diff options
| author | Jean-François Micouleau <jfm@samba.org> | 2001-03-23 00:50:31 +0000 |
|---|---|---|
| committer | Jean-François Micouleau <jfm@samba.org> | 2001-03-23 00:50:31 +0000 |
| commit | 0053bd8b80cc08d65948c97f8ab0b4e2b829f083 (patch) | |
| tree | 5312917960dd50137e91fe98eac31492e9717418 | |
| parent | 97bbbd49a8cf17421de7720ca6e4f89a42fa1aa0 (diff) | |
| download | samba-0053bd8b80cc08d65948c97f8ab0b4e2b829f083.tar.gz samba-0053bd8b80cc08d65948c97f8ab0b4e2b829f083.tar.bz2 samba-0053bd8b80cc08d65948c97f8ab0b4e2b829f083.zip | |
first pass of the new group mapping code
J.F.
(This used to be commit 7154deb026d53cb0cd503562174c3332a372be63)
| -rw-r--r-- | source3/Makefile.in | 11 | ||||
| -rw-r--r-- | source3/groupdb/mapping.c | 754 | ||||
| -rw-r--r-- | source3/include/includes.h | 2 | ||||
| -rw-r--r-- | source3/include/mapping.h | 44 | ||||
| -rw-r--r-- | source3/include/proto.h | 949 | ||||
| -rw-r--r-- | source3/param/loadparm.c | 15 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr.c | 155 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 451 | ||||
| -rw-r--r-- | source3/smbd/server.c | 5 | ||||
| -rw-r--r-- | source3/utils/smbgroupedit.c | 341 |
10 files changed, 2208 insertions, 519 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 3c86317236..cf817cdd78 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -170,6 +170,8 @@ PASSDB_OBJ = passdb/passdb.o passdb/secrets.o \ passdb/machine_sid.o passdb/pdb_smbpasswd.o \ passdb/pdb_tdb.o +GROUPDB_OBJ = groupdb/mapping.o + # passdb/smbpass.o passdb/ldap.o passdb/nispass.o PROFILE_OBJ = profile/profile.o @@ -201,7 +203,7 @@ MSDFS_OBJ = msdfs/msdfs.o SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) \ $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ - $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) $(NOTIFY_OBJ) + $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) $(NOTIFY_OBJ) $(GROUPDB_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ @@ -258,6 +260,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \ PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) +SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \ + $(LIBSMB_OBJ) $(PASSDB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o @@ -513,6 +518,10 @@ bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(LIBS) +bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS) + bin/make_smbcodepage: $(MAKE_SMBCODEPAGE_OBJ) bin/.dummy @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(MAKE_SMBCODEPAGE_OBJ) $(LDFLAGS) $(LIBS) diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c new file mode 100644 index 0000000000..df4552e103 --- /dev/null +++ b/source3/groupdb/mapping.c @@ -0,0 +1,754 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Jean François Micouleau 1998-2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; + +static TDB_CONTEXT *tdb; /* used for driver files */ + +#define DATABASE_VERSION 1 +#define GROUP_PREFIX "UNIXGROUP/" + +PRIVS privs[] = { + {SE_PRIV_NONE, "no_privs", "No privilege"}, + {SE_PRIV_ADD_USERS, "add_users", "add users"}, + {SE_PRIV_ADD_MACHINES, "add_computers", ""}, + {SE_PRIV_PRINT_OPERATOR, "print_op", ""}, + {SE_PRIV_ALL, "all_privs", ""} +}; +/* +PRIVS privs[] = { + { 2, "SeCreateTokenPrivilege" }, + { 3, "SeAssignPrimaryTokenPrivilege" }, + { 4, "SeLockMemoryPrivilege" }, + { 5, "SeIncreaseQuotaPrivilege" }, + { 6, "SeMachineAccountPrivilege" }, + { 7, "SeTcbPrivilege" }, + { 8, "SeSecurityPrivilege" }, + { 9, "SeTakeOwnershipPrivilege" }, + { 10, "SeLoadDriverPrivilege" }, + { 11, "SeSystemProfilePrivilege" }, + { 12, "SeSystemtimePrivilege" }, + { 13, "SeProfileSingleProcessPrivilege" }, + { 14, "SeIncreaseBasePriorityPrivilege" }, + { 15, "SeCreatePagefilePrivilege" }, + { 16, "SeCreatePermanentPrivilege" }, + { 17, "SeBackupPrivilege" }, + { 18, "SeRestorePrivilege" }, + { 19, "SeShutdownPrivilege" }, + { 20, "SeDebugPrivilege" }, + { 21, "SeAuditPrivilege" }, + { 22, "SeSystemEnvironmentPrivilege" }, + { 23, "SeChangeNotifyPrivilege" }, + { 24, "SeRemoteShutdownPrivilege" }, +}; +*/ + +#if 0 +/**************************************************************************** +check if the user has the required privilege. +****************************************************************************/ +static BOOL se_priv_access_check(NT_USER_TOKEN *token, uint32 privilege) +{ + /* no token, no privilege */ + if (token==NULL) + return False; + + if ((token->privilege & privilege)==privilege) + return True; + + return False; +} +#endif + +/**************************************************************************** +dump the mapping group mapping to a text file +****************************************************************************/ +char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use) +{ + static fstring group_type; + + switch(name_use) { + case SID_NAME_USER: + fstrcpy(group_type,"User"); + break; + case SID_NAME_DOM_GRP: + fstrcpy(group_type,"Domain group"); + break; + case SID_NAME_DOMAIN: + fstrcpy(group_type,"Domain"); + break; + case SID_NAME_ALIAS: + fstrcpy(group_type,"Local group"); + break; + case SID_NAME_WKN_GRP: + fstrcpy(group_type,"Builtin group"); + break; + case SID_NAME_DELETED: + fstrcpy(group_type,"Deleted"); + break; + case SID_NAME_INVALID: + fstrcpy(group_type,"Invalid"); + break; + case SID_NAME_UNKNOWN: + default: + fstrcpy(group_type,"Unknown type"); + break; + } + + fstrcpy(group, group_type); + return group_type; +} + +/**************************************************************************** +open the group mapping tdb +****************************************************************************/ +BOOL init_group_mapping(void) +{ + static pid_t local_pid; + char *vstring = "INFO/version"; + + if (tdb && local_pid == sys_getpid()) return True; + tdb = tdb_open(lock_path("group_mapping.tdb"), 0, 0, O_RDWR|O_CREAT, 0600); + if (!tdb) { + DEBUG(0,("Failed to open group mapping database\n")); + return False; + } + + local_pid = sys_getpid(); + + /* handle a Samba upgrade */ + tdb_lock_bystring(tdb, vstring); + if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) { + tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL); + tdb_store_int(tdb, vstring, DATABASE_VERSION); + } + tdb_unlock_bystring(tdb, vstring); + + + return True; +} + +/**************************************************************************** +****************************************************************************/ +BOOL add_mapping_entry(GROUP_MAP *map, int flag) +{ + TDB_DATA kbuf, dbuf; + pstring key, buf; + fstring string_sid; + int len; + + sid_to_string(string_sid, &map->sid); + + len = tdb_pack(buf, sizeof(buf), "ddffd", + map->gid, map->sid_name_use, map->nt_name, map->comment, map->privilege); + + if (len > sizeof(buf)) return False; + + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dsize = strlen(key)+1; + kbuf.dptr = key; + dbuf.dsize = len; + dbuf.dptr = buf; + if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; + + return True; +} + +/**************************************************************************** +initialise first time the mapping list +****************************************************************************/ +BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, + fstring nt_name, fstring comment, uint32 privilege) +{ + GROUP_MAP map; + + map.gid=gid; + string_to_sid(&map.sid, sid); + map.sid_name_use=sid_name_use; + fstrcpy(map.nt_name, nt_name); + fstrcpy(map.comment, comment); + map.privilege=privilege; + + add_mapping_entry(&map, TDB_INSERT); + + return True; +} + +/**************************************************************************** +initialise first time the mapping list +****************************************************************************/ +BOOL default_group_mapping() +{ + DOM_SID sid_admins; + DOM_SID sid_users; + DOM_SID sid_guests; + fstring str_admins; + fstring str_users; + fstring str_guests; + + + /* Add the Wellknown groups */ + + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", SE_PRIV_ALL); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", SE_PRIV_NONE); + + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", SE_PRIV_PRINT_OPERATOR); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", SE_PRIV_NONE); + + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", SE_PRIV_NONE); + + /* Add the defaults domain groups */ + + sid_copy(&sid_admins, &global_sam_sid); + sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); + sid_to_string(str_admins, &sid_admins); + add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", SE_PRIV_ALL); + + sid_copy(&sid_users, &global_sam_sid); + sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); + sid_to_string(str_users, &sid_users); + add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", SE_PRIV_NONE); + + sid_copy(&sid_guests, &global_sam_sid); + sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); + sid_to_string(str_guests, &sid_guests); + add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", SE_PRIV_NONE); + + return True; +} + + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + int ret; + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) return False; + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) { + DEBUG(0,("get_group_map_from_sid: mapping TDB corrupted ?\n")); + return False; + } + + sid_copy(&map->sid, &sid); + + return True; +} + + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; + + /* we need to enumerate the TDB to find the GID */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) continue; + + if (gid==map->gid) + return True; + } + + return False; +} + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; + + /* we need to enumerate the TDB to find the GID */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) continue; + + if (StrCaseCmp(name, map->nt_name)==0) + return True; + + } + + return False; +} + +/**************************************************************************** +enumerate the group mapping +****************************************************************************/ +BOOL group_map_remove(DOM_SID sid) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) return False; + + safe_free(dbuf.dptr); + + if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) + return False; + + return True; +} + + +/**************************************************************************** +enumerate the group mapping +****************************************************************************/ +BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + fstring group_type; + GROUP_MAP map; + GROUP_MAP *mapt=NULL; + int ret; + int entries=0; + + *num_entries=0; + *rmap=NULL; + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) continue; + + /* list only the type or everything if UNKNOWN */ + if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) continue; + + string_to_sid(&map.sid, string_sid); + + decode_sid_name_use(group_type, map.sid_name_use); + + mapt=(GROUP_MAP *)Realloc(mapt, (entries+1)*sizeof(GROUP_MAP)); + + mapt[entries].gid = map.gid; + sid_copy( &mapt[entries].sid, &map.sid); + mapt[entries].sid_name_use = map.sid_name_use; + fstrcpy(mapt[entries].nt_name, map.nt_name); + fstrcpy(mapt[entries].comment, map.comment); + mapt[entries].privilege = map.privilege; + + entries++; + } + + *rmap=mapt; + *num_entries=entries; + return True; +} + + +/**************************************************************************** +convert a privilege list to a privilege value +****************************************************************************/ +void convert_priv_from_text(uint32 *se_priv, char *privilege) +{ + pstring tok; + char *p = privilege; + int i; + + /* By default no privilege */ + (*se_priv)=0x0; + + if (privilege==NULL) + return; + + while(next_token(&p, tok, " ", sizeof(tok)) ) { + for (i=0; i<=PRIV_ALL_INDEX; i++) { + if (StrCaseCmp(privs[i].priv, tok)==0) + (*se_priv)+=privs[i].se_priv; + } + } +} + +/**************************************************************************** +convert a privilege value to a privilege list +****************************************************************************/ +void convert_priv_to_text(uint32 se_priv, char *privilege) +{ + int i; + + if (privilege==NULL) + return; + + ZERO_STRUCTP(privilege); + + if (se_priv==SE_PRIV_NONE) { + fstrcat(privilege, privs[0].priv); + return; + } + + if (se_priv==SE_PRIV_ALL) { + fstrcat(privilege, privs[PRIV_ALL_INDEX].priv); + return; + } + + for (i=1; privs[i].se_priv!=SE_PRIV_ALL; i++) { + if ( (se_priv & privs[i].se_priv) == privs[i].se_priv) { + fstrcat(privilege, privs[i].priv); + fstrcat(privilege, " "); + } + } +} + + +/* + * + * High level functions + * better to use them than the lower ones. + * + * we are checking if the group is in the mapping file + * and if the group is an existing unix group + * + */ + +/* get a domain group from it's SID */ + +BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + struct group *grp; + + /* if the group is NOT in the database, it CAN NOT be a domain group */ + if(!get_group_map_from_sid(sid, map)) + return False; + + /* if it's not a domain group, continue */ + if (map->sid_name_use!=SID_NAME_DOM_GRP) + return False; + + if (map->gid==-1) + return False; + + if ( (grp=getgrgid(map->gid)) == NULL) + return False; + + return True; +} + + +/* get a local (alias) group from it's SID */ + +BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + struct group *grp; + + /* The group is in the mapping table */ + if(get_group_map_from_sid(sid, map)) { + if (map->sid_name_use!=SID_NAME_ALIAS) + return False; + + if (map->gid==-1) + return False; + + if ( (grp=getgrgid(map->gid)) == NULL) + return False; + } else { + /* the group isn't in the mapping table. + * make one based on the unix information */ + uint32 alias_rid; + + sid_split_rid(&sid, &alias_rid); + map->gid=pdb_user_rid_to_gid(alias_rid); + + if ((grp=getgrgid(map->gid)) == NULL) + return False; + + map->sid_name_use=SID_NAME_ALIAS; + + fstrcpy(map->nt_name, grp->gr_name); + fstrcpy(map->comment, "Local Unix Group"); + + map->privilege=SE_PRIV_NONE; + + } + + return True; +} + +/* get a builtin group from it's SID */ + +BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + struct group *grp; + + if(!get_group_map_from_sid(sid, map)) + return False; + + if (map->sid_name_use!=SID_NAME_WKN_GRP) + return False; + + if (map->gid==-1) + return False; + + if ( (grp=getgrgid(map->gid)) == NULL) + return False; + + return True; +} + + + +/**************************************************************************** +Returns a GROUP_MAP struct based on the gid. +****************************************************************************/ +BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) +{ + struct group *grp; + DOM_SID sid; + uint32 rid; + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + /* + * make a group map from scratch if doesn't exist. + */ + if (!get_group_map_from_gid(gid, map)) { + map->gid=gid; + map->sid_name_use=SID_NAME_ALIAS; + map->privilege=SE_PRIV_NONE; + + rid=pdb_gid_to_group_rid(gid); + sid_copy(&sid, &global_sam_sid); + sid_append_rid(&sid, rid); + + fstrcpy(map->nt_name, grp->gr_name); + fstrcpy(map->comment, "Local Unix Group"); + } + + return True; +} + + + + +/**************************************************************************** + Get the member users of a group and + all the users who have that group as primary. + + give back an array of uid + return the grand number of users + + + TODO: sort the list and remove duplicate. JFM. + +****************************************************************************/ + +BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) +{ + struct group *grp; + struct passwd *pwd; + int i=0; + char *gr; + + *num_uids = 0; + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + gr = grp->gr_mem[0]; + DEBUG(10, ("getting members\n")); + + while (gr && (*gr != (char)NULL)) { + (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + + if( (pwd=getpwnam(gr)) !=NULL) { + (*uid)[*num_uids]=pwd->pw_uid; + (*num_uids)++; + } + gr = grp->gr_mem[++i]; + } + DEBUG(10, ("got [%d] members\n", *num_uids)); + + setpwent(); + while ((pwd=getpwent()) != NULL) { + if (pwd->pw_gid==gid) { + (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + (*uid)[*num_uids]=pwd->pw_uid; + + (*num_uids)++; + } + } + endpwent(); + DEBUG(10, ("got primary groups, members: [%d]\n", *num_uids)); + + return True; +} + +/**************************************************************************** + Create a UNIX group on demand. +****************************************************************************/ + +int smb_create_group(char *unix_group) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_addgroup_script()); + if (! *add_script) return -1; + pstring_sub(add_script, "%g", unix_group); + ret = smbrun(add_script,NULL,False); + DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Delete a UNIX group on demand. +****************************************************************************/ + +int smb_delete_group(char *unix_group) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_delgroup_script()); + if (! *del_script) return -1; + pstring_sub(del_script, "%g", unix_group); + ret = smbrun(del_script,NULL,False); + DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + +/**************************************************************************** + Create a UNIX group on demand. +****************************************************************************/ + +int smb_add_user_group(char *unix_group, char *unix_user) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_addusertogroup_script()); + if (! *add_script) return -1; + pstring_sub(add_script, "%g", unix_group); + pstring_sub(add_script, "%u", unix_user); + ret = smbrun(add_script,NULL,False); + DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Delete a UNIX group on demand. +****************************************************************************/ + +int smb_delete_user_group(char *unix_group, char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluserfromgroup_script()); + if (! *del_script) return -1; + pstring_sub(del_script, "%g", unix_group); + pstring_sub(del_script, "%u", unix_user); + ret = smbrun(del_script,NULL,False); + DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + + + diff --git a/source3/include/includes.h b/source3/include/includes.h index f4dcbde62e..93c756a690 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -638,6 +638,8 @@ extern int errno; #include "profile.h" +#include "mapping.h" + #ifndef MAXCODEPAGELINES #define MAXCODEPAGELINES 256 #endif diff --git a/source3/include/mapping.h b/source3/include/mapping.h new file mode 100644 index 0000000000..2543f6e42a --- /dev/null +++ b/source3/include/mapping.h @@ -0,0 +1,44 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Jean François Micouleau 1998-2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +typedef struct _GROUP_MAP { + gid_t gid; + DOM_SID sid; + enum SID_NAME_USE sid_name_use; + fstring nt_name; + fstring comment; + uint32 privilege; +} GROUP_MAP; + +typedef struct _PRIVS { + uint32 se_priv; + char *priv; + char *description; +} PRIVS; + +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_USERS 0x0001 +#define SE_PRIV_ADD_MACHINES 0x0002 +#define SE_PRIV_PRINT_OPERATOR 0x0004 +#define SE_PRIV_ALL 0xffff + +#define PRIV_ALL_INDEX 4 diff --git a/source3/include/proto.h b/source3/include/proto.h index 355526c799..30985dcdf6 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -17,6 +17,31 @@ void cmd_tar(void); int process_tar(void); int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); +/*The following definitions come from groupdb/mapping.c */ + +char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use); +BOOL init_group_mapping(void); +BOOL add_mapping_entry(GROUP_MAP *map, int flag); +BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, + fstring nt_name, fstring comment, uint32 privilege); +BOOL default_group_mapping(); +BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map); +BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map); +BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map); +BOOL group_map_remove(DOM_SID sid); +BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries); +void convert_priv_from_text(uint32 *se_priv, char *privilege); +void convert_priv_to_text(uint32 se_priv, char *privilege); +BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map); +BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map); +BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map); +BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map); +BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids); +int smb_create_group(char *unix_group); +int smb_delete_group(char *unix_group); +int smb_add_user_group(char *unix_group, char *unix_user); +int smb_delete_user_group(char *unix_group, char *unix_user); + /*The following definitions come from lib/access.c */ BOOL allow_access(char *deny_list,char *allow_list, @@ -191,10 +216,403 @@ void CatchChildLeaveStatus(void); int vslprintf(char *str, int n, char *format, va_list ap); +/*The following definitions come from libsmb/cliconnect.c */ + +BOOL cli_session_setup(struct cli_state *cli, + char *user, + char *pass, int passlen, + char *ntpass, int ntpasslen, + char *workgroup); +BOOL cli_ulogoff(struct cli_state *cli); +BOOL cli_send_tconX(struct cli_state *cli, + char *share, char *dev, char *pass, int passlen); +BOOL cli_tdis(struct cli_state *cli); +void cli_negprot_send(struct cli_state *cli); +BOOL cli_negprot(struct cli_state *cli); +BOOL cli_session_request(struct cli_state *cli, + struct nmb_name *calling, struct nmb_name *called); +BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip); +BOOL cli_reestablish_connection(struct cli_state *cli); +BOOL cli_establish_connection(struct cli_state *cli, + char *dest_host, struct in_addr *dest_ip, + struct nmb_name *calling, struct nmb_name *called, + char *service, char *service_type, + BOOL do_shutdown, BOOL do_tcon); +BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost, + struct in_addr *pdest_ip); + +/*The following definitions come from libsmb/clidgram.c */ + +int cli_send_mailslot(int dgram_sock, BOOL unique, char *mailslot, + char *buf, int len, + const char *srcname, int src_type, + const char *dstname, int dest_type, + struct in_addr dest_ip, struct in_addr src_ip, + int dest_port, int src_port); +int cli_get_response(int dgram_sock, BOOL unique, char *mailslot, char *buf, int bufsiz); +int cli_get_backup_list(const char *myname, const char *send_to_name); +int cli_get_backup_server(char *my_name, char *target, char *servername, int namesize); + +/*The following definitions come from libsmb/clientgen.c */ + +int cli_set_port(struct cli_state *cli, int port); +BOOL cli_receive_smb(struct cli_state *cli); +BOOL cli_send_smb(struct cli_state *cli); +void cli_setup_packet(struct cli_state *cli); +void cli_setup_bcc(struct cli_state *cli, void *p); +void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr); +struct cli_state *cli_initialise(struct cli_state *cli); +void cli_shutdown(struct cli_state *cli); +void cli_sockopt(struct cli_state *cli, char *options); +uint16 cli_setpid(struct cli_state *cli, uint16 pid); + +/*The following definitions come from libsmb/clierror.c */ + +char *cli_errstr(struct cli_state *cli); +int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num, uint32 *nt_rpc_error); + +/*The following definitions come from libsmb/clifile.c */ + +BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst); +BOOL cli_unlink(struct cli_state *cli, char *fname); +BOOL cli_mkdir(struct cli_state *cli, char *dname); +BOOL cli_rmdir(struct cli_state *cli, char *dname); +int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess); +int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode); +BOOL cli_close(struct cli_state *cli, int fnum); +BOOL cli_lock(struct cli_state *cli, int fnum, + uint32 offset, uint32 len, int timeout, enum brl_type lock_type); +BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len); +BOOL cli_lock64(struct cli_state *cli, int fnum, + SMB_BIG_UINT offset, SMB_BIG_UINT len, int timeout, enum brl_type lock_type); +BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_UINT len); +BOOL cli_getattrE(struct cli_state *cli, int fd, + uint16 *attr, size_t *size, + time_t *c_time, time_t *a_time, time_t *m_time); +BOOL cli_getatr(struct cli_state *cli, char *fname, + uint16 *attr, size_t *size, time_t *t); +BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t); +BOOL cli_chkpath(struct cli_state *cli, char *path); +BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail); + +/*The following definitions come from libsmb/clilist.c */ + +int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, + void (*fn)(file_info *, const char *, void *), void *state); +int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, + void (*fn)(file_info *, const char *, void *), void *state); +int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, + void (*fn)(file_info *, const char *, void *), void *state); + +/*The following definitions come from libsmb/cli_lsarpc.c */ + +struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name, + struct ntuser_creds *creds); +void cli_lsa_shutdown(struct cli_state *cli); +uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, + uint32 des_access, POLICY_HND *pol); +uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *pol); +uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol, + int num_sids, DOM_SID *sids, char ***names, + uint32 **types, int *num_names); +uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *pol, + int num_names, char **names, DOM_SID **sids, + uint32 **types, int *num_sids); +uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *pol, + uint16 info_class, fstring domain_name, + DOM_SID * domain_sid); +uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, POLICY_HND *pol, + uint32 *enum_ctx, uint32 *num_domains, + char ***domain_names, DOM_SID **domain_sids); + +/*The following definitions come from libsmb/climessage.c */ + +BOOL cli_message_start(struct cli_state *cli, char *host, char *username, + int *grp); +BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp); +BOOL cli_message_end(struct cli_state *cli, int grp); + +/*The following definitions come from libsmb/cliprint.c */ + +int cli_print_queue(struct cli_state *cli, + void (*fn)(struct print_job_info *)); +int cli_printjob_del(struct cli_state *cli, int job); + +/*The following definitions come from libsmb/clirap.c */ + +BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, + uint16 *setup, uint32 setup_count, uint32 max_setup_count, + char *params, uint32 param_count, uint32 max_param_count, + char *data, uint32 data_count, uint32 max_data_count, + char **rparam, uint32 *rparam_count, + char **rdata, uint32 *rdata_count); +BOOL cli_api(struct cli_state *cli, + char *param, int prcnt, int mprcnt, + char *data, int drcnt, int mdrcnt, + char **rparam, int *rprcnt, + char **rdata, int *rdrcnt); +BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation); +int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *, void *), void *state); +BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, + void (*fn)(const char *, uint32, const char *, void *), + void *state); +BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password, + const char *old_password); +BOOL cli_qpathinfo(struct cli_state *cli, const char *fname, + time_t *c_time, time_t *a_time, time_t *m_time, + size_t *size, uint16 *mode); +BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname, + time_t *c_time, time_t *a_time, time_t *m_time, + time_t *w_time, size_t *size, uint16 *mode, + SMB_INO_T *ino); +BOOL cli_qfileinfo(struct cli_state *cli, int fnum, + uint16 *mode, size_t *size, + time_t *c_time, time_t *a_time, time_t *m_time, + time_t *w_time, SMB_INO_T *ino); + +/*The following definitions come from libsmb/clireadwrite.c */ + +size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size); +ssize_t cli_write(struct cli_state *cli, + int fnum, uint16 write_mode, + char *buf, off_t offset, size_t size); +ssize_t cli_smbwrite(struct cli_state *cli, + int fnum, char *buf, off_t offset, size_t size1); + +/*The following definitions come from libsmb/cli_samr.c */ + +struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name, + struct ntuser_creds *creds); +void cli_samr_shutdown(struct cli_state *cli); +uint32 cli_samr_connect(struct cli_state *cli, char *srv_name, + uint32 access_mask, POLICY_HND *connect_pol); +uint32 cli_samr_close(struct cli_state *cli, POLICY_HND *connect_pol); +uint32 cli_samr_open_domain(struct cli_state *cli, POLICY_HND *connect_pol, + uint32 access_mask, DOM_SID *domain_sid, + POLICY_HND *domain_pol); +uint32 cli_samr_open_user(struct cli_state *cli, POLICY_HND *domain_pol, + uint32 access_mask, uint32 user_rid, + POLICY_HND *user_pol); +uint32 cli_samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol, + uint32 access_mask, uint32 group_rid, + POLICY_HND *group_pol); +uint32 cli_samr_query_userinfo(struct cli_state *cli, POLICY_HND *user_pol, + uint16 switch_value, SAM_USERINFO_CTR *ctr); +uint32 cli_samr_query_groupinfo(struct cli_state *cli, POLICY_HND *group_pol, + uint32 info_level, GROUP_INFO_CTR *ctr); +uint32 cli_samr_query_usergroups(struct cli_state *cli, POLICY_HND *user_pol, + uint32 *num_groups, DOM_GID **gid); +uint32 cli_samr_query_groupmem(struct cli_state *cli, POLICY_HND *group_pol, + uint32 *num_mem, uint32 **rid, uint32 **attr); + +/*The following definitions come from libsmb/clisecdesc.c */ + +SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd); +BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd); + +/*The following definitions come from libsmb/cli_spoolss.c */ + +struct cli_state *cli_spoolss_initialise(struct cli_state *cli, + char *system_name, + struct ntuser_creds *creds); +void cli_spoolss_shutdown(struct cli_state *cli); +uint32 cli_spoolss_open_printer_ex(struct cli_state *cli, char *printername, + char *datatype, uint32 access_required, + char *station, char *username, + POLICY_HND *pol); +uint32 cli_spoolss_close_printer(struct cli_state *cli, POLICY_HND *pol); +uint32 cli_spoolss_enum_printers(struct cli_state *cli, uint32 flags, + uint32 level, int *returned, + PRINTER_INFO_CTR *ctr); +uint32 cli_spoolss_enum_ports(struct cli_state *cli, uint32 level, + int *returned, PORT_INFO_CTR *ctr); +uint32 cli_spoolss_getprinter(struct cli_state *cli, POLICY_HND *pol, + uint32 level, PRINTER_INFO_CTR *ctr); +uint32 cli_spoolss_getprinterdriver ( + struct cli_state *cli, + POLICY_HND *pol, + uint32 level, + char* env, + PRINTER_DRIVER_CTR *ctr +); +uint32 cli_spoolss_enumprinterdrivers ( + struct cli_state *cli, + uint32 level, + char* env, + uint32 *returned, + PRINTER_DRIVER_CTR *ctr +); +uint32 cli_spoolss_getprinterdriverdir ( + struct cli_state *cli, + uint32 level, + char* env, + DRIVER_DIRECTORY_CTR *ctr +); +uint32 cli_spoolss_addprinterdriver ( + struct cli_state *cli, + uint32 level, + PRINTER_DRIVER_CTR *ctr +); +uint32 cli_spoolss_addprinterex ( + struct cli_state *cli, + uint32 level, + PRINTER_INFO_CTR *ctr +); + +/*The following definitions come from libsmb/clistr.c */ + +int clistr_push(struct cli_state *cli, void *dest, const char *src, int dest_len, int flags); +int clistr_pull(struct cli_state *cli, char *dest, const void *src, int dest_len, int src_len, int flags); +int clistr_align(const void *buf, const void *p); + +/*The following definitions come from libsmb/clitrans.c */ + +BOOL cli_send_trans(struct cli_state *cli, int trans, + char *pipe_name, + int fid, int flags, + uint16 *setup, int lsetup, int msetup, + char *param, int lparam, int mparam, + char *data, int ldata, int mdata); +BOOL cli_receive_trans(struct cli_state *cli,int trans, + char **param, int *param_len, + char **data, int *data_len); +BOOL cli_send_nt_trans(struct cli_state *cli, + int function, + int flags, + uint16 *setup, int lsetup, int msetup, + char *param, int lparam, int mparam, + char *data, int ldata, int mdata); +BOOL cli_receive_nt_trans(struct cli_state *cli, + char **param, int *param_len, + char **data, int *data_len); + +/*The following definitions come from libsmb/credentials.c */ + +char *credstr(uchar *cred); +void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, + uchar session_key[8]); +void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, + DOM_CHAL *cred); +int cred_assert(DOM_CHAL *cred, uchar session_key[8], DOM_CHAL *stored_cred, + UTIME timestamp); +BOOL clnt_deal_with_creds(uchar sess_key[8], + DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred); +BOOL deal_with_creds(uchar sess_key[8], + DOM_CRED *sto_clnt_cred, + DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred); + +/*The following definitions come from libsmb/namequery.c */ + +struct node_status *name_status_query(int fd,struct nmb_name *name, + struct in_addr to_ip, int *num_names); +BOOL name_status_find(int type, struct in_addr to_ip, char *name); +BOOL name_register(int fd, const char *name, int name_type, + struct in_addr name_ip, int opcode, + BOOL bcast, + struct in_addr to_ip, int *count); +struct in_addr *name_query(int fd,const char *name,int name_type, + BOOL bcast,BOOL recurse, + struct in_addr to_ip, int *count); +FILE *startlmhosts(char *fname); +BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr); +void endlmhosts(FILE *fp); +BOOL name_register_wins(const char *name, int name_type); +BOOL name_resolve_bcast(const char *name, int name_type, + struct in_addr **return_ip_list, int *return_count); +BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type); +BOOL resolve_srv_name(const char* srv_name, fstring dest_host, + struct in_addr *ip); +BOOL find_master_ip(char *group, struct in_addr *master_ip); +BOOL lookup_pdc_name(const char *srcname, const char *domain, struct in_addr *pdc_ip, char *ret_name); +BOOL get_dc_list(BOOL pdc_only, char *group, struct in_addr **ip_list, int *count); + +/*The following definitions come from libsmb/nmblib.c */ + +void debug_nmb_packet(struct packet_struct *p); +char *nmb_namestr(struct nmb_name *n); +struct packet_struct *copy_packet(struct packet_struct *packet); +void free_packet(struct packet_struct *packet); +struct packet_struct *parse_packet(char *buf,int length, + enum packet_type packet_type); +struct packet_struct *read_packet(int fd,enum packet_type packet_type); +void make_nmb_name( struct nmb_name *n, const char *name, int type); +BOOL nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2); +int build_packet(char *buf, struct packet_struct *p); +BOOL send_packet(struct packet_struct *p); +struct packet_struct *receive_packet(int fd,enum packet_type type,int t); +struct packet_struct *receive_nmb_packet(int fd, int t, int trn_id); +struct packet_struct *receive_dgram_packet(int fd, int t, char *mailslot_name); +BOOL match_mailslot_name(struct packet_struct *p, char *mailslot_name); +void sort_query_replies(char *data, int n, struct in_addr ip); +char *dns_to_netbios_name(char *dns_name); +int name_mangle( char *In, char *Out, char name_type ); +int name_extract(char *buf,int ofs,char *name); +int name_len(char *s1); + +/*The following definitions come from libsmb/nterr.c */ + +BOOL get_safe_nt_error_msg(uint32 nt_code,char *msg, size_t len); +char *get_nt_error_msg(uint32 nt_code); + +/*The following definitions come from libsmb/passchange.c */ + +BOOL remote_password_change(const char *remote_machine, const char *user_name, + const char *old_passwd, const char *new_passwd, + char *err_str, size_t err_str_len); + +/*The following definitions come from libsmb/pwd_cache.c */ + +void pwd_init(struct pwd_info *pwd); +BOOL pwd_is_nullpwd(const struct pwd_info *pwd); +BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2); +void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt); +void pwd_set_nullpwd(struct pwd_info *pwd); +void pwd_set_cleartext(struct pwd_info *pwd, char *clr); +void pwd_get_cleartext(struct pwd_info *pwd, char *clr); +void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); +void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); +void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr); +void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]); +void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]); + /*The following definitions come from lib/smbrun.c */ int smbrun(char *cmd,char *outfile,BOOL shared); +/*The following definitions come from libsmb/smbdes.c */ + +void E_P16(unsigned char *p14,unsigned char *p16); +void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); +void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out); +void E_old_pw_hash( unsigned char *p14, unsigned char *in, unsigned char *out); +void cred_hash1(unsigned char *out,unsigned char *in,unsigned char *key); +void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key); +void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key, int forw); +void SamOEMhash( unsigned char *data, unsigned char *key, int val); + +/*The following definitions come from libsmb/smbencrypt.c */ + +void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24); +void E_md4hash(uchar *passwd, uchar *p16); +void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]); +void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); +void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]); +void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); +BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode); +BOOL decode_pw_buffer(char buffer[516], char *new_pwrd, + int new_pwrd_size, uint32 *new_pw_len); + +/*The following definitions come from libsmb/smberr.c */ + +char *smb_errstr(char *inbuf); + +/*The following definitions come from libsmb/unexpected.c */ + +void unexpected_packet(struct packet_struct *p); +void clear_unexpected(time_t t); +struct packet_struct *receive_unexpected(enum packet_type packet_type, int id, + char *mailslot_name); + /*The following definitions come from lib/snprintf.c */ @@ -381,6 +799,23 @@ BOOL user_in_group_list(char *user,char *gname); BOOL user_in_list(char *user,char *list); struct passwd *smb_getpwnam(char *user, BOOL allow_change); +/*The following definitions come from lib/util_array.c */ + +void free_void_array(uint32 num_entries, void **entries, + void(free_item)(void*)); +void* add_copy_to_array(uint32 *len, void ***array, const void *item, + void*(item_dup)(const void*), BOOL alloc_anyway); +void* add_item_to_array(uint32 *len, void ***array, void *item); +void free_use_info_array(uint32 num_entries, struct use_info **entries); +struct use_info* add_use_info_to_array(uint32 *len, struct use_info ***array, + const struct use_info *name); +void free_char_array(uint32 num_entries, char **entries); +char* add_chars_to_array(uint32 *len, char ***array, const char *name); +void free_uint32_array(uint32 num_entries, uint32 **entries); +uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name); +void free_sid_array(uint32 num_entries, DOM_SID **entries); +DOM_SID* add_sid_to_array(uint32 *len, DOM_SID ***array, const DOM_SID *sid); + /*The following definitions come from lib/util.c */ char *tmpdir(void); @@ -449,23 +884,6 @@ BOOL ms_has_wild(char *s); BOOL mask_match(char *string, char *pattern, BOOL is_case_sensitive); int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6); -/*The following definitions come from lib/util_array.c */ - -void free_void_array(uint32 num_entries, void **entries, - void(free_item)(void*)); -void* add_copy_to_array(uint32 *len, void ***array, const void *item, - void*(item_dup)(const void*), BOOL alloc_anyway); -void* add_item_to_array(uint32 *len, void ***array, void *item); -void free_use_info_array(uint32 num_entries, struct use_info **entries); -struct use_info* add_use_info_to_array(uint32 *len, struct use_info ***array, - const struct use_info *name); -void free_char_array(uint32 num_entries, char **entries); -char* add_chars_to_array(uint32 *len, char ***array, const char *name); -void free_uint32_array(uint32 num_entries, uint32 **entries); -uint32* add_uint32s_to_array(uint32 *len, uint32 ***array, const uint32 *name); -void free_sid_array(uint32 num_entries, DOM_SID **entries); -DOM_SID* add_sid_to_array(uint32 *len, DOM_SID ***array, const DOM_SID *sid); - /*The following definitions come from lib/util_file.c */ BOOL do_file_lock(int fd, int waitsecs, int type); @@ -692,399 +1110,6 @@ struct in_addr wins_srv_ip( void ); void wins_srv_died( struct in_addr boothill_ip ); unsigned long wins_srv_count( void ); -/*The following definitions come from libsmb/cli_lsarpc.c */ - -struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds); -void cli_lsa_shutdown(struct cli_state *cli); -uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, - uint32 des_access, POLICY_HND *pol); -uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *pol); -uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol, - int num_sids, DOM_SID *sids, char ***names, - uint32 **types, int *num_names); -uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *pol, - int num_names, char **names, DOM_SID **sids, - uint32 **types, int *num_sids); -uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *pol, - uint16 info_class, fstring domain_name, - DOM_SID * domain_sid); -uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, POLICY_HND *pol, - uint32 *enum_ctx, uint32 *num_domains, - char ***domain_names, DOM_SID **domain_sids); - -/*The following definitions come from libsmb/cli_samr.c */ - -struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds); -void cli_samr_shutdown(struct cli_state *cli); -uint32 cli_samr_connect(struct cli_state *cli, char *srv_name, - uint32 access_mask, POLICY_HND *connect_pol); -uint32 cli_samr_close(struct cli_state *cli, POLICY_HND *connect_pol); -uint32 cli_samr_open_domain(struct cli_state *cli, POLICY_HND *connect_pol, - uint32 access_mask, DOM_SID *domain_sid, - POLICY_HND *domain_pol); -uint32 cli_samr_open_user(struct cli_state *cli, POLICY_HND *domain_pol, - uint32 access_mask, uint32 user_rid, - POLICY_HND *user_pol); -uint32 cli_samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol, - uint32 access_mask, uint32 group_rid, - POLICY_HND *group_pol); -uint32 cli_samr_query_userinfo(struct cli_state *cli, POLICY_HND *user_pol, - uint16 switch_value, SAM_USERINFO_CTR *ctr); -uint32 cli_samr_query_groupinfo(struct cli_state *cli, POLICY_HND *group_pol, - uint32 info_level, GROUP_INFO_CTR *ctr); -uint32 cli_samr_query_usergroups(struct cli_state *cli, POLICY_HND *user_pol, - uint32 *num_groups, DOM_GID **gid); -uint32 cli_samr_query_groupmem(struct cli_state *cli, POLICY_HND *group_pol, - uint32 *num_mem, uint32 **rid, uint32 **attr); - -/*The following definitions come from libsmb/cli_spoolss.c */ - -struct cli_state *cli_spoolss_initialise(struct cli_state *cli, - char *system_name, - struct ntuser_creds *creds); -void cli_spoolss_shutdown(struct cli_state *cli); -uint32 cli_spoolss_open_printer_ex(struct cli_state *cli, char *printername, - char *datatype, uint32 access_required, - char *station, char *username, - POLICY_HND *pol); -uint32 cli_spoolss_close_printer(struct cli_state *cli, POLICY_HND *pol); -uint32 cli_spoolss_enum_printers(struct cli_state *cli, uint32 flags, - uint32 level, int *returned, - PRINTER_INFO_CTR *ctr); -uint32 cli_spoolss_enum_ports(struct cli_state *cli, uint32 level, - int *returned, PORT_INFO_CTR *ctr); -uint32 cli_spoolss_getprinter(struct cli_state *cli, POLICY_HND *pol, - uint32 level, PRINTER_INFO_CTR *ctr); -uint32 cli_spoolss_getprinterdriver ( - struct cli_state *cli, - POLICY_HND *pol, - uint32 level, - char* env, - PRINTER_DRIVER_CTR *ctr -); -uint32 cli_spoolss_enumprinterdrivers ( - struct cli_state *cli, - uint32 level, - char* env, - uint32 *returned, - PRINTER_DRIVER_CTR *ctr -); -uint32 cli_spoolss_getprinterdriverdir ( - struct cli_state *cli, - uint32 level, - char* env, - DRIVER_DIRECTORY_CTR *ctr -); -uint32 cli_spoolss_addprinterdriver ( - struct cli_state *cli, - uint32 level, - PRINTER_DRIVER_CTR *ctr -); -uint32 cli_spoolss_addprinterex ( - struct cli_state *cli, - uint32 level, - PRINTER_INFO_CTR *ctr -); - -/*The following definitions come from libsmb/cliconnect.c */ - -BOOL cli_session_setup(struct cli_state *cli, - char *user, - char *pass, int passlen, - char *ntpass, int ntpasslen, - char *workgroup); -BOOL cli_ulogoff(struct cli_state *cli); -BOOL cli_send_tconX(struct cli_state *cli, - char *share, char *dev, char *pass, int passlen); -BOOL cli_tdis(struct cli_state *cli); -void cli_negprot_send(struct cli_state *cli); -BOOL cli_negprot(struct cli_state *cli); -BOOL cli_session_request(struct cli_state *cli, - struct nmb_name *calling, struct nmb_name *called); -BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip); -BOOL cli_reestablish_connection(struct cli_state *cli); -BOOL cli_establish_connection(struct cli_state *cli, - char *dest_host, struct in_addr *dest_ip, - struct nmb_name *calling, struct nmb_name *called, - char *service, char *service_type, - BOOL do_shutdown, BOOL do_tcon); -BOOL attempt_netbios_session_request(struct cli_state *cli, char *srchost, char *desthost, - struct in_addr *pdest_ip); - -/*The following definitions come from libsmb/clidgram.c */ - -int cli_send_mailslot(int dgram_sock, BOOL unique, char *mailslot, - char *buf, int len, - const char *srcname, int src_type, - const char *dstname, int dest_type, - struct in_addr dest_ip, struct in_addr src_ip, - int dest_port, int src_port); -int cli_get_response(int dgram_sock, BOOL unique, char *mailslot, char *buf, int bufsiz); -int cli_get_backup_list(const char *myname, const char *send_to_name); -int cli_get_backup_server(char *my_name, char *target, char *servername, int namesize); - -/*The following definitions come from libsmb/clientgen.c */ - -int cli_set_port(struct cli_state *cli, int port); -BOOL cli_receive_smb(struct cli_state *cli); -BOOL cli_send_smb(struct cli_state *cli); -void cli_setup_packet(struct cli_state *cli); -void cli_setup_bcc(struct cli_state *cli, void *p); -void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr); -struct cli_state *cli_initialise(struct cli_state *cli); -void cli_shutdown(struct cli_state *cli); -void cli_sockopt(struct cli_state *cli, char *options); -uint16 cli_setpid(struct cli_state *cli, uint16 pid); - -/*The following definitions come from libsmb/clierror.c */ - -char *cli_errstr(struct cli_state *cli); -int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num, uint32 *nt_rpc_error); - -/*The following definitions come from libsmb/clifile.c */ - -BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst); -BOOL cli_unlink(struct cli_state *cli, char *fname); -BOOL cli_mkdir(struct cli_state *cli, char *dname); -BOOL cli_rmdir(struct cli_state *cli, char *dname); -int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess); -int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode); -BOOL cli_close(struct cli_state *cli, int fnum); -BOOL cli_lock(struct cli_state *cli, int fnum, - uint32 offset, uint32 len, int timeout, enum brl_type lock_type); -BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len); -BOOL cli_lock64(struct cli_state *cli, int fnum, - SMB_BIG_UINT offset, SMB_BIG_UINT len, int timeout, enum brl_type lock_type); -BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_UINT len); -BOOL cli_getattrE(struct cli_state *cli, int fd, - uint16 *attr, size_t *size, - time_t *c_time, time_t *a_time, time_t *m_time); -BOOL cli_getatr(struct cli_state *cli, char *fname, - uint16 *attr, size_t *size, time_t *t); -BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t); -BOOL cli_chkpath(struct cli_state *cli, char *path); -BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail); - -/*The following definitions come from libsmb/clilist.c */ - -int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, - void (*fn)(file_info *, const char *, void *), void *state); -int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, - void (*fn)(file_info *, const char *, void *), void *state); -int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, - void (*fn)(file_info *, const char *, void *), void *state); - -/*The following definitions come from libsmb/climessage.c */ - -BOOL cli_message_start(struct cli_state *cli, char *host, char *username, - int *grp); -BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp); -BOOL cli_message_end(struct cli_state *cli, int grp); - -/*The following definitions come from libsmb/cliprint.c */ - -int cli_print_queue(struct cli_state *cli, - void (*fn)(struct print_job_info *)); -int cli_printjob_del(struct cli_state *cli, int job); - -/*The following definitions come from libsmb/clirap.c */ - -BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, - uint16 *setup, uint32 setup_count, uint32 max_setup_count, - char *params, uint32 param_count, uint32 max_param_count, - char *data, uint32 data_count, uint32 max_data_count, - char **rparam, uint32 *rparam_count, - char **rdata, uint32 *rdata_count); -BOOL cli_api(struct cli_state *cli, - char *param, int prcnt, int mprcnt, - char *data, int drcnt, int mdrcnt, - char **rparam, int *rprcnt, - char **rdata, int *rdrcnt); -BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation); -int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *, void *), void *state); -BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype, - void (*fn)(const char *, uint32, const char *, void *), - void *state); -BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password, - const char *old_password); -BOOL cli_qpathinfo(struct cli_state *cli, const char *fname, - time_t *c_time, time_t *a_time, time_t *m_time, - size_t *size, uint16 *mode); -BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname, - time_t *c_time, time_t *a_time, time_t *m_time, - time_t *w_time, size_t *size, uint16 *mode, - SMB_INO_T *ino); -BOOL cli_qfileinfo(struct cli_state *cli, int fnum, - uint16 *mode, size_t *size, - time_t *c_time, time_t *a_time, time_t *m_time, - time_t *w_time, SMB_INO_T *ino); - -/*The following definitions come from libsmb/clireadwrite.c */ - -size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size); -ssize_t cli_write(struct cli_state *cli, - int fnum, uint16 write_mode, - char *buf, off_t offset, size_t size); -ssize_t cli_smbwrite(struct cli_state *cli, - int fnum, char *buf, off_t offset, size_t size1); - -/*The following definitions come from libsmb/clisecdesc.c */ - -SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd); -BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd); - -/*The following definitions come from libsmb/clistr.c */ - -int clistr_push(struct cli_state *cli, void *dest, const char *src, int dest_len, int flags); -int clistr_pull(struct cli_state *cli, char *dest, const void *src, int dest_len, int src_len, int flags); -int clistr_align(const void *buf, const void *p); - -/*The following definitions come from libsmb/clitrans.c */ - -BOOL cli_send_trans(struct cli_state *cli, int trans, - char *pipe_name, - int fid, int flags, - uint16 *setup, int lsetup, int msetup, - char *param, int lparam, int mparam, - char *data, int ldata, int mdata); -BOOL cli_receive_trans(struct cli_state *cli,int trans, - char **param, int *param_len, - char **data, int *data_len); -BOOL cli_send_nt_trans(struct cli_state *cli, - int function, - int flags, - uint16 *setup, int lsetup, int msetup, - char *param, int lparam, int mparam, - char *data, int ldata, int mdata); -BOOL cli_receive_nt_trans(struct cli_state *cli, - char **param, int *param_len, - char **data, int *data_len); - -/*The following definitions come from libsmb/credentials.c */ - -char *credstr(uchar *cred); -void cred_session_key(DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal, char *pass, - uchar session_key[8]); -void cred_create(uchar session_key[8], DOM_CHAL *stor_cred, UTIME timestamp, - DOM_CHAL *cred); -int cred_assert(DOM_CHAL *cred, uchar session_key[8], DOM_CHAL *stored_cred, - UTIME timestamp); -BOOL clnt_deal_with_creds(uchar sess_key[8], - DOM_CRED *sto_clnt_cred, DOM_CRED *rcv_srv_cred); -BOOL deal_with_creds(uchar sess_key[8], - DOM_CRED *sto_clnt_cred, - DOM_CRED *rcv_clnt_cred, DOM_CRED *rtn_srv_cred); - -/*The following definitions come from libsmb/namequery.c */ - -struct node_status *name_status_query(int fd,struct nmb_name *name, - struct in_addr to_ip, int *num_names); -BOOL name_status_find(int type, struct in_addr to_ip, char *name); -BOOL name_register(int fd, const char *name, int name_type, - struct in_addr name_ip, int opcode, - BOOL bcast, - struct in_addr to_ip, int *count); -struct in_addr *name_query(int fd,const char *name,int name_type, - BOOL bcast,BOOL recurse, - struct in_addr to_ip, int *count); -FILE *startlmhosts(char *fname); -BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr); -void endlmhosts(FILE *fp); -BOOL name_register_wins(const char *name, int name_type); -BOOL name_resolve_bcast(const char *name, int name_type, - struct in_addr **return_ip_list, int *return_count); -BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type); -BOOL resolve_srv_name(const char* srv_name, fstring dest_host, - struct in_addr *ip); -BOOL find_master_ip(char *group, struct in_addr *master_ip); -BOOL lookup_pdc_name(const char *srcname, const char *domain, struct in_addr *pdc_ip, char *ret_name); -BOOL get_dc_list(BOOL pdc_only, char *group, struct in_addr **ip_list, int *count); - -/*The following definitions come from libsmb/nmblib.c */ - -void debug_nmb_packet(struct packet_struct *p); -char *nmb_namestr(struct nmb_name *n); -struct packet_struct *copy_packet(struct packet_struct *packet); -void free_packet(struct packet_struct *packet); -struct packet_struct *parse_packet(char *buf,int length, - enum packet_type packet_type); -struct packet_struct *read_packet(int fd,enum packet_type packet_type); -void make_nmb_name( struct nmb_name *n, const char *name, int type); -BOOL nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2); -int build_packet(char *buf, struct packet_struct *p); -BOOL send_packet(struct packet_struct *p); -struct packet_struct *receive_packet(int fd,enum packet_type type,int t); -struct packet_struct *receive_nmb_packet(int fd, int t, int trn_id); -struct packet_struct *receive_dgram_packet(int fd, int t, char *mailslot_name); -BOOL match_mailslot_name(struct packet_struct *p, char *mailslot_name); -void sort_query_replies(char *data, int n, struct in_addr ip); -char *dns_to_netbios_name(char *dns_name); -int name_mangle( char *In, char *Out, char name_type ); -int name_extract(char *buf,int ofs,char *name); -int name_len(char *s1); - -/*The following definitions come from libsmb/nterr.c */ - -BOOL get_safe_nt_error_msg(uint32 nt_code,char *msg, size_t len); -char *get_nt_error_msg(uint32 nt_code); - -/*The following definitions come from libsmb/passchange.c */ - -BOOL remote_password_change(const char *remote_machine, const char *user_name, - const char *old_passwd, const char *new_passwd, - char *err_str, size_t err_str_len); - -/*The following definitions come from libsmb/pwd_cache.c */ - -void pwd_init(struct pwd_info *pwd); -BOOL pwd_is_nullpwd(const struct pwd_info *pwd); -BOOL pwd_compare(struct pwd_info *pwd1, struct pwd_info *pwd2); -void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt); -void pwd_set_nullpwd(struct pwd_info *pwd); -void pwd_set_cleartext(struct pwd_info *pwd, char *clr); -void pwd_get_cleartext(struct pwd_info *pwd, char *clr); -void pwd_set_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); -void pwd_get_lm_nt_16(struct pwd_info *pwd, uchar lm_pwd[16], uchar nt_pwd[16]); -void pwd_make_lm_nt_16(struct pwd_info *pwd, char *clr); -void pwd_make_lm_nt_owf(struct pwd_info *pwd, uchar cryptkey[8]); -void pwd_get_lm_nt_owf(struct pwd_info *pwd, uchar lm_owf[24], uchar nt_owf[24]); - -/*The following definitions come from libsmb/smbdes.c */ - -void E_P16(unsigned char *p14,unsigned char *p16); -void E_P24(unsigned char *p21, unsigned char *c8, unsigned char *p24); -void D_P16(unsigned char *p14, unsigned char *in, unsigned char *out); -void E_old_pw_hash( unsigned char *p14, unsigned char *in, unsigned char *out); -void cred_hash1(unsigned char *out,unsigned char *in,unsigned char *key); -void cred_hash2(unsigned char *out,unsigned char *in,unsigned char *key); -void cred_hash3(unsigned char *out,unsigned char *in,unsigned char *key, int forw); -void SamOEMhash( unsigned char *data, unsigned char *key, int val); - -/*The following definitions come from libsmb/smbencrypt.c */ - -void SMBencrypt(uchar *passwd, uchar *c8, uchar *p24); -void E_md4hash(uchar *passwd, uchar *p16); -void nt_lm_owf_gen(char *pwd, uchar nt_p16[16], uchar p16[16]); -void SMBOWFencrypt(uchar passwd[16], uchar *c8, uchar p24[24]); -void NTLMSSPOWFencrypt(uchar passwd[8], uchar *ntlmchalresp, uchar p24[24]); -void SMBNTencrypt(uchar *passwd, uchar *c8, uchar *p24); -BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[16], BOOL unicode); -BOOL decode_pw_buffer(char buffer[516], char *new_pwrd, - int new_pwrd_size, uint32 *new_pw_len); - -/*The following definitions come from libsmb/smberr.c */ - -char *smb_errstr(char *inbuf); - -/*The following definitions come from libsmb/unexpected.c */ - -void unexpected_packet(struct packet_struct *p); -void clear_unexpected(time_t t); -struct packet_struct *receive_unexpected(enum packet_type packet_type, int id, - char *mailslot_name); - /*The following definitions come from locking/brlock.c */ void brl_init(int read_only); @@ -1171,9 +1196,6 @@ BOOL queue_dns_query(struct packet_struct *p,struct nmb_name *question, struct name_record **n); void kill_async_dns_child(void); -/*The following definitions come from nmbd/nmbd.c */ - - /*The following definitions come from nmbd/nmbd_become_dmb.c */ void add_domain_names(time_t t); @@ -1204,6 +1226,9 @@ void announce_and_sync_with_domain_master_browser( struct subnet_record *subrec, void collect_all_workgroup_names_from_wins_server(time_t t); void sync_all_dmbs(time_t t); +/*The following definitions come from nmbd/nmbd.c */ + + /*The following definitions come from nmbd/nmbd_elections.c */ void check_master_browser_exists(time_t t); @@ -1574,6 +1599,10 @@ char *lp_netbios_aliases(void); char *lp_panic_action(void); char *lp_adduser_script(void); char *lp_deluser_script(void); +char *lp_addgroup_script(void); +char *lp_delgroup_script(void); +char *lp_addusertogroup_script(void); +char *lp_deluserfromgroup_script(void); char *lp_wins_hook(void); char *lp_domain_groups(void); char *lp_domain_admin_group(void); @@ -2014,19 +2043,14 @@ void pcap_printer_fn(void (*fn)(char *, char *)); /*The following definitions come from printing/print_cups.c */ -/*The following definitions come from printing/print_generic.c */ - - -/*The following definitions come from printing/print_svid.c */ - -void sysv_printer_fn(void (*fn)(char *, char *)); -int sysv_printername_ok(char *name); - /*The following definitions come from printing/printfsp.c */ files_struct *print_fsp_open(connection_struct *conn,char *jobname); void print_fsp_end(files_struct *fsp, BOOL normal_close); +/*The following definitions come from printing/print_generic.c */ + + /*The following definitions come from printing/printing.c */ BOOL print_backend_init(void); @@ -2050,6 +2074,11 @@ BOOL print_queue_pause(struct current_user *user, int snum, int *errcode); BOOL print_queue_resume(struct current_user *user, int snum, int *errcode); BOOL print_queue_purge(struct current_user *user, int snum, int *errcode); +/*The following definitions come from printing/print_svid.c */ + +void sysv_printer_fn(void (*fn)(char *, char *)); +int sysv_printername_ok(char *name); + /*The following definitions come from profile/profile.c */ void profile_message(int msg_type, pid_t src, void *buf, size_t len); @@ -2260,6 +2289,17 @@ BOOL do_wks_query_info(struct cli_state *cli, char *server_name, uint32 switch_value, WKS_INFO_100 *wks100); +/*The following definitions come from rpcclient/cmd_lsarpc.c */ + + +/*The following definitions come from rpcclient/cmd_samr.c */ + + +/*The following definitions come from rpcclient/cmd_spoolss.c */ + +BOOL get_short_archi(char *short_archi, char *long_archi); +void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch); + /*The following definitions come from rpc_client/ncacn_np_use.c */ BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name, @@ -2273,6 +2313,15 @@ struct ncacn_np *ncacn_np_use_add(const char *pipe_name, const struct ntuser_creds *ntc, BOOL reuse, BOOL *is_new_connection); +/*The following definitions come from rpcclient/rpcclient.c */ + +void fetch_domain_sid(struct cli_state *cli); +void init_rpcclient_creds(struct ntuser_creds *creds, char* username, + char* domain, char* password); +void add_command_set(struct cmd_set *cmd_set); +struct cli_state *setup_connection(struct cli_state *cli, char *system_name, + struct ntuser_creds *creds); + /*The following definitions come from rpc_parse/parse_creds.c */ BOOL make_creds_unix(CREDS_UNIX *r_u, const char* user_name, @@ -3704,26 +3753,6 @@ BOOL api_wkssvc_rpc(pipes_struct *p); uint32 _wks_query_info(pipes_struct *p, WKS_Q_QUERY_INFO *q_u, WKS_R_QUERY_INFO *r_u); -/*The following definitions come from rpcclient/cmd_lsarpc.c */ - - -/*The following definitions come from rpcclient/cmd_samr.c */ - - -/*The following definitions come from rpcclient/cmd_spoolss.c */ - -BOOL get_short_archi(char *short_archi, char *long_archi); -void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch); - -/*The following definitions come from rpcclient/rpcclient.c */ - -void fetch_domain_sid(struct cli_state *cli); -void init_rpcclient_creds(struct ntuser_creds *creds, char* username, - char* domain, char* password); -void add_command_set(struct cmd_set *cmd_set); -struct cli_state *setup_connection(struct cli_state *cli, char *system_name, - struct ntuser_creds *creds); - /*The following definitions come from smbd/blocking.c */ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, int lock_num); @@ -4175,6 +4204,25 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid); BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype); BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype); +/*The following definitions come from smbd/vfs.c */ + +int vfs_init_default(connection_struct *conn); +BOOL vfs_init_custom(connection_struct *conn); +BOOL vfs_directory_exist(connection_struct *conn, char *dname, SMB_STRUCT_STAT *st); +int vfs_mkdir(connection_struct *conn, char *fname, mode_t mode); +char *vfs_getwd(connection_struct *conn, char *unix_path); +BOOL vfs_file_exist(connection_struct *conn,char *fname,SMB_STRUCT_STAT *sbuf); +ssize_t vfs_read_data(files_struct *fsp, char *buf, size_t byte_count); +ssize_t vfs_write_data(files_struct *fsp,char *buffer,size_t N); +int vfs_set_filelen(files_struct *fsp, SMB_OFF_T len); +SMB_OFF_T vfs_transfer_file(int in_fd, files_struct *in_fsp, + int out_fd, files_struct *out_fsp, + SMB_OFF_T n, char *header, int headlen, int align); +char *vfs_readdirname(connection_struct *conn, void *p); +int vfs_ChDir(connection_struct *conn, char *path); +char *vfs_GetWd(connection_struct *conn, char *path); +BOOL reduce_name(connection_struct *conn, char *s,char *dir,BOOL widelinks); + /*The following definitions come from smbd/vfs-wrap.c */ int vfswrap_dummy_connect(connection_struct *conn, char *service, char *user); @@ -4211,25 +4259,6 @@ BOOL vfswrap_set_nt_acl(files_struct *fsp, char *name, uint32 security_info_sent int vfswrap_chmod_acl(connection_struct *conn, char *name, mode_t mode); int vfswrap_fchmod_acl(files_struct *fsp, int fd, mode_t mode); -/*The following definitions come from smbd/vfs.c */ - -int vfs_init_default(connection_struct *conn); -BOOL vfs_init_custom(connection_struct *conn); -BOOL vfs_directory_exist(connection_struct *conn, char *dname, SMB_STRUCT_STAT *st); -int vfs_mkdir(connection_struct *conn, char *fname, mode_t mode); -char *vfs_getwd(connection_struct *conn, char *unix_path); -BOOL vfs_file_exist(connection_struct *conn,char *fname,SMB_STRUCT_STAT *sbuf); -ssize_t vfs_read_data(files_struct *fsp, char *buf, size_t byte_count); -ssize_t vfs_write_data(files_struct *fsp,char *buffer,size_t N); -int vfs_set_filelen(files_struct *fsp, SMB_OFF_T len); -SMB_OFF_T vfs_transfer_file(int in_fd, files_struct *in_fsp, - int out_fd, files_struct *out_fsp, - SMB_OFF_T n, char *header, int headlen, int align); -char *vfs_readdirname(connection_struct *conn, void *p); -int vfs_ChDir(connection_struct *conn, char *path); -char *vfs_GetWd(connection_struct *conn, char *path); -BOOL reduce_name(connection_struct *conn, char *s,char *dir,BOOL widelinks); - /*The following definitions come from smbwrapper/realcalls.c */ int real_utime(const char *name, struct utimbuf *buf); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index ccc967234b..f930cf2f09 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -163,6 +163,10 @@ typedef struct char *szPanicAction; char *szAddUserScript; char *szDelUserScript; + char *szAddGroupScript; + char *szDelGroupScript; + char *szAddUserToGroupScript; + char *szDelUserToGroupScript; char *szWINSHook; #ifdef WITH_UTMP char *szUtmpDir; @@ -891,6 +895,11 @@ static struct parm_struct parm_table[] = { {"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0}, {"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0}, + {"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0}, + {"delete group script", P_STRING, P_GLOBAL, &Globals.szDelGroupScript, NULL, NULL, 0}, + {"add user to group script", P_STRING, P_GLOBAL, &Globals.szAddUserToGroupScript, NULL, NULL, 0}, + {"delete user from group script", P_STRING, P_GLOBAL, &Globals.szDelUserToGroupScript, NULL, NULL, 0}, + {"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL, NULL, FLAG_DOS_STRING}, {"logon path", P_STRING, P_GLOBAL, &Globals.szLogonPath, NULL, NULL, FLAG_DOS_STRING}, {"logon drive", P_STRING, P_GLOBAL, &Globals.szLogonDrive, NULL, NULL, 0}, @@ -1464,6 +1473,12 @@ FN_GLOBAL_STRING(lp_netbios_aliases, &Globals.szNetbiosAliases) FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript) + +FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript) +FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript) +FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript) +FN_GLOBAL_STRING(lp_deluserfromgroup_script, &Globals.szDelUserToGroupScript) + FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook) FN_GLOBAL_STRING(lp_domain_groups, &Globals.szDomainGroups) FN_GLOBAL_STRING(lp_domain_admin_group, &Globals.szDomainAdminGroup) diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 6315057313..ca7be9831a 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -5,7 +5,7 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * Copyright (C) Marc Jacobsen 1999. + * Copyright (C) Marc Jacobsen 1999. * * Split into interface and implementation modules by, * @@ -110,13 +110,17 @@ static BOOL api_samr_get_usrdom_pwinfo(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) + if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to unmarshall SAMR_Q_GET_USRDOM_PWINFO.\n")); return False; + } r_u.status = _samr_get_usrdom_pwinfo(p, &q_u, &r_u); - if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) + if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to marshall SAMR_R_GET_USRDOM_PWINFO.\n")); return False; + } return True; } @@ -136,13 +140,17 @@ static BOOL api_samr_query_sec_obj(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) + if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_sec_obj: unable to unmarshall SAMR_Q_QUERY_SEC_OBJ.\n")); return False; + } r_u.status = _samr_query_sec_obj(p, &q_u, &r_u); - if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) + if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_sec_obj: unable to marshall SAMR_R_QUERY_SEC_OBJ.\n")); return False; + } return True; } @@ -162,14 +170,18 @@ static BOOL api_samr_enum_dom_users(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr open */ - if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) + if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_dom_users: unable to unmarshall SAMR_Q_ENUM_DOM_USERS.\n")); return False; + } r_u.status = _samr_enum_dom_users(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) + if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_dom_users: unable to marshall SAMR_R_ENUM_DOM_USERS.\n")); return False; + } return True; } @@ -189,14 +201,18 @@ static BOOL api_samr_enum_dom_groups(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr open */ - if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) + if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_dom_groups: unable to unmarshall SAMR_Q_ENUM_DOM_GROUPS.\n")); return False; + } r_u.status = _samr_enum_dom_groups(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) + if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_dom_groups: unable to marshall SAMR_R_ENUM_DOM_GROUPS.\n")); return False; + } return True; } @@ -216,14 +232,18 @@ static BOOL api_samr_enum_dom_aliases(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr open */ - if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) + if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_dom_aliases: unable to unmarshall SAMR_Q_ENUM_DOM_ALIASES.\n")); return False; + } r_u.status = _samr_enum_dom_aliases(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) + if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_dom_aliases: unable to marshall SAMR_R_ENUM_DOM_ALIASES.\n")); return False; + } return True; } @@ -242,14 +262,18 @@ static BOOL api_samr_query_dispinfo(pipes_struct *p) ZERO_STRUCT(q_u); ZERO_STRUCT(r_u); - if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) + if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_dispinfo: unable to unmarshall SAMR_Q_QUERY_DISPINFO.\n")); return False; + } r_u.status = _samr_query_dispinfo(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) + if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_dispinfo: unable to marshall SAMR_R_QUERY_DISPINFO.\n")); return False; + } return True; } @@ -269,14 +293,18 @@ static BOOL api_samr_query_aliasinfo(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr open */ - if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) + if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_aliasinfo: unable to unmarshall SAMR_Q_QUERY_ALIASINFO.\n")); return False; + } r_u.status = _samr_query_aliasinfo(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) + if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_aliasinfo: unable to marshall SAMR_R_QUERY_ALIASINFO.\n")); return False; + } return True; } @@ -296,14 +324,18 @@ static BOOL api_samr_lookup_names(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr lookup names */ - if(!samr_io_q_lookup_names("", &q_u, data, 0)) + if(!samr_io_q_lookup_names("", &q_u, data, 0)) { + DEBUG(0,("api_samr_lookup_names: unable to unmarshall SAMR_Q_LOOKUP_NAMES.\n")); return False; + } r_u.status = _samr_lookup_names(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) + if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_lookup_names: unable to marshall SAMR_R_LOOKUP_NAMES.\n")); return False; + } return True; } @@ -354,14 +386,18 @@ static BOOL api_samr_lookup_rids(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr lookup names */ - if(!samr_io_q_lookup_rids("", &q_u, data, 0)) + if(!samr_io_q_lookup_rids("", &q_u, data, 0)) { + DEBUG(0,("api_samr_lookup_rids: unable to unmarshall SAMR_Q_LOOKUP_RIDS.\n")); return False; + } r_u.status = _samr_lookup_rids(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) + if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_lookup_rids: unable to marshall SAMR_R_LOOKUP_RIDS.\n")); return False; + } return True; } @@ -381,16 +417,18 @@ static BOOL api_samr_open_user(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr unknown 22 */ - if(!samr_io_q_open_user("", &q_u, data, 0)) + if(!samr_io_q_open_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n")); return False; + } r_u.status = _api_samr_open_user(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_open_user("", &r_u, rdata, 0)) + if(!samr_io_r_open_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_user: unable to marshall SAMR_R_OPEN_USER.\n")); return False; - - DEBUG(5,("samr_open_user: %d\n", __LINE__)); + } return True; } @@ -410,14 +448,18 @@ static BOOL api_samr_query_userinfo(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr unknown 24 */ - if(!samr_io_q_query_userinfo("", &q_u, data, 0)) + if(!samr_io_q_query_userinfo("", &q_u, data, 0)){ + DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n")); return False; + } r_u.status = _samr_query_userinfo(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) + if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n")); return False; + } return True; } @@ -437,13 +479,16 @@ static BOOL api_samr_query_usergroups(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr unknown 32 */ - if(!samr_io_q_query_usergroups("", &q_u, data, 0)) + if(!samr_io_q_query_usergroups("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n")); return False; + } r_u.status = _samr_query_usergroups(p, &q_u, &r_u); /* store the response in the SMB stream */ if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.\n")); return False; } @@ -465,16 +510,18 @@ static BOOL api_samr_query_dom_info(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr unknown 8 command */ - if(!samr_io_q_query_dom_info("", &q_u, data, 0)) + if(!samr_io_q_query_dom_info("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n")); return False; + } r_u.status = _samr_query_dom_info(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_query_dom_info("", &r_u, rdata, 0)) + if(!samr_io_r_query_dom_info("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_dom_info: unable to marshall SAMR_R_QUERY_DOMAIN_INFO.\n")); return False; - - DEBUG(5,("api_samr_query_dom_info: %d\n", __LINE__)); + } return True; } @@ -526,14 +573,18 @@ static BOOL api_samr_connect_anon(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr open policy */ - if(!samr_io_q_connect_anon("", &q_u, data, 0)) + if(!samr_io_q_connect_anon("", &q_u, data, 0)) { + DEBUG(0,("api_samr_connect_anon: unable to unmarshall SAMR_Q_CONNECT_ANON.\n")); return False; + } r_u.status = _samr_connect_anon(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) + if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_connect_anon: unable to marshall SAMR_R_CONNECT_ANON.\n")); return False; + } return True; } @@ -553,14 +604,18 @@ static BOOL api_samr_connect(pipes_struct *p) ZERO_STRUCT(r_u); /* grab the samr open policy */ - if(!samr_io_q_connect("", &q_u, data, 0)) + if(!samr_io_q_connect("", &q_u, data, 0)) { + DEBUG(0,("api_samr_connect: unable to unmarshall SAMR_Q_CONNECT.\n")); return False; + } r_u.status = _samr_connect(p, &q_u, &r_u); /* store the response in the SMB stream */ - if(!samr_io_r_connect("", &r_u, rdata, 0)) + if(!samr_io_r_connect("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_connect: unable to marshall SAMR_R_CONNECT.\n")); return False; + } return True; } @@ -759,12 +814,14 @@ static BOOL api_samr_query_aliasmem(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_query_aliasmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_aliasmem: unable to unmarshall SAMR_Q_QUERY_ALIASMEM.\n")); return False; } r_u.status = _samr_query_aliasmem(p, &q_u, &r_u); if (!samr_io_r_query_aliasmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_aliasmem: unable to marshall SAMR_R_QUERY_ALIASMEM.\n")); return False; } @@ -787,12 +844,14 @@ static BOOL api_samr_query_groupmem(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_query_groupmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_groupmem: unable to unmarshall SAMR_Q_QUERY_GROUPMEM.\n")); return False; } r_u.status = _samr_query_groupmem(p, &q_u, &r_u); if (!samr_io_r_query_groupmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_groupmem: unable to marshall SAMR_R_QUERY_GROUPMEM.\n")); return False; } @@ -815,12 +874,14 @@ static BOOL api_samr_add_aliasmem(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_add_aliasmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_add_aliasmem: unable to unmarshall SAMR_Q_ADD_ALIASMEM.\n")); return False; } r_u.status = _samr_add_aliasmem(p, &q_u, &r_u); if (!samr_io_r_add_aliasmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_add_aliasmem: unable to marshall SAMR_R_ADD_ALIASMEM.\n")); return False; } @@ -843,12 +904,14 @@ static BOOL api_samr_del_aliasmem(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_del_aliasmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_del_aliasmem: unable to unmarshall SAMR_Q_DEL_ALIASMEM.\n")); return False; } r_u.status = _samr_del_aliasmem(p, &q_u, &r_u); if (!samr_io_r_del_aliasmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_del_aliasmem: unable to marshall SAMR_R_DEL_ALIASMEM.\n")); return False; } @@ -871,12 +934,14 @@ static BOOL api_samr_add_groupmem(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_add_groupmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_add_groupmem: unable to unmarshall SAMR_Q_ADD_GROUPMEM.\n")); return False; } r_u.status = _samr_add_groupmem(p, &q_u, &r_u); if (!samr_io_r_add_groupmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_add_groupmem: unable to marshall SAMR_R_ADD_GROUPMEM.\n")); return False; } @@ -899,12 +964,14 @@ static BOOL api_samr_del_groupmem(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_del_groupmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_del_groupmem: unable to unmarshall SAMR_Q_DEL_GROUPMEM.\n")); return False; } r_u.status = _samr_del_groupmem(p, &q_u, &r_u); if (!samr_io_r_del_groupmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_del_groupmem: unable to marshall SAMR_R_DEL_GROUPMEM.\n")); return False; } @@ -927,12 +994,14 @@ static BOOL api_samr_delete_dom_user(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_delete_dom_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_delete_dom_user: unable to unmarshall SAMR_Q_DELETE_DOM_USER.\n")); return False; } r_u.status = _samr_delete_dom_user(p, &q_u, &r_u); if (!samr_io_r_delete_dom_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_delete_dom_user: unable to marshall SAMR_R_DELETE_DOM_USER.\n")); return False; } @@ -955,12 +1024,14 @@ static BOOL api_samr_delete_dom_group(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_delete_dom_group("", &q_u, data, 0)) { + DEBUG(0,("api_samr_delete_dom_group: unable to unmarshall SAMR_Q_DELETE_DOM_GROUP.\n")); return False; } r_u.status = _samr_delete_dom_group(p, &q_u, &r_u); if (!samr_io_r_delete_dom_group("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_delete_dom_group: unable to marshall SAMR_R_DELETE_DOM_GROUP.\n")); return False; } @@ -983,12 +1054,14 @@ static BOOL api_samr_delete_dom_alias(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_delete_dom_alias("", &q_u, data, 0)) { + DEBUG(0,("api_samr_delete_dom_alias: unable to unmarshall SAMR_Q_DELETE_DOM_ALIAS.\n")); return False; } r_u.status = _samr_delete_dom_alias(p, &q_u, &r_u); if (!samr_io_r_delete_dom_alias("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_delete_dom_alias: unable to marshall SAMR_R_DELETE_DOM_ALIAS.\n")); return False; } @@ -1011,12 +1084,14 @@ static BOOL api_samr_create_dom_group(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_create_dom_group("", &q_u, data, 0)) { + DEBUG(0,("api_samr_create_dom_group: unable to unmarshall SAMR_Q_CREATE_DOM_GROUP.\n")); return False; } r_u.status = _samr_create_dom_group(p, &q_u, &r_u); if (!samr_io_r_create_dom_group("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_create_dom_group: unable to marshall SAMR_R_CREATE_DOM_GROUP.\n")); return False; } @@ -1039,12 +1114,14 @@ static BOOL api_samr_create_dom_alias(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_create_dom_alias("", &q_u, data, 0)) { + DEBUG(0,("api_samr_create_dom_alias: unable to unmarshall SAMR_Q_CREATE_DOM_ALIAS.\n")); return False; } r_u.status = _samr_create_dom_alias(p, &q_u, &r_u); if (!samr_io_r_create_dom_alias("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_create_dom_alias: unable to marshall SAMR_R_CREATE_DOM_ALIAS.\n")); return False; } @@ -1067,12 +1144,14 @@ static BOOL api_samr_query_groupinfo(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_query_groupinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_groupinfo: unable to unmarshall SAMR_Q_QUERY_GROUPINFO.\n")); return False; } r_u.status = _samr_query_groupinfo(p, &q_u, &r_u); if (!samr_io_r_query_groupinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_groupinfo: unable to marshall SAMR_R_QUERY_GROUPINFO.\n")); return False; } @@ -1095,12 +1174,14 @@ static BOOL api_samr_set_groupinfo(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_set_groupinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_groupinfo: unable to unmarshall SAMR_Q_SET_GROUPINFO.\n")); return False; } r_u.status = _samr_set_groupinfo(p, &q_u, &r_u); if (!samr_io_r_set_groupinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_groupinfo: unable to marshall SAMR_R_SET_GROUPINFO.\n")); return False; } @@ -1123,12 +1204,14 @@ static BOOL api_samr_get_dom_pwinfo(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_get_dom_pwinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_get_dom_pwinfo: unable to unmarshall SAMR_Q_GET_DOM_PWINFO.\n")); return False; } r_u.status = _samr_get_dom_pwinfo(p, &q_u, &r_u); if (!samr_io_r_get_dom_pwinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_get_dom_pwinfo: unable to marshall SAMR_R_GET_DOM_PWINFO.\n")); return False; } @@ -1151,12 +1234,14 @@ static BOOL api_samr_open_group(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_open_group("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_group: unable to unmarshall SAMR_Q_OPEN_GROUP.\n")); return False; } r_u.status = _samr_open_group(p, &q_u, &r_u); if (!samr_io_r_open_group("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_group: unable to marshall SAMR_R_OPEN_GROUP.\n")); return False; } @@ -1179,12 +1264,14 @@ static BOOL api_samr_unknown_2d(pipes_struct *p) ZERO_STRUCT(r_u); if (!samr_io_q_unknown_2d("", &q_u, data, 0)) { + DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n")); return False; } r_u.status = _samr_unknown_2d(p, &q_u, &r_u); if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n")); return False; } diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index ec5ea29f70..94524da352 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -5,7 +5,7 @@ * Copyright (C) Andrew Tridgell 1992-1997, * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, * Copyright (C) Paul Ashton 1997. - * Copyright (C) Marc Jacobsen 1999. + * Copyright (C) Marc Jacobsen 1999. * Copyright (C) Jeremy Allison 2001. * * This program is free software; you can redistribute it and/or modify @@ -34,6 +34,7 @@ extern int DEBUGLEVEL; extern fstring global_myworkgroup; extern pstring global_myname; extern DOM_SID global_sam_sid; +extern DOM_SID global_sid_Builtin; extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; @@ -546,7 +547,6 @@ uint32 _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, S static uint32 samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SID *usr_sid) { - extern DOM_SID global_sid_Builtin; extern DOM_SID global_sid_World; DOM_SID adm_sid; DOM_SID act_sid; @@ -1251,8 +1251,8 @@ static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring nam UNIHDR **pp_hdr_name, UNISTR2 **pp_uni_name) { uint32 i; - UNIHDR *hdr_name; - UNISTR2 *uni_name; + UNIHDR *hdr_name=NULL; + UNISTR2 *uni_name=NULL; *pp_uni_name = NULL; *pp_hdr_name = NULL; @@ -2306,8 +2306,22 @@ uint32 _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SE uint32 _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u) { - DEBUG(0,("_samr_query_useraliases: Not yet implemented.\n")); - return False; + uint32 *rid=NULL; + int num_rids; + + num_rids = 1; + rid=(uint32 *)talloc(p->mem_ctx, num_rids*sizeof(uint32)); + if (rid==NULL) + return NT_STATUS_NO_MEMORY; + + /* until i see a real useraliases query, we fack one up */ + + rid[0] = BUILTIN_ALIAS_RID_USERS; + + init_samr_r_query_useraliases(r_u, num_rids, rid, NT_STATUS_NO_PROBLEMO); + + return NT_STATUS_NO_PROBLEMO; + } /********************************************************************* @@ -2316,8 +2330,61 @@ uint32 _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, S uint32 _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_QUERY_ALIASMEM *r_u) { - DEBUG(0,("_samr_query_aliasmem: Not yet implemented.\n")); - return False; + int i; + + GROUP_MAP map; + int num_uids = 0; + DOM_SID2 *sid; + uid_t *uid=NULL; + + DOM_SID alias_sid; + DOM_SID als_sid; + uint32 alias_rid; + fstring alias_sid_str; + DOM_SID temp_sid; + + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) + return NT_STATUS_INVALID_HANDLE; + + sid_copy(&als_sid, &alias_sid); + sid_to_string(alias_sid_str, &alias_sid); + sid_split_rid(&alias_sid, &alias_rid); + + DEBUG(10, ("sid is %s\n", alias_sid_str)); + + if (sid_equal(&alias_sid, &global_sid_Builtin)) { + DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n")); + if(!get_builtin_group_from_sid(als_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + } else { + if (sid_equal(&alias_sid, &global_sam_sid)) { + DEBUG(10, ("lookup on Server SID\n")); + if(!get_local_group_from_sid(als_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + } + } + + if(!get_uid_list_of_group(map.gid, &uid, &num_uids)) + return NT_STATUS_NO_SUCH_ALIAS; + + DEBUG(10, ("sid is %s\n", alias_sid_str)); + sid = (DOM_SID2 *)talloc(p->mem_ctx, sizeof(DOM_SID2) * num_uids); + if (sid == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + for (i = 0; i < num_uids; i++) { + sid_copy(&temp_sid, &global_sam_sid); + sid_append_rid(&temp_sid, pdb_uid_to_user_rid(uid[i])); + + init_dom_sid2(&sid[i], &temp_sid); + } + + DEBUG(10, ("sid is %s\n", alias_sid_str)); + init_samr_r_query_aliasmem(r_u, num_uids, sid, NT_STATUS_NO_PROBLEMO); + + return NT_STATUS_NOPROBLEMO; } /********************************************************************* @@ -2326,8 +2393,56 @@ uint32 _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_ uint32 _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u) { - DEBUG(0,("_samr_query_groupmem: Not yet implemented.\n")); - return False; + int num_uids = 0; + int i; + DOM_SID group_sid; + uint32 group_rid; + fstring group_sid_str; + uid_t *uid=NULL; + + GROUP_MAP map; + + uint32 *rid=NULL; + uint32 *attr=NULL; + + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid)) + return NT_STATUS_INVALID_HANDLE; + + /* todo: change to use sid_compare_front */ + + sid_split_rid(&group_sid, &group_rid); + sid_to_string(group_sid_str, &group_sid); + DEBUG(10, ("sid is %s\n", group_sid_str)); + + /* can we get a query for an SID outside our domain ? */ + if (!sid_equal(&group_sid, &global_sam_sid)) + return NT_STATUS_NO_SUCH_GROUP; + + sid_append_rid(&group_sid, group_rid); + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + + if(!get_uid_list_of_group(map.gid, &uid, &num_uids)) + return NT_STATUS_NO_SUCH_GROUP; + + rid=talloc(p->mem_ctx, sizeof(uint32)*num_uids); + attr=talloc(p->mem_ctx, sizeof(uint32)*num_uids); + + if (rid==NULL || attr==NULL) + return NT_STATUS_NO_MEMORY; + + for (i=0; i<num_uids; i++) { + rid[i]=pdb_uid_to_user_rid(uid[i]); + attr[i] = SID_NAME_USER; + } + + init_samr_r_query_groupmem(r_u, num_uids, rid, attr, NT_STATUS_NOPROBLEMO); + + return NT_STATUS_NOPROBLEMO; } /********************************************************************* @@ -2336,8 +2451,64 @@ uint32 _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_ uint32 _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u) { - DEBUG(0,("_samr_add_aliasmem: Not yet implemented.\n")); - return False; + DOM_SID alias_sid; + fstring alias_sid_str; + uid_t uid; + struct passwd *pwd; + struct group *grp; + fstring grp_name; + uint32 rid; + GROUP_MAP map; + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid)) + return NT_STATUS_INVALID_HANDLE; + + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("sid is %s\n", alias_sid_str)); + + if (sid_compare(&alias_sid, &global_sam_sid)>0) { + DEBUG(10, ("adding member on Server SID\n")); + if(!get_local_group_from_sid(alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else { + if (sid_compare(&alias_sid, &global_sid_Builtin)>0) { + DEBUG(10, ("adding member on BUILTIN SID\n")); + if( !get_builtin_group_from_sid(alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else + return NT_STATUS_NO_SUCH_ALIAS; + } + + sid_split_rid(&q_u->sid.sid, &rid); + uid=pdb_user_rid_to_uid(rid); + + if ((pwd=getpwuid(uid)) == NULL) + return NT_STATUS_NO_SUCH_USER; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* if the user is already in the group */ + if(user_in_group_list(pwd->pw_name, grp_name)) + return NT_STATUS_MEMBER_IN_ALIAS; + + /* + * ok, the group exist, the user exist, the user is not in the group, + * we can (finally) add it to the group ! + */ + smb_add_user_group(grp_name, pwd->pw_name); + + /* check if the user has been added then ... */ + if(!user_in_group_list(pwd->pw_name, grp_name)) + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + + return NT_STATUS_NOPROBLEMO; } /********************************************************************* @@ -2356,8 +2527,54 @@ uint32 _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ uint32 _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u) { - DEBUG(0,("_samr_add_groupmem: Not yet implemented.\n")); - return False; + DOM_SID group_sid; + fstring group_sid_str; + struct passwd *pwd; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) + return NT_STATUS_INVALID_HANDLE; + + sid_to_string(group_sid_str, &group_sid); + DEBUG(10, ("sid is %s\n", group_sid_str)); + + if (sid_compare(&group_sid, &global_sam_sid)<=0) + return NT_STATUS_NO_SUCH_GROUP; + + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + + if ((pwd=getpwuid(pdb_user_rid_to_uid(q_u->rid))) ==NULL) + return NT_STATUS_NO_SUCH_USER; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_GROUP; + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* if the user is already in the group */ + if(user_in_group_list(pwd->pw_name, grp_name)) + return NT_STATUS_MEMBER_IN_GROUP; + + /* + * ok, the group exist, the user exist, the user is not in the group, + * + * we can (finally) add it to the group ! + */ + + smb_add_user_group(grp_name, pwd->pw_name); + + /* check if the user has been added then ... */ + if(!user_in_group_list(pwd->pw_name, grp_name)) + return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */ + + return NT_STATUS_NOPROBLEMO; } /********************************************************************* @@ -2406,8 +2623,55 @@ uint32 _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAM uint32 _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAMR_R_CREATE_DOM_GROUP *r_u) { - DEBUG(0,("_samr_create_dom_group: Not yet implemented.\n")); - return False; + DOM_SID dom_sid; + DOM_SID info_sid; + fstring name; + fstring sid_string; + struct group *grp; + struct samr_info *info; + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid)) + return NT_STATUS_INVALID_HANDLE; + + if (!sid_equal(&dom_sid, &global_sam_sid)) + return NT_STATUS_ACCESS_DENIED; + + /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ + + unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); + + /* check if group already exist */ + if ((grp=getgrnam(name)) != NULL) + return NT_STATUS_GROUP_EXISTS; + + /* we can create the UNIX group */ + smb_create_group(name); + + /* check if the group has been successfully created */ + if ((grp=getgrnam(name)) == NULL) + return NT_STATUS_ACCESS_DENIED; + + r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); + + /* add the group to the mapping table */ + if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL, SE_PRIV_NONE)) + return NT_STATUS_ACCESS_DENIED; + + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + + sid_copy(&info_sid, &global_sam_sid); + sid_append_rid(&info->sid, r_u->rid); + sid_to_string(sid_string, &info->sid); + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_NOPROBLEMO; } /********************************************************************* @@ -2416,28 +2680,137 @@ uint32 _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAM uint32 _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u) { - DEBUG(0,("_samr_create_dom_alias: Not yet implemented.\n")); - return False; + DOM_SID dom_sid; + fstring name; + fstring sid_string; + struct group *grp; + struct samr_info *info; + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid)) + return NT_STATUS_INVALID_HANDLE; + + if (!sid_equal(&dom_sid, &global_sam_sid)) + return NT_STATUS_ACCESS_DENIED; + + /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ + + unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); + + /* check if group already exists */ + if ( (grp=getgrnam(name)) != NULL) + return NT_STATUS_GROUP_EXISTS; + + /* we can create the UNIX group */ + smb_create_group(name); + + /* check if the group has been successfully created */ + if ((grp=getgrnam(name)) == NULL) + return NT_STATUS_ACCESS_DENIED; + + r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); + + /* add the group to the mapping table */ + if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, NULL, NULL, SE_PRIV_NONE)) + return NT_STATUS_ACCESS_DENIED; + + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + + sid_copy(&info->sid, &global_sam_sid); + sid_append_rid(&info->sid, r_u->rid); + sid_to_string(sid_string, &info->sid); + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_NOPROBLEMO; } /********************************************************************* _samr_query_groupinfo + +sends the name/comment pair of a domain group +level 1 send also the number of users of that group *********************************************************************/ uint32 _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u) { - DEBUG(0,("_samr_query_groupinfo: Not yet implemented.\n")); - return False; + DOM_SID group_sid; + GROUP_MAP map; + uid_t *uid; + int num_uids=0; + GROUP_INFO_CTR *ctr; + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) + return NT_STATUS_INVALID_HANDLE; + + if (!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_INVALID_HANDLE; + + ctr=(GROUP_INFO_CTR *)talloc(p->mem_ctx, sizeof(GROUP_INFO_CTR)); + if (ctr==NULL) + return NT_STATUS_NO_MEMORY; + + switch (q_u->switch_level) { + case 1: + ctr->switch_value1 = 1; + if(!get_uid_list_of_group(map.gid, &uid, &num_uids)) + return NT_STATUS_NO_SUCH_GROUP; + init_samr_group_info1(&ctr->group.info1, map.nt_name, map.comment, num_uids); + safe_free(uid); + break; + case 4: + ctr->switch_value1 = 4; + init_samr_group_info4(&ctr->group.info4, map.comment); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + init_samr_r_query_groupinfo(r_u, ctr, NT_STATUS_NO_PROBLEMO); + + return NT_STATUS_NO_PROBLEMO; } /********************************************************************* _samr_set_groupinfo + + update a domain group's comment. *********************************************************************/ uint32 _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u) { - DEBUG(0,("_samr_set_groupinfo: Not yet implemented.\n")); - return False; + DOM_SID group_sid; + GROUP_MAP map; + GROUP_INFO_CTR *ctr; + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid)) + return NT_STATUS_INVALID_HANDLE; + + if (!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + + ctr=q_u->ctr; + + switch (ctr->switch_value1) { + case 1: + unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1); + break; + case 4: + unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + if(!add_mapping_entry(&map, TDB_REPLACE)) + return NT_STATUS_NO_SUCH_GROUP; + + return NT_STATUS_NO_PROBLEMO; } /********************************************************************* @@ -2456,8 +2829,38 @@ uint32 _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_ uint32 _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u) { - DEBUG(0,("_samr_open_group: Not yet implemented.\n")); - return False; + DOM_SID sid; + GROUP_MAP map; + struct samr_info *info; + fstring sid_string; + + if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid)) + return NT_STATUS_INVALID_HANDLE; + + /* this should not be hard-coded like this */ + if (!sid_equal(&sid, &global_sam_sid)) + return NT_STATUS_ACCESS_DENIED; + + if ((info = (struct samr_info *)malloc(sizeof(struct samr_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + + sid_copy(&info->sid, &global_sam_sid); + sid_append_rid(&info->sid, q_u->rid_group); + sid_to_string(sid_string, &info->sid); + + DEBUG(10, ("Opening SID: %s\n", sid_string)); + + /* check if that group really exists */ + if (!get_domain_group_from_sid(info->sid, &map)) + return NT_STATUS_NO_SUCH_USER; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_NO_PROBLEMO; } /********************************************************************* diff --git a/source3/smbd/server.c b/source3/smbd/server.c index d2a7ad3be4..baa1536248 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -772,6 +772,11 @@ static void usage(char *pname) /* possibly reload the services file. */ reload_services(True); + if (init_group_mapping()==False) { + printf("Could not open tdb mapping file.\n"); + return 0; + } + if(!pdb_generate_sam_sid()) { DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n")); exit(1); diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c new file mode 100644 index 0000000000..d36e982b51 --- /dev/null +++ b/source3/utils/smbgroupedit.c @@ -0,0 +1,341 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Jean François Micouleau 1998-2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern pstring global_myname; +extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; + +/* + * Next two lines needed for SunOS and don't + * hurt anything else... + */ +extern char *optarg; +extern int optind; + +/********************************************************* + Print command usage on stderr and die. +**********************************************************/ +static void usage(void) +{ + if (getuid() == 0) { + printf("groupedit options\n"); + } else { + printf("You need to be root to use this tool!\n"); + } + printf("options:\n"); + printf(" -a group create new group\n"); + printf(" -n group NT group name\n"); + printf(" -p privilege only local\n"); + printf(" -v list groups\n"); + printf(" -c SID change group\n"); + printf(" -x group delete this group\n"); + printf("\n"); + printf(" -t[b|d|l] type: builtin, domain, local \n"); + exit(1); +} + +/********************************************************* + add a group. +**********************************************************/ +int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcomment, char *privilege) +{ + uint32 se_priv; + gid_t gid; + DOM_SID sid; + fstring string_sid; + fstring name, comment; + +/* convert_priv_from_text(&se_priv, privilege);*/ + + se_priv=0xff; + + gid=nametogid(group); + if (gid==-1) + return -1; + + local_gid_to_sid(&sid, gid); + sid_to_string(string_sid, &sid); + + if (ntgroup==NULL) + fstrcpy(name, group); + else + fstrcpy(name, ntgroup); + + if (ntcomment==NULL) + fstrcpy(comment, "Local Unix group"); + else + fstrcpy(comment, ntcomment); + + if(add_initial_entry(gid, string_sid, sid_type, group, comment, se_priv)) + return 0; + +} + +/********************************************************* + Change a group. +**********************************************************/ +int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char *groupdesc, char *privilege) +{ + DOM_SID sid; + GROUP_MAP map; + gid_t gid; + uint32 se_priv; + + string_to_sid(&sid, sid_string); + + /* Get the current mapping from the database */ + if(!get_group_map_from_sid(sid, &map)) { + printf("This SID does not exist in the database\n"); + return -1; + } + + /* If a new Unix group is specified, check and change */ + if (group!=NULL) { + gid=nametogid(group); + if (gid==-1) { + printf("The UNIX group does not exist\n"); + return -1; + } else + map.gid=gid; + } + + /* + * Allow changing of group type only between domain and local + * We disallow changing Builtin groups !!! (SID problem) + */ + if (sid_type==SID_NAME_ALIAS || sid_type==SID_NAME_DOM_GRP) + if (map.sid_name_use==SID_NAME_ALIAS || map.sid_name_use==SID_NAME_DOM_GRP) + map.sid_name_use=sid_type; + + + /* Change comment if new one */ + if (groupdesc!=NULL) + fstrcpy(map.comment, groupdesc); + + /* Change the privilege if new one */ + if (privilege!=NULL) { + convert_priv_from_text(&se_priv, privilege); + map.privilege=se_priv; + } + + if (!add_mapping_entry(&map, TDB_REPLACE)) { + printf("Count not update group database\n"); + return -1; + } + +} + +/********************************************************* + List the groups. +**********************************************************/ +int deletegroup(char *group) +{ + uint32 se_priv; + +/* convert_priv(&se_priv, privilege);*/ + +/* if(add_initial_entry(gid, sid, type, ntgroup, "", se_priv)) + return 0; +*/ +} + +/********************************************************* + List the groups. +**********************************************************/ +int listgroup(enum SID_NAME_USE sid_type) +{ + int entries,i; + GROUP_MAP *map=NULL; + fstring string_sid; + fstring group_type; + fstring priv_text; + + printf("Unix\tSID\ttype\tnt name\tnt comment\tprivilege\n"); + + if (enum_group_mapping(sid_type, &map, &entries)==False) + return 0; + + for (i=0; i<entries; i++) { + decode_sid_name_use(group_type, (map[i]).sid_name_use); + sid_to_string(string_sid, &map[i].sid); + convert_priv_to_text(map[i].privilege, priv_text); + + printf("%s\t%s\t%s\n\t%s\t%s\t%s\n\n", gidtoname(map[i].gid), map[i].nt_name, string_sid, + group_type, map[i].comment, priv_text); + } + + +} + +/********************************************************* + Start here. +**********************************************************/ +int main (int argc, char **argv) +{ + int ch; + static pstring servicesf = CONFIGFILE; + BOOL add_group = False; + BOOL view_group = False; + BOOL change_group = False; + BOOL delete_group = False; + BOOL nt_group = False; + BOOL priv = False; + BOOL group_type = False; + + char *group = NULL; + char *sid = NULL; + char *ntgroup = NULL; + char *privilege = NULL; + char *groupt = NULL; + char *group_desc = NULL; + + enum SID_NAME_USE sid_type; + + TimeInit(); + + setup_logging("groupedit", True); + + charset_initialise(); + + if (argc < 2) { + usage(); + return 0; + } + + if(!initialize_password_db(True)) { + fprintf(stderr, "Can't setup password database vectors.\n"); + exit(1); + } + + if (!lp_load(servicesf,True,False,False)) { + fprintf(stderr, "Can't load %s - run testparm to debug it\n", + servicesf); + exit(1); + } + + while ((ch = getopt(argc, argv, "a:c:d:n:p:t:u:vx:")) != EOF) { + switch(ch) { + case 'a': + add_group = True; + group=optarg; + break; + case 'c': + change_group = True; + sid=optarg; + break; + case 'd': + group_desc=optarg; + break; + case 'n': + nt_group = True; + ntgroup=optarg; + break; + case 'p': + priv = True; + privilege=optarg; + break; + case 't': + group_type = True; + groupt=optarg; + break; + case 'u': + group=optarg; + break; + case 'v': + view_group = True; + break; + case 'x': + delete_group = True; + group=optarg; + break; + /*default: + usage();*/ + } + } + + + if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) > 1) { + fprintf (stderr, "Incompatible options on command line!\n"); + usage(); + exit(1); + } + + /* no option on command line -> list groups */ + if (((add_group?1:0) + (view_group?1:0) + (change_group?1:0) + (delete_group?1:0)) == 0) + view_group = True; + + + if (group_type==False) + sid_type=SID_NAME_UNKNOWN; + else { + switch (groupt[0]) { + case 'l': + case 'L': + sid_type=SID_NAME_ALIAS; + break; + case 'd': + case 'D': + sid_type=SID_NAME_DOM_GRP; + break; + case 'b': + case 'B': + sid_type=SID_NAME_WKN_GRP; + break; + default: + sid_type=SID_NAME_UNKNOWN; + break; + } + } + + if (init_group_mapping()==False) { + printf("Could not open tdb mapping file.\n"); + return 0; + } + + if(pdb_generate_sam_sid()==False) { + printf("Can not read machine SID\n"); + return 0; + } + + default_group_mapping(); + + if (add_group) + return addgroup(group, sid_type, ntgroup, group_desc, privilege); + + if (view_group) + return listgroup(sid_type); + + if (delete_group) + return deletegroup(group); + + if (change_group) { + return changegroup(sid, group, sid_type, group_desc, privilege); + } + + usage(); + + return 0; +} + + |