s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()

This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

3 files changed, 27 insertions, 1 deletions

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index c472d86d1ed..fb486941697 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -123,6 +123,7 @@ struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
 NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
 					   const char *netbios_name,
 					   const char *domain_name,
+					   const char *dns_domain_name,
 					   struct ldb_dn *domain_dn,
 					   struct ldb_message *msg,
 					   DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index b223706f884..449819329d0 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -611,8 +611,10 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx
 		return nt_status;
 	}
 
-	nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx, lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
+	nt_status = authsam_make_user_info_dc(tmp_ctx, ctx->auth_ctx->sam_ctx,
+					     lpcfg_netbios_name(ctx->auth_ctx->lp_ctx),
 					     lpcfg_sam_name(ctx->auth_ctx->lp_ctx),
+					     lpcfg_sam_dnsname(ctx->auth_ctx->lp_ctx),
 					     domain_dn,
 					     msg,
 					     user_sess_key, lm_sess_key,
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 56b64e50093..759585ef49c 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -284,6 +284,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
 					   struct ldb_context *sam_ctx,
 					   const char *netbios_name,
 					   const char *domain_name,
+					   const char *dns_domain_name,
 					   struct ldb_dn *domain_dn, 
 					   struct ldb_message *msg,
 					   DATA_BLOB user_sess_key,
@@ -401,12 +402,33 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
 	info->account_name = talloc_steal(info,
 		ldb_msg_find_attr_as_string(msg, "sAMAccountName", NULL));
 
+	info->user_principal_name = talloc_steal(info,
+		ldb_msg_find_attr_as_string(msg, "userPrincipalName", NULL));
+	if (info->user_principal_name == NULL && dns_domain_name != NULL) {
+		info->user_principal_name = talloc_asprintf(info, "%s@%s",
+					info->account_name,
+					dns_domain_name);
+		if (info->user_principal_name == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+		info->user_principal_constructed = true;
+	}
+
 	info->domain_name = talloc_strdup(info, domain_name);
 	if (info->domain_name == NULL) {
 		TALLOC_FREE(user_info_dc);
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (dns_domain_name != NULL) {
+		info->dns_domain_name = talloc_strdup(info, dns_domain_name);
+		if (info->dns_domain_name == NULL) {
+			TALLOC_FREE(user_info_dc);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
 	str = ldb_msg_find_attr_as_string(msg, "displayName", "");
 	info->full_name = talloc_strdup(info, str);
 	if (info->full_name == NULL) {
@@ -630,6 +652,7 @@ NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
 	nt_status = authsam_make_user_info_dc(tmp_ctx, sam_ctx,
 					     lpcfg_netbios_name(lp_ctx),
 					     lpcfg_sam_name(lp_ctx),
+					     lpcfg_sam_dnsname(lp_ctx),
 					     domain_dn,
 					     msg,
 					     user_sess_key, lm_sess_key,