full_name.string = talloc_strdup(info3, tmp);
370                 RET_NOMEM(info3->base.full_name.string);
371         }
372         tmp = pdb_get_logon_script(samu);
373         if (tmp) {
374                 info3->base.logon_script.string = talloc_strdup(info3, tmp);
375                 RET_NOMEM(info3->base.logon_script.string);
376         }
377         tmp = pdb_get_profile_path(samu);
378         if (tmp) {
379                 info3->base.profile_path.string = talloc_strdup(info3, tmp);
380                 RET_NOMEM(info3->base.profile_path.string);
381         }
382         tmp = pdb_get_homedir(samu);
383         if (tmp) {
384                 info3->base.home_directory.string = talloc_strdup(info3, tmp);
385                 RET_NOMEM(info3->base.home_directory.string);
386         }
387         tmp = pdb_get_dir_drive(samu);
388         if (tmp) {
389                 info3->base.home_drive.string = talloc_strdup(info3, tmp);
390                 RET_NOMEM(info3->base.home_drive.string);
391         }
392
393         info3->base.logon_count = pdb_get_logon_count(samu);
394         info3->base.bad_password_count = pdb_get_bad_password_count(samu);
395
396         info3->base.logon_domain.string = talloc_strdup(info3,
397                                                   pdb_get_domain(samu));
398         RET_NOMEM(info3->base.logon_domain.string);
399
400         info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
401         RET_NOMEM(info3->base.domain_sid);
402
403         status = pdb_enum_group_memberships(mem_ctx, samu,
404                                             &group_sids, &gids,
405                                             &num_group_sids);
406         if (!NT_STATUS_IS_OK(status)) {
407                 DEBUG(1, ("Failed to get groups from sam account.\n"));
408                 TALLOC_FREE(info3);
409                 return status;
410         }
411
412         if (num_group_sids) {
413                 status = group_sids_to_info3(info3, group_sids, num_group_sids);
414                 if (!NT_STATUS_IS_OK(status)) {
415                         TALLOC_FREE(info3);
416                         return status;
417                 }
418         }
419
420         /* We don't need sids and gids after the conversion */
421         TALLOC_FREE(group_sids);
422         TALLOC_FREE(gids);
423         num_group_sids = 0;
424
425         /* FIXME: should we add other flags ? */
426         info3->base.user_flags = NETLOGON_EXTRA_SIDS;
427
428         if (login_server) {
429                 info3->base.logon_server.string = talloc_strdup(info3, login_server);
430                 RET_NOMEM(info3->base.logon_server.string);
431         }
432
433         info3->base.acct_flags = pdb_get_acct_ctrl(samu);
434
435         *_info3 = info3;
436         return NT_STATUS_OK;
437 }
438
439 #undef RET_NOMEM
440
441 #define RET_NOMEM(ptr) do { \
442         if (!ptr) { \
443                 TALLOC_FREE(info3); \
444                 return NULL; \
445         } } while(0)
446
447 struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
448                                          struct netr_SamInfo3 *orig)
449 {
450         struct netr_SamInfo3 *info3;
451         unsigned int i;
452         NTSTATUS status;
453
454         info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
455         if (!info3) return NULL;
456
457         status = copy_netr_SamBaseInfo(info3, &orig->base, &info3->base);
458         if (!NT_STATUS_IS_OK(status)) {
459                 TALLOC_FREE(info3);
460                 return NULL;
461         }
462
463         if (orig->sidcount) {
464                 info3->sidcount = orig->sidcount;
465                 info3->sids = talloc_array(info3, struct netr_SidAttr,
466                                            orig->sidcount);
467                 RET_NOMEM(info3->sids);
468                 for (i = 0; i < orig->sidcount; i++) {
469                         info3->sids[i].sid = dom_sid_dup(info3->sids,
470                                                             orig->sids[i].sid);
471                         RET_NOMEM(info3->sids[i].sid);
472                         info3->sids[i].attributes =
473                                 orig->sids[i].attributes;
474                 }
475         }
476
477         return info3;
478 }
479
480 static NTSTATUS wbcsids_to_samr_RidWithAttributeArray(
481                                 TALLOC_CTX *mem_ctx,
482                                 struct samr_RidWithAttributeArray *groups,
483                                 const struct dom_sid *domain_sid,
484                                 const struct wbcSidWithAttr *sids,
485                                 size_t num_sids)
486 {
487         unsigned int i, j = 0;
488         bool ok;
489
490         groups->rids = talloc_array(mem_ctx,
491                                     struct samr_RidWithAttribute, num_sids);
492         if (!groups->rids) {
493                 return NT_STATUS_NO_MEMORY;
494         }
495
496         /* a wbcDomainSid is the same as a dom_sid */
497         for (i = 0; i < num_sids; i++) {
498                 ok = sid_peek_check_rid(domain_sid,
499                                         (const struct dom_sid *)&sids[i].sid,
500                                         &groups->rids[j].rid);
501                 if (!ok) continue;
502
503                 groups->rids[j].attributes = SE_GROUP_MANDATORY |
504                                              SE_GROUP_ENABLED_BY_DEFAULT |
505                                              SE_GROUP_ENABLED;
506                 j++;
507         }
508
509         groups->count = j;
510         return NT_STATUS_OK;
511 }
512
513 static NTSTATUS wbcsids_to_netr_SidAttrArray(
514                                 const struct dom_sid *domain_sid,
515                                 const struct wbcSidWithAttr *sids,
516                                 size_t num_sids,
517                                 TALLOC_CTX *mem_ctx,
518                                 struct netr_SidAttr **_info3_sids,
519                                 uint32_t *info3_num_sids)
520 {
521         unsigned int i, j = 0;
522         struct netr_SidAttr *info3_sids;
523
524         info3_sids = talloc_array(mem_ctx, struct netr_SidAttr, num_sids);
525         if (info3_sids == NULL) {
526                 return NT_STATUS_NO_MEMORY;
527         }
528
529         /* a wbcDomainSid is the same as a dom_sid */
530         for (i = 0; i < num_sids; i++) {
531                 const struct dom_sid *sid;
532
533                 sid = (const struct dom_sid *)&sids[i].sid;
534
535                 if (dom_sid_in_domain(domain_sid, sid)) {
536                         continue;
537                 }
538
539                 info3_sids[j].sid = dom_sid_dup(info3_sids, sid);
540                 if (info3_sids[j].sid == NULL) {
541                         talloc_free(info3_sids);
542                         return NT_STATUS_NO_MEMORY;
543                 }
544                 info3_sids[j].attributes = SE_GROUP_MANDATORY |
545                                            SE_GROUP_ENABLED_BY_DEFAULT |
546                                            SE_GROUP_ENABLED;
547                 j++;
548         }
549
550         *info3_num_sids = j;
551         *_info3_sids = info3_sids;
552         return NT_STATUS_OK;
553 }
554
555 struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
556                                         const struct wbcAuthUserInfo *info)
557 {
558         struct netr_SamInfo3 *info3;
559         struct dom_sid user_sid;
560         struct dom_sid group_sid;
561         struct dom_sid domain_sid;
562         NTSTATUS status;
563         bool ok;
564
565         memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
566         memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
567
568         info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
569         if (!info3) return NULL;
570
571         info3->base.logon_time = info->logon_time;
572         info3->base.logoff_time = info->logoff_time;
573         info3->base.kickoff_time = info->kickoff_time;
574         unix_to_nt_time(&info3->base.last_password_change, info->pass_last_set_time);
575         unix_to_nt_time(&info3->base.allow_password_change,
576                         info->pass_can_change_time);
577         unix_to_nt_time(&info3->base.force_password_change,
578                         info->pass_must_change_time);
579
580         if (info->account_name) {
581                 info3->base.account_name.string =
582                                 talloc_strdup(info3, info->account_name);
583                 RET_NOMEM(info3->base.account_name.string);
584         }
585         if (info->full_name) {
586                 info3->base.full_name.string =
587                                 talloc_strdup(info3, info->full_name);
588                 RET_NOMEM(info3->base.full_name.string);
589         }
590         if (info->logon_script) {
591                 info3->base.logon_script.string =
592                                 talloc_strdup(info3, info->logon_script);
593                 RET_NOMEM(info3->base.logon_script.string);
594         }
595         if (info->profile_path) {
596                 info3->base.profile_path.string =
597                                 talloc_strdup(info3, info->profile_path);
598                 RET_NOMEM(info3->base.profile_path.string);
599         }
600         if (info->home_directory) {
601                 info3->base.home_directory.string =
602                                 talloc_strdup(info3, info->home_directory);
603                 RET_NOMEM(info3->base.home_directory.string);
604         }
605         if (info->home_drive) {
606                 info3->base.home_drive.string =
607                                 talloc_strdup(info3, info->home_drive);
608                 RET_NOMEM(info3->base.home_drive.string);
609         }
610
611         info3->base.logon_count = info->logon_count;
612         info3->base.bad_password_count = info->bad_password_count;
613
614         sid_copy(&domain_sid, &user_sid);
615         sid_split_rid(&domain_sid, &info3->base.rid);
616
617         ok = sid_peek_check_rid(&domain_sid, &group_sid,
618                                 &info3->base.primary_gid);
619         if (!ok) {
620                 DEBUG(1, ("The primary group sid domain does not"
621                           "match user sid domain for user: %s\n",
622                           info->account_name));
623                 TALLOC_FREE(info3);
624                 return NULL;
625         }
626
627         status = wbcsids_to_samr_RidWithAttributeArray(info3,
628                                                        &info3->base.groups,
629                                                        &domain_sid,
630                                                        &info->sids[1],
631                                                        info->num_sids - 1);
632         if (!NT_STATUS_IS_OK(status)) {
633                 TALLOC_FREE(info3);
634                 return NULL;
635         }
636
637         status = wbcsids_to_netr_SidAttrArray(&domain_sid,
638                                               &info->sids[1],
639                                               info->num_sids - 1,
640                                               info3,
641                                               &info3->sids,
642                                               &info3->sidcount);
643         if (!NT_STATUS_IS_OK(status)) {
644                 TALLOC_FREE(info3);
645                 return NULL;
646         }
647
648         info3->base.user_flags = info->user_flags;
649         memcpy(info3->base.key.key, info->user_session_key, 16);
650
651         if (info->logon_server) {
652                 info3->base.logon_server.string =
653                                 talloc_strdup(info3, info->logon_server);
654                 RET_NOMEM(info3->base.logon_server.string);
655         }
656         if (info->domain_name) {
657                 info3->base.logon_domain.string =
658                                 talloc_strdup(info3, info->domain_name);
659                 RET_NOMEM(info3->base.logon_domain.string);
660         }
661
662         info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
663         RET_NOMEM(info3->base.domain_sid);
664
665         memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8);
666         info3->base.acct_flags = info->acct_flags;
667
668         return info3;
669 }