Changeset 751 for trunk/server/source3/auth/auth_util.c
- Timestamp:
- Nov 29, 2012, 1:59:04 PM (13 years ago)
- File:
-
- 1 edited
-
trunk/server/source3/auth/auth_util.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/source3/auth/auth_util.c
r745 r751 656 656 } 657 657 658 static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx, 659 struct passwd *pwd, 660 struct netr_SamInfo3 *info3) 661 { 662 struct dom_sid domain_sid; 663 const char *tmp; 664 665 /* Set account name */ 666 tmp = talloc_strdup(mem_ctx, pwd->pw_name); 667 if (tmp == NULL) { 668 return NT_STATUS_NO_MEMORY; 669 } 670 init_lsa_String(&info3->base.account_name, tmp); 671 672 /* Set domain name */ 673 tmp = talloc_strdup(mem_ctx, get_global_sam_name()); 674 if (tmp == NULL) { 675 return NT_STATUS_NO_MEMORY; 676 } 677 init_lsa_StringLarge(&info3->base.domain, tmp); 678 679 /* Domain sid */ 680 sid_copy(&domain_sid, get_global_sam_sid()); 681 682 info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid); 683 if (info3->base.domain_sid == NULL) { 684 return NT_STATUS_NO_MEMORY; 685 } 686 687 /* Admin rid */ 688 info3->base.rid = DOMAIN_RID_ADMINISTRATOR; 689 690 /* Primary gid */ 691 info3->base.primary_gid = BUILTIN_RID_ADMINISTRATORS; 692 693 return NT_STATUS_OK; 694 } 695 658 696 static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, 659 697 struct netr_SamInfo3 *info3) … … 697 735 698 736 /* Primary gid */ 699 info3->base.primary_gid = BUILTIN_RID_GUESTS;737 info3->base.primary_gid = DOMAIN_RID_GUESTS; 700 738 701 739 TALLOC_FREE(pwd); … … 761 799 done: 762 800 TALLOC_FREE(tmp_ctx); 763 return NT_STATUS_OK; 801 return status; 802 } 803 804 /**************************************************************************** 805 Fake a auth_session_info just from a username (as a 806 session_info structure, with create_local_token() already called on 807 it. 808 ****************************************************************************/ 809 810 static NTSTATUS make_system_session_info_from_pw(TALLOC_CTX *mem_ctx, 811 struct passwd *pwd, 812 struct auth_serversupplied_info **server_info) 813 { 814 const char *domain = global_myname(); 815 struct netr_SamInfo3 info3; 816 TALLOC_CTX *tmp_ctx; 817 NTSTATUS status; 818 819 tmp_ctx = talloc_stackframe(); 820 if (tmp_ctx == NULL) { 821 return NT_STATUS_NO_MEMORY; 822 } 823 824 ZERO_STRUCT(info3); 825 826 status = get_system_info3(tmp_ctx, pwd, &info3); 827 if (!NT_STATUS_IS_OK(status)) { 828 DEBUG(0, ("Failed creating system info3 with %s\n", 829 nt_errstr(status))); 830 goto done; 831 } 832 833 status = make_server_info_info3(mem_ctx, 834 pwd->pw_name, 835 domain, 836 server_info, 837 &info3); 838 if (!NT_STATUS_IS_OK(status)) { 839 DEBUG(0, ("make_server_info_info3 failed with %s\n", 840 nt_errstr(status))); 841 goto done; 842 } 843 844 (*server_info)->nss_token = true; 845 846 /* Now turn the server_info into a session_info with the full token etc */ 847 status = create_local_token(*server_info); 848 if (!NT_STATUS_IS_OK(status)) { 849 DEBUG(0, ("create_local_token failed: %s\n", 850 nt_errstr(status))); 851 goto done; 852 } 853 854 status = NT_STATUS_OK; 855 done: 856 TALLOC_FREE(tmp_ctx); 857 return status; 764 858 } 765 859 … … 780 874 } 781 875 782 status = make_serverinfo_from_username(mem_ctx, 783 pwd->pw_name, 784 false, 785 session_info); 876 status = make_system_session_info_from_pw(mem_ctx, 877 pwd, 878 session_info); 786 879 TALLOC_FREE(pwd); 787 880 if (!NT_STATUS_IS_OK(status)) { … … 1158 1251 const char *nt_domain; 1159 1252 const char *nt_username; 1253 struct dom_sid user_sid; 1254 struct dom_sid group_sid; 1160 1255 bool username_was_mapped; 1161 1256 struct passwd *pwd; 1162 1257 struct auth_serversupplied_info *result; 1163 struct dom_sid *group_sid;1164 struct netr_SamInfo3 *i3;1165 1258 1166 1259 /* … … 1169 1262 matches. 1170 1263 */ 1264 1265 if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) { 1266 return NT_STATUS_INVALID_PARAMETER; 1267 } 1268 1269 if (!sid_compose(&group_sid, info3->base.domain_sid, 1270 info3->base.primary_gid)) { 1271 return NT_STATUS_INVALID_PARAMETER; 1272 } 1171 1273 1172 1274 nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string); … … 1221 1323 1222 1324 /* copy in the info3 */ 1223 result->info3 = i3 =copy_netr_SamInfo3(result, info3);1325 result->info3 = copy_netr_SamInfo3(result, info3); 1224 1326 if (result->info3 == NULL) { 1225 1327 TALLOC_FREE(result); … … 1228 1330 1229 1331 /* Fill in the unix info we found on the way */ 1332 1230 1333 result->utok.uid = pwd->pw_uid; 1231 1334 result->utok.gid = pwd->pw_gid; 1232 1233 /* We can't just trust that the primary group sid sent us is something1234 * we can really use. Obtain the useable sid, and store the original1235 * one as an additional group if it had to be replaced */1236 nt_status = get_primary_group_sid(mem_ctx, found_username,1237 &pwd, &group_sid);1238 if (!NT_STATUS_IS_OK(nt_status)) {1239 TALLOC_FREE(result);1240 return nt_status;1241 }1242 1243 /* store and check if it is the same we got originally */1244 sid_peek_rid(group_sid, &i3->base.primary_gid);1245 if (i3->base.primary_gid != info3->base.primary_gid) {1246 uint32_t n = i3->base.groups.count;1247 /* not the same, store the original as an additional group */1248 i3->base.groups.rids =1249 talloc_realloc(i3, i3->base.groups.rids,1250 struct samr_RidWithAttribute, n + 1);1251 if (i3->base.groups.rids == NULL) {1252 TALLOC_FREE(result);1253 return NT_STATUS_NO_MEMORY;1254 }1255 i3->base.groups.rids[n].rid = info3->base.primary_gid;1256 i3->base.groups.rids[n].attributes = SE_GROUP_ENABLED;1257 i3->base.groups.count = n + 1;1258 }1259 1335 1260 1336 /* ensure we are never given NULL session keys */
Note:
See TracChangeset
for help on using the changeset viewer.
