auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
authorStefan Metzmacher <metze@samba.org>
Thu, 7 Jan 2016 14:10:26 +0000 (15:10 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 30 Jun 2016 01:30:26 +0000 (03:30 +0200)
This includes user_principal_name and dns_domain_name.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth/auth_sam_reply.h
auth/wbc_auth_util.c
source3/auth/auth_util.c
source4/auth/ntlm/auth_winbind.c

index efa02f3..d957324 100644 (file)
@@ -66,7 +66,7 @@ NTSTATUS make_user_info_dc_pac(TALLOC_CTX *mem_ctx,
 
 struct wbcAuthUserInfo;
 
-struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx,
                                                       const struct wbcAuthUserInfo *info);
 
 #undef _PRINTF_ATTRIBUTE
index bce2817..52573e2 100644 (file)
@@ -106,14 +106,14 @@ static NTSTATUS wbcsids_to_netr_SidAttrArray(
 
 #define RET_NOMEM(ptr) do { \
        if (!ptr) { \
-               TALLOC_FREE(info3); \
+               TALLOC_FREE(info6); \
                return NULL; \
        } } while(0)
 
-struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx,
                                        const struct wbcAuthUserInfo *info)
 {
-       struct netr_SamInfo3 *info3;
+       struct netr_SamInfo6 *info6;
        struct dom_sid user_sid;
        struct dom_sid group_sid;
        struct dom_sid domain_sid;
@@ -123,110 +123,120 @@ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
        memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
        memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
 
-       info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
-       if (!info3) return NULL;
+       info6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
+       if (!info6) return NULL;
 
-       unix_to_nt_time(&info3->base.logon_time, info->logon_time);
-       unix_to_nt_time(&info3->base.logoff_time, info->logoff_time);
-       unix_to_nt_time(&info3->base.kickoff_time, info->kickoff_time);
-       unix_to_nt_time(&info3->base.last_password_change, info->pass_last_set_time);
-       unix_to_nt_time(&info3->base.allow_password_change,
+       unix_to_nt_time(&info6->base.logon_time, info->logon_time);
+       unix_to_nt_time(&info6->base.logoff_time, info->logoff_time);
+       unix_to_nt_time(&info6->base.kickoff_time, info->kickoff_time);
+       unix_to_nt_time(&info6->base.last_password_change, info->pass_last_set_time);
+       unix_to_nt_time(&info6->base.allow_password_change,
                        info->pass_can_change_time);
-       unix_to_nt_time(&info3->base.force_password_change,
+       unix_to_nt_time(&info6->base.force_password_change,
                        info->pass_must_change_time);
 
        if (info->account_name) {
-               info3->base.account_name.string =
-                               talloc_strdup(info3, info->account_name);
-               RET_NOMEM(info3->base.account_name.string);
+               info6->base.account_name.string =
+                               talloc_strdup(info6, info->account_name);
+               RET_NOMEM(info6->base.account_name.string);
+       }
+       if (info->user_principal) {
+               info6->principal_name.string    =
+                               talloc_strdup(info6, info->user_principal);
+               RET_NOMEM(info6->principal_name.string);
        }
        if (info->full_name) {
-               info3->base.full_name.string =
-                               talloc_strdup(info3, info->full_name);
-               RET_NOMEM(info3->base.full_name.string);
+               info6->base.full_name.string =
+                               talloc_strdup(info6, info->full_name);
+               RET_NOMEM(info6->base.full_name.string);
        }
        if (info->domain_name) {
-               info3->base.logon_domain.string =
-                               talloc_strdup(info3, info->domain_name);
-               RET_NOMEM(info3->base.logon_domain.string);
+               info6->base.logon_domain.string =
+                               talloc_strdup(info6, info->domain_name);
+               RET_NOMEM(info6->base.logon_domain.string);
+       }
+       if (info->dns_domain_name) {
+               info6->dns_domainname.string    =
+                               talloc_strdup(info6, info->dns_domain_name);
+               RET_NOMEM(info6->dns_domainname.string);
        }
        if (info->logon_script) {
-               info3->base.logon_script.string =
-                               talloc_strdup(info3, info->logon_script);
-               RET_NOMEM(info3->base.logon_script.string);
+               info6->base.logon_script.string =
+                               talloc_strdup(info6, info->logon_script);
+               RET_NOMEM(info6->base.logon_script.string);
        }
        if (info->profile_path) {
-               info3->base.profile_path.string =
-                               talloc_strdup(info3, info->profile_path);
-               RET_NOMEM(info3->base.profile_path.string);
+               info6->base.profile_path.string =
+                               talloc_strdup(info6, info->profile_path);
+               RET_NOMEM(info6->base.profile_path.string);
        }
        if (info->home_directory) {
-               info3->base.home_directory.string =
-                               talloc_strdup(info3, info->home_directory);
-               RET_NOMEM(info3->base.home_directory.string);
+               info6->base.home_directory.string =
+                               talloc_strdup(info6, info->home_directory);
+               RET_NOMEM(info6->base.home_directory.string);
        }
        if (info->home_drive) {
-               info3->base.home_drive.string =
-                               talloc_strdup(info3, info->home_drive);
-               RET_NOMEM(info3->base.home_drive.string);
+               info6->base.home_drive.string =
+                               talloc_strdup(info6, info->home_drive);
+               RET_NOMEM(info6->base.home_drive.string);
        }
 
-       info3->base.logon_count = info->logon_count;
-       info3->base.bad_password_count = info->bad_password_count;
+       info6->base.logon_count = info->logon_count;
+       info6->base.bad_password_count = info->bad_password_count;
 
        sid_copy(&domain_sid, &user_sid);
-       sid_split_rid(&domain_sid, &info3->base.rid);
+       sid_split_rid(&domain_sid, &info6->base.rid);
 
        ok = sid_peek_check_rid(&domain_sid, &group_sid,
-                               &info3->base.primary_gid);
+                               &info6->base.primary_gid);
        if (!ok) {
                DEBUG(1, ("The primary group sid domain does not"
                          "match user sid domain for user: %s\n",
                          info->account_name));
-               TALLOC_FREE(info3);
+               TALLOC_FREE(info6);
                return NULL;
        }
 
-       status = wbcsids_to_samr_RidWithAttributeArray(info3,
-                                                      &info3->base.groups,
+       status = wbcsids_to_samr_RidWithAttributeArray(info6,
+                                                      &info6->base.groups,
                                                       &domain_sid,
                                                       &info->sids[1],
                                                       info->num_sids - 1);
        if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(info3);
+               TALLOC_FREE(info6);
                return NULL;
        }
 
        status = wbcsids_to_netr_SidAttrArray(&domain_sid,
                                              &info->sids[1],
                                              info->num_sids - 1,
-                                             info3,
-                                             &info3->sids,
-                                             &info3->sidcount);
+                                             info6,
+                                             &info6->sids,
+                                             &info6->sidcount);
        if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(info3);
+               TALLOC_FREE(info6);
                return NULL;
        }
 
-       info3->base.user_flags = info->user_flags;
-       memcpy(info3->base.key.key, info->user_session_key, 16);
+       info6->base.user_flags = info->user_flags;
+       memcpy(info6->base.key.key, info->user_session_key, 16);
 
        if (info->logon_server) {
-               info3->base.logon_server.string =
-                               talloc_strdup(info3, info->logon_server);
-               RET_NOMEM(info3->base.logon_server.string);
+               info6->base.logon_server.string =
+                               talloc_strdup(info6, info->logon_server);
+               RET_NOMEM(info6->base.logon_server.string);
        }
        if (info->domain_name) {
-               info3->base.logon_domain.string =
-                               talloc_strdup(info3, info->domain_name);
-               RET_NOMEM(info3->base.logon_domain.string);
+               info6->base.logon_domain.string =
+                               talloc_strdup(info6, info->domain_name);
+               RET_NOMEM(info6->base.logon_domain.string);
        }
 
-       info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
-       RET_NOMEM(info3->base.domain_sid);
+       info6->base.domain_sid = dom_sid_dup(info6, &domain_sid);
+       RET_NOMEM(info6->base.domain_sid);
 
-       memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8);
-       info3->base.acct_flags = info->acct_flags;
+       memcpy(info6->base.LMSessKey.key, info->lm_session_key, 8);
+       info6->base.acct_flags = info->acct_flags;
 
-       return info3;
+       return info6;
 }
index c23de7e..663c0bc 100644 (file)
@@ -1494,16 +1494,21 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
                                          const struct wbcAuthUserInfo *info,
                                          struct auth_serversupplied_info **server_info)
 {
-       struct netr_SamInfo3 *info3;
+       struct netr_SamInfo3 info3;
+       struct netr_SamInfo6 *info6;
 
-       info3 = wbcAuthUserInfo_to_netr_SamInfo3(mem_ctx, info);
-       if (!info3) {
+       info6 = wbcAuthUserInfo_to_netr_SamInfo6(mem_ctx, info);
+       if (!info6) {
                return NT_STATUS_NO_MEMORY;
        }
 
+       info3.base = info6->base;
+       info3.sidcount = info6->sidcount;
+       info3.sids = info6->sids;
+
        return make_server_info_info3(mem_ctx,
                                      sent_nt_username, domain,
-                                     server_info, info3);
+                                     server_info, &info3);
 }
 
 /**
index 447c0de..8b9a1ef 100644 (file)
@@ -166,10 +166,9 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
        struct wbcAuthErrorInfo *err = NULL;
        wbcErr wbc_status;
        NTSTATUS nt_status;
-       struct netr_SamInfo3 *info3;
+       struct netr_SamInfo6 *info6 = NULL;
        union netr_Validation validation;
 
-
        /* Send off request */
        const struct auth_usersupplied_info *user_info_temp;
        nt_status = encrypt_user_info(mem_ctx, ctx->auth_ctx,
@@ -181,7 +180,7 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
        user_info = user_info_temp;
 
        ZERO_STRUCT(params);
-       ZERO_STRUCT(info3);
+       ZERO_STRUCT(validation);
        /*params.flags = WBFLAG_PAM_INFO3_NDR;*/
 
        params.parameter_control = user_info->logon_parameters;
@@ -231,17 +230,17 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
                }
                return NT_STATUS_LOGON_FAILURE;
        }
-       info3 = wbcAuthUserInfo_to_netr_SamInfo3(mem_ctx, info);
+       info6 = wbcAuthUserInfo_to_netr_SamInfo6(mem_ctx, info);
        wbcFreeMemory(info);
-       if (!info3) {
-               DEBUG(1, ("wbcAuthUserInfo_to_netr_SamInfo3 failed\n"));
+       if (!info6) {
+               DEBUG(1, ("wbcAuthUserInfo_to_netr_SamInfo6 failed\n"));
                return NT_STATUS_NO_MEMORY;
        }
 
-       validation.sam3 = info3;
+       validation.sam6 = info6;
        nt_status = make_user_info_dc_netlogon_validation(mem_ctx,
                                                          user_info->client.account_name,
-                                                         3, &validation,
+                                                         6, &validation,
                                                          true, /* This user was authenticated */
                                                          user_info_dc);
        return nt_status;