negotiate_kerberos_pac.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /*
10  * -----------------------------------------------------------------------------
11  *
12  * Author: Markus Moeller (markus_moeller at compuserve.com)
13  *
14  * Copyright (C) 2007 Markus Moeller. All rights reserved.
15  *
16  * This program is free software; you can redistribute it and/or modify
17  * it under the terms of the GNU General Public License as published by
18  * the Free Software Foundation; either version 2 of the License, or
19  * (at your option) any later version.
20  *
21  * This program is distributed in the hope that it will be useful,
22  * but WITHOUT ANY WARRANTY; without even the implied warranty of
23  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24  * GNU General Public License for more details.
25  *
26  * You should have received a copy of the GNU General Public License
27  * along with this program; if not, write to the Free Software
28  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
29  *
30  * As a special exemption, M Moeller gives permission to link this program
31  * with MIT, Heimdal or other GSS/Kerberos libraries, and distribute
32  * the resulting executable, without including the source code for
33  * the Libraries in the source distribution.
34  *
35  * -----------------------------------------------------------------------------
36  */
37 
38 #include "squid.h"
39 #include "rfc1738.h"
40 
41 #include "negotiate_kerberos.h"
42 
43 #if HAVE_GSSAPI && HAVE_PAC_SUPPORT
44 
45 #define LOGON_EXTRA_SIDS 0x0020
46 #define LOGON_RESOURCE_GROUPS 0x0200
47 
48 static int bpos;
49 static krb5_data *ad_data;
50 static unsigned char *p;
51 
52 extern int
53 check_k5_err(krb5_context context, const char *function, krb5_error_code code);
54 
55 void
56 align(int n)
57 {
58  if ( bpos % n != 0 ) {
59  int al;
60  al = (bpos/n);
61  bpos = bpos+(bpos-n*al);
62  }
63 }
64 
65 void
66 getustr(RPC_UNICODE_STRING *string)
67 {
68 
69  string->length = (uint16_t)((p[bpos]<<0) | (p[bpos+1]<<8));
70  string->maxlength = (uint16_t)((p[bpos+2]<<0) | (p[bpos+2+1]<<8));
71  string->pointer = (uint32_t)((p[bpos+4]<<0) | (p[bpos+4+1]<<8) | (p[bpos+4+2]<<16) | (p[bpos+4+3]<<24));
72  bpos = bpos+8;
73 
74 }
75 
76 uint64_t
77 get6byt_be(void)
78 {
79  uint64_t var;
80 
81  var = ((uint64_t)p[bpos+5]<<0) | ((uint64_t)p[bpos+4]<<8) | ((uint64_t)p[bpos+3]<<16) | ((uint64_t)p[bpos+2]<<24) | ((uint64_t)p[bpos+1]<<32) | ((uint64_t)p[bpos]<<40);
82  bpos = bpos+6;
83 
84  return var;
85 }
86 
87 uint32_t
88 get4byt(void)
89 {
90  uint32_t var;
91 
92  var=(uint32_t)((p[bpos]<<0) | (p[bpos+1]<<8) | (p[bpos+2]<<16) | (p[bpos+3]<<24));
93  bpos = bpos+4;
94 
95  return var;
96 }
97 
98 uint16_t
99 get2byt(void)
100 {
101  uint16_t var;
102 
103  var=(uint16_t)((p[bpos]<<0) | (p[bpos+1]<<8));
104  bpos = bpos+2;
105 
106  return var;
107 }
108 
109 uint8_t
110 get1byt(void)
111 {
112  uint8_t var;
113 
114  var=(uint8_t)((p[bpos]<<0));
115  bpos = bpos+1;
116 
117  return var;
118 }
119 
120 static char *
121 pstrcpy( char *src, const char *dst)
122 {
123  if (dst) {
124  if (strlen(dst)>MAX_PAC_GROUP_SIZE)
125  return nullptr;
126  else
127  return strcpy(src,dst);
128  } else
129  return src;
130 }
131 
132 static char *
133 pstrcat( char *src, const char *dst)
134 {
135  if (dst) {
136  if (strlen(src)+strlen(dst)+1>MAX_PAC_GROUP_SIZE)
137  return nullptr;
138  else
139  return strcat(src,dst);
140  } else
141  return src;
142 }
143 
144 int
145 checkustr(RPC_UNICODE_STRING *string)
146 {
147 
148  if (string->pointer != 0) {
149  uint32_t size,off,len;
150  align(4);
151  size = (uint32_t)((p[bpos]<<0) | (p[bpos+1]<<8) | (p[bpos+2]<<16) | (p[bpos+3]<<24));
152  bpos = bpos+4;
153  off = (uint32_t)((p[bpos]<<0) | (p[bpos+1]<<8) | (p[bpos+2]<<16) | (p[bpos+3]<<24));
154  bpos = bpos+4;
155  len = (uint32_t)((p[bpos]<<0) | (p[bpos+1]<<8) | (p[bpos+2]<<16) | (p[bpos+3]<<24));
156  bpos = bpos+4;
157  if (len > size || off != 0 ||
158  string->length > string->maxlength || len != string->length/2) {
159  debug((char *) "%s| %s: ERROR: RPC_UNICODE_STRING encoding error => size: %d len: %d/%d maxlength: %d offset: %d\n",
160  LogTime(), PROGRAM, size, len, string->length, string->maxlength, off);
161  return -1;
162  }
163  /* UNICODE string */
164  bpos = bpos+string->length;
165  }
166  return 0;
167 }
168 
169 char **
170 getgids(char **Rids, uint32_t GroupIds, uint32_t GroupCount)
171 {
172  if (GroupIds!= 0) {
173  uint32_t ngroup;
174  int l;
175 
176  align(4);
177  ngroup = get4byt();
178  if ( ngroup != GroupCount) {
179  debug((char *) "%s| %s: ERROR: Group encoding error => GroupCount: %d Array size: %d\n",
180  LogTime(), PROGRAM, GroupCount, ngroup);
181  return nullptr;
182  }
183  debug((char *) "%s| %s: INFO: Found %d rids\n", LogTime(), PROGRAM, GroupCount);
184 
185  Rids=(char **)xcalloc(GroupCount*sizeof(char*),1);
186  for ( l=0; l<(int)GroupCount; l++) {
187  uint32_t sauth;
188  Rids[l]=(char *)xcalloc(4*sizeof(char),1);
189  memcpy((void *)Rids[l],(void *)&p[bpos],4);
190  sauth = get4byt();
191  debug((char *) "%s| %s: Info: Got rid: %u\n", LogTime(), PROGRAM, sauth);
192  /* attribute */
193  bpos = bpos+4;
194  }
195  }
196  return Rids;
197 }
198 
199 char *
200 getdomaingids(char *ad_groups, uint32_t DomainLogonId, char **Rids, uint32_t GroupCount)
201 {
202  if (!ad_groups) {
203  debug((char *) "%s| %s: ERR: No space to store groups\n",
204  LogTime(), PROGRAM);
205  return nullptr;
206  }
207 
208  if (DomainLogonId!= 0) {
209  uint8_t rev;
210  uint64_t idauth;
211  char dli[256];
212  char *ag;
213  int l;
214 
215  align(4);
216 
217  uint32_t nauth = get4byt();
218 
219  // check if nauth math will produce invalid length values on 32-bit
220  static uint32_t maxGidCount = (UINT32_MAX-1-1-6)/4;
221  if (nauth > maxGidCount) {
222  debug((char *) "%s| %s: ERROR: Too many groups ! count > %d : %s\n",
223  LogTime(), PROGRAM, maxGidCount, ad_groups);
224  return nullptr;
225  }
226  size_t length = 1+1+6+nauth*4;
227 
228  /* prepend rids with DomainID */
229  for (l=0; l<(int)GroupCount; l++) {
230  ag=(char *)xcalloc((length+4)*sizeof(char),1);
231  memcpy((void *)ag,(const void*)&p[bpos],1);
232  memcpy((void *)&ag[1],(const void*)&p[bpos+1],1);
233  ag[1] = ag[1]+1;
234  memcpy((void *)&ag[2],(const void*)&p[bpos+2],6+nauth*4);
235  memcpy((void *)&ag[length],(const void*)Rids[l],4);
236  if (l==0) {
237  if (!pstrcpy(ad_groups,"group=")) {
238  debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
239  LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups);
240  }
241  } else {
242  if (!pstrcat(ad_groups," group=")) {
243  debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
244  LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups);
245  }
246  }
247  struct base64_encode_ctx ctx;
248  base64_encode_init(&ctx);
249  const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */;
250  char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1));
251  size_t blen = base64_encode_update(&ctx, b64buf, length+4, reinterpret_cast<uint8_t*>(ag));
252  blen += base64_encode_final(&ctx, b64buf+blen);
253  b64buf[expectedSz-1] = '\0';
254  if (!pstrcat(ad_groups, b64buf)) {
255  debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
256  LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups);
257  }
258  xfree(b64buf);
259  xfree(ag);
260  }
261 
262  /* mainly for debug only */
263  rev = get1byt();
264  bpos = bpos + 1; /*nsub*/
265  idauth = get6byt_be();
266 
267  snprintf(dli,sizeof(dli),"S-%d-%lu",rev,(long unsigned int)idauth);
268  for ( l=0; l<(int)nauth; l++ ) {
269  uint32_t sauth;
270  sauth = get4byt();
271  snprintf((char *)&dli[strlen(dli)],sizeof(dli)-strlen(dli),"-%u",sauth);
272  }
273  debug((char *) "%s| %s: INFO: Got DomainLogonId %s\n", LogTime(), PROGRAM, dli);
274  }
275  return ad_groups;
276 }
277 
278 char *
279 getextrasids(char *ad_groups, uint32_t ExtraSids, uint32_t SidCount)
280 {
281  if (ExtraSids!= 0) {
282  uint32_t ngroup;
283  uint32_t *pa;
284  char *ag;
285  int l;
286 
287  align(4);
288  ngroup = get4byt();
289  if ( ngroup != SidCount) {
290  debug((char *) "%s| %s: ERROR: Group encoding error => SidCount: %d Array size: %d\n",
291  LogTime(), PROGRAM, SidCount, ngroup);
292  return nullptr;
293  }
294  debug((char *) "%s| %s: INFO: Found %d ExtraSIDs\n", LogTime(), PROGRAM, SidCount);
295 
296  pa=(uint32_t *)xmalloc(SidCount*sizeof(uint32_t));
297  for ( l=0; l < (int)SidCount; l++ ) {
298  pa[l] = get4byt();
299  bpos = bpos+4; /* attr */
300  }
301 
302  for ( l=0; l<(int)SidCount; l++ ) {
303  char es[256];
304 
305  if (pa[l] != 0) {
306  uint8_t rev;
307  uint64_t idauth;
308 
309  uint32_t nauth = get4byt();
310 
311  // check if nauth math will produce invalid length values on 32-bit
312  static uint32_t maxGidCount = (UINT32_MAX-1-1-6)/4;
313  if (nauth > maxGidCount) {
314  debug((char *) "%s| %s: ERROR: Too many extra groups ! count > %d : %s\n",
315  LogTime(), PROGRAM, maxGidCount, ad_groups);
316  xfree(pa);
317  return nullptr;
318  }
319 
320  size_t length = 1+1+6+nauth*4;
321  ag = (char *)xcalloc((length)*sizeof(char),1);
322  memcpy((void *)ag,(const void*)&p[bpos],length);
323  if (!ad_groups) {
324  debug((char *) "%s| %s: ERR: No space to store groups\n",
325  LogTime(), PROGRAM);
326  xfree(pa);
327  xfree(ag);
328  return nullptr;
329  } else {
330  if (!pstrcat(ad_groups," group=")) {
331  debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
332  LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups);
333  }
334  }
335 
336  struct base64_encode_ctx ctx;
337  base64_encode_init(&ctx);
338  const uint32_t expectedSz = base64_encode_len(length) +1 /* terminator */;
339  char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1));
340  size_t blen = base64_encode_update(&ctx, b64buf, length, reinterpret_cast<uint8_t*>(ag));
341  blen += base64_encode_final(&ctx, b64buf+blen);
342  b64buf[expectedSz-1] = '\0';
343  if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) {
344  debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
345  LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups);
346  }
347  xfree(b64buf);
348  xfree(ag);
349 
350  rev = get1byt();
351  bpos = bpos + 1; /* nsub */
352  idauth = get6byt_be();
353 
354  snprintf(es,sizeof(es),"S-%d-%lu",rev,(long unsigned int)idauth);
355  for (int k=0; k<(int)nauth; k++ ) {
356  uint32_t sauth;
357  sauth = get4byt();
358  snprintf((char *)&es[strlen(es)],sizeof(es)-strlen(es),"-%u",sauth);
359  }
360  debug((char *) "%s| %s: INFO: Got ExtraSid %s\n", LogTime(), PROGRAM, es);
361  }
362  }
363  xfree(pa);
364  }
365  return ad_groups;
366 }
367 
368 static char *
369 get_resource_group_domain_sid(const uint32_t ResourceGroupDomainSid, size_t &length)
370 {
371  if (ResourceGroupDomainSid != 0) {
372  uint8_t rev;
373  uint64_t idauth;
374  char dli[256];
375 
376  align(4);
377 
378  // ResourceGroupDomainSid structure:
379  // 4 bytes nauth
380  // 1 byte revision = 1
381  // 1 byte nsub (it is equal to the number of dashes minus two)
382  // 6 bytes idauth (for NT Authority it is 5)
383  // 4 bytes sauth1
384  // ... nauth timss
385  // 4 bytes sauthN
386 
387  uint32_t nauth = get4byt();
388 
389  // check if nauth math will produce invalid length values on 32-bit
390  static uint32_t maxGidCount = (UINT32_MAX - 4 - 1 - 1 - 6)/4;
391  if (nauth > maxGidCount) {
392  debug((char *) "%s| %s: ERROR: Too many subAuths in the ResourceGroupDomainSID: nauth = %d > %d\n",
393  LogTime(), PROGRAM, nauth, maxGidCount);
394  return nullptr;
395  }
396 
397  // length = revision[1byte]+nsub[1byte]+idauth[6bytes]+nauth*sauth[4bytes]
398  length = 1 + 1 + 6 + nauth*4;
399 
400  auto sid = static_cast<char *>(xcalloc(length, 1));
401  // 1 byte revision
402  // 1 byte nsub
403  // 6 bytes+nauth*4bytes idauth+sauths
404  memcpy((void *)&sid[0], (const void*)&p[bpos], 1);
405  memcpy((void *)&sid[1], (const void*)&p[bpos+1], 1);
406  sid[1]++; // ++ as it will be used in a rid concatenation
407  memcpy((void *)&sid[2], (const void*)&p[bpos+2], 6 + nauth*4);
408 
409  /* mainly for debug only */
410  rev = get1byt();
411  bpos = bpos + 1; /* nsub */
412  idauth = get6byt_be();
413 
414  int rv = snprintf(dli, sizeof(dli), "S-%d-%lu", rev, (long unsigned int)idauth);
415  assert(rv > 0);
416  for (int l=0; l<(int)nauth; l++) {
417  uint32_t sauth;
418  sauth = get4byt();
419  rv = snprintf((char *)&dli[strlen(dli)], sizeof(dli) - strlen(dli), "-%u", sauth);
420  assert(rv > 0);
421  }
422  debug((char *) "%s| %s: INFO: Got ResourceGroupDomainSid %s\n", LogTime(), PROGRAM, dli);
423  return sid;
424  }
425 
426  length = 0;
427  return nullptr;
428 }
429 
430 static bool
431 get_resource_groups(char *ad_groups, uint32_t ResourceGroupDomainSid, uint32_t ResourceGroupIds, uint32_t ResourceGroupCount)
432 {
433  if (!ad_groups) {
434  debug((char *) "%s| %s: ERR: No space to store resource groups\n",
435  LogTime(), PROGRAM);
436  return false;
437  }
438 
439  size_t group_domain_sid_len = 0;
440  const auto resource_group_domain_sid = get_resource_group_domain_sid(ResourceGroupDomainSid, group_domain_sid_len);
441  if (!resource_group_domain_sid)
442  return false;
443 
444  if (ResourceGroupIds != 0) {
445  align(4);
446  uint32_t ngroup = get4byt();
447  if (ngroup != ResourceGroupCount) {
448  debug((char *) "%s| %s: ERROR: Group encoding error => ResourceGroupCount: %d != Array size: %d\n",
449  LogTime(), PROGRAM, ResourceGroupCount, ngroup);
450  xfree(resource_group_domain_sid);
451  return false;
452  }
453  debug((char *) "%s| %s: INFO: Found %d Resource Group rids\n", LogTime(), PROGRAM, ResourceGroupCount);
454 
455  // prepare a group template which begins with the resource_group_domain_sid
456  size_t length = group_domain_sid_len + 4; // +4 for a rid concatenation
457  auto *st = static_cast<char *>(xcalloc(length, 1));
458 
459  memcpy((void *)st, (const void*)resource_group_domain_sid, group_domain_sid_len); // template
460 
461  for (int l=0; l < (int)ResourceGroupCount; l++) {
462  uint32_t sauth;
463  memcpy((void *)&st[group_domain_sid_len], (const void*)&p[bpos], 4); // rid concatenation
464 
465  if (!pstrcat(ad_groups, " group=")) {
466  debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
467  LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups);
468  }
469 
470  struct base64_encode_ctx ctx;
471  base64_encode_init(&ctx);
472  const uint32_t expectedSz = base64_encode_len(length) + 1 /* terminator */;
473  char *b64buf = static_cast<char *>(xcalloc(expectedSz, 1));
474  size_t blen = base64_encode_update(&ctx, b64buf, length, reinterpret_cast<uint8_t*>(st));
475  blen += base64_encode_final(&ctx, b64buf + blen);
476  b64buf[expectedSz - 1] = '\0';
477  if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) {
478  debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
479  LogTime(), PROGRAM, MAX_PAC_GROUP_SIZE, ad_groups);
480  }
481  xfree(b64buf);
482 
483  sauth = get4byt();
484  debug((char *) "%s| %s: Info: Got rid: %u\n", LogTime(), PROGRAM, sauth);
485  /* attribute */
486  bpos = bpos + 4;
487  }
488 
489  xfree(st);
490  }
491 
492  xfree(resource_group_domain_sid);
493  return true;
494 }
495 
496 char *
497 get_ad_groups(char *ad_groups, krb5_context context, krb5_pac pac)
498 {
499  krb5_error_code ret;
500  RPC_UNICODE_STRING EffectiveName;
501  RPC_UNICODE_STRING FullName;
502  RPC_UNICODE_STRING LogonScript;
503  RPC_UNICODE_STRING ProfilePath;
504  RPC_UNICODE_STRING HomeDirectory;
505  RPC_UNICODE_STRING HomeDirectoryDrive;
506  RPC_UNICODE_STRING LogonServer;
507  RPC_UNICODE_STRING LogonDomainName;
508  uint32_t GroupCount=0;
509  uint32_t GroupIds=0;
510  uint32_t LogonDomainId=0;
511  uint32_t SidCount=0;
512  uint32_t UserFlags=0;
513  uint32_t ExtraSids=0;
514  uint32_t ResourceGroupDomainSid=0;
515  uint32_t ResourceGroupCount=0;
516  uint32_t ResourceGroupIds=0;
517  char **Rids=nullptr;
518  int l=0;
519 
520  if (!ad_groups) {
521  debug((char *) "%s| %s: ERR: No space to store groups\n",
522  LogTime(), PROGRAM);
523  return nullptr;
524  }
525 
526  ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data));
527 
528 #define KERB_LOGON_INFO 1
529  ret = krb5_pac_get_buffer(context, pac, KERB_LOGON_INFO, ad_data);
530  if (check_k5_err(context, "krb5_pac_get_buffer", ret))
531  goto k5clean;
532 
533  p = (unsigned char *)ad_data->data;
534 
535  debug((char *) "%s| %s: INFO: Got PAC data of length %d\n",
536  LogTime(), PROGRAM, (int)ad_data->length);
537 
538  /* Skip 16 bytes icommon RPC header
539  * Skip 4 bytes RPC unique pointer referent
540  * http://msdn.microsoft.com/en-gb/library/cc237933.aspx
541  */
542  /* Some data are pointers to data which follows the main KRB5 LOGON structure =>
543  * So need to read the data
544  * some logical consistency checks are done when analysineg the pointer data
545  */
546  bpos = 20;
547  /* 8 bytes LogonTime
548  * 8 bytes LogoffTime
549  * 8 bytes KickOffTime
550  * 8 bytes PasswordLastSet
551  * 8 bytes PasswordCanChange
552  * 8 bytes PasswordMustChange
553  */
554  bpos = bpos+48;
555  getustr(&EffectiveName);
556  getustr(&FullName);
557  getustr(&LogonScript);
558  getustr(&ProfilePath);
559  getustr(&HomeDirectory);
560  getustr(&HomeDirectoryDrive);
561  /* 2 bytes LogonCount
562  * 2 bytes BadPasswordCount
563  * 4 bytes UserID
564  * 4 bytes PrimaryGroupId
565  */
566  bpos = bpos+12;
567  GroupCount = get4byt();
568  GroupIds = get4byt();
569  UserFlags = get4byt();
571  bpos = bpos+16;
572  getustr(&LogonServer);
573  getustr(&LogonDomainName);
574  LogonDomainId = get4byt();
575  /* 8 bytes Reserved1
576  * 4 bytes UserAccountControl
577  * 4 bytes SubAuthStatus
578  * 8 bytes LastSuccessfullLogon
579  * 8 bytes LastFailedLogon
580  * 4 bytes FailedLogonCount
581  * 4 bytes Reserved2
582  */
583  bpos = bpos+40;
584  SidCount = get4byt();
585  ExtraSids = get4byt();
586 
587  ResourceGroupDomainSid = get4byt();
588  ResourceGroupCount = get4byt();
589  ResourceGroupIds = get4byt();
590 
591  /*
592  * Read all data from structure => Now check pointers
593  */
594  if (checkustr(&EffectiveName)<0)
595  goto k5clean;
596  if (checkustr(&FullName)<0)
597  goto k5clean;
598  if (checkustr(&LogonScript)<0)
599  goto k5clean;
600  if (checkustr(&ProfilePath)<0)
601  goto k5clean;
602  if (checkustr(&HomeDirectory)<0)
603  goto k5clean;
604  if (checkustr(&HomeDirectoryDrive)<0)
605  goto k5clean;
606  Rids = getgids(Rids,GroupIds,GroupCount);
607  if (checkustr(&LogonServer)<0)
608  goto k5clean;
609  if (checkustr(&LogonDomainName)<0)
610  goto k5clean;
611  ad_groups = getdomaingids(ad_groups,LogonDomainId,Rids,GroupCount);
612 
613  // https://learn.microsoft.com/en-us/previous-versions/aa302203(v=msdn.10)?redirectedfrom=MSDN#top-level-pac-structure
614  if ((UserFlags&LOGON_EXTRA_SIDS) != 0) {
615  // EXTRA_SIDS structures are present and valid
616  debug((char *) "%s| %s: Info: EXTRA_SIDS are present\n", LogTime(), PROGRAM);
617  if ((ad_groups = getextrasids(ad_groups,ExtraSids,SidCount)) == nullptr)
618  goto k5clean;
619  }
620 
621  if ((UserFlags&LOGON_RESOURCE_GROUPS) != 0 && ResourceGroupDomainSid && ResourceGroupIds && ResourceGroupCount) {
622  // RESOURCE_GROUPS structures are present and valid
623  debug((char *) "%s| %s: Info: RESOURCE_GROUPS are present\n", LogTime(), PROGRAM);
624  if (!get_resource_groups(ad_groups, ResourceGroupDomainSid, ResourceGroupIds, ResourceGroupCount))
625  goto k5clean;
626  }
627 
628  debug((char *) "%s| %s: INFO: Read %d of %d bytes \n", LogTime(), PROGRAM, bpos, (int)ad_data->length);
629 
630  if (Rids) {
631  for ( l=0; l<(int)GroupCount; l++) {
632  xfree(Rids[l]);
633  }
634  xfree(Rids);
635  }
636  krb5_free_data(context, ad_data);
637  return ad_groups;
638 
639 k5clean:
640  if (Rids) {
641  for ( l=0; l<(int)GroupCount; l++) {
642  xfree(Rids[l]);
643  }
644  xfree(Rids);
645  }
646  krb5_free_data(context, ad_data);
647  return nullptr;
648 }
649 #endif
650 
void * xcalloc(size_t n, size_t sz)
Definition: xalloc.cc:71
#define base64_encode_len(length)
Definition: base64.h:169
#define xmalloc
#define PROGRAM
Definition: support.h:169
void debug(const char *format,...)
Definition: debug.cc:19
size_t base64_encode_final(struct base64_encode_ctx *ctx, char *dst)
Definition: base64.c:308
int check_k5_err(krb5_context context, const char *msg, krb5_error_code code)
#define UINT32_MAX
Definition: types.h:66
int size
Definition: ModDevPoll.cc:69
#define assert(EX)
Definition: assert.h:17
void base64_encode_init(struct base64_encode_ctx *ctx)
Definition: base64.c:232
const char * LogTime(void)
#define xfree
int code
Definition: smb-errors.c:145
size_t base64_encode_update(struct base64_encode_ctx *ctx, char *dst, size_t length, const uint8_t *src)
Definition: base64.c:265
int unsigned int
Definition: stub_fd.cc:19

 

Introduction

Documentation

Support

Miscellaneous