Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

server_info.c

Visit:

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago
Samba Server: update vendor to version 4.4.3
File size: 19.1 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	Authentication utility functions
4	Copyright (C) Volker Lendecke 2010
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 3 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program. If not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	#include "includes.h"
21	#include "auth.h"
22	#include "../lib/crypto/arcfour.h"
23	#include "../librpc/gen_ndr/netlogon.h"
24	#include "../libcli/security/security.h"
25	#include "rpc_client/util_netlogon.h"
26	#include "nsswitch/libwbclient/wbclient.h"
27	#include "lib/winbind_util.h"
28	#include "passdb.h"
29
30	#undef DBGC_CLASS
31	#define DBGC_CLASS DBGC_AUTH
32
33	/***************************************************************************
34	Make a server_info struct. Free with TALLOC_FREE().
35	***************************************************************************/
36
37	struct auth_serversupplied_info make_server_info(TALLOC_CTX mem_ctx)
38	{
39	struct auth_serversupplied_info *result;
40
41	result = talloc_zero(mem_ctx, struct auth_serversupplied_info);
42	if (result == NULL) {
43	DEBUG(0, ("talloc failed\n"));
44	return NULL;
45	}
46
47	/* Initialise the uid and gid values to something non-zero
48	which may save us from giving away root access if there
49	is a bug in allocating these fields. */
50
51	result->utok.uid = -1;
52	result->utok.gid = -1;
53
54	return result;
55	}
56
57	/****************************************************************************
58	inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
59	already be initialized and is used as the talloc parent for its members.
60	*****************************************************************************/
61
62	NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
63	struct netr_SamInfo2 *sam2)
64	{
65	struct netr_SamInfo3 *info3;
66
67	info3 = copy_netr_SamInfo3(sam2, server_info->info3);
68	if (!info3) {
69	return NT_STATUS_NO_MEMORY;
70	}
71
72	if (server_info->session_key.length) {
73	memcpy(info3->base.key.key,
74	server_info->session_key.data,
75	MIN(sizeof(info3->base.key.key),
76	server_info->session_key.length));
77	}
78	if (server_info->lm_session_key.length) {
79	memcpy(info3->base.LMSessKey.key,
80	server_info->lm_session_key.data,
81	MIN(sizeof(info3->base.LMSessKey.key),
82	server_info->lm_session_key.length));
83	}
84
85	sam2->base = info3->base;
86
87	return NT_STATUS_OK;
88	}
89
90	/****************************************************************************
91	inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
92	already be initialized and is used as the talloc parent for its members.
93	*****************************************************************************/
94
95	NTSTATUS serverinfo_to_SamInfo3(const struct auth_serversupplied_info *server_info,
96	struct netr_SamInfo3 *sam3)
97	{
98	struct netr_SamInfo3 *info3;
99
100	info3 = copy_netr_SamInfo3(sam3, server_info->info3);
101	if (!info3) {
102	return NT_STATUS_NO_MEMORY;
103	}
104
105	if (server_info->session_key.length) {
106	memcpy(info3->base.key.key,
107	server_info->session_key.data,
108	MIN(sizeof(info3->base.key.key),
109	server_info->session_key.length));
110	}
111	if (server_info->lm_session_key.length) {
112	memcpy(info3->base.LMSessKey.key,
113	server_info->lm_session_key.data,
114	MIN(sizeof(info3->base.LMSessKey.key),
115	server_info->lm_session_key.length));
116	}
117
118	sam3->base = info3->base;
119
120	sam3->sidcount = 0;
121	sam3->sids = NULL;
122
123	return NT_STATUS_OK;
124	}
125
126	/****************************************************************************
127	inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must
128	already be initialized and is used as the talloc parent for its members.
129	*****************************************************************************/
130
131	NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
132	struct netr_SamInfo6 *sam6)
133	{
134	struct pdb_domain_info *dominfo;
135	struct netr_SamInfo3 *info3;
136
137	if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
138	DEBUG(10,("Not adding validation info level 6 "
139	"without ADS passdb backend\n"));
140	return NT_STATUS_INVALID_INFO_CLASS;
141	}
142
143	dominfo = pdb_get_domain_info(sam6);
144	if (dominfo == NULL) {
145	return NT_STATUS_NO_MEMORY;
146	}
147
148	info3 = copy_netr_SamInfo3(sam6, server_info->info3);
149	if (!info3) {
150	return NT_STATUS_NO_MEMORY;
151	}
152
153	if (server_info->session_key.length) {
154	memcpy(info3->base.key.key,
155	server_info->session_key.data,
156	MIN(sizeof(info3->base.key.key),
157	server_info->session_key.length));
158	}
159	if (server_info->lm_session_key.length) {
160	memcpy(info3->base.LMSessKey.key,
161	server_info->lm_session_key.data,
162	MIN(sizeof(info3->base.LMSessKey.key),
163	server_info->lm_session_key.length));
164	}
165
166	sam6->base = info3->base;
167
168	sam6->sidcount = 0;
169	sam6->sids = NULL;
170
171	sam6->dns_domainname.string = talloc_strdup(sam6, dominfo->dns_domain);
172	if (sam6->dns_domainname.string == NULL) {
173	return NT_STATUS_NO_MEMORY;
174	}
175
176	sam6->principle.string = talloc_asprintf(sam6, "%s@%s",
177	sam6->base.account_name.string,
178	sam6->dns_domainname.string);
179	if (sam6->principle.string == NULL) {
180	return NT_STATUS_NO_MEMORY;
181	}
182
183	return NT_STATUS_OK;
184	}
185
186	static NTSTATUS append_netr_SidAttr(TALLOC_CTX *mem_ctx,
187	struct netr_SidAttr **sids,
188	uint32_t *count,
189	const struct dom_sid2 *asid,
190	uint32_t attributes)
191	{
192	uint32_t t = *count;
193
194	sids = talloc_realloc(mem_ctx, sids, struct netr_SidAttr, t + 1);
195	if (*sids == NULL) {
196	return NT_STATUS_NO_MEMORY;
197	}
198	(sids)[t].sid = dom_sid_dup(sids, asid);
199	if ((*sids)[t].sid == NULL) {
200	return NT_STATUS_NO_MEMORY;
201	}
202	(*sids)[t].attributes = attributes;
203	*count = t + 1;
204
205	return NT_STATUS_OK;
206	}
207
208	/* Fills the samr_RidWithAttributeArray with the provided sids.
209	* If it happens that we have additional groups that do not belong
210	* to the domain, add their sids as extra sids */
211	static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3,
212	const struct dom_sid *sids,
213	size_t num_sids)
214	{
215	uint32_t attributes = SE_GROUP_MANDATORY \|
216	SE_GROUP_ENABLED_BY_DEFAULT \|
217	SE_GROUP_ENABLED;
218	struct samr_RidWithAttributeArray *groups;
219	struct dom_sid *domain_sid;
220	unsigned int i;
221	NTSTATUS status;
222	uint32_t rid;
223	bool ok;
224
225	domain_sid = info3->base.domain_sid;
226	groups = &info3->base.groups;
227
228	groups->rids = talloc_array(info3,
229	struct samr_RidWithAttribute, num_sids);
230	if (!groups->rids) {
231	return NT_STATUS_NO_MEMORY;
232	}
233
234	for (i = 0; i < num_sids; i++) {
235	ok = sid_peek_check_rid(domain_sid, &sids[i], &rid);
236	if (ok) {
237	/* store domain group rid */
238	groups->rids[groups->count].rid = rid;
239	groups->rids[groups->count].attributes = attributes;
240	groups->count++;
241	continue;
242	}
243
244	/* if this wasn't a domain sid, add it as extra sid */
245	status = append_netr_SidAttr(info3, &info3->sids,
246	&info3->sidcount,
247	&sids[i], attributes);
248	if (!NT_STATUS_IS_OK(status)) {
249	return status;
250	}
251	}
252
253	return NT_STATUS_OK;
254	}
255
256	/*
257	* Merge resource SIDs, if any, into the passed in info3 structure.
258	*/
259
260	static NTSTATUS merge_resource_sids(const struct PAC_LOGON_INFO *logon_info,
261	struct netr_SamInfo3 *info3)
262	{
263	uint32_t i = 0;
264
265	if (!(logon_info->info3.base.user_flags & NETLOGON_RESOURCE_GROUPS)) {
266	return NT_STATUS_OK;
267	}
268
269	/*
270	* If there are any resource groups (SID Compression) add
271	* them to the extra sids portion of the info3 in the PAC.
272	*
273	* This makes the info3 look like it would if we got the info
274	* from the DC rather than the PAC.
275	*/
276
277	/*
278	* Construct a SID for each RID in the list and then append it
279	* to the info3.
280	*/
281	for (i = 0; i < logon_info->res_groups.count; i++) {
282	NTSTATUS status;
283	struct dom_sid new_sid;
284	uint32_t attributes = logon_info->res_groups.rids[i].attributes;
285
286	sid_compose(&new_sid,
287	logon_info->res_group_dom_sid,
288	logon_info->res_groups.rids[i].rid);
289
290	DEBUG(10, ("Adding SID %s to extra SIDS\n",
291	sid_string_dbg(&new_sid)));
292
293	status = append_netr_SidAttr(info3, &info3->sids,
294	&info3->sidcount,
295	&new_sid,
296	attributes);
297	if (!NT_STATUS_IS_OK(status)) {
298	DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n",
299	sid_string_dbg(&new_sid),
300	nt_errstr(status)));
301	return status;
302	}
303	}
304
305	return NT_STATUS_OK;
306	}
307
308	/*
309	* Create a copy of an info3 struct from the struct PAC_LOGON_INFO,
310	* then merge resource SIDs, if any, into it. If successful return
311	* the created info3 struct.
312	*/
313
314	NTSTATUS create_info3_from_pac_logon_info(TALLOC_CTX *mem_ctx,
315	const struct PAC_LOGON_INFO *logon_info,
316	struct netr_SamInfo3 **pp_info3)
317	{
318	NTSTATUS status;
319	struct netr_SamInfo3 *info3 = copy_netr_SamInfo3(mem_ctx,
320	&logon_info->info3);
321	if (info3 == NULL) {
322	return NT_STATUS_NO_MEMORY;
323	}
324	status = merge_resource_sids(logon_info, info3);
325	if (!NT_STATUS_IS_OK(status)) {
326	TALLOC_FREE(info3);
327	return status;
328	}
329	*pp_info3 = info3;
330	return NT_STATUS_OK;
331	}
332
333	/*
334	* Check if this is a "Unix Users" domain user, or a
335	* "Unix Groups" domain group, we need to handle it
336	* in a special way if that's the case.
337	*/
338
339	static NTSTATUS SamInfo3_handle_sids(const char *username,
340	const struct dom_sid *user_sid,
341	const struct dom_sid *group_sid,
342	struct netr_SamInfo3 *info3,
343	struct dom_sid *domain_sid,
344	struct extra_auth_info *extra)
345	{
346	if (sid_check_is_in_unix_users(user_sid)) {
347	/* in info3 you can only set rids for the user and the
348	* primary group, and the domain sid must be that of
349	* the sam domain.
350	*
351	* Store a completely bogus value here.
352	* The real SID is stored in the extra sids.
353	* Other code will know to look there if (-1) is found
354	*/
355	info3->base.rid = (uint32_t)(-1);
356	sid_copy(&extra->user_sid, user_sid);
357
358	DEBUG(10, ("Unix User found. Rid marked as "
359	"special and sid (%s) saved as extra sid\n",
360	sid_string_dbg(user_sid)));
361	} else {
362	sid_copy(domain_sid, user_sid);
363	sid_split_rid(domain_sid, &info3->base.rid);
364	}
365
366	if (is_null_sid(domain_sid)) {
367	sid_copy(domain_sid, get_global_sam_sid());
368	}
369
370	/* check if this is a "Unix Groups" domain group,
371	* if so we need special handling */
372	if (sid_check_is_in_unix_groups(group_sid)) {
373	/* in info3 you can only set rids for the user and the
374	* primary group, and the domain sid must be that of
375	* the sam domain.
376	*
377	* Store a completely bogus value here.
378	* The real SID is stored in the extra sids.
379	* Other code will know to look there if (-1) is found
380	*/
381	info3->base.primary_gid = (uint32_t)(-1);
382	sid_copy(&extra->pgid_sid, group_sid);
383
384	DEBUG(10, ("Unix Group found. Rid marked as "
385	"special and sid (%s) saved as extra sid\n",
386	sid_string_dbg(group_sid)));
387	} else {
388	bool ok = sid_peek_check_rid(domain_sid, group_sid,
389	&info3->base.primary_gid);
390	if (!ok) {
391	DEBUG(1, ("The primary group domain sid(%s) does not "
392	"match the domain sid(%s) for %s(%s)\n",
393	sid_string_dbg(group_sid),
394	sid_string_dbg(domain_sid),
395	username,
396	sid_string_dbg(user_sid)));
397	return NT_STATUS_INVALID_SID;
398	}
399	}
400	return NT_STATUS_OK;
401	}
402
403	#define RET_NOMEM(ptr) do { \
404	if (!ptr) { \
405	TALLOC_FREE(info3); \
406	return NT_STATUS_NO_MEMORY; \
407	} } while(0)
408
409	NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
410	struct samu *samu,
411	const char *login_server,
412	struct netr_SamInfo3 **_info3,
413	struct extra_auth_info *extra)
414	{
415	struct netr_SamInfo3 *info3;
416	const struct dom_sid *user_sid;
417	const struct dom_sid *group_sid;
418	struct dom_sid domain_sid;
419	struct dom_sid *group_sids;
420	uint32_t num_group_sids = 0;
421	const char *tmp;
422	gid_t *gids;
423	NTSTATUS status;
424
425	user_sid = pdb_get_user_sid(samu);
426	group_sid = pdb_get_group_sid(samu);
427
428	if (!user_sid \|\| !group_sid) {
429	DEBUG(1, ("Sam account is missing sids!\n"));
430	return NT_STATUS_UNSUCCESSFUL;
431	}
432
433	info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
434	if (!info3) {
435	return NT_STATUS_NO_MEMORY;
436	}
437
438	ZERO_STRUCT(domain_sid);
439
440	status = SamInfo3_handle_sids(pdb_get_username(samu),
441	user_sid,
442	group_sid,
443	info3,
444	&domain_sid,
445	extra);
446
447	if (!NT_STATUS_IS_OK(status)) {
448	TALLOC_FREE(info3);
449	return status;
450	}
451
452	unix_to_nt_time(&info3->base.logon_time, pdb_get_logon_time(samu));
453	unix_to_nt_time(&info3->base.logoff_time, get_time_t_max());
454	unix_to_nt_time(&info3->base.kickoff_time, get_time_t_max());
455	unix_to_nt_time(&info3->base.last_password_change,
456	pdb_get_pass_last_set_time(samu));
457	unix_to_nt_time(&info3->base.allow_password_change,
458	pdb_get_pass_can_change_time(samu));
459	unix_to_nt_time(&info3->base.force_password_change,
460	pdb_get_pass_must_change_time(samu));
461
462	tmp = pdb_get_username(samu);
463	if (tmp) {
464	info3->base.account_name.string = talloc_strdup(info3, tmp);
465	RET_NOMEM(info3->base.account_name.string);
466	}
467	tmp = pdb_get_fullname(samu);
468	if (tmp) {
469	info3->base.full_name.string = talloc_strdup(info3, tmp);
470	RET_NOMEM(info3->base.full_name.string);
471	}
472	tmp = pdb_get_logon_script(samu);
473	if (tmp) {
474	info3->base.logon_script.string = talloc_strdup(info3, tmp);
475	RET_NOMEM(info3->base.logon_script.string);
476	}
477	tmp = pdb_get_profile_path(samu);
478	if (tmp) {
479	info3->base.profile_path.string = talloc_strdup(info3, tmp);
480	RET_NOMEM(info3->base.profile_path.string);
481	}
482	tmp = pdb_get_homedir(samu);
483	if (tmp) {
484	info3->base.home_directory.string = talloc_strdup(info3, tmp);
485	RET_NOMEM(info3->base.home_directory.string);
486	}
487	tmp = pdb_get_dir_drive(samu);
488	if (tmp) {
489	info3->base.home_drive.string = talloc_strdup(info3, tmp);
490	RET_NOMEM(info3->base.home_drive.string);
491	}
492
493	info3->base.logon_count = pdb_get_logon_count(samu);
494	info3->base.bad_password_count = pdb_get_bad_password_count(samu);
495
496	info3->base.logon_domain.string = talloc_strdup(info3,
497	pdb_get_domain(samu));
498	RET_NOMEM(info3->base.logon_domain.string);
499
500	info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
501	RET_NOMEM(info3->base.domain_sid);
502
503	status = pdb_enum_group_memberships(mem_ctx, samu,
504	&group_sids, &gids,
505	&num_group_sids);
506	if (!NT_STATUS_IS_OK(status)) {
507	DEBUG(1, ("Failed to get groups from sam account.\n"));
508	TALLOC_FREE(info3);
509	return status;
510	}
511
512	if (num_group_sids) {
513	status = group_sids_to_info3(info3, group_sids, num_group_sids);
514	if (!NT_STATUS_IS_OK(status)) {
515	TALLOC_FREE(info3);
516	return status;
517	}
518	}
519
520	/* We don't need sids and gids after the conversion */
521	TALLOC_FREE(group_sids);
522	TALLOC_FREE(gids);
523	num_group_sids = 0;
524
525	/* FIXME: should we add other flags ? */
526	info3->base.user_flags = NETLOGON_EXTRA_SIDS;
527
528	if (login_server) {
529	info3->base.logon_server.string = talloc_strdup(info3, login_server);
530	RET_NOMEM(info3->base.logon_server.string);
531	}
532
533	info3->base.acct_flags = pdb_get_acct_ctrl(samu);
534
535	*_info3 = info3;
536	return NT_STATUS_OK;
537	}
538
539	NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
540	const char *unix_username,
541	const struct passwd *pwd,
542	struct netr_SamInfo3 **pinfo3,
543	struct extra_auth_info *extra)
544	{
545	struct netr_SamInfo3 *info3;
546	NTSTATUS status;
547	TALLOC_CTX *tmp_ctx;
548	const char *domain_name = NULL;
549	const char *user_name = NULL;
550	struct dom_sid domain_sid;
551	struct dom_sid user_sid;
552	struct dom_sid group_sid;
553	enum lsa_SidType type;
554	uint32_t num_sids = 0;
555	struct dom_sid *user_sids = NULL;
556	bool is_null;
557	bool ok;
558
559	tmp_ctx = talloc_stackframe();
560
561	ok = lookup_name_smbconf(tmp_ctx,
562	unix_username,
563	LOOKUP_NAME_ALL,
564	&domain_name,
565	&user_name,
566	&user_sid,
567	&type);
568	if (!ok) {
569	status = NT_STATUS_NO_SUCH_USER;
570	goto done;
571	}
572
573	if (type != SID_NAME_USER) {
574	status = NT_STATUS_NO_SUCH_USER;
575	goto done;
576	}
577
578	ok = winbind_lookup_usersids(tmp_ctx,
579	&user_sid,
580	&num_sids,
581	&user_sids);
582	/* Check if winbind is running */
583	if (ok) {
584	/*
585	* Winbind is running and the first element of the user_sids
586	* is the primary group.
587	*/
588	if (num_sids > 0) {
589	group_sid = user_sids[0];
590	}
591	} else {
592	/*
593	* Winbind is not running, try to create the group_sid from the
594	* passwd group id.
595	*/
596
597	/*
598	* This can lead to a primary group of S-1-22-2-XX which
599	* will be rejected by other Samba code.
600	*/
601	gid_to_sid(&group_sid, pwd->pw_gid);
602	}
603
604	/*
605	* If we are a unix group, or a wellknown/builtin alias,
606	* set the group_sid to the
607	* 'Domain Users' RID of 513 which will always resolve to a
608	* name.
609	*/
610	if (sid_check_is_in_unix_groups(&group_sid) \|\|
611	sid_check_is_in_builtin(&group_sid) \|\|
612	sid_check_is_in_wellknown_domain(&group_sid)) {
613	if (sid_check_is_in_unix_users(&user_sid)) {
614	sid_compose(&group_sid,
615	get_global_sam_sid(),
616	DOMAIN_RID_USERS);
617	} else {
618	sid_copy(&domain_sid, &user_sid);
619	sid_split_rid(&domain_sid, NULL);
620	sid_compose(&group_sid,
621	&domain_sid,
622	DOMAIN_RID_USERS);
623	}
624	}
625
626	/* Make sure we have a valid group sid */
627	is_null = is_null_sid(&group_sid);
628	if (is_null) {
629	status = NT_STATUS_NO_SUCH_USER;
630	goto done;
631	}
632
633	/* Construct a netr_SamInfo3 from the information we have */
634	info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3);
635	if (!info3) {
636	status = NT_STATUS_NO_MEMORY;
637	goto done;
638	}
639
640	info3->base.account_name.string = talloc_strdup(info3, unix_username);
641	if (info3->base.account_name.string == NULL) {
642	status = NT_STATUS_NO_MEMORY;
643	goto done;
644	}
645
646	ZERO_STRUCT(domain_sid);
647
648	status = SamInfo3_handle_sids(unix_username,
649	&user_sid,
650	&group_sid,
651	info3,
652	&domain_sid,
653	extra);
654
655	if (!NT_STATUS_IS_OK(status)) {
656	goto done;
657	}
658
659	info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
660	if (info3->base.domain_sid == NULL) {
661	status = NT_STATUS_NO_MEMORY;
662	goto done;
663	}
664
665	ok = sid_peek_check_rid(&domain_sid, &group_sid,
666	&info3->base.primary_gid);
667	if (!ok) {
668	DEBUG(1, ("The primary group domain sid(%s) does not "
669	"match the domain sid(%s) for %s(%s)\n",
670	sid_string_dbg(&group_sid),
671	sid_string_dbg(&domain_sid),
672	unix_username,
673	sid_string_dbg(&user_sid)));
674	status = NT_STATUS_INVALID_SID;
675	goto done;
676	}
677
678	info3->base.acct_flags = ACB_NORMAL;
679
680	if (num_sids) {
681	status = group_sids_to_info3(info3, user_sids, num_sids);
682	if (!NT_STATUS_IS_OK(status)) {
683	goto done;
684	}
685	}
686
687	*pinfo3 = talloc_steal(mem_ctx, info3);
688
689	status = NT_STATUS_OK;
690	done:
691	talloc_free(tmp_ctx);
692
693	return status;
694	}
695
696	#undef RET_NOMEM
697
698	#define RET_NOMEM(ptr) do { \
699	if (!ptr) { \
700	TALLOC_FREE(info3); \
701	return NULL; \
702	} } while(0)
703
704	struct netr_SamInfo3 copy_netr_SamInfo3(TALLOC_CTX mem_ctx,
705	const struct netr_SamInfo3 *orig)
706	{
707	struct netr_SamInfo3 *info3;
708	unsigned int i;
709	NTSTATUS status;
710
711	info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
712	if (!info3) return NULL;
713
714	status = copy_netr_SamBaseInfo(info3, &orig->base, &info3->base);
715	if (!NT_STATUS_IS_OK(status)) {
716	TALLOC_FREE(info3);
717	return NULL;
718	}
719
720	if (orig->sidcount) {
721	info3->sidcount = orig->sidcount;
722	info3->sids = talloc_array(info3, struct netr_SidAttr,
723	orig->sidcount);
724	RET_NOMEM(info3->sids);
725	for (i = 0; i < orig->sidcount; i++) {
726	info3->sids[i].sid = dom_sid_dup(info3->sids,
727	orig->sids[i].sid);
728	RET_NOMEM(info3->sids[i].sid);
729	info3->sids[i].attributes =
730	orig->sids[i].attributes;
731	}
732	}
733
734	return info3;
735	}
736

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: vendor/current/source3/auth/server_info.c

Download in other formats: