search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-ldb: Use _ldb_msg_add_el() in ldb_msg_add()
[Samba.git] / source3 / auth / server_info.c
blobbb38080418db80a2c351e414ff211a411671e671
1 /*
2 Unix SMB/CIFS implementation.
3 Authentication utility functions
4 Copyright (C) Volker Lendecke 2010
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "../lib/crypto/arcfour.h"
22
23 #undef DBGC_CLASS
24 #define DBGC_CLASS DBGC_AUTH
25
26 /* FIXME: do we really still need this ? */
27 static int server_info_dtor(struct auth_serversupplied_info *server_info)
28 {
29 TALLOC_FREE(server_info->info3);
30 ZERO_STRUCTP(server_info);
31 return 0;
32 }
33
34 /***************************************************************************
35 Make a server_info struct. Free with TALLOC_FREE().
36 ***************************************************************************/
37
38 struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
39 {
40 struct auth_serversupplied_info *result;
41
42 result = TALLOC_ZERO_P(mem_ctx, struct auth_serversupplied_info);
43 if (result == NULL) {
44 DEBUG(0, ("talloc failed\n"));
45 return NULL;
46 }
47
48 talloc_set_destructor(result, server_info_dtor);
49
50 /* Initialise the uid and gid values to something non-zero
51 which may save us from giving away root access if there
52 is a bug in allocating these fields. */
53
54 result->utok.uid = -1;
55 result->utok.gid = -1;
56
57 return result;
58 }
59
60 /****************************************************************************
61 inits a netr_SamInfo2 structure from an auth_serversupplied_info. sam2 must
62 already be initialized and is used as the talloc parent for its members.
63 *****************************************************************************/
64
65 NTSTATUS serverinfo_to_SamInfo2(struct auth_serversupplied_info *server_info,
66 uint8_t *pipe_session_key,
67 size_t pipe_session_key_len,
68 struct netr_SamInfo2 *sam2)
69 {
70 struct netr_SamInfo3 *info3;
71
72 info3 = copy_netr_SamInfo3(sam2, server_info->info3);
73 if (!info3) {
74 return NT_STATUS_NO_MEMORY;
75 }
76
77 if (server_info->user_session_key.length) {
78 memcpy(info3->base.key.key,
79 server_info->user_session_key.data,
80 MIN(sizeof(info3->base.key.key),
81 server_info->user_session_key.length));
82 if (pipe_session_key) {
83 arcfour_crypt(info3->base.key.key,
84 pipe_session_key, 16);
85 }
86 }
87 if (server_info->lm_session_key.length) {
88 memcpy(info3->base.LMSessKey.key,
89 server_info->lm_session_key.data,
90 MIN(sizeof(info3->base.LMSessKey.key),
91 server_info->lm_session_key.length));
92 if (pipe_session_key) {
93 arcfour_crypt(info3->base.LMSessKey.key,
94 pipe_session_key, 8);
95 }
96 }
97
98 sam2->base = info3->base;
99
100 return NT_STATUS_OK;
101 }
102
103 /****************************************************************************
104 inits a netr_SamInfo3 structure from an auth_serversupplied_info. sam3 must
105 already be initialized and is used as the talloc parent for its members.
106 *****************************************************************************/
107
108 NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
109 uint8_t *pipe_session_key,
110 size_t pipe_session_key_len,
111 struct netr_SamInfo3 *sam3)
112 {
113 struct netr_SamInfo3 *info3;
114
115 info3 = copy_netr_SamInfo3(sam3, server_info->info3);
116 if (!info3) {
117 return NT_STATUS_NO_MEMORY;
118 }
119
120 if (server_info->user_session_key.length) {
121 memcpy(info3->base.key.key,
122 server_info->user_session_key.data,
123 MIN(sizeof(info3->base.key.key),
124 server_info->user_session_key.length));
125 if (pipe_session_key) {
126 arcfour_crypt(info3->base.key.key,
127 pipe_session_key, 16);
128 }
129 }
130 if (server_info->lm_session_key.length) {
131 memcpy(info3->base.LMSessKey.key,
132 server_info->lm_session_key.data,
133 MIN(sizeof(info3->base.LMSessKey.key),
134 server_info->lm_session_key.length));
135 if (pipe_session_key) {
136 arcfour_crypt(info3->base.LMSessKey.key,
137 pipe_session_key, 8);
138 }
139 }
140
141 sam3->base = info3->base;
142
143 sam3->sidcount = 0;
144 sam3->sids = NULL;
145
146 return NT_STATUS_OK;
147 }
148
149 /****************************************************************************
150 inits a netr_SamInfo6 structure from an auth_serversupplied_info. sam6 must
151 already be initialized and is used as the talloc parent for its members.
152 *****************************************************************************/
153
154 NTSTATUS serverinfo_to_SamInfo6(struct auth_serversupplied_info *server_info,
155 uint8_t *pipe_session_key,
156 size_t pipe_session_key_len,
157 struct netr_SamInfo6 *sam6)
158 {
159 struct pdb_domain_info *dominfo;
160 struct netr_SamInfo3 *info3;
161
162 if ((pdb_capabilities() & PDB_CAP_ADS) == 0) {
163 DEBUG(10,("Not adding validation info level 6 "
164 "without ADS passdb backend\n"));
165 return NT_STATUS_INVALID_INFO_CLASS;
166 }
167
168 dominfo = pdb_get_domain_info(sam6);
169 if (dominfo == NULL) {
170 return NT_STATUS_NO_MEMORY;
171 }
172
173 info3 = copy_netr_SamInfo3(sam6, server_info->info3);
174 if (!info3) {
175 return NT_STATUS_NO_MEMORY;
176 }
177
178 if (server_info->user_session_key.length) {
179 memcpy(info3->base.key.key,
180 server_info->user_session_key.data,
181 MIN(sizeof(info3->base.key.key),
182 server_info->user_session_key.length));
183 if (pipe_session_key) {
184 arcfour_crypt(info3->base.key.key,
185 pipe_session_key, 16);
186 }
187 }
188 if (server_info->lm_session_key.length) {
189 memcpy(info3->base.LMSessKey.key,
190 server_info->lm_session_key.data,
191 MIN(sizeof(info3->base.LMSessKey.key),
192 server_info->lm_session_key.length));
193 if (pipe_session_key) {
194 arcfour_crypt(info3->base.LMSessKey.key,
195 pipe_session_key, 8);
196 }
197 }
198
199 sam6->base = info3->base;
200
201 sam6->sidcount = 0;
202 sam6->sids = NULL;
203
204 sam6->dns_domainname.string = talloc_strdup(sam6, dominfo->dns_domain);
205 if (sam6->dns_domainname.string == NULL) {
206 return NT_STATUS_NO_MEMORY;
207 }
208
209 sam6->principle.string = talloc_asprintf(sam6, "%s@%s",
210 sam6->base.account_name.string,
211 sam6->dns_domainname.string);
212 if (sam6->principle.string == NULL) {
213 return NT_STATUS_NO_MEMORY;
214 }
215
216 return NT_STATUS_OK;
217 }
218
219 static NTSTATUS append_netr_SidAttr(TALLOC_CTX *mem_ctx,
220 struct netr_SidAttr **sids,
221 uint32_t *count,
222 const struct dom_sid2 *asid,
223 uint32_t attributes)
224 {
225 uint32_t t = *count;
226
227 *sids = talloc_realloc(mem_ctx, *sids, struct netr_SidAttr, t + 1);
228 if (*sids == NULL) {
229 return NT_STATUS_NO_MEMORY;
230 }
231 (*sids)[t].sid = sid_dup_talloc(*sids, asid);
232 if ((*sids)[t].sid == NULL) {
233 return NT_STATUS_NO_MEMORY;
234 }
235 (*sids)[t].attributes = attributes;
236 *count = t + 1;
237
238 return NT_STATUS_OK;
239 }
240
241 /* Fils the samr_RidWithAttributeArray with the provided sids.
242 * If it happens that we have additional groups that do not belong
243 * to the domain, add their sids as extra sids */
244 static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3,
245 const struct dom_sid *sids,
246 size_t num_sids)
247 {
248 uint32_t attributes = SE_GROUP_MANDATORY |
249 SE_GROUP_ENABLED_BY_DEFAULT |
250 SE_GROUP_ENABLED;
251 struct samr_RidWithAttributeArray *groups;
252 struct dom_sid *domain_sid;
253 unsigned int i;
254 NTSTATUS status;
255 uint32_t rid;
256 bool ok;
257
258 domain_sid = info3->base.domain_sid;
259 groups = &info3->base.groups;
260
261 groups->rids = talloc_array(info3,
262 struct samr_RidWithAttribute, num_sids);
263 if (!groups->rids) {
264 return NT_STATUS_NO_MEMORY;
265 }
266
267 for (i = 0; i < num_sids; i++) {
268 ok = sid_peek_check_rid(domain_sid, &sids[i], &rid);
269 if (ok) {
270
271 /* if it is the primary gid, skip it, we
272 * obviously already have it */
273 if (info3->base.primary_gid == rid) continue;
274
275 /* store domain group rid */
276 groups->rids[i].rid = rid;
277 groups->rids[i].attributes = attributes;
278 groups->count++;
279 continue;
280 }
281
282 /* if this wasn't a domain sid, add it as extra sid */
283 status = append_netr_SidAttr(info3, &info3->sids,
284 &info3->sidcount,
285 &sids[i], attributes);
286 if (!NT_STATUS_IS_OK(status)) {
287 return status;
288 }
289 }
290
291 return NT_STATUS_OK;
292 }
293
294 #define RET_NOMEM(ptr) do { \
295 if (!ptr) { \
296 TALLOC_FREE(info3); \
297 return NT_STATUS_NO_MEMORY; \
298 } } while(0)
299
300 NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
301 struct samu *samu,
302 const char *login_server,
303 struct netr_SamInfo3 **_info3,
304 struct extra_auth_info *extra)
305 {
306 struct netr_SamInfo3 *info3;
307 const struct dom_sid *user_sid;
308 const struct dom_sid *group_sid;
309 struct dom_sid domain_sid;
310 struct dom_sid *group_sids;
311 size_t num_group_sids = 0;
312 const char *tmp;
313 gid_t *gids;
314 NTSTATUS status;
315 bool ok;
316
317 user_sid = pdb_get_user_sid(samu);
318 group_sid = pdb_get_group_sid(samu);
319
320 if (!user_sid || !group_sid) {
321 DEBUG(1, ("Sam account is missing sids!\n"));
322 return NT_STATUS_UNSUCCESSFUL;
323 }
324
325 info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
326 if (!info3) {
327 return NT_STATUS_NO_MEMORY;
328 }
329
330 ZERO_STRUCT(domain_sid);
331
332 /* check if this is a "Unix Users" domain user,
333 * we need to handle it in a special way if that's the case */
334 if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) {
335 /* in info3 you can only set rids for the user and the
336 * primary group, and the domain sid must be that of
337 * the sam domain.
338 *
339 * Store a completely bogus value here.
340 * The real SID is stored in the extra sids.
341 * Other code will know to look there if (-1) is found
342 */
343 info3->base.rid = (uint32_t)(-1);
344 sid_copy(&extra->user_sid, user_sid);
345
346 DEBUG(10, ("Unix User found in struct samu. Rid marked as "
347 "special and sid (%s) saved as extra sid\n",
348 sid_string_dbg(user_sid)));
349 } else {
350 sid_copy(&domain_sid, user_sid);
351 sid_split_rid(&domain_sid, &info3->base.rid);
352 }
353
354 if (is_null_sid(&domain_sid)) {
355 sid_copy(&domain_sid, get_global_sam_sid());
356 }
357
358 /* check if this is a "Unix Groups" domain group,
359 * if so we need special handling */
360 if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) {
361 /* in info3 you can only set rids for the user and the
362 * primary group, and the domain sid must be that of
363 * the sam domain.
364 *
365 * Store a completely bogus value here.
366 * The real SID is stored in the extra sids.
367 * Other code will know to look there if (-1) is found
368 */
369 info3->base.primary_gid = (uint32_t)(-1);
370 sid_copy(&extra->pgid_sid, group_sid);
371
372 DEBUG(10, ("Unix Group found in struct samu. Rid marked as "
373 "special and sid (%s) saved as extra sid\n",
374 sid_string_dbg(group_sid)));
375
376 } else {
377 ok = sid_peek_check_rid(&domain_sid, group_sid,
378 &info3->base.primary_gid);
379 if (!ok) {
380 DEBUG(1, ("The primary group domain sid(%s) does not"
381 "match the domain sid(%s) for %s(%s)\n",
382 sid_string_dbg(group_sid),
383 sid_string_dbg(&domain_sid),
384 pdb_get_username(samu),
385 sid_string_dbg(user_sid)));
386 TALLOC_FREE(info3);
387 return NT_STATUS_UNSUCCESSFUL;
388 }
389 }
390
391 unix_to_nt_time(&info3->base.last_logon, pdb_get_logon_time(samu));
392 unix_to_nt_time(&info3->base.last_logoff, get_time_t_max());
393 unix_to_nt_time(&info3->base.acct_expiry, get_time_t_max());
394 unix_to_nt_time(&info3->base.last_password_change,
395 pdb_get_pass_last_set_time(samu));
396 unix_to_nt_time(&info3->base.allow_password_change,
397 pdb_get_pass_can_change_time(samu));
398 unix_to_nt_time(&info3->base.force_password_change,
399 pdb_get_pass_must_change_time(samu));
400
401 tmp = pdb_get_username(samu);
402 if (tmp) {
403 info3->base.account_name.string = talloc_strdup(info3, tmp);
404 RET_NOMEM(info3->base.account_name.string);
405 }
406 tmp = pdb_get_fullname(samu);
407 if (tmp) {
408 info3->base.full_name.string = talloc_strdup(info3, tmp);
409 RET_NOMEM(info3->base.full_name.string);
410 }
411 tmp = pdb_get_logon_script(samu);
412 if (tmp) {
413 info3->base.logon_script.string = talloc_strdup(info3, tmp);
414 RET_NOMEM(info3->base.logon_script.string);
415 }
416 tmp = pdb_get_profile_path(samu);
417 if (tmp) {
418 info3->base.profile_path.string = talloc_strdup(info3, tmp);
419 RET_NOMEM(info3->base.profile_path.string);
420 }
421 tmp = pdb_get_homedir(samu);
422 if (tmp) {
423 info3->base.home_directory.string = talloc_strdup(info3, tmp);
424 RET_NOMEM(info3->base.home_directory.string);
425 }
426 tmp = pdb_get_dir_drive(samu);
427 if (tmp) {
428 info3->base.home_drive.string = talloc_strdup(info3, tmp);
429 RET_NOMEM(info3->base.home_drive.string);
430 }
431
432 info3->base.logon_count = pdb_get_logon_count(samu);
433 info3->base.bad_password_count = pdb_get_bad_password_count(samu);
434
435 status = pdb_enum_group_memberships(mem_ctx, samu,
436 &group_sids, &gids,
437 &num_group_sids);
438 if (!NT_STATUS_IS_OK(status)) {
439 DEBUG(1, ("Failed to get groups from sam account.\n"));
440 TALLOC_FREE(info3);
441 return status;
442 }
443
444 if (num_group_sids) {
445 status = group_sids_to_info3(info3, group_sids, num_group_sids);
446 if (!NT_STATUS_IS_OK(status)) {
447 TALLOC_FREE(info3);
448 return status;
449 }
450 }
451
452 /* We don't need sids and gids after the conversion */
453 TALLOC_FREE(group_sids);
454 TALLOC_FREE(gids);
455 num_group_sids = 0;
456
457 /* FIXME: should we add other flags ? */
458 info3->base.user_flags = NETLOGON_EXTRA_SIDS;
459
460 if (login_server) {
461 info3->base.logon_server.string = talloc_strdup(info3, login_server);
462 RET_NOMEM(info3->base.logon_server.string);
463 }
464
465 info3->base.domain.string = talloc_strdup(info3,
466 pdb_get_domain(samu));
467 RET_NOMEM(info3->base.domain.string);
468
469 info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid);
470 RET_NOMEM(info3->base.domain_sid);
471
472 info3->base.acct_flags = pdb_get_acct_ctrl(samu);
473
474 *_info3 = info3;
475 return NT_STATUS_OK;
476 }
477
478 #undef RET_NOMEM
479
480 #define RET_NOMEM(ptr) do { \
481 if (!ptr) { \
482 TALLOC_FREE(info3); \
483 return NULL; \
484 } } while(0)
485
486 struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
487 struct netr_SamInfo3 *orig)
488 {
489 struct netr_SamInfo3 *info3;
490 unsigned int i;
491
492 info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
493 if (!info3) return NULL;
494
495 /* first copy all, then realloc pointers */
496 info3->base = orig->base;
497
498 if (orig->base.account_name.string) {
499 info3->base.account_name.string =
500 talloc_strdup(info3, orig->base.account_name.string);
501 RET_NOMEM(info3->base.account_name.string);
502 }
503 if (orig->base.full_name.string) {
504 info3->base.full_name.string =
505 talloc_strdup(info3, orig->base.full_name.string);
506 RET_NOMEM(info3->base.full_name.string);
507 }
508 if (orig->base.logon_script.string) {
509 info3->base.logon_script.string =
510 talloc_strdup(info3, orig->base.logon_script.string);
511 RET_NOMEM(info3->base.logon_script.string);
512 }
513 if (orig->base.profile_path.string) {
514 info3->base.profile_path.string =
515 talloc_strdup(info3, orig->base.profile_path.string);
516 RET_NOMEM(info3->base.profile_path.string);
517 }
518 if (orig->base.home_directory.string) {
519 info3->base.home_directory.string =
520 talloc_strdup(info3, orig->base.home_directory.string);
521 RET_NOMEM(info3->base.home_directory.string);
522 }
523 if (orig->base.home_drive.string) {
524 info3->base.home_drive.string =
525 talloc_strdup(info3, orig->base.home_drive.string);
526 RET_NOMEM(info3->base.home_drive.string);
527 }
528
529 if (orig->base.groups.count) {
530 info3->base.groups.rids = (struct samr_RidWithAttribute *)
531 talloc_memdup(info3, orig->base.groups.rids,
532 (sizeof(struct samr_RidWithAttribute) *
533 orig->base.groups.count));
534 RET_NOMEM(info3->base.groups.rids);
535 }
536
537 if (orig->base.logon_server.string) {
538 info3->base.logon_server.string =
539 talloc_strdup(info3, orig->base.logon_server.string);
540 RET_NOMEM(info3->base.logon_server.string);
541 }
542 if (orig->base.domain.string) {
543 info3->base.domain.string =
544 talloc_strdup(info3, orig->base.domain.string);
545 RET_NOMEM(info3->base.domain.string);
546 }
547
548 if (orig->base.domain_sid) {
549 info3->base.domain_sid = sid_dup_talloc(info3, orig->base.domain_sid);
550 RET_NOMEM(info3->base.domain_sid);
551 }
552
553 if (orig->sidcount) {
554 info3->sidcount = orig->sidcount;
555 info3->sids = talloc_array(info3, struct netr_SidAttr,
556 orig->sidcount);
557 RET_NOMEM(info3->sids);
558 for (i = 0; i < orig->sidcount; i++) {
559 info3->sids[i].sid = sid_dup_talloc(info3->sids,
560 orig->sids[i].sid);
561 RET_NOMEM(info3->sids[i].sid);
562 info3->sids[i].attributes =
563 orig->sids[i].attributes;
564 }
565 }
566
567 return info3;
568 }
569
570 static NTSTATUS wbcsids_to_samr_RidWithAttributeArray(
571 TALLOC_CTX *mem_ctx,
572 struct samr_RidWithAttributeArray *groups,
573 const struct dom_sid *domain_sid,
574 const struct wbcSidWithAttr *sids,
575 size_t num_sids)
576 {
577 unsigned int i;
578 bool ok;
579
580 groups->rids = talloc_array(mem_ctx,
581 struct samr_RidWithAttribute, num_sids);
582 if (!groups->rids) {
583 return NT_STATUS_NO_MEMORY;
584 }
585
586 /* a wbcDomainSid is the same as a dom_sid */
587 for (i = 0; i < num_sids; i++) {
588 ok = sid_peek_check_rid(domain_sid,
589 (const struct dom_sid *)&sids[i].sid,
590 &groups->rids[i].rid);
591 if (!ok) continue;
592
593 groups->rids[i].attributes = SE_GROUP_MANDATORY |
594 SE_GROUP_ENABLED_BY_DEFAULT |
595 SE_GROUP_ENABLED;
596 groups->count++;
597 }
598
599 return NT_STATUS_OK;
600 }
601
602 struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
603 const struct wbcAuthUserInfo *info)
604 {
605 struct netr_SamInfo3 *info3;
606 struct dom_sid user_sid;
607 struct dom_sid group_sid;
608 struct dom_sid domain_sid;
609 NTSTATUS status;
610 bool ok;
611
612 memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
613 memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
614
615 info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
616 if (!info3) return NULL;
617
618 info3->base.last_logon = info->logon_time;
619 info3->base.last_logoff = info->logoff_time;
620 info3->base.acct_expiry = info->kickoff_time;
621 info3->base.last_password_change = info->pass_last_set_time;
622 info3->base.allow_password_change = info->pass_can_change_time;
623 info3->base.force_password_change = info->pass_must_change_time;
624
625 if (info->account_name) {
626 info3->base.account_name.string =
627 talloc_strdup(info3, info->account_name);
628 RET_NOMEM(info3->base.account_name.string);
629 }
630 if (info->full_name) {
631 info3->base.full_name.string =
632 talloc_strdup(info3, info->full_name);
633 RET_NOMEM(info3->base.full_name.string);
634 }
635 if (info->logon_script) {
636 info3->base.logon_script.string =
637 talloc_strdup(info3, info->logon_script);
638 RET_NOMEM(info3->base.logon_script.string);
639 }
640 if (info->profile_path) {
641 info3->base.profile_path.string =
642 talloc_strdup(info3, info->profile_path);
643 RET_NOMEM(info3->base.profile_path.string);
644 }
645 if (info->home_directory) {
646 info3->base.home_directory.string =
647 talloc_strdup(info3, info->home_directory);
648 RET_NOMEM(info3->base.home_directory.string);
649 }
650 if (info->home_drive) {
651 info3->base.home_drive.string =
652 talloc_strdup(info3, info->home_drive);
653 RET_NOMEM(info3->base.home_drive.string);
654 }
655
656 info3->base.logon_count = info->logon_count;
657 info3->base.bad_password_count = info->bad_password_count;
658
659 sid_copy(&domain_sid, &user_sid);
660 sid_split_rid(&domain_sid, &info3->base.rid);
661
662 ok = sid_peek_check_rid(&domain_sid, &group_sid,
663 &info3->base.primary_gid);
664 if (!ok) {
665 DEBUG(1, ("The primary group sid domain does not"
666 "match user sid domain for user: %s\n",
667 info->account_name));
668 TALLOC_FREE(info3);
669 return NULL;
670 }
671
672 status = wbcsids_to_samr_RidWithAttributeArray(info3,
673 &info3->base.groups,
674 &domain_sid,
675 &info->sids[1],
676 info->num_sids - 1);
677 if (!NT_STATUS_IS_OK(status)) {
678 TALLOC_FREE(info3);
679 return NULL;
680 }
681
682 info3->base.user_flags = info->user_flags;
683 memcpy(info3->base.key.key, info->user_session_key, 16);
684
685 if (info->logon_server) {
686 info3->base.logon_server.string =
687 talloc_strdup(info3, info->logon_server);
688 RET_NOMEM(info3->base.logon_server.string);
689 }
690 if (info->domain_name) {
691 info3->base.domain.string =
692 talloc_strdup(info3, info->domain_name);
693 RET_NOMEM(info3->base.domain.string);
694 }
695
696 info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid);
697 RET_NOMEM(info3->base.domain_sid);
698
699 memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8);
700 info3->base.acct_flags = info->acct_flags;
701
702 return info3;
703 }
Samba GIT mirror