2 Unix SMB/CIFS implementation.
4 Convert a server info struct into the form for PAC and NETLOGON replies
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 2 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program; if not, write to the Free Software
21 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "librpc/gen_ndr/ndr_netlogon.h"
26 #include "rpc_server/dcerpc_server.h"
27 #include "rpc_server/common/common.h"
28 #include "librpc/gen_ndr/ndr_dcom.h"
29 #include "auth/auth.h"
30 #include "lib/ldb/include/ldb.h"
32 NTSTATUS
auth_convert_server_info_sambaseinfo(TALLOC_CTX
*mem_ctx
,
33 struct auth_serversupplied_info
*server_info
,
34 struct netr_SamBaseInfo
**_sam
)
36 struct netr_SamBaseInfo
*sam
= talloc_zero(mem_ctx
, struct netr_SamBaseInfo
);
37 NT_STATUS_HAVE_NO_MEMORY(sam
);
39 sam
->last_logon
= server_info
->last_logon
;
40 sam
->last_logoff
= server_info
->last_logoff
;
41 sam
->acct_expiry
= server_info
->acct_expiry
;
42 sam
->last_password_change
= server_info
->last_password_change
;
43 sam
->allow_password_change
= server_info
->allow_password_change
;
44 sam
->force_password_change
= server_info
->force_password_change
;
46 sam
->account_name
.string
= server_info
->account_name
;
47 sam
->full_name
.string
= server_info
->full_name
;
48 sam
->logon_script
.string
= server_info
->logon_script
;
49 sam
->profile_path
.string
= server_info
->profile_path
;
50 sam
->home_directory
.string
= server_info
->home_directory
;
51 sam
->home_drive
.string
= server_info
->home_drive
;
53 sam
->logon_count
= server_info
->logon_count
;
54 sam
->bad_password_count
= sam
->bad_password_count
;
55 sam
->rid
= server_info
->account_sid
->sub_auths
[server_info
->account_sid
->num_auths
-1];
56 sam
->primary_gid
= server_info
->primary_group_sid
->sub_auths
[server_info
->primary_group_sid
->num_auths
-1];
58 sam
->groups
.count
= 0;
59 sam
->groups
.rids
= NULL
;
61 if (server_info
->n_domain_groups
> 0) {
63 sam
->groups
.rids
= talloc_array(sam
, struct samr_RidWithAttribute
,
64 server_info
->n_domain_groups
);
66 if (sam
->groups
.rids
== NULL
)
67 return NT_STATUS_NO_MEMORY
;
69 for (i
=0; i
<server_info
->n_domain_groups
; i
++) {
71 struct dom_sid
*group_sid
= server_info
->domain_groups
[i
];
72 sam
->groups
.rids
[sam
->groups
.count
].rid
=
73 group_sid
->sub_auths
[group_sid
->num_auths
-1];
75 sam
->groups
.rids
[sam
->groups
.count
].attributes
=
76 SE_GROUP_MANDATORY
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_ENABLED
;
77 sam
->groups
.count
+= 1;
81 sam
->user_flags
= 0; /* TODO: w2k3 uses 0x120. We know 0x20
82 * as extra sids (PAC doc) but what is
84 sam
->acct_flags
= server_info
->acct_flags
;
85 sam
->logon_server
.string
= lp_netbios_name();
86 sam
->domain
.string
= server_info
->domain_name
;
88 sam
->domain_sid
= dom_sid_dup(mem_ctx
, server_info
->account_sid
);
89 NT_STATUS_HAVE_NO_MEMORY(sam
->domain_sid
);
90 sam
->domain_sid
->num_auths
--;
92 ZERO_STRUCT(sam
->unknown
);
94 ZERO_STRUCT(sam
->key
);
95 if (server_info
->user_session_key
.length
== sizeof(sam
->key
.key
)) {
96 memcpy(sam
->key
.key
, server_info
->user_session_key
.data
, sizeof(sam
->key
.key
));
99 ZERO_STRUCT(sam
->LMSessKey
);
100 if (server_info
->lm_session_key
.length
== sizeof(sam
->LMSessKey
.key
)) {
101 memcpy(sam
->LMSessKey
.key
, server_info
->lm_session_key
.data
,
102 sizeof(sam
->LMSessKey
.key
));
110 NTSTATUS
auth_convert_server_info_saminfo3(TALLOC_CTX
*mem_ctx
,
111 struct auth_serversupplied_info
*server_info
,
112 struct netr_SamInfo3
**_sam3
)
114 struct netr_SamBaseInfo
*sam
;
115 struct netr_SamInfo3
*sam3
= talloc_zero(mem_ctx
, struct netr_SamInfo3
);
116 NT_STATUS_HAVE_NO_MEMORY(sam3
);
120 sam
->domain_sid
= dom_sid_dup(mem_ctx
, server_info
->account_sid
);
121 NT_STATUS_HAVE_NO_MEMORY(sam
->domain_sid
);
122 sam
->domain_sid
->num_auths
--;
124 sam
->last_logon
= server_info
->last_logon
;
125 sam
->last_logoff
= server_info
->last_logoff
;
126 sam
->acct_expiry
= server_info
->acct_expiry
;
127 sam
->last_password_change
= server_info
->last_password_change
;
128 sam
->allow_password_change
= server_info
->allow_password_change
;
129 sam
->force_password_change
= server_info
->force_password_change
;
131 sam
->account_name
.string
= server_info
->account_name
;
132 sam
->full_name
.string
= server_info
->full_name
;
133 sam
->logon_script
.string
= server_info
->logon_script
;
134 sam
->profile_path
.string
= server_info
->profile_path
;
135 sam
->home_directory
.string
= server_info
->home_directory
;
136 sam
->home_drive
.string
= server_info
->home_drive
;
138 sam
->logon_count
= server_info
->logon_count
;
139 sam
->bad_password_count
= sam
->bad_password_count
;
140 sam
->rid
= server_info
->account_sid
->sub_auths
[server_info
->account_sid
->num_auths
-1];
141 sam
->primary_gid
= server_info
->primary_group_sid
->sub_auths
[server_info
->primary_group_sid
->num_auths
-1];
143 sam
->groups
.count
= 0;
144 sam
->groups
.rids
= NULL
;
146 if (server_info
->n_domain_groups
> 0) {
148 sam
->groups
.rids
= talloc_array(sam
, struct samr_RidWithAttribute
,
149 server_info
->n_domain_groups
);
150 NT_STATUS_HAVE_NO_MEMORY(sam
->groups
.rids
);
152 for (i
=0; i
<server_info
->n_domain_groups
; i
++) {
153 struct dom_sid
*group_sid
= server_info
->domain_groups
[i
];
155 if (!dom_sid_in_domain(sam
->domain_sid
, group_sid
)) {
159 sam
->groups
.rids
[sam
->groups
.count
].rid
= group_sid
->sub_auths
[group_sid
->num_auths
-1];
160 sam
->groups
.rids
[sam
->groups
.count
].attributes
=
161 SE_GROUP_MANDATORY
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_ENABLED
;
162 sam
->groups
.count
+= 1;
166 sam
->user_flags
= 0x20; /* TODO: w2k3 uses 0x120. We know 0x20
167 * as extra sids (PAC doc) but what is
169 sam
->acct_flags
= server_info
->acct_flags
;
170 sam
->logon_server
.string
= lp_netbios_name();
171 sam
->domain
.string
= server_info
->domain_name
;
173 ZERO_STRUCT(sam
->unknown
);
175 ZERO_STRUCT(sam
->key
);
176 if (server_info
->user_session_key
.length
== sizeof(sam
->key
.key
)) {
177 memcpy(sam
->key
.key
, server_info
->user_session_key
.data
, sizeof(sam
->key
.key
));
180 ZERO_STRUCT(sam
->LMSessKey
);
181 if (server_info
->lm_session_key
.length
== sizeof(sam
->LMSessKey
.key
)) {
182 memcpy(sam
->LMSessKey
.key
, server_info
->lm_session_key
.data
,
183 sizeof(sam
->LMSessKey
.key
));
189 if (server_info
->n_domain_groups
> 0) {
191 sam3
->sids
= talloc_array(sam
, struct netr_SidAttr
,
192 server_info
->n_domain_groups
);
193 NT_STATUS_HAVE_NO_MEMORY(sam3
->sids
);
195 for (i
=0; i
<server_info
->n_domain_groups
; i
++) {
196 if (dom_sid_in_domain(sam
->domain_sid
, server_info
->domain_groups
[i
])) {
199 sam3
->sids
[sam3
->sidcount
].sid
= talloc_reference(sam3
->sids
,server_info
->domain_groups
[i
]);
200 sam3
->sids
[sam3
->sidcount
].attribute
=
201 SE_GROUP_MANDATORY
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_ENABLED
;