2 Unix SMB/CIFS implementation.
4 Convert a server info struct into the form for PAC and NETLOGON replies
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
7 Copyright (C) Stefan Metzmacher <metze@samba.org> 2005
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "auth/auth.h"
25 #include "libcli/security/security.h"
26 #include "librpc/gen_ndr/ndr_netlogon.h"
27 #include "auth/auth_sam_reply.h"
29 NTSTATUS
auth_convert_server_info_sambaseinfo(TALLOC_CTX
*mem_ctx
,
30 struct auth_serversupplied_info
*server_info
,
31 struct netr_SamBaseInfo
**_sam
)
33 struct netr_SamBaseInfo
*sam
= talloc_zero(mem_ctx
, struct netr_SamBaseInfo
);
34 NT_STATUS_HAVE_NO_MEMORY(sam
);
36 sam
->domain_sid
= dom_sid_dup(mem_ctx
, server_info
->account_sid
);
37 NT_STATUS_HAVE_NO_MEMORY(sam
->domain_sid
);
38 sam
->domain_sid
->num_auths
--;
40 sam
->last_logon
= server_info
->last_logon
;
41 sam
->last_logoff
= server_info
->last_logoff
;
42 sam
->acct_expiry
= server_info
->acct_expiry
;
43 sam
->last_password_change
= server_info
->last_password_change
;
44 sam
->allow_password_change
= server_info
->allow_password_change
;
45 sam
->force_password_change
= server_info
->force_password_change
;
47 sam
->account_name
.string
= server_info
->account_name
;
48 sam
->full_name
.string
= server_info
->full_name
;
49 sam
->logon_script
.string
= server_info
->logon_script
;
50 sam
->profile_path
.string
= server_info
->profile_path
;
51 sam
->home_directory
.string
= server_info
->home_directory
;
52 sam
->home_drive
.string
= server_info
->home_drive
;
54 sam
->logon_count
= server_info
->logon_count
;
55 sam
->bad_password_count
= sam
->bad_password_count
;
56 sam
->rid
= server_info
->account_sid
->sub_auths
[server_info
->account_sid
->num_auths
-1];
57 sam
->primary_gid
= server_info
->primary_group_sid
->sub_auths
[server_info
->primary_group_sid
->num_auths
-1];
59 sam
->groups
.count
= 0;
60 sam
->groups
.rids
= NULL
;
62 if (server_info
->n_domain_groups
> 0) {
64 sam
->groups
.rids
= talloc_array(sam
, struct samr_RidWithAttribute
,
65 server_info
->n_domain_groups
);
67 if (sam
->groups
.rids
== NULL
)
68 return NT_STATUS_NO_MEMORY
;
70 for (i
=0; i
<server_info
->n_domain_groups
; i
++) {
71 struct dom_sid
*group_sid
= server_info
->domain_groups
[i
];
72 if (!dom_sid_in_domain(sam
->domain_sid
, group_sid
)) {
73 /* We handle this elsewhere */
76 sam
->groups
.rids
[sam
->groups
.count
].rid
=
77 group_sid
->sub_auths
[group_sid
->num_auths
-1];
79 sam
->groups
.rids
[sam
->groups
.count
].attributes
=
80 SE_GROUP_MANDATORY
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_ENABLED
;
81 sam
->groups
.count
+= 1;
85 sam
->user_flags
= 0; /* w2k3 uses NETLOGON_EXTRA_SIDS | NETLOGON_NTLMV2_ENABLED */
86 sam
->acct_flags
= server_info
->acct_flags
;
87 sam
->logon_server
.string
= server_info
->logon_server
;
88 sam
->domain
.string
= server_info
->domain_name
;
90 ZERO_STRUCT(sam
->unknown
);
92 ZERO_STRUCT(sam
->key
);
93 if (server_info
->user_session_key
.length
== sizeof(sam
->key
.key
)) {
94 memcpy(sam
->key
.key
, server_info
->user_session_key
.data
, sizeof(sam
->key
.key
));
97 ZERO_STRUCT(sam
->LMSessKey
);
98 if (server_info
->lm_session_key
.length
== sizeof(sam
->LMSessKey
.key
)) {
99 memcpy(sam
->LMSessKey
.key
, server_info
->lm_session_key
.data
,
100 sizeof(sam
->LMSessKey
.key
));
108 NTSTATUS
auth_convert_server_info_saminfo3(TALLOC_CTX
*mem_ctx
,
109 struct auth_serversupplied_info
*server_info
,
110 struct netr_SamInfo3
**_sam3
)
112 struct netr_SamBaseInfo
*sam
;
113 struct netr_SamInfo3
*sam3
= talloc_zero(mem_ctx
, struct netr_SamInfo3
);
116 NT_STATUS_HAVE_NO_MEMORY(sam3
);
118 status
= auth_convert_server_info_sambaseinfo(mem_ctx
, server_info
, &sam
);
119 if (!NT_STATUS_IS_OK(status
)) {
127 sam3
->sids
= talloc_array(sam
, struct netr_SidAttr
,
128 server_info
->n_domain_groups
);
129 NT_STATUS_HAVE_NO_MEMORY(sam3
->sids
);
131 for (i
=0; i
<server_info
->n_domain_groups
; i
++) {
132 if (dom_sid_in_domain(sam
->domain_sid
, server_info
->domain_groups
[i
])) {
135 sam3
->sids
[sam3
->sidcount
].sid
= talloc_reference(sam3
->sids
,server_info
->domain_groups
[i
]);
136 sam3
->sids
[sam3
->sidcount
].attributes
=
137 SE_GROUP_MANDATORY
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_ENABLED
;
140 if (sam3
->sidcount
) {
141 sam3
->base
.user_flags
|= NETLOGON_EXTRA_SIDS
;