summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-05-14 01:30:40 +0000
committerJeremy Allison <jra@samba.org>1998-05-14 01:30:40 +0000
commita4276507e43487f47445eab11d4ac1b080b3270e (patch)
tree24c44403b3a64828533904d689a16f239ba6e955
parent329fe213439a4ef253e0b16221f98d2ade032e06 (diff)
downloadsamba-a4276507e43487f47445eab11d4ac1b080b3270e.tar.gz
samba-a4276507e43487f47445eab11d4ac1b080b3270e.tar.bz2
samba-a4276507e43487f47445eab11d4ac1b080b3270e.zip
chgpasswd.c: Added comments to #ifdefs
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
-rw-r--r--source3/include/proto.h20
-rw-r--r--source3/include/rpc_misc.h4
-rw-r--r--source3/lib/util.c72
-rw-r--r--source3/lib/util_hnd.c29
-rw-r--r--source3/lsarpcd/srv_lsa.c75
-rw-r--r--source3/rpc_client/cli_samr.c2
-rw-r--r--source3/rpc_parse/parse_lsa.c4
-rw-r--r--source3/rpc_parse/parse_misc.c61
-rw-r--r--source3/rpc_parse/parse_net.c6
-rw-r--r--source3/rpc_parse/parse_samr.c6
-rw-r--r--source3/rpc_server/srv_lsa.c75
-rw-r--r--source3/rpc_server/srv_lsa_hnd.c29
-rw-r--r--source3/rpc_server/srv_netlog.c402
-rw-r--r--source3/rpc_server/srv_samr.c7
-rw-r--r--source3/rpc_server/srv_util.c117
-rw-r--r--source3/smbd/chgpasswd.c4
-rw-r--r--source3/smbd/ipc.c5
17 files changed, 491 insertions, 427 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e574861b65..7f7322122e 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -297,8 +297,8 @@ void make_q_query(LSA_Q_QUERY_INFO *q_q, POLICY_HND *hnd, uint16 info_class);
void lsa_io_q_query(char *desc, LSA_Q_QUERY_INFO *q_q, prs_struct *ps, int depth);
void lsa_io_q_enum_trust_dom(char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct *ps, int depth);
void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
- uint32 enum_context, char *domain_name, char *domain_sid,
- uint32 status);
+ uint32 enum_context, char *domain_name, DOM_SID *domain_sid,
+ uint32 status);
void lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, prs_struct *ps, int depth);
void make_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd);
void lsa_io_q_close(char *desc, LSA_Q_CLOSE *q_c, prs_struct *ps, int depth);
@@ -320,9 +320,8 @@ void smb_io_lookup_level(char *desc, LOOKUP_LEVEL *level, prs_struct *ps, int de
uint32 get_enum_hnd(ENUM_HND *enh);
void make_enum_hnd(ENUM_HND *enh, uint32 hnd);
void smb_io_enum_hnd(char *desc, ENUM_HND *hnd, prs_struct *ps, int depth);
-void make_dom_sid(DOM_SID *sid, char *str_sid);
void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth);
-void make_dom_sid2(DOM_SID2 *sid, char *str_sid);
+void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid);
void smb_io_dom_sid2(char *desc, DOM_SID2 *sid, prs_struct *ps, int depth);
void make_str_hdr(STRHDR *hdr, int max_len, int len, uint32 buffer);
void smb_io_strhdr(char *desc, STRHDR *hdr, prs_struct *ps, int depth);
@@ -459,7 +458,7 @@ void make_net_user_info3(NET_USER_INFO_3 *usr,
char *logon_srv,
char *logon_dom,
- char *dom_sid,
+ DOM_SID *dom_sid,
char *other_sids);
void net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, int depth);
void net_io_q_sam_logon(char *desc, NET_Q_SAM_LOGON *q_l, prs_struct *ps, int depth);
@@ -562,7 +561,7 @@ void make_samr_q_close_hnd(SAMR_Q_CLOSE_HND *q_c, POLICY_HND *hnd);
void samr_io_q_close_hnd(char *desc, SAMR_Q_CLOSE_HND *q_u, prs_struct *ps, int depth);
void samr_io_r_close_hnd(char *desc, SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int depth);
void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
- POLICY_HND *connect_pol, uint32 rid, char *sid);
+ POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid);
void samr_io_q_open_domain(char *desc, SAMR_Q_OPEN_DOMAIN *q_u, prs_struct *ps, int depth);
void samr_io_r_open_domain(char *desc, SAMR_R_OPEN_DOMAIN *r_u, prs_struct *ps, int depth);
void make_samr_q_unknown_8(SAMR_Q_UNKNOWN_8 *q_u,
@@ -571,7 +570,7 @@ void samr_io_q_unknown_8(char *desc, SAMR_Q_UNKNOWN_8 *q_u, prs_struct *ps, int
void make_samr_q_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
POLICY_HND *user_pol, uint16 switch_value);
void samr_io_q_unknown_3(char *desc, SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int depth);
-void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sid);
+void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sidstr);
void sam_io_dom_sid3(char *desc, DOM_SID3 *sid3, prs_struct *ps, int depth);
void make_sam_sid_stuff(SAM_SID_STUFF *stf,
uint16 unknown_2, uint16 unknown_3,
@@ -909,7 +908,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
/*The following definitions come from lib/rpc/server/srv_util.c */
-int make_dom_gids(char *gids_str, DOM_GID *gids);
+int make_dom_gids(char *gids_str, DOM_GID **ppgids);
BOOL create_rpc_reply(pipes_struct *p,
uint32 data_start, uint32 data_end);
BOOL api_rpcTNP(pipes_struct *p, char *rpc_name, struct api_struct *api_rpc_cmds,
@@ -2043,8 +2042,6 @@ int struni2(uint16 *p, char *buf);
char *unistr(char *buf);
int unistrncpy(char *dst, char *src, int len);
int unistrcpy(char *dst, char *src);
-void fstrcpy(char *dest, char *src);
-void fstrcat(char *dest, char *src);
char *safe_strcpy(char *dest, char *src, int maxlength);
char *safe_strcat(char *dest, char *src, int maxlength);
char *align4(char *q, char *base);
@@ -2053,7 +2050,8 @@ char *align_offset(char *q, char *base, int align_offset_len);
void print_asc(int level, unsigned char *buf,int len);
void dump_data(int level,char *buf1,int len);
char *tab_depth(int depth);
-char *dom_sid_to_string(DOM_SID *sid);
+char *sid_to_string(pstring sidstr_out, DOM_SID *sid);
+BOOL string_to_sid(DOM_SID *sidout, char *sidstr);
/*The following definitions come from web/cgi.c */
diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h
index c6e0d8d5ee..7406916cce 100644
--- a/source3/include/rpc_misc.h
+++ b/source3/include/rpc_misc.h
@@ -85,6 +85,10 @@ typedef struct sid_info
uint8 sid_rev_num; /* SID revision number */
uint8 num_auths; /* number of sub-authorities */
uint8 id_auth[6]; /* Identifier Authority */
+ /*
+ * Note that the values in these uint32's are in *native* byteorder,
+ * not neccessarily little-endian...... JRA.
+ */
uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
} DOM_SID;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 1e4a6fc27f..503ee2bf81 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -4943,29 +4943,85 @@ char *tab_depth(int depth)
}
/*****************************************************************
- Convert a domain SID to an ascii string. (non-reentrant).
+ Convert a SID to an ascii string.
*****************************************************************/
-/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
-char *dom_sid_to_string(DOM_SID *sid)
+char *sid_to_string(pstring sidstr_out, DOM_SID *sid)
{
- static pstring sidstr;
char subauth[16];
int i;
+ /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
uint32 ia = (sid->id_auth[5]) +
(sid->id_auth[4] << 8 ) +
(sid->id_auth[3] << 16) +
(sid->id_auth[2] << 24);
- slprintf(sidstr, sizeof(sidstr) - 1, "S-%d-%d", sid->sid_rev_num, ia);
+ slprintf(sidstr_out, sizeof(pstring) - 1, "S-%d-%d", sid->sid_rev_num, ia);
for (i = 0; i < sid->num_auths; i++)
{
slprintf(subauth, sizeof(subauth)-1, "-%d", sid->sub_auths[i]);
- pstrcat(sidstr, subauth);
+ pstrcat(sidstr_out, subauth);
}
- DEBUG(7,("dom_sid_to_string returning %s\n", sidstr));
- return sidstr;
+ DEBUG(7,("sid_to_string returning %s\n", sidstr_out));
+ return sidstr_out;
}
+/*****************************************************************
+ Convert a string to a SID. Returns True on success, False on fail.
+*****************************************************************/
+
+BOOL string_to_sid(DOM_SID *sidout, char *sidstr)
+{
+ pstring tok;
+ char *p = sidstr;
+ /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
+ uint32 ia;
+
+ memset((char *)sidout, '\0', sizeof(DOM_SID));
+
+ if(StrnCaseCmp( sidstr, "S-", 2)) {
+ DEBUG(0,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
+ return False;
+ }
+
+ p += 2;
+ if(!next_token(&p, tok, "-")) {
+ DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+ return False;
+ }
+
+ /* Get the revision number. */
+ sidout->sid_rev_num = atoi(tok);
+
+ if(!next_token(&p, tok, "-")) {
+ DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
+ return False;
+ }
+
+ /* identauth in decimal should be < 2^32 */
+ ia = atoi(tok);
+
+ /* NOTE - the ia value is in big-endian format. */
+ sidout->id_auth[0] = 0;
+ sidout->id_auth[1] = 0;
+ sidout->id_auth[2] = (ia & 0xff000000) >> 24;
+ sidout->id_auth[3] = (ia & 0x00ff0000) >> 16;
+ sidout->id_auth[4] = (ia & 0x0000ff00) >> 8;
+ sidout->id_auth[5] = (ia & 0x000000ff);
+
+ sidout->num_auths = 0;
+
+ while(next_token(&p, tok, "-") && sidout->num_auths < MAXSUBAUTHS) {
+ /*
+ * NOTE - the subauths are in native machine-endian format. They
+ * are converted to little-endian when linearized onto the wire.
+ */
+ sidout->sub_auths[sidout->num_auths++] = atoi(tok);
+ }
+
+ DEBUG(7,("string_to_sid: converted SID %s ok\n", sidstr));
+
+ return True;
+}
diff --git a/source3/lib/util_hnd.c b/source3/lib/util_hnd.c
index 1d1341d16e..91844ee8a2 100644
--- a/source3/lib/util_hnd.c
+++ b/source3/lib/util_hnd.c
@@ -206,22 +206,23 @@ BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status)
****************************************************************************/
BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
{
- int pnum = find_lsa_policy_by_hnd(hnd);
+ pstring sidstr;
+ int pnum = find_lsa_policy_by_hnd(hnd);
- if (OPEN_POL(pnum))
- {
- DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
- timestring(), dom_sid_to_string(sid), pnum));
+ if (OPEN_POL(pnum))
+ {
+ DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
+ timestring(), sid_to_string(sidstr, sid), pnum));
- memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
- return True;
- }
- else
- {
- DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
- timestring(), dom_sid_to_string(sid), pnum));
- return False;
- }
+ memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
+ return True;
+ }
+ else
+ {
+ DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
+ timestring(), sid_to_string(sidstr, sid), pnum));
+ return False;
+ }
}
/****************************************************************************
diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c
index 60b74cf599..df4b95db9e 100644
--- a/source3/lsarpcd/srv_lsa.c
+++ b/source3/lsarpcd/srv_lsa.c
@@ -6,7 +6,8 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
- *
+ * Copyright (C) Jeremy Allison 1998.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@@ -52,7 +53,7 @@ static void lsa_reply_open_policy(prs_struct *rdata)
/***************************************************************************
make_dom_query
***************************************************************************/
-static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid)
+static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
{
int domlen = strlen(dom_name);
@@ -73,7 +74,7 @@ lsa_reply_query_info
***************************************************************************/
static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
prs_struct *rdata,
- uint32 enum_context, char *dom_name, char *dom_sid)
+ uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
{
LSA_R_ENUM_TRUST_DOM r_e;
@@ -89,7 +90,7 @@ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
lsa_reply_query_info
***************************************************************************/
static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
- char *dom_name, char *dom_sid)
+ char *dom_name, DOM_SID *dom_sid)
{
LSA_R_QUERY_INFO r_q;
@@ -112,14 +113,10 @@ make_dom_ref
pretty much hard-coded choice of "other" sids, unfortunately...
***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref,
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
int len_dom_name = strlen(dom_name);
- int len_other_sid1 = strlen(other_sid1);
- int len_other_sid2 = strlen(other_sid2);
- int len_other_sid3 = strlen(other_sid3);
ref->undoc_buffer = 1;
ref->num_ref_doms_1 = 4;
@@ -128,9 +125,9 @@ static void make_dom_ref(DOM_R_REF *ref,
ref->num_ref_doms_2 = 4;
make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[0]), len_other_sid1, len_other_sid1, 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[1]), len_other_sid2, len_other_sid2, 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[2]), len_other_sid3, len_other_sid3, 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
if (dom_name != NULL)
{
@@ -148,8 +145,8 @@ make_reply_lookup_rids
***************************************************************************/
static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
int i;
@@ -232,8 +229,8 @@ lsa_reply_lookup_sids
***************************************************************************/
static void lsa_reply_lookup_sids(prs_struct *rdata,
int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
@@ -254,8 +251,8 @@ lsa_reply_lookup_rids
***************************************************************************/
static void lsa_reply_lookup_rids(prs_struct *rdata,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
LSA_R_LOOKUP_RIDS r_l;
@@ -309,16 +306,16 @@ static void api_lsa_query_info( int uid, prs_struct *data,
{
LSA_Q_QUERY_INFO q_i;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
/* grab the info class and policy handle */
lsa_io_q_query("", &q_i, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+ string_to_sid(&dom_sid, lp_domain_sid());
/* construct reply. return status is always 0x0 */
- lsa_reply_query_info(&q_i, rdata, dom_name, dom_sid);
+ lsa_reply_query_info(&q_i, rdata, dom_name, &dom_sid);
}
/***************************************************************************
@@ -329,19 +326,26 @@ static void api_lsa_lookup_sids( int uid, prs_struct *data,
{
LSA_Q_LOOKUP_SIDS q_l;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
+ DOM_SID sid_S_1_1;
+ DOM_SID sid_S_1_3;
+ DOM_SID sid_S_1_5;
/* grab the info class and policy handle */
lsa_io_q_lookup_sids("", &q_l, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+
+ string_to_sid(&dom_sid , lp_domain_sid());
+ string_to_sid(&sid_S_1_1, "S-1-1");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_sids(rdata,
- q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
- dom_name, dom_sid, /* domain name, domain SID */
- "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+ q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
+ dom_name, &dom_sid, /* domain name, domain SID */
+ &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
}
/***************************************************************************
@@ -353,7 +357,10 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
int i;
LSA_Q_LOOKUP_RIDS q_l;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
+ DOM_SID sid_S_1_1;
+ DOM_SID sid_S_1_3;
+ DOM_SID sid_S_1_5;
uint32 dom_rids[MAX_LOOKUP_SIDS];
uint32 dummy_g_rid;
@@ -361,7 +368,11 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
lsa_io_q_lookup_rids("", &q_l, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+
+ string_to_sid(&dom_sid , lp_domain_sid());
+ string_to_sid(&sid_S_1_1, "S-1-1");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
/* convert received RIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
@@ -376,9 +387,9 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_rids(rdata,
- q_l.num_entries, dom_rids, /* text-converted SIDs */
- dom_name, dom_sid, /* domain name, domain SID */
- "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+ q_l.num_entries, dom_rids, /* text-converted SIDs */
+ dom_name, &dom_sid, /* domain name, domain SID */
+ &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
}
/***************************************************************************
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 7a04d8ec35..7089cd09fa 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -362,7 +362,7 @@ BOOL do_samr_open_user(struct cli_state *cli, int t_idx, uint16 fnum,
do a SAMR Open Domain
****************************************************************************/
BOOL do_samr_open_domain(struct cli_state *cli, int t_idx, uint16 fnum,
- POLICY_HND *connect_pol, uint32 rid, char *sid,
+ POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
POLICY_HND *domain_pol)
{
prs_struct data;
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 202c3b6da3..6bd916ed32 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -247,8 +247,8 @@ void lsa_io_q_enum_trust_dom(char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, prs_struct
makes an LSA_R_ENUM_TRUST_DOM structure.
********************************************************************/
void make_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
- uint32 enum_context, char *domain_name, char *domain_sid,
- uint32 status)
+ uint32 enum_context, char *domain_name, DOM_SID *domain_sid,
+ uint32 status)
{
if (r_e == NULL) return;
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index b46bcd9f89..35ca6c9553 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -116,61 +116,6 @@ void smb_io_enum_hnd(char *desc, ENUM_HND *hnd, prs_struct *ps, int depth)
}
/*******************************************************************
-creates a DOM_SID structure.
-
-BIG NOTE: this function only does SIDS where the identauth is not >= 2^32
-identauth >= 2^32 can be detected because it will be specified in hex
-
-********************************************************************/
-void make_dom_sid(DOM_SID *sid, char *str_sid)
-{
- pstring domsid;
- int identauth;
- char *p;
-
- if (sid == NULL) return;
-
- if (domsid == NULL)
- {
- DEBUG(4,("netlogon domain SID: none\n"));
- sid->sid_rev_num = 0;
- sid->num_auths = 0;
- return;
- }
-
- pstrcpy(domsid, str_sid);
-
- DEBUG(4,("make_dom_sid %d SID: %s\n", __LINE__, domsid));
-
- /* assume, but should check, that domsid starts "S-" */
- p = strtok(domsid+2,"-");
- sid->sid_rev_num = atoi(p);
-
- /* identauth in decimal should be < 2^32 */
- /* identauth in hex should be >= 2^32 */
- identauth = atoi(strtok(0,"-"));
-
- DEBUG(4,("netlogon rev %d\n", sid->sid_rev_num));
- DEBUG(4,("netlogon %s ia %d\n", p, identauth));
-
- sid->id_auth[0] = 0;
- sid->id_auth[1] = 0;
- sid->id_auth[2] = (identauth & 0xff000000) >> 24;
- sid->id_auth[3] = (identauth & 0x00ff0000) >> 16;
- sid->id_auth[4] = (identauth & 0x0000ff00) >> 8;
- sid->id_auth[5] = (identauth & 0x000000ff);
-
- sid->num_auths = 0;
-
- while ((p = strtok(0, "-")) != NULL && sid->num_auths < MAXSUBAUTHS)
- {
- sid->sub_auths[sid->num_auths++] = atoi(p);
- }
-
- DEBUG(4,("make_dom_sid: %d SID: %s\n", __LINE__, domsid));
-}
-
-/*******************************************************************
reads or writes a DOM_SID structure.
********************************************************************/
void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth)
@@ -203,10 +148,10 @@ void smb_io_dom_sid(char *desc, DOM_SID *sid, prs_struct *ps, int depth)
/*******************************************************************
creates a DOM_SID2 structure.
********************************************************************/
-void make_dom_sid2(DOM_SID2 *sid, char *str_sid)
+void make_dom_sid2(DOM_SID2 *sid2, DOM_SID *sid)
{
- make_dom_sid(&(sid->sid), str_sid);
- sid->num_auths = sid->sid.num_auths;
+ sid2->sid = *sid;
+ sid2->num_auths = sid2->sid.num_auths;
}
/*******************************************************************
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
index c74ace8d63..fd9f7255de 100644
--- a/source3/rpc_parse/parse_net.c
+++ b/source3/rpc_parse/parse_net.c
@@ -560,7 +560,9 @@ static int make_dom_sid2s(char *sids_str, DOM_SID2 *sids, int max_sids)
for (count = 0, ptr = sids_str; next_token(&ptr, s2, NULL) && count < max_sids; count++)
{
- make_dom_sid2(&sids[count], s2);
+ DOM_SID tmpsid;
+ string_to_sid(&tmpsid, s2);
+ make_dom_sid2(&sids[count], &tmpsid);
}
return count;
@@ -908,7 +910,7 @@ void make_net_user_info3(NET_USER_INFO_3 *usr,
char *logon_srv,
char *logon_dom,
- char *dom_sid,
+ DOM_SID *dom_sid,
char *other_sids)
{
/* only cope with one "other" sid, right now. */
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 44248bfc64..09c47ab25a 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -78,7 +78,7 @@ void samr_io_r_close_hnd(char *desc, SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int
reads or writes a structure.
********************************************************************/
void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
- POLICY_HND *connect_pol, uint32 rid, char *sid)
+ POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid)
{
if (q_u == NULL) return;
@@ -204,11 +204,11 @@ void samr_io_q_unknown_3(char *desc, SAMR_Q_UNKNOWN_3 *q_u, prs_struct *ps, int
calculate length by adding up the size of the components.
********************************************************************/
-void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sid)
+void make_dom_sid3(DOM_SID3 *sid3, uint16 unk_0, uint16 unk_1, char *sidstr)
{
if (sid3 == NULL) return;
- make_dom_sid(&(sid3->sid), sid);
+ string_to_sid(&(sid3->sid), sidstr);
sid3->len = 2 + 8 + sid3->sid.num_auths * 4;
}
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 60b74cf599..df4b95db9e 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -6,7 +6,8 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
- *
+ * Copyright (C) Jeremy Allison 1998.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@@ -52,7 +53,7 @@ static void lsa_reply_open_policy(prs_struct *rdata)
/***************************************************************************
make_dom_query
***************************************************************************/
-static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid)
+static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
{
int domlen = strlen(dom_name);
@@ -73,7 +74,7 @@ lsa_reply_query_info
***************************************************************************/
static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
prs_struct *rdata,
- uint32 enum_context, char *dom_name, char *dom_sid)
+ uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
{
LSA_R_ENUM_TRUST_DOM r_e;
@@ -89,7 +90,7 @@ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
lsa_reply_query_info
***************************************************************************/
static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
- char *dom_name, char *dom_sid)
+ char *dom_name, DOM_SID *dom_sid)
{
LSA_R_QUERY_INFO r_q;
@@ -112,14 +113,10 @@ make_dom_ref
pretty much hard-coded choice of "other" sids, unfortunately...
***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref,
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
int len_dom_name = strlen(dom_name);
- int len_other_sid1 = strlen(other_sid1);
- int len_other_sid2 = strlen(other_sid2);
- int len_other_sid3 = strlen(other_sid3);
ref->undoc_buffer = 1;
ref->num_ref_doms_1 = 4;
@@ -128,9 +125,9 @@ static void make_dom_ref(DOM_R_REF *ref,
ref->num_ref_doms_2 = 4;
make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[0]), len_other_sid1, len_other_sid1, 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[1]), len_other_sid2, len_other_sid2, 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[2]), len_other_sid3, len_other_sid3, 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
if (dom_name != NULL)
{
@@ -148,8 +145,8 @@ make_reply_lookup_rids
***************************************************************************/
static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
int i;
@@ -232,8 +229,8 @@ lsa_reply_lookup_sids
***************************************************************************/
static void lsa_reply_lookup_sids(prs_struct *rdata,
int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
@@ -254,8 +251,8 @@ lsa_reply_lookup_rids
***************************************************************************/
static void lsa_reply_lookup_rids(prs_struct *rdata,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
LSA_R_LOOKUP_RIDS r_l;
@@ -309,16 +306,16 @@ static void api_lsa_query_info( int uid, prs_struct *data,
{
LSA_Q_QUERY_INFO q_i;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
/* grab the info class and policy handle */
lsa_io_q_query("", &q_i, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+ string_to_sid(&dom_sid, lp_domain_sid());
/* construct reply. return status is always 0x0 */
- lsa_reply_query_info(&q_i, rdata, dom_name, dom_sid);
+ lsa_reply_query_info(&q_i, rdata, dom_name, &dom_sid);
}
/***************************************************************************
@@ -329,19 +326,26 @@ static void api_lsa_lookup_sids( int uid, prs_struct *data,
{
LSA_Q_LOOKUP_SIDS q_l;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
+ DOM_SID sid_S_1_1;
+ DOM_SID sid_S_1_3;
+ DOM_SID sid_S_1_5;
/* grab the info class and policy handle */
lsa_io_q_lookup_sids("", &q_l, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+
+ string_to_sid(&dom_sid , lp_domain_sid());
+ string_to_sid(&sid_S_1_1, "S-1-1");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_sids(rdata,
- q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
- dom_name, dom_sid, /* domain name, domain SID */
- "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+ q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
+ dom_name, &dom_sid, /* domain name, domain SID */
+ &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
}
/***************************************************************************
@@ -353,7 +357,10 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
int i;
LSA_Q_LOOKUP_RIDS q_l;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
+ DOM_SID sid_S_1_1;
+ DOM_SID sid_S_1_3;
+ DOM_SID sid_S_1_5;
uint32 dom_rids[MAX_LOOKUP_SIDS];
uint32 dummy_g_rid;
@@ -361,7 +368,11 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
lsa_io_q_lookup_rids("", &q_l, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+
+ string_to_sid(&dom_sid , lp_domain_sid());
+ string_to_sid(&sid_S_1_1, "S-1-1");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
/* convert received RIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
@@ -376,9 +387,9 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_rids(rdata,
- q_l.num_entries, dom_rids, /* text-converted SIDs */
- dom_name, dom_sid, /* domain name, domain SID */
- "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+ q_l.num_entries, dom_rids, /* text-converted SIDs */
+ dom_name, &dom_sid, /* domain name, domain SID */
+ &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
}
/***************************************************************************
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
index 1d1341d16e..91844ee8a2 100644
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -206,22 +206,23 @@ BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status)
****************************************************************************/
BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
{
- int pnum = find_lsa_policy_by_hnd(hnd);
+ pstring sidstr;
+ int pnum = find_lsa_policy_by_hnd(hnd);
- if (OPEN_POL(pnum))
- {
- DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
- timestring(), dom_sid_to_string(sid), pnum));
+ if (OPEN_POL(pnum))
+ {
+ DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
+ timestring(), sid_to_string(sidstr, sid), pnum));
- memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
- return True;
- }
- else
- {
- DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
- timestring(), dom_sid_to_string(sid), pnum));
- return False;
- }
+ memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
+ return True;
+ }
+ else
+ {
+ DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
+ timestring(), sid_to_string(sidstr, sid), pnum));
+ return False;
+ }
}
/****************************************************************************
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 958f0bf14d..edc2d859df 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -6,7 +6,8 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
- *
+ * Copyright (C) Jeremy Allison 1998.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@@ -563,200 +564,213 @@ static void api_net_sam_logon( int uid,
prs_struct *data,
prs_struct *rdata)
{
- NET_Q_SAM_LOGON q_l;
- NET_ID_INFO_CTR ctr;
- NET_USER_INFO_3 usr_info;
- uint32 status = 0x0;
- DOM_CRED srv_cred;
- struct smb_passwd *smb_pass = NULL;
- UNISTR2 *uni_samlogon_user = NULL;
-
- user_struct *vuser = NULL;
-
- if ((vuser = get_valid_user_struct(uid)) == NULL) return;
-
- q_l.sam_id.ctr = &ctr;
-
- net_io_q_sam_logon("", &q_l, data, 0);
-
- /* checks and updates credentials. creates reply credentials */
- if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
- &(q_l.sam_id.client.cred), &srv_cred))
- {
- status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
- }
- else
- {
- memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
- }
-
- /* find the username */
-
- if (status == 0x0)
- {
- switch (q_l.sam_id.logon_level)
- {
- case 1:
- {
- uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
-
- DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ",
- lp_workgroup()));
- break;
- }
- case 2:
- {
- uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
-
- DEBUG(3,("SAM Logon (Network). Domain:[%s]. ",
- lp_workgroup()));
- break;
- }
- default:
- {
- DEBUG(2,("SAM Logon: unsupported switch value\n"));
- status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
- break;
- }
- }
- }
-
- /* check username exists */
-
- if (status == 0x0)
- {
- pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
- uni_samlogon_user->uni_str_len));
-
- DEBUG(3,("User:[%s]\n", samlogon_user));
-
- become_root(True);
- smb_pass = getsampwnam(samlogon_user);
- unbecome_root(True);
-
- if (smb_pass == NULL)
- {
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- }
- }
-
- /* validate password. */
-
- if (status == 0x0)
- {
- switch (q_l.sam_id.logon_level)
- {
- case 1:
- {
- /* interactive login. */
- status = net_login_interactive(&q_l.sam_id.ctr->auth.id1,
- smb_pass, vuser);
- break;
- }
- case 2:
- {
- /* network login. lm challenge and 24 byte responses */
- status = net_login_network(&q_l.sam_id.ctr->auth.id2,
- smb_pass, vuser);
- break;
- }
- }
- }
+ NET_Q_SAM_LOGON q_l;
+ NET_ID_INFO_CTR ctr;
+ NET_USER_INFO_3 usr_info;
+ uint32 status = 0x0;
+ DOM_CRED srv_cred;
+ struct smb_passwd *smb_pass = NULL;
+ UNISTR2 *uni_samlogon_user = NULL;
+
+ user_struct *vuser = NULL;
+
+ if ((vuser = get_valid_user_struct(uid)) == NULL)
+ return;
+
+ q_l.sam_id.ctr = &ctr;
+
+ net_io_q_sam_logon("", &q_l, data, 0);
+
+ /* checks and updates credentials. creates reply credentials */
+ if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
+ &(q_l.sam_id.client.cred), &srv_cred))
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+ else
+ {
+ memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
+ }
+
+ /* find the username */
+
+ if (status == 0)
+ {
+ switch (q_l.sam_id.logon_level)
+ {
+ case INTERACTIVE_LOGON_TYPE:
+ {
+ uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
+
+ DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
+ break;
+ }
+ case NET_LOGON_TYPE:
+ {
+ uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
+
+ DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
+ break;
+ }
+ default:
+ {
+ DEBUG(2,("SAM Logon: unsupported switch value\n"));
+ status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+ break;
+ }
+ } /* end switch */
+ } /* end if status == 0 */
+
+ /* check username exists */
+
+ if (status == 0)
+ {
+ pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
+ uni_samlogon_user->uni_str_len));
+
+ DEBUG(3,("User:[%s]\n", samlogon_user));
+
+ become_root(True);
+ smb_pass = getsampwnam(samlogon_user);
+ unbecome_root(True);
+
+ if (smb_pass == NULL)
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+ }
+
+ /* validate password. */
+
+ if (status == 0)
+ {
+ switch (q_l.sam_id.logon_level)
+ {
+ case INTERACTIVE_LOGON_TYPE:
+ {
+ /* interactive login. */
+ status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
+ break;
+ }
+ case NET_LOGON_TYPE:
+ {
+ /* network login. lm challenge and 24 byte responses */
+ status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
+ break;
+ }
+ }
+ }
- /* lkclXXXX this is the point at which, if the login was
- successful, that the SAM Local Security Authority should
- record that the user is logged in to the domain.
- */
-
- /* return the profile plus other bits :-) */
-
- if (status == 0x0)
- {
- DOM_GID gids[LSA_MAX_GROUPS];
- int num_gids = 0;
- NTTIME dummy_time;
- pstring logon_script;
- pstring profile_path;
- pstring home_dir;
- pstring home_drive;
- pstring my_name;
- pstring my_workgroup;
- pstring domain_groups;
- pstring dom_sid;
- pstring other_sids;
- uint32 r_uid;
- uint32 r_gid;
-
- /* set up pointer indicating user/password failed to be found */
- usr_info.ptr_user_info = 0;
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a become_user() call */
- sam_logon_in_ssb = True;
-
- pstrcpy(logon_script, lp_logon_script ());
- pstrcpy(profile_path, lp_logon_path ());
- pstrcpy(dom_sid , lp_domain_sid ());
- pstrcpy(other_sids , lp_domain_other_sids());
- pstrcpy(my_workgroup, lp_workgroup ());
-
- pstrcpy(home_drive , lp_logon_drive ());
- pstrcpy(home_dir , lp_logon_home ());
-
- pstrcpy(my_name , global_myname );
- strupper(my_name);
-
- get_domain_user_groups(domain_groups, samlogon_user);
-
- num_gids = make_dom_gids(domain_groups, gids);
-
- sam_logon_in_ssb = False;
-
- if (name_to_rid(samlogon_user, &r_uid, &r_gid))
- {
- make_net_user_info3(&usr_info,
-
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- samlogon_user , /* user_name */
- vuser->real_name, /* full_name */
- logon_script , /* logon_script */
- profile_path , /* profile_path */
- home_dir , /* home_dir */
- home_drive , /* dir_drive */
-
- 0, /* logon_count */
- 0, /* bad_pw_count */
-
- r_uid , /* RID user_id */
- r_gid , /* RID group_id */
- num_gids, /* uint32 num_groups */
- gids , /* DOM_GID *gids */
- 0x20 , /* uint32 user_flgs (?) */
-
- NULL, /* char sess_key[16] */
-
- my_name , /* char *logon_srv */
- my_workgroup, /* char *logon_dom */
-
- dom_sid, /* char *dom_sid */
- other_sids); /* char *other_sids */
- }
- else
- {
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- }
- }
-
- net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
+ /* lkclXXXX this is the point at which, if the login was
+ successful, that the SAM Local Security Authority should
+ record that the user is logged in to the domain.
+ */
+
+ /* return the profile plus other bits :-) */
+
+ if (status == 0)
+ {
+ DOM_GID *gids = NULL;
+ int num_gids = 0;
+ NTTIME dummy_time;
+ pstring logon_script;
+ pstring profile_path;
+ pstring home_dir;
+ pstring home_drive;
+ pstring my_name;
+ pstring my_workgroup;
+ pstring domain_groups;
+ DOM_SID dom_sid;
+ char *other_sids;
+ uint32 r_uid;
+ uint32 r_gid;
+
+ /* set up pointer indicating user/password failed to be found */
+ usr_info.ptr_user_info = 0;
+
+ dummy_time.low = 0xffffffff;
+ dummy_time.high = 0x7fffffff;
+
+ /* XXXX hack to get standard_sub_basic() to use sam logon username */
+ /* possibly a better way would be to do a become_user() call */
+ sam_logon_in_ssb = True;
+
+ pstrcpy(logon_script, lp_logon_script());
+ pstrcpy(profile_path, lp_logon_path());
+ string_to_sid(&dom_sid, lp_domain_sid());
+
+ pstrcpy(other_sids, lp_domain_other_sids());
+ pstrcpy(my_workgroup, lp_workgroup());
+
+ pstrcpy(home_drive, lp_logon_drive());
+ pstrcpy(home_dir, lp_logon_home());
+
+ pstrcpy(my_name, global_myname);
+ strupper(my_name);
+
+ /*
+ * This is the point at which we get the group
+ * database - we should be getting the gid_t list
+ * from /etc/group and then turning the uids into
+ * rids and then into machine sids for this user.
+ * JRA.
+ */
+
+ get_domain_user_groups(domain_groups, samlogon_user);
+
+ /*
+ * make_dom_gids allocates the gids array. JRA.
+ */
+ gids = NULL;
+ num_gids = make_dom_gids(domain_groups, &gids);
+
+ sam_logon_in_ssb = False;
+
+ if (name_to_rid(samlogon_user, &r_uid, &r_gid))
+ {
+ make_net_user_info3(&usr_info,
+ &dummy_time, /* logon_time */
+ &dummy_time, /* logoff_time */
+ &dummy_time, /* kickoff_time */
+ &dummy_time, /* pass_last_set_time */
+ &dummy_time, /* pass_can_change_time */
+ &dummy_time, /* pass_must_change_time */
+
+ samlogon_user , /* user_name */
+ vuser->real_name, /* full_name */
+ logon_script , /* logon_script */
+ profile_path , /* profile_path */
+ home_dir , /* home_dir */
+ home_drive , /* dir_drive */
+
+ 0, /* logon_count */
+ 0, /* bad_pw_count */
+
+ r_uid , /* RID user_id */
+ r_gid , /* RID group_id */
+ num_gids, /* uint32 num_groups */
+ gids , /* DOM_GID *gids */
+ 0x20 , /* uint32 user_flgs (?) */
+
+ NULL, /* char sess_key[16] */
+
+ my_name , /* char *logon_srv */
+ my_workgroup, /* char *logon_dom */
+
+ &dom_sid, /* DOM_SID *dom_sid */
+ other_sids); /* char *other_sids */
+ }
+ else
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* Free any allocated groups array. */
+ if(gids)
+ free((char *)gids);
+ }
+
+ net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
}
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 6f834e454a..8070336f87 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -1018,7 +1018,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
uint32 status = 0x0;
struct smb_passwd *smb_pass;
- DOM_GID gids[LSA_MAX_GROUPS];
+ DOM_GID *gids = NULL;
int num_groups = 0;
int pol_idx;
uint32 rid;
@@ -1053,7 +1053,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
{
pstring groups;
get_domain_user_groups(groups, smb_pass->smb_name);
- num_groups = make_dom_gids(groups, gids);
+ gids = NULL;
+ num_groups = make_dom_gids(groups, &gids);
}
/* construct the response. lkclXXXX: gids are not copied! */
@@ -1062,6 +1063,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
/* store the response in the SMB stream */
samr_io_r_query_usergroups("", &r_u, rdata, 0);
+ if(gids)
+ free((char *)gids);
DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index e842e3b9f9..204a9eac8e 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -79,57 +79,74 @@ rid_name domain_group_rids[] =
};
-int make_dom_gids(char *gids_str, DOM_GID *gids)
+int make_dom_gids(char *gids_str, DOM_GID **ppgids)
{
- char *ptr;
- pstring s2;
- int count;
-
- DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0) return 0;
-
- for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr(s2,'/');
- if (attr) *attr++ = 0;
- if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; domain_alias_rids[i].name != NULL; i++)
- {
- if (strequal(domain_alias_rids[i].name, s2))
- {
- rid = domain_alias_rids[i].rid;
- break;
- }
- }
-
- if (rid == 0) rid = atoi(s2);
-
- if (rid == 0)
- {
- DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n",
- s2, attr));
- count--;
- }
- else
- {
- gids[count].g_rid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n",
- gids[count].g_rid,
- gids[count].attr));
- }
- }
-
- return count;
+ char *ptr;
+ pstring s2;
+ int count;
+ DOM_GID *gids;
+
+ *ppgids = NULL;
+
+ DEBUG(4,("make_dom_gids: %s\n", gids_str));
+
+ if (gids_str == NULL || *gids_str == 0)
+ return 0;
+
+ for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
+ ;
+
+ gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
+ if(!gids)
+ {
+ DEBUG(0,("make_dom_gids: malloc fail !\n"));
+ return 0;
+ }
+
+ for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) &&
+ count < LSA_MAX_GROUPS; count++)
+ {
+ /* the entries are of the form GID/ATTR, ATTR being optional.*/
+ char *attr;
+ uint32 rid = 0;
+ int i;
+
+ attr = strchr(s2,'/');
+ if (attr)
+ *attr++ = 0;
+
+ if (!attr || !*attr)
+ attr = "7"; /* default value for attribute is 7 */
+
+ /* look up the RID string and see if we can turn it into a rid number */
+ for (i = 0; domain_alias_rids[i].name != NULL; i++)
+ {
+ if (strequal(domain_alias_rids[i].name, s2))
+ {
+ rid = domain_alias_rids[i].rid;
+ break;
+ }
+ }
+
+ if (rid == 0)
+ rid = atoi(s2);
+
+ if (rid == 0)
+ {
+ DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
+ count--;
+ }
+ else
+ {
+ gids[count].g_rid = rid;
+ gids[count].attr = atoi(attr);
+
+ DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
+ }
+ }
+
+ *ppgids = gids;
+ return count;
}
/*******************************************************************
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index d900b54c1f..ece3107257 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -427,13 +427,13 @@ BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
return(chat_with_program(passwordprogram,name,chatsequence, as_root));
}
-#else
+#else /* ALLOW_CHANGE_PASSWORD */
BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
{
DEBUG(0,("Password changing not compiled in (user=%s)\n",name));
return(False);
}
-#endif
+#endif /* ALLOW_CHANGE_PASSWORD */
/***********************************************************
Code to check the lanman hashed password.
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 7b82894c7f..132fdb30ef 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -1677,6 +1677,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
fstring new_passwd;
struct smb_passwd *sampw = NULL;
char *p = param + 2;
+ int ret = True;
*rparam_len = 2;
*rparam = REALLOC(*rparam,*rparam_len);
@@ -1718,9 +1719,9 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
*/
if(lp_unix_password_sync())
- chgpasswd(user,"", new_passwd, True);
+ ret = chgpasswd(user,"", new_passwd, True);
- if(change_oem_password( sampw, new_passwd, False)) {
+ if(ret && change_oem_password( sampw, new_passwd, False)) {
SSVAL(*rparam,0,NERR_Success);
}