/********************************************************* Fix a list of Users for uninitialised passwords **********************************************************/ static int fix_users_list(void) { struct pdb_search *u_search; struct samr_displayentry userentry; struct samu *sam_pwent; TALLOC_CTX *tosctx; struct dom_sid user_sid; NTSTATUS status; bool bret; int ret; tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return 1; } u_search = pdb_search_users(tosctx, 0); if (!u_search) { fprintf(stderr, "User Search failed!\n"); ret = 1; goto done; } while (u_search->next_entry(u_search, &userentry)) { sam_pwent = samu_new(tosctx); if (sam_pwent == NULL) { fprintf(stderr, "Out of memory!\n"); ret = 1; goto done; } sid_compose(&user_sid, get_global_sam_sid(), userentry.rid); bret = pdb_getsampwsid(sam_pwent, &user_sid); if (!bret) { DEBUG(2, ("getsampwsid failed\n")); TALLOC_FREE(sam_pwent); continue; } status = pdb_update_sam_account(sam_pwent); if (!NT_STATUS_IS_OK(status)) { printf("Update of user %s failed!\n", pdb_get_username(sam_pwent)); } TALLOC_FREE(sam_pwent); } ret = 0; done: TALLOC_FREE(tosctx); return ret; }
/** * update the encrypted smbpasswd file from the plaintext username and password * * this ugly hack needs to die, but not quite yet, I think people still use it... **/ static BOOL update_smbpassword_file(const char *user, const char *password) { struct samu *sampass; BOOL ret; if ( !(sampass = samu_new( NULL )) ) { return False; } become_root(); ret = pdb_getsampwnam(sampass, user); unbecome_root(); if(ret == False) { DEBUG(0,("pdb_getsampwnam returned NULL\n")); TALLOC_FREE(sampass); return False; } /* * Remove the account disabled flag - we are updating the * users password from a login. */ if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) { TALLOC_FREE(sampass); return False; } if (!pdb_set_plaintext_passwd (sampass, password)) { TALLOC_FREE(sampass); return False; } /* Now write it into the file. */ become_root(); ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass)); unbecome_root(); if (ret) { DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); } TALLOC_FREE(sampass); return ret; }
/********************************************************* Fix a list of Users for uninitialised passwords **********************************************************/ static int fix_users_list (struct pdb_methods *in) { struct samu *sam_pwent=NULL; BOOL check; check = NT_STATUS_IS_OK(in->setsampwent(in, False, 0)); if (!check) { return 1; } check = True; if ( (sam_pwent = samu_new( NULL )) == NULL ) { return 1; } while (check && NT_STATUS_IS_OK(in->getsampwent (in, sam_pwent))) { printf("Updating record for user %s\n", pdb_get_username(sam_pwent)); if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) { printf("Update of user %s failed!\n", pdb_get_username(sam_pwent)); } TALLOC_FREE(sam_pwent); if ( (sam_pwent = samu_new( NULL )) == NULL ) { check = False; } if (!check) { fprintf(stderr, "Failed to initialise new struct samu structure (out of memory?)\n"); } } if (check) TALLOC_FREE(sam_pwent); in->endsampwent(in); return 0; }
static int new_machine(const char *machinename, char *machine_sid) { char *err = NULL, *msg = NULL; struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; NTSTATUS status; struct dom_sid m_sid; char *compatpwd; char *name; int flags; int len; int ret; len = strlen(machinename); if (len == 0) { fprintf(stderr, "No machine name given\n"); return -1; } tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } if (machine_sid) { if (get_sid_from_cli_string(&m_sid, machine_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } } compatpwd = talloc_strdup(tosctx, machinename); if (!compatpwd) { fprintf(stderr, "Out of memory!\n"); return -1; } if (machinename[len-1] == '$') { name = talloc_strdup(tosctx, machinename); compatpwd[len-1] = '\0'; } else { name = talloc_asprintf(tosctx, "%s$", machinename); } if (!name) { fprintf(stderr, "Out of memory!\n"); return -1; } if (!strlower_m(name)) { fprintf(stderr, "strlower_m %s failed\n", name); return -1; } flags = LOCAL_ADD_USER | LOCAL_TRUST_ACCOUNT | LOCAL_SET_PASSWORD; status = local_password_change(name, flags, compatpwd, &err, &msg); if (!NT_STATUS_IS_OK(status)) { if (err) fprintf(stderr, "%s", err); ret = -1; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { fprintf(stderr, "Out of memory!\n"); ret = -1; goto done; } if (!pdb_getsampwnam(sam_pwent, name)) { fprintf(stderr, "Machine %s not found!\n", name); ret = -1; goto done; } if (machine_sid) pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED); status = pdb_update_sam_account(sam_pwent); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to modify entry for %s.!\n", name); ret = -1; goto done; } print_user_info(name, True, False); ret = 0; done: SAFE_FREE(err); SAFE_FREE(msg); TALLOC_FREE(sam_pwent); return ret; }
/********************************************************* Add New User **********************************************************/ static int new_user(const char *username, const char *fullname, const char *homedir, const char *drive, const char *script, const char *profile, char *user_sid, bool stdin_get) { char *pwd1 = NULL, *pwd2 = NULL; char *err = NULL, *msg = NULL; struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; NTSTATUS status; struct dom_sid u_sid; int flags; int ret; tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } if (user_sid) { if (get_sid_from_cli_string(&u_sid, user_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } } pwd1 = get_pass( "new password:"******"retype new password:"******"Failed to read passwords.\n"); return -1; } ret = strcmp(pwd1, pwd2); if (ret != 0) { fprintf (stderr, "Passwords do not match!\n"); goto done; } flags = LOCAL_ADD_USER | LOCAL_SET_PASSWORD; status = local_password_change(username, flags, pwd1, &err, &msg); if (!NT_STATUS_IS_OK(status)) { if (err) fprintf(stderr, "%s", err); ret = -1; goto done; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { fprintf(stderr, "Out of memory!\n"); ret = -1; goto done; } if (!pdb_getsampwnam(sam_pwent, username)) { fprintf(stderr, "User %s not found!\n", username); ret = -1; goto done; } if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (homedir) pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive(sam_pwent, drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path(sam_pwent, profile, PDB_CHANGED); if (user_sid) pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED); status = pdb_update_sam_account(sam_pwent); if (!NT_STATUS_IS_OK(status)) { fprintf(stderr, "Failed to modify entry for user %s.!\n", username); ret = -1; goto done; } print_user_info(username, True, False); ret = 0; done: if (pwd1) memset(pwd1, 0, strlen(pwd1)); if (pwd2) memset(pwd2, 0, strlen(pwd2)); SAFE_FREE(pwd1); SAFE_FREE(pwd2); SAFE_FREE(err); SAFE_FREE(msg); TALLOC_FREE(sam_pwent); return ret; }
static int set_machine_info(const char *machinename, const char *account_control, const char *machine_sid) { struct samu *sam_pwent = NULL; TALLOC_CTX *tosctx; uint32_t acb_flags; uint32_t not_settable; uint32_t new_flags; struct dom_sid m_sid; char *name; int len; bool ret; len = strlen(machinename); if (len == 0) { fprintf(stderr, "No machine name given\n"); return -1; } tosctx = talloc_tos(); if (!tosctx) { fprintf(stderr, "Out of memory!\n"); return -1; } sam_pwent = samu_new(tosctx); if (!sam_pwent) { return 1; } if (machinename[len-1] == '$') { name = talloc_strdup(sam_pwent, machinename); } else { name = talloc_asprintf(sam_pwent, "%s$", machinename); } if (!name) { fprintf(stderr, "Out of memory!\n"); TALLOC_FREE(sam_pwent); return -1; } if (!strlower_m(name)) { fprintf(stderr, "strlower_m %s failed\n", name); TALLOC_FREE(sam_pwent); return -1; } ret = pdb_getsampwnam(sam_pwent, name); if (!ret) { fprintf (stderr, "Username not found!\n"); TALLOC_FREE(sam_pwent); return -1; } if (account_control) { not_settable = ~(ACB_DISABLED); new_flags = pdb_decode_acct_ctrl(account_control); if (new_flags & not_settable) { fprintf(stderr, "Can only set [D] flags\n"); TALLOC_FREE(sam_pwent); return -1; } acb_flags = pdb_get_acct_ctrl(sam_pwent); pdb_set_acct_ctrl(sam_pwent, (acb_flags & not_settable) | new_flags, PDB_CHANGED); } if (machine_sid) { if (get_sid_from_cli_string(&m_sid, machine_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } pdb_set_user_sid(sam_pwent, &m_sid, PDB_CHANGED); } if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) { print_user_info(name, True, False); } else { fprintf (stderr, "Unable to modify entry!\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }
static int set_user_info(const char *username, const char *fullname, const char *homedir, const char *acct_desc, const char *drive, const char *script, const char *profile, const char *account_control, const char *user_sid, const char *user_domain, const bool badpw, const bool hours, const char *kickoff_time) { bool updated_autolock = False, updated_badpw = False; struct samu *sam_pwent; uint8_t hours_array[MAX_HOURS_LEN]; uint32_t hours_len; uint32_t acb_flags; uint32_t not_settable; uint32_t new_flags; struct dom_sid u_sid; bool ret; sam_pwent = samu_new(NULL); if (!sam_pwent) { return 1; } ret = pdb_getsampwnam(sam_pwent, username); if (!ret) { fprintf (stderr, "Username not found!\n"); TALLOC_FREE(sam_pwent); return -1; } if (hours) { hours_len = pdb_get_hours_len(sam_pwent); memset(hours_array, 0xff, hours_len); pdb_set_hours(sam_pwent, hours_array, hours_len, PDB_CHANGED); } if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) { DEBUG(2,("pdb_update_autolock_flag failed.\n")); } if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) { DEBUG(2,("pdb_update_bad_password_count failed.\n")); } if (fullname) pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED); if (acct_desc) pdb_set_acct_desc(sam_pwent, acct_desc, PDB_CHANGED); if (homedir) pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED); if (drive) pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED); if (script) pdb_set_logon_script(sam_pwent, script, PDB_CHANGED); if (profile) pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED); if (user_domain) pdb_set_domain(sam_pwent, user_domain, PDB_CHANGED); if (account_control) { not_settable = ~(ACB_DISABLED | ACB_HOMDIRREQ | ACB_PWNOTREQ | ACB_PWNOEXP | ACB_AUTOLOCK); new_flags = pdb_decode_acct_ctrl(account_control); if (new_flags & not_settable) { fprintf(stderr, "Can only set [NDHLX] flags\n"); TALLOC_FREE(sam_pwent); return -1; } acb_flags = pdb_get_acct_ctrl(sam_pwent); pdb_set_acct_ctrl(sam_pwent, (acb_flags & not_settable) | new_flags, PDB_CHANGED); } if (user_sid) { if (get_sid_from_cli_string(&u_sid, user_sid)) { fprintf(stderr, "Failed to parse SID\n"); return -1; } pdb_set_user_sid(sam_pwent, &u_sid, PDB_CHANGED); } if (badpw) { pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED); pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED); } if (kickoff_time) { char *endptr; time_t value = get_time_t_max(); if (strcmp(kickoff_time, "never") != 0) { uint32_t num = strtoul(kickoff_time, &endptr, 10); if ((endptr == kickoff_time) || (endptr[0] != '\0')) { fprintf(stderr, "Failed to parse kickoff time\n"); return -1; } value = convert_uint32_t_to_time_t(num); } pdb_set_kickoff_time(sam_pwent, value, PDB_CHANGED); } if (NT_STATUS_IS_OK(pdb_update_sam_account(sam_pwent))) { print_user_info(username, True, False); } else { fprintf (stderr, "Unable to modify entry!\n"); TALLOC_FREE(sam_pwent); return -1; } TALLOC_FREE(sam_pwent); return 0; }
static NTSTATUS check_sam_security(const struct auth_context *auth_context, void *my_private_data, TALLOC_CTX *mem_ctx, const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { struct samu *sampass=NULL; BOOL ret; NTSTATUS nt_status; NTSTATUS update_login_attempts_status; DATA_BLOB user_sess_key = data_blob(NULL, 0); DATA_BLOB lm_sess_key = data_blob(NULL, 0); BOOL updated_autolock = False, updated_badpw = False; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; } /* Can't use the talloc version here, because the returned struct gets kept on the server_info */ if ( !(sampass = samu_new( NULL )) ) { return NT_STATUS_NO_MEMORY; } /* get the account information */ become_root(); ret = pdb_getsampwnam(sampass, user_info->internal_username); unbecome_root(); if (ret == False) { DEBUG(3,("check_sam_security: Couldn't find user '%s' in " "passdb.\n", user_info->internal_username)); TALLOC_FREE(sampass); return NT_STATUS_NO_SUCH_USER; } /* see if autolock flag needs to be updated */ if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) pdb_update_autolock_flag(sampass, &updated_autolock); /* Quit if the account was locked out. */ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) { DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass))); return NT_STATUS_ACCOUNT_LOCKED_OUT; } nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, &user_sess_key, &lm_sess_key); /* Notify passdb backend of login success/failure. If not NT_STATUS_OK the backend doesn't like the login */ update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status)); if (!NT_STATUS_IS_OK(update_login_attempts_status)) nt_status = update_login_attempts_status; if (!NT_STATUS_IS_OK(nt_status)) { if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && pdb_get_acct_ctrl(sampass) &ACB_NORMAL) { pdb_increment_bad_password_count(sampass); updated_badpw = True; } else { pdb_update_bad_password_count(sampass, &updated_badpw); } if (updated_autolock || updated_badpw){ become_root(); if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass))) DEBUG(1, ("Failed to modify entry.\n")); unbecome_root(); } data_blob_free(&user_sess_key); data_blob_free(&lm_sess_key); TALLOC_FREE(sampass); return nt_status; } if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) && (pdb_get_bad_password_count(sampass) > 0)){ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); updated_badpw = True; } if (updated_autolock || updated_badpw){ become_root(); if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass))) DEBUG(1, ("Failed to modify entry.\n")); unbecome_root(); } nt_status = sam_account_ok(mem_ctx, sampass, user_info); if (!NT_STATUS_IS_OK(nt_status)) { TALLOC_FREE(sampass); data_blob_free(&user_sess_key); data_blob_free(&lm_sess_key); return nt_status; } become_root(); nt_status = make_server_info_sam(server_info, sampass); unbecome_root(); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); TALLOC_FREE(sampass); data_blob_free(&user_sess_key); data_blob_free(&lm_sess_key); return nt_status; } (*server_info)->user_session_key = data_blob_talloc(*server_info, user_sess_key.data, user_sess_key.length); data_blob_free(&user_sess_key); (*server_info)->lm_session_key = data_blob_talloc(*server_info, lm_sess_key.data, lm_sess_key.length); data_blob_free(&lm_sess_key); (*server_info)->was_mapped |= user_info->was_mapped; return nt_status; }
NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) { NTSTATUS status = NT_STATUS_ACCESS_DENIED; DOM_CRED srv_cred; pstring workstation; SAM_ACCOUNT *sampass=NULL; BOOL ret = False; unsigned char pwd[16]; int i; uint32 acct_ctrl; /* checks and updates credentials. creates reply credentials */ if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))) return NT_STATUS_INVALID_HANDLE; memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer, sizeof(workstation),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0); DEBUG(3,("Server Password Set by Wksta:[%s] on account [%s]\n", workstation, p->dc.mach_acct)); pdb_init_sam(&sampass); become_root(); ret=pdb_getsampwnam(sampass, p->dc.mach_acct); unbecome_root(); /* Ensure the account exists and is a machine account. */ acct_ctrl = pdb_get_acct_ctrl(sampass); if (!(ret && (acct_ctrl & ACB_WSTRUST || acct_ctrl & ACB_SVRTRUST || acct_ctrl & ACB_DOMTRUST))) { pdb_free_sam(&sampass); return NT_STATUS_NO_SUCH_USER; } if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { pdb_free_sam(&sampass); return NT_STATUS_ACCOUNT_DISABLED; } DEBUG(100,("Server password set : new given value was :\n")); for(i = 0; i < 16; i++) DEBUG(100,("%02X ", q_u->pwd[i])); DEBUG(100,("\n")); cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0); /* lies! nt and lm passwords are _not_ the same: don't care */ if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) { pdb_free_sam(&sampass); return NT_STATUS_NO_MEMORY; } if (!pdb_set_nt_passwd (sampass, pwd, PDB_CHANGED)) { pdb_free_sam(&sampass); return NT_STATUS_NO_MEMORY; } if (!pdb_set_pass_changed_now (sampass)) { pdb_free_sam(&sampass); /* Not quite sure what this one qualifies as, but this will do */ return NT_STATUS_UNSUCCESSFUL; } become_root(); ret = pdb_update_sam_account (sampass); unbecome_root(); if (ret) status = NT_STATUS_OK; /* set up the LSA Server Password Set response */ init_net_r_srv_pwset(r_u, &srv_cred, status); pdb_free_sam(&sampass); return r_u->status; }
NTSTATUS check_sam_security(const DATA_BLOB *challenge, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { struct samu *sampass=NULL; bool ret; NTSTATUS nt_status; NTSTATUS update_login_attempts_status; DATA_BLOB user_sess_key = data_blob_null; DATA_BLOB lm_sess_key = data_blob_null; bool updated_badpw = False; const char *username; const uint8_t *nt_pw; const uint8_t *lm_pw; uint32_t acct_ctrl; /* the returned struct gets kept on the server_info, by means of a steal further down */ sampass = samu_new(mem_ctx); if (sampass == NULL) { return NT_STATUS_NO_MEMORY; } /* get the account information */ become_root(); ret = pdb_getsampwnam(sampass, user_info->mapped.account_name); unbecome_root(); if (ret == False) { DEBUG(3,("check_sam_security: Couldn't find user '%s' in " "passdb.\n", user_info->mapped.account_name)); TALLOC_FREE(sampass); return NT_STATUS_NO_SUCH_USER; } acct_ctrl = pdb_get_acct_ctrl(sampass); username = pdb_get_username(sampass); nt_pw = pdb_get_nt_passwd(sampass); lm_pw = pdb_get_lanman_passwd(sampass); /* Quit if the account was locked out. */ if (acct_ctrl & ACB_AUTOLOCK) { DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username)); TALLOC_FREE(sampass); return NT_STATUS_ACCOUNT_LOCKED_OUT; } nt_status = sam_password_ok(mem_ctx, username, acct_ctrl, challenge, lm_pw, nt_pw, user_info, &user_sess_key, &lm_sess_key); /* Notify passdb backend of login success/failure. If not NT_STATUS_OK the backend doesn't like the login */ update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status)); if (!NT_STATUS_IS_OK(nt_status)) { bool increment_bad_pw_count = false; if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) && (acct_ctrl & ACB_NORMAL) && NT_STATUS_IS_OK(update_login_attempts_status)) { increment_bad_pw_count = need_to_increment_bad_pw_count( challenge, sampass, user_info); } if (increment_bad_pw_count) { pdb_increment_bad_password_count(sampass); updated_badpw = True; } else { pdb_update_bad_password_count(sampass, &updated_badpw); } if (updated_badpw){ NTSTATUS status; become_root(); status = pdb_update_sam_account(sampass); unbecome_root(); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to modify entry: %s\n", nt_errstr(status))); } } goto done; } /* * We must only reset the bad password count if the login was * successful, including checking account policies */ nt_status = sam_account_ok(mem_ctx, sampass, user_info); if (!NT_STATUS_IS_OK(nt_status)) { goto done; } if ((acct_ctrl & ACB_NORMAL) && (pdb_get_bad_password_count(sampass) > 0)){ NTSTATUS status; pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); become_root(); status = pdb_update_sam_account(sampass); unbecome_root(); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("Failed to modify entry: %s\n", nt_errstr(status))); } } become_root(); nt_status = make_server_info_sam(mem_ctx, sampass, server_info); unbecome_root(); TALLOC_FREE(sampass); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); goto done; } (*server_info)->session_key = data_blob_talloc(*server_info, user_sess_key.data, user_sess_key.length); data_blob_free(&user_sess_key); (*server_info)->lm_session_key = data_blob_talloc(*server_info, lm_sess_key.data, lm_sess_key.length); data_blob_free(&lm_sess_key); (*server_info)->nss_token |= user_info->was_mapped; done: TALLOC_FREE(sampass); data_blob_free(&user_sess_key); data_blob_free(&lm_sess_key); return nt_status; }