s3-auth: Don't lookup the system user in pdb.

This fixes bug #8944, ldapsam:trusted and ipasam. It is an additional
fix for bug #8567 (0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9).

Signed-off-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 96b6f3a4777fa3288ee071e01bf293c28002fc5f)

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a904da445d79f9e654a8d23bc39b464b1159d059..c7e266a97bdf5f976489620357b4434628aa5fbf 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -655,6 +655,44 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
        return NT_STATUS_OK;
 }
 
+static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
+                                struct passwd *pwd,
+                                struct netr_SamInfo3 *info3)
+{
+       struct dom_sid domain_sid;
+       const char *tmp;
+
+       /* Set account name */
+       tmp = talloc_strdup(mem_ctx, pwd->pw_name);
+       if (tmp == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       init_lsa_String(&info3->base.account_name, tmp);
+
+       /* Set domain name */
+       tmp = talloc_strdup(mem_ctx, get_global_sam_name());
+       if (tmp == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       init_lsa_StringLarge(&info3->base.domain, tmp);
+
+       /* Domain sid */
+       sid_copy(&domain_sid, get_global_sam_sid());
+
+       info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid);
+       if (info3->base.domain_sid == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       /* Admin rid */
+       info3->base.rid = DOMAIN_RID_ADMINISTRATOR;
+
+       /* Primary gid */
+       info3->base.primary_gid = BUILTIN_RID_ADMINISTRATORS;
+
+       return NT_STATUS_OK;
+}
+
 static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx,
                                struct netr_SamInfo3 *info3)
 {
@@ -760,7 +798,63 @@ static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **ser
        status = NT_STATUS_OK;
 done:
        TALLOC_FREE(tmp_ctx);
-       return NT_STATUS_OK;
+       return status;
+}
+
+/****************************************************************************
+  Fake a auth_session_info just from a username (as a
+  session_info structure, with create_local_token() already called on
+  it.
+****************************************************************************/
+
+static NTSTATUS make_system_session_info_from_pw(TALLOC_CTX *mem_ctx,
+                                                struct passwd *pwd,
+                                                struct auth_serversupplied_info **server_info)
+{
+       const char *domain = global_myname();
+       struct netr_SamInfo3 info3;
+       TALLOC_CTX *tmp_ctx;
+       NTSTATUS status;
+
+       tmp_ctx = talloc_stackframe();
+       if (tmp_ctx == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       ZERO_STRUCT(info3);
+
+       status = get_system_info3(tmp_ctx, pwd, &info3);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("Failed creating system info3 with %s\n",
+                         nt_errstr(status)));
+               goto done;
+       }
+
+       status = make_server_info_info3(mem_ctx,
+                                       pwd->pw_name,
+                                       domain,
+                                       server_info,
+                                       &info3);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("make_server_info_info3 failed with %s\n",
+                         nt_errstr(status)));
+               goto done;
+       }
+
+       (*server_info)->nss_token = true;
+
+       /* Now turn the server_info into a session_info with the full token etc */
+       status = create_local_token(*server_info);
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("create_local_token failed: %s\n",
+                         nt_errstr(status)));
+               goto done;
+       }
+
+       status = NT_STATUS_OK;
+done:
+       TALLOC_FREE(tmp_ctx);
+       return status;
 }
 
 /***************************************************************************
@@ -779,10 +873,9 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX *mem_ctx,
                return NT_STATUS_NO_SUCH_USER;
        }
 
-       status = make_serverinfo_from_username(mem_ctx,
-                                            pwd->pw_name,
-                                            false,
-                                            session_info);
+       status = make_system_session_info_from_pw(mem_ctx,
+                                                 pwd,
+                                                 session_info);
        TALLOC_FREE(pwd);
        if (!NT_STATUS_IS_OK(status)) {
                return status;