Changeset 745 for trunk/server/source4/auth/system_session.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source4/auth/system_session.c (modified) (10 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source4/auth/system_session.c
r414 r745 3 3 Authentication utility functions 4 4 Copyright (C) Andrew Tridgell 1992-1998 5 Copyright (C) Andrew Bartlett 2001 5 Copyright (C) Andrew Bartlett 2001-2010 6 6 Copyright (C) Jeremy Allison 2000-2001 7 7 Copyright (C) Rafal Szczesniak 2002 … … 24 24 #include "includes.h" 25 25 #include "libcli/security/security.h" 26 #include "libcli/auth/libcli_auth.h"27 26 #include "auth/credentials/credentials.h" 28 27 #include "param/param.h" 29 #include "auth/auth.h" /* for auth_ serversupplied_info*/28 #include "auth/auth.h" /* for auth_user_info_dc */ 30 29 #include "auth/session.h" 31 30 #include "auth/system_session_proto.h" 32 31 33 /** 34 * Create the SID list for this user. 35 * 36 * @note Specialised version for system sessions that doesn't use the SAM. 32 33 /* 34 prevent the static system session being freed 37 35 */ 38 static NTSTATUS create_token(TALLOC_CTX *mem_ctx, 39 struct dom_sid *user_sid, 40 struct dom_sid *group_sid, 41 int n_groupSIDs, 42 struct dom_sid **groupSIDs, 43 bool is_authenticated, 44 struct security_token **token) 45 { 46 struct security_token *ptoken; 47 int i; 48 49 ptoken = security_token_initialise(mem_ctx); 50 NT_STATUS_HAVE_NO_MEMORY(ptoken); 51 52 ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 5); 53 NT_STATUS_HAVE_NO_MEMORY(ptoken->sids); 54 55 ptoken->user_sid = talloc_reference(ptoken, user_sid); 56 ptoken->group_sid = talloc_reference(ptoken, group_sid); 57 ptoken->privilege_mask = 0; 58 59 ptoken->sids[0] = ptoken->user_sid; 60 ptoken->sids[1] = ptoken->group_sid; 61 62 /* 63 * Finally add the "standard" SIDs. 64 * The only difference between guest and "anonymous" 65 * is the addition of Authenticated_Users. 66 */ 67 ptoken->sids[2] = dom_sid_parse_talloc(ptoken->sids, SID_WORLD); 68 NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[2]); 69 ptoken->sids[3] = dom_sid_parse_talloc(ptoken->sids, SID_NT_NETWORK); 70 NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[3]); 71 ptoken->num_sids = 4; 72 73 if (is_authenticated) { 74 ptoken->sids[4] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS); 75 NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[4]); 76 ptoken->num_sids++; 77 } 78 79 for (i = 0; i < n_groupSIDs; i++) { 80 size_t check_sid_idx; 81 for (check_sid_idx = 1; 82 check_sid_idx < ptoken->num_sids; 83 check_sid_idx++) { 84 if (dom_sid_equal(ptoken->sids[check_sid_idx], groupSIDs[i])) { 85 break; 86 } 87 } 88 89 if (check_sid_idx == ptoken->num_sids) { 90 ptoken->sids[ptoken->num_sids++] = talloc_reference(ptoken->sids, groupSIDs[i]); 91 } 92 } 93 94 *token = ptoken; 95 96 /* Shortcuts to prevent recursion and avoid lookups */ 97 if (ptoken->user_sid == NULL) { 98 ptoken->privilege_mask = 0; 99 return NT_STATUS_OK; 100 } 101 102 if (security_token_is_system(ptoken)) { 103 ptoken->privilege_mask = ~0; 104 return NT_STATUS_OK; 105 } 106 107 if (security_token_is_anonymous(ptoken)) { 108 ptoken->privilege_mask = 0; 109 return NT_STATUS_OK; 110 } 111 112 DEBUG(0, ("Created token was not system or anonymous token!")); 113 *token = NULL; 114 return NT_STATUS_INTERNAL_ERROR; 115 } 116 117 static NTSTATUS generate_session_info(TALLOC_CTX *mem_ctx, 118 struct auth_serversupplied_info *server_info, 119 struct auth_session_info **_session_info) 120 { 121 struct auth_session_info *session_info; 122 NTSTATUS nt_status; 123 124 session_info = talloc(mem_ctx, struct auth_session_info); 125 NT_STATUS_HAVE_NO_MEMORY(session_info); 126 127 session_info->server_info = talloc_reference(session_info, server_info); 128 129 /* unless set otherwise, the session key is the user session 130 * key from the auth subsystem */ 131 session_info->session_key = server_info->user_session_key; 132 133 nt_status = create_token(session_info, 134 server_info->account_sid, 135 server_info->primary_group_sid, 136 server_info->n_domain_groups, 137 server_info->domain_groups, 138 server_info->authenticated, 139 &session_info->security_token); 140 NT_STATUS_NOT_OK_RETURN(nt_status); 141 142 session_info->credentials = NULL; 143 144 *_session_info = session_info; 145 return NT_STATUS_OK; 146 } 147 148 36 static int system_session_destructor(struct auth_session_info *info) 37 { 38 return -1; 39 } 149 40 150 41 /* Create a security token for a session SYSTEM (the most … … 152 43 * the off-host credentials 153 44 */ 154 _PUBLIC_ struct auth_session_info *system_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) 155 { 45 _PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx) 46 { 47 static struct auth_session_info *static_session; 156 48 NTSTATUS nt_status; 157 struct auth_session_info *session_info = NULL; 158 nt_status = auth_system_session_info(mem_ctx, 49 50 if (static_session) { 51 return static_session; 52 } 53 54 nt_status = auth_system_session_info(talloc_autofree_context(), 159 55 lp_ctx, 160 &s ession_info);56 &static_session); 161 57 if (!NT_STATUS_IS_OK(nt_status)) { 58 talloc_free(static_session); 59 static_session = NULL; 162 60 return NULL; 163 61 } 164 return session_info;165 } 166 167 static NTSTATUS _auth_system_session_info(TALLOC_CTX *parent_ctx, 168 struct loadparm_context *lp_ctx, 169 bool anonymous_credentials,170 62 talloc_set_destructor(static_session, system_session_destructor); 63 return static_session; 64 } 65 66 NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, 67 struct loadparm_context *lp_ctx, 68 struct auth_session_info **_session_info) 171 69 { 172 70 NTSTATUS nt_status; 173 struct auth_ serversupplied_info *server_info= NULL;71 struct auth_user_info_dc *user_info_dc = NULL; 174 72 struct auth_session_info *session_info = NULL; 175 73 TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); 176 74 177 nt_status = auth_system_ server_info(mem_ctx, lp_netbios_name(lp_ctx),178 & server_info);75 nt_status = auth_system_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx), 76 &user_info_dc); 179 77 if (!NT_STATUS_IS_OK(nt_status)) { 180 78 talloc_free(mem_ctx); … … 182 80 } 183 81 184 /* references the server_infointo the session_info */185 nt_status = generate_session_info(parent_ctx, server_info, &session_info);82 /* references the user_info_dc into the session_info */ 83 nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info); 186 84 talloc_free(mem_ctx); 187 85 … … 195 93 cli_credentials_set_conf(session_info->credentials, lp_ctx); 196 94 197 if (anonymous_credentials) { 198 cli_credentials_set_anonymous(session_info->credentials); 199 } else { 200 cli_credentials_set_machine_account_pending(session_info->credentials, lp_ctx); 201 } 95 cli_credentials_set_machine_account_pending(session_info->credentials, lp_ctx); 202 96 *_session_info = session_info; 203 97 … … 205 99 } 206 100 207 /* 208 Create a system session, but with anonymous credentials (so we do not need to open secrets.ldb) 209 */ 210 _PUBLIC_ struct auth_session_info *system_session_anon(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx) 211 { 212 NTSTATUS nt_status; 213 struct auth_session_info *session_info = NULL; 214 nt_status = _auth_system_session_info(mem_ctx, lp_ctx, false, &session_info); 215 if (!NT_STATUS_IS_OK(nt_status)) { 216 return NULL; 217 } 218 return session_info; 219 } 220 221 222 223 _PUBLIC_ NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx, 224 struct loadparm_context *lp_ctx, 225 struct auth_session_info **_session_info) 226 { 227 return _auth_system_session_info(parent_ctx, 228 lp_ctx, 229 lp_parm_bool(lp_ctx, NULL, "system", "anonymous", false), 230 _session_info); 231 } 232 233 NTSTATUS auth_system_server_info(TALLOC_CTX *mem_ctx, const char *netbios_name, 234 struct auth_serversupplied_info **_server_info) 235 { 236 struct auth_serversupplied_info *server_info; 237 238 server_info = talloc(mem_ctx, struct auth_serversupplied_info); 239 NT_STATUS_HAVE_NO_MEMORY(server_info); 240 241 server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_SYSTEM); 242 NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid); 243 244 /* is this correct? */ 245 server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_ADMINISTRATORS); 246 NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid); 247 248 server_info->n_domain_groups = 0; 249 server_info->domain_groups = NULL; 101 NTSTATUS auth_system_user_info_dc(TALLOC_CTX *mem_ctx, const char *netbios_name, 102 struct auth_user_info_dc **_user_info_dc) 103 { 104 struct auth_user_info_dc *user_info_dc; 105 struct auth_user_info *info; 106 107 user_info_dc = talloc(mem_ctx, struct auth_user_info_dc); 108 NT_STATUS_HAVE_NO_MEMORY(user_info_dc); 109 110 /* This returns a pointer to a struct dom_sid, which is the 111 * same as a 1 element list of struct dom_sid */ 112 user_info_dc->num_sids = 1; 113 user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_SYSTEM); 114 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); 250 115 251 116 /* annoying, but the Anonymous really does have a session key, 252 117 and it is all zeros! */ 253 server_info->user_session_key = data_blob_talloc(server_info, NULL, 16); 254 NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data); 255 256 server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16); 257 NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data); 258 259 data_blob_clear(&server_info->user_session_key); 260 data_blob_clear(&server_info->lm_session_key); 261 262 server_info->account_name = talloc_strdup(server_info, "SYSTEM"); 263 NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); 264 265 server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY"); 266 NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); 267 268 server_info->full_name = talloc_strdup(server_info, "System"); 269 NT_STATUS_HAVE_NO_MEMORY(server_info->full_name); 270 271 server_info->logon_script = talloc_strdup(server_info, ""); 272 NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); 273 274 server_info->profile_path = talloc_strdup(server_info, ""); 275 NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); 276 277 server_info->home_directory = talloc_strdup(server_info, ""); 278 NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); 279 280 server_info->home_drive = talloc_strdup(server_info, ""); 281 NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); 282 283 server_info->logon_server = talloc_strdup(server_info, netbios_name); 284 NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); 285 286 server_info->last_logon = 0; 287 server_info->last_logoff = 0; 288 server_info->acct_expiry = 0; 289 server_info->last_password_change = 0; 290 server_info->allow_password_change = 0; 291 server_info->force_password_change = 0; 292 293 server_info->logon_count = 0; 294 server_info->bad_password_count = 0; 295 296 server_info->acct_flags = ACB_NORMAL; 297 298 server_info->authenticated = true; 299 300 *_server_info = server_info; 118 user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16); 119 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data); 120 121 user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16); 122 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data); 123 124 data_blob_clear(&user_info_dc->user_session_key); 125 data_blob_clear(&user_info_dc->lm_session_key); 126 127 user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); 128 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); 129 130 info->account_name = talloc_strdup(info, "SYSTEM"); 131 NT_STATUS_HAVE_NO_MEMORY(info->account_name); 132 133 info->domain_name = talloc_strdup(info, "NT AUTHORITY"); 134 NT_STATUS_HAVE_NO_MEMORY(info->domain_name); 135 136 info->full_name = talloc_strdup(info, "System"); 137 NT_STATUS_HAVE_NO_MEMORY(info->full_name); 138 139 info->logon_script = talloc_strdup(info, ""); 140 NT_STATUS_HAVE_NO_MEMORY(info->logon_script); 141 142 info->profile_path = talloc_strdup(info, ""); 143 NT_STATUS_HAVE_NO_MEMORY(info->profile_path); 144 145 info->home_directory = talloc_strdup(info, ""); 146 NT_STATUS_HAVE_NO_MEMORY(info->home_directory); 147 148 info->home_drive = talloc_strdup(info, ""); 149 NT_STATUS_HAVE_NO_MEMORY(info->home_drive); 150 151 info->logon_server = talloc_strdup(info, netbios_name); 152 NT_STATUS_HAVE_NO_MEMORY(info->logon_server); 153 154 info->last_logon = 0; 155 info->last_logoff = 0; 156 info->acct_expiry = 0; 157 info->last_password_change = 0; 158 info->allow_password_change = 0; 159 info->force_password_change = 0; 160 161 info->logon_count = 0; 162 info->bad_password_count = 0; 163 164 info->acct_flags = ACB_NORMAL; 165 166 info->authenticated = true; 167 168 *_user_info_dc = user_info_dc; 301 169 302 170 return NT_STATUS_OK; … … 304 172 305 173 306 /* Create server info for the Administrator account. This should only be used 307 * during provisioning when we need to impersonate Administrator but 308 * the account has not been created yet */ 309 310 static NTSTATUS create_admin_token(TALLOC_CTX *mem_ctx, 311 struct dom_sid *user_sid, 312 struct dom_sid *group_sid, 313 int n_groupSIDs, 314 struct dom_sid **groupSIDs, 315 struct security_token **token) 316 { 317 struct security_token *ptoken; 318 int i; 319 320 ptoken = security_token_initialise(mem_ctx); 321 NT_STATUS_HAVE_NO_MEMORY(ptoken); 322 323 ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 3); 324 NT_STATUS_HAVE_NO_MEMORY(ptoken->sids); 325 326 ptoken->user_sid = talloc_reference(ptoken, user_sid); 327 ptoken->group_sid = talloc_reference(ptoken, group_sid); 328 ptoken->privilege_mask = 0; 329 330 ptoken->sids[0] = ptoken->user_sid; 331 ptoken->sids[1] = ptoken->group_sid; 332 ptoken->sids[2] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS); 333 NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[2]); 334 ptoken->num_sids = 3; 335 336 337 for (i = 0; i < n_groupSIDs; i++) { 338 size_t check_sid_idx; 339 for (check_sid_idx = 1; 340 check_sid_idx < ptoken->num_sids; 341 check_sid_idx++) { 342 if (dom_sid_equal(ptoken->sids[check_sid_idx], groupSIDs[i])) { 343 break; 344 } 345 } 346 347 if (check_sid_idx == ptoken->num_sids) { 348 ptoken->sids[ptoken->num_sids++] = talloc_reference(ptoken->sids, groupSIDs[i]); 349 } 350 } 351 352 *token = ptoken; 353 ptoken->privilege_mask = ~0; 354 return NT_STATUS_OK; 355 } 356 357 static NTSTATUS auth_domain_admin_server_info(TALLOC_CTX *mem_ctx, 174 static NTSTATUS auth_domain_admin_user_info_dc(TALLOC_CTX *mem_ctx, 358 175 const char *netbios_name, 359 176 const char *domain_name, 360 177 struct dom_sid *domain_sid, 361 struct auth_serversupplied_info **_server_info) 362 { 363 struct auth_serversupplied_info *server_info; 364 365 server_info = talloc(mem_ctx, struct auth_serversupplied_info); 366 NT_STATUS_HAVE_NO_MEMORY(server_info); 367 368 server_info->account_sid = dom_sid_add_rid(server_info, domain_sid, DOMAIN_RID_ADMINISTRATOR); 369 NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid); 370 371 server_info->primary_group_sid = dom_sid_add_rid(server_info, domain_sid, DOMAIN_RID_USERS); 372 NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid); 373 374 server_info->n_domain_groups = 6; 375 server_info->domain_groups = talloc_array(server_info, struct dom_sid *, server_info->n_domain_groups); 376 377 server_info->domain_groups[0] = dom_sid_parse_talloc(server_info, SID_BUILTIN_ADMINISTRATORS); 378 server_info->domain_groups[1] = dom_sid_add_rid(server_info, domain_sid, DOMAIN_RID_ADMINS); 379 server_info->domain_groups[2] = dom_sid_add_rid(server_info, domain_sid, DOMAIN_RID_USERS); 380 server_info->domain_groups[3] = dom_sid_add_rid(server_info, domain_sid, DOMAIN_RID_ENTERPRISE_ADMINS); 381 server_info->domain_groups[4] = dom_sid_add_rid(server_info, domain_sid, DOMAIN_RID_POLICY_ADMINS); 382 server_info->domain_groups[5] = dom_sid_add_rid(server_info, domain_sid, DOMAIN_RID_SCHEMA_ADMINS); 178 struct auth_user_info_dc **_user_info_dc) 179 { 180 struct auth_user_info_dc *user_info_dc; 181 struct auth_user_info *info; 182 183 user_info_dc = talloc(mem_ctx, struct auth_user_info_dc); 184 NT_STATUS_HAVE_NO_MEMORY(user_info_dc); 185 186 user_info_dc->num_sids = 7; 187 user_info_dc->sids = talloc_array(user_info_dc, struct dom_sid, user_info_dc->num_sids); 188 189 user_info_dc->sids[PRIMARY_USER_SID_INDEX] = *domain_sid; 190 sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX], DOMAIN_RID_ADMINISTRATOR); 191 192 user_info_dc->sids[PRIMARY_GROUP_SID_INDEX] = *domain_sid; 193 sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX], DOMAIN_RID_USERS); 194 195 user_info_dc->sids[2] = global_sid_Builtin_Administrators; 196 197 user_info_dc->sids[3] = *domain_sid; 198 sid_append_rid(&user_info_dc->sids[3], DOMAIN_RID_ADMINS); 199 user_info_dc->sids[4] = *domain_sid; 200 sid_append_rid(&user_info_dc->sids[4], DOMAIN_RID_ENTERPRISE_ADMINS); 201 user_info_dc->sids[5] = *domain_sid; 202 sid_append_rid(&user_info_dc->sids[5], DOMAIN_RID_POLICY_ADMINS); 203 user_info_dc->sids[6] = *domain_sid; 204 sid_append_rid(&user_info_dc->sids[6], DOMAIN_RID_SCHEMA_ADMINS); 383 205 384 206 /* What should the session key be?*/ 385 server_info->user_session_key = data_blob_talloc(server_info, NULL, 16); 386 NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data); 387 388 server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16); 389 NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data); 390 391 data_blob_clear(&server_info->user_session_key); 392 data_blob_clear(&server_info->lm_session_key); 393 394 server_info->account_name = talloc_strdup(server_info, "Administrator"); 395 NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); 396 397 server_info->domain_name = talloc_strdup(server_info, domain_name); 398 NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); 399 400 server_info->full_name = talloc_strdup(server_info, "Administrator"); 401 NT_STATUS_HAVE_NO_MEMORY(server_info->full_name); 402 403 server_info->logon_script = talloc_strdup(server_info, ""); 404 NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); 405 406 server_info->profile_path = talloc_strdup(server_info, ""); 407 NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); 408 409 server_info->home_directory = talloc_strdup(server_info, ""); 410 NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); 411 412 server_info->home_drive = talloc_strdup(server_info, ""); 413 NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); 414 415 server_info->logon_server = talloc_strdup(server_info, netbios_name); 416 NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); 417 418 server_info->last_logon = 0; 419 server_info->last_logoff = 0; 420 server_info->acct_expiry = 0; 421 server_info->last_password_change = 0; 422 server_info->allow_password_change = 0; 423 server_info->force_password_change = 0; 424 425 server_info->logon_count = 0; 426 server_info->bad_password_count = 0; 427 428 server_info->acct_flags = ACB_NORMAL; 429 430 server_info->authenticated = true; 431 432 *_server_info = server_info; 207 user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16); 208 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data); 209 210 user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16); 211 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data); 212 213 data_blob_clear(&user_info_dc->user_session_key); 214 data_blob_clear(&user_info_dc->lm_session_key); 215 216 user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); 217 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); 218 219 info->account_name = talloc_strdup(info, "Administrator"); 220 NT_STATUS_HAVE_NO_MEMORY(info->account_name); 221 222 info->domain_name = talloc_strdup(info, domain_name); 223 NT_STATUS_HAVE_NO_MEMORY(info->domain_name); 224 225 info->full_name = talloc_strdup(info, "Administrator"); 226 NT_STATUS_HAVE_NO_MEMORY(info->full_name); 227 228 info->logon_script = talloc_strdup(info, ""); 229 NT_STATUS_HAVE_NO_MEMORY(info->logon_script); 230 231 info->profile_path = talloc_strdup(info, ""); 232 NT_STATUS_HAVE_NO_MEMORY(info->profile_path); 233 234 info->home_directory = talloc_strdup(info, ""); 235 NT_STATUS_HAVE_NO_MEMORY(info->home_directory); 236 237 info->home_drive = talloc_strdup(info, ""); 238 NT_STATUS_HAVE_NO_MEMORY(info->home_drive); 239 240 info->logon_server = talloc_strdup(info, netbios_name); 241 NT_STATUS_HAVE_NO_MEMORY(info->logon_server); 242 243 info->last_logon = 0; 244 info->last_logoff = 0; 245 info->acct_expiry = 0; 246 info->last_password_change = 0; 247 info->allow_password_change = 0; 248 info->force_password_change = 0; 249 250 info->logon_count = 0; 251 info->bad_password_count = 0; 252 253 info->acct_flags = ACB_NORMAL; 254 255 info->authenticated = true; 256 257 *_user_info_dc = user_info_dc; 433 258 434 259 return NT_STATUS_OK; … … 438 263 struct loadparm_context *lp_ctx, 439 264 struct dom_sid *domain_sid, 440 struct auth_session_info ** _session_info)265 struct auth_session_info **session_info) 441 266 { 442 267 NTSTATUS nt_status; 443 struct auth_serversupplied_info *server_info = NULL; 444 struct auth_session_info *session_info = NULL; 268 struct auth_user_info_dc *user_info_dc = NULL; 445 269 TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); 446 270 447 nt_status = auth_domain_admin_ server_info(mem_ctx, lp_netbios_name(lp_ctx),448 lp _workgroup(lp_ctx), domain_sid,449 & server_info);271 nt_status = auth_domain_admin_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx), 272 lpcfg_workgroup(lp_ctx), domain_sid, 273 &user_info_dc); 450 274 if (!NT_STATUS_IS_OK(nt_status)) { 451 275 talloc_free(mem_ctx); … … 453 277 } 454 278 455 session_info = talloc(mem_ctx, struct auth_session_info); 456 NT_STATUS_HAVE_NO_MEMORY(session_info); 457 458 session_info->server_info = talloc_reference(session_info, server_info); 459 460 /* unless set otherwise, the session key is the user session 461 * key from the auth subsystem */ 462 session_info->session_key = server_info->user_session_key; 463 464 nt_status = create_admin_token(session_info, 465 server_info->account_sid, 466 server_info->primary_group_sid, 467 server_info->n_domain_groups, 468 server_info->domain_groups, 469 &session_info->security_token); 470 NT_STATUS_NOT_OK_RETURN(nt_status); 471 472 session_info->credentials = cli_credentials_init(session_info); 473 if (!session_info->credentials) { 474 return NT_STATUS_NO_MEMORY; 475 } 476 477 cli_credentials_set_conf(session_info->credentials, lp_ctx); 478 479 *_session_info = session_info; 480 481 return NT_STATUS_OK; 279 nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc, 280 AUTH_SESSION_INFO_SIMPLE_PRIVILEGES|AUTH_SESSION_INFO_AUTHENTICATED|AUTH_SESSION_INFO_DEFAULT_GROUPS, 281 session_info); 282 /* There is already a reference between the sesion_info and user_info_dc */ 283 if (NT_STATUS_IS_OK(nt_status)) { 284 talloc_steal(parent_ctx, *session_info); 285 } 286 talloc_free(mem_ctx); 287 return nt_status; 482 288 } 483 289 … … 495 301 return session_info; 496 302 } 303 304 _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, 305 struct loadparm_context *lp_ctx, 306 struct auth_session_info **_session_info) 307 { 308 NTSTATUS nt_status; 309 struct auth_user_info_dc *user_info_dc = NULL; 310 struct auth_session_info *session_info = NULL; 311 TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); 312 313 nt_status = auth_anonymous_user_info_dc(mem_ctx, 314 lpcfg_netbios_name(lp_ctx), 315 &user_info_dc); 316 if (!NT_STATUS_IS_OK(nt_status)) { 317 talloc_free(mem_ctx); 318 return nt_status; 319 } 320 321 /* references the user_info_dc into the session_info */ 322 nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info); 323 talloc_free(mem_ctx); 324 325 NT_STATUS_NOT_OK_RETURN(nt_status); 326 327 session_info->credentials = cli_credentials_init(session_info); 328 if (!session_info->credentials) { 329 return NT_STATUS_NO_MEMORY; 330 } 331 332 cli_credentials_set_conf(session_info->credentials, lp_ctx); 333 cli_credentials_set_anonymous(session_info->credentials); 334 335 *_session_info = session_info; 336 337 return NT_STATUS_OK; 338 } 339 340 _PUBLIC_ NTSTATUS auth_anonymous_user_info_dc(TALLOC_CTX *mem_ctx, 341 const char *netbios_name, 342 struct auth_user_info_dc **_user_info_dc) 343 { 344 struct auth_user_info_dc *user_info_dc; 345 struct auth_user_info *info; 346 user_info_dc = talloc(mem_ctx, struct auth_user_info_dc); 347 NT_STATUS_HAVE_NO_MEMORY(user_info_dc); 348 349 /* This returns a pointer to a struct dom_sid, which is the 350 * same as a 1 element list of struct dom_sid */ 351 user_info_dc->num_sids = 1; 352 user_info_dc->sids = dom_sid_parse_talloc(user_info_dc, SID_NT_ANONYMOUS); 353 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); 354 355 /* annoying, but the Anonymous really does have a session key... */ 356 user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16); 357 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data); 358 359 user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16); 360 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data); 361 362 /* and it is all zeros! */ 363 data_blob_clear(&user_info_dc->user_session_key); 364 data_blob_clear(&user_info_dc->lm_session_key); 365 366 user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info); 367 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info); 368 369 info->account_name = talloc_strdup(info, "ANONYMOUS LOGON"); 370 NT_STATUS_HAVE_NO_MEMORY(info->account_name); 371 372 info->domain_name = talloc_strdup(info, "NT AUTHORITY"); 373 NT_STATUS_HAVE_NO_MEMORY(info->domain_name); 374 375 info->full_name = talloc_strdup(info, "Anonymous Logon"); 376 NT_STATUS_HAVE_NO_MEMORY(info->full_name); 377 378 info->logon_script = talloc_strdup(info, ""); 379 NT_STATUS_HAVE_NO_MEMORY(info->logon_script); 380 381 info->profile_path = talloc_strdup(info, ""); 382 NT_STATUS_HAVE_NO_MEMORY(info->profile_path); 383 384 info->home_directory = talloc_strdup(info, ""); 385 NT_STATUS_HAVE_NO_MEMORY(info->home_directory); 386 387 info->home_drive = talloc_strdup(info, ""); 388 NT_STATUS_HAVE_NO_MEMORY(info->home_drive); 389 390 info->logon_server = talloc_strdup(info, netbios_name); 391 NT_STATUS_HAVE_NO_MEMORY(info->logon_server); 392 393 info->last_logon = 0; 394 info->last_logoff = 0; 395 info->acct_expiry = 0; 396 info->last_password_change = 0; 397 info->allow_password_change = 0; 398 info->force_password_change = 0; 399 400 info->logon_count = 0; 401 info->bad_password_count = 0; 402 403 info->acct_flags = ACB_NORMAL; 404 405 info->authenticated = false; 406 407 *_user_info_dc = user_info_dc; 408 409 return NT_STATUS_OK; 410 } 411
Note:
See TracChangeset
for help on using the changeset viewer.
