summaryrefslogtreecommitdiff
path: root/source3/include
diff options
context:
space:
mode:
authorMatthew Chapman <matty@samba.org>1999-02-24 01:52:30 +0000
committerMatthew Chapman <matty@samba.org>1999-02-24 01:52:30 +0000
commit05f772b431f9c77a2fb37736fc4f801d84cac365 (patch)
tree12722ff39b9a869d85beb4aa228192c2a1fe110f /source3/include
parent1e71ecdcb21f24e70ee5edbbc05de0284fa588f4 (diff)
downloadsamba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.gz
samba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.bz2
samba-05f772b431f9c77a2fb37736fc4f801d84cac365.zip
Win9x user level security.
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e)
Diffstat (limited to 'source3/include')
-rw-r--r--source3/include/proto.h55
-rw-r--r--source3/include/rpc_samr.h225
2 files changed, 195 insertions, 85 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index edc087be3f..f31d178842 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1731,6 +1731,9 @@ BOOL samr_set_groupinfo(struct cli_state *cli, uint16 fnum,
BOOL samr_open_domain(struct cli_state *cli, uint16 fnum,
POLICY_HND *connect_pol, uint32 flags, DOM_SID *sid,
POLICY_HND *domain_pol);
+BOOL samr_query_lookup_domain(struct cli_state *cli, uint16 fnum,
+ POLICY_HND *pol, const char *dom_name,
+ DOM_SID *dom_sid);
BOOL samr_query_lookup_names(struct cli_state *cli, uint16 fnum,
POLICY_HND *pol, uint32 flags,
uint32 num_names, const char **names,
@@ -2160,6 +2163,10 @@ void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_stru
void make_samr_q_close_hnd(SAMR_Q_CLOSE_HND *q_c, POLICY_HND *hnd);
void samr_io_q_close_hnd(char *desc, SAMR_Q_CLOSE_HND *q_u, prs_struct *ps, int depth);
void samr_io_r_close_hnd(char *desc, SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int depth);
+void make_samr_q_lookup_domain(SAMR_Q_LOOKUP_DOMAIN *q_u,
+ POLICY_HND *pol, const char *dom_name);
+void samr_io_q_lookup_domain(char *desc, SAMR_Q_LOOKUP_DOMAIN *q_u, prs_struct *ps, int depth);
+void samr_io_r_lookup_domain(char *desc, SAMR_R_LOOKUP_DOMAIN *r_u, prs_struct *ps, int depth);
void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u,
POLICY_HND *connect_pol, uint32 flags,
DOM_SID *sid);
@@ -2201,17 +2208,29 @@ void make_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS *r_u,
uint32 num_sam_entries, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES], uint32 status);
void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struct *ps, int depth);
void make_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_e, POLICY_HND *pol,
- uint16 switch_level, uint32 start_idx, uint32 size);
+ uint16 switch_level, uint32 start_idx,
+ uint32 max_entries);
void samr_io_q_query_dispinfo(char *desc, SAMR_Q_QUERY_DISPINFO *q_e, prs_struct *ps, int depth);
-void make_sam_info_2(SAM_INFO_2 *sam, uint32 acb_mask,
- uint32 start_idx, uint32 num_sam_entries,
- SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
-void make_sam_info_1(SAM_INFO_1 *sam, uint32 acb_mask,
- uint32 start_idx, uint32 num_sam_entries,
- SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
+void make_sam_dispinfo_1(SAM_DISPINFO_1 *sam, uint32 *num_entries,
+ uint32 *data_size, uint32 start_idx,
+ SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
+void make_sam_dispinfo_2(SAM_DISPINFO_2 *sam, uint32 *num_entries,
+ uint32 *data_size, uint32 start_idx,
+ SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
+void make_sam_dispinfo_3(SAM_DISPINFO_3 *sam, uint32 *num_entries,
+ uint32 *data_size, uint32 start_idx,
+ DOMAIN_GRP *grp);
+void make_sam_dispinfo_4(SAM_DISPINFO_4 *sam, uint32 *num_entries,
+ uint32 *data_size, uint32 start_idx,
+ SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
+void make_sam_dispinfo_5(SAM_DISPINFO_5 *sam, uint32 *num_entries,
+ uint32 *data_size, uint32 start_idx,
+ DOMAIN_GRP *grp);
void make_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO *r_u,
- uint16 switch_level, SAM_INFO_CTR *ctr, uint32 status);
-void samr_io_r_query_dispinfo(char *desc, SAMR_R_QUERY_DISPINFO *r_u, prs_struct *ps, int depth);
+ uint32 num_entries, uint32 data_size,
+ uint16 switch_level, SAM_DISPINFO_CTR *ctr,
+ uint32 status);
+void samr_io_r_query_dispinfo(char *desc, SAMR_R_QUERY_DISPINFO *r_u, prs_struct *ps, int depth);
void make_samr_q_open_group(SAMR_Q_OPEN_GROUP *q_c,
POLICY_HND *hnd, uint32 unk, uint32 rid);
void samr_io_q_open_group(char *desc, SAMR_Q_OPEN_GROUP *q_u, prs_struct *ps, int depth);
@@ -2266,20 +2285,18 @@ void samr_io_q_query_groupmem(char *desc, SAMR_Q_QUERY_GROUPMEM *q_u, prs_struc
void make_samr_r_query_groupmem(SAMR_R_QUERY_GROUPMEM *r_u,
uint32 num_entries, uint32 *rid, uint32 *attr, uint32 status);
void samr_io_r_query_groupmem(char *desc, SAMR_R_QUERY_GROUPMEM *r_u, prs_struct *ps, int depth);
-void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol,
- uint16 switch_level, uint32 start_idx, uint32 size);
-void samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth);
-void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
- uint32 start_idx, uint32 num_sam_entries,
- DOMAIN_GRP *grp,
- uint32 status);
-void samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth);
void make_samr_q_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
POLICY_HND *hnd);
void samr_io_q_query_usergroups(char *desc, SAMR_Q_QUERY_USERGROUPS *q_u, prs_struct *ps, int depth);
void make_samr_r_query_usergroups(SAMR_R_QUERY_USERGROUPS *r_u,
uint32 num_gids, DOM_GID *gid, uint32 status);
void samr_io_r_query_usergroups(char *desc, SAMR_R_QUERY_USERGROUPS *r_u, prs_struct *ps, int depth);
+void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, uint32 size);
+void samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth);
+void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
+ uint32 num_sam_entries, DOMAIN_GRP *grps,
+ uint32 status);
+void samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth);
void make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol, uint32 size);
void samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_struct *ps, int depth);
void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
@@ -2432,7 +2449,8 @@ void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct
void init_sec_access(SEC_ACCESS *t, uint32 mask);
BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth);
-void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag);
+void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask,
+ uint8 flag);
BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth);
void free_sec_acl(SEC_ACL **ppsa);
BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth);
@@ -2696,6 +2714,7 @@ void cmd_reg_shutdown(struct client_info *info);
void cmd_sam_ntchange_pwd(struct client_info *info);
void cmd_sam_test(struct client_info *info);
+void cmd_sam_lookup_domain(struct client_info *info);
void cmd_sam_del_aliasmem(struct client_info *info);
void cmd_sam_delete_dom_alias(struct client_info *info);
void cmd_sam_add_aliasmem(struct client_info *info);
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index d70702f8a6..ea6a1f7919 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -81,11 +81,13 @@ SamrTestPrivateFunctionsUser
#define SAMR_CLOSE_HND 0x01
#define SAMR_UNKNOWN_3 0x03
+#define SAMR_LOOKUP_DOMAIN 0x05
#define SAMR_OPEN_DOMAIN 0x07
#define SAMR_QUERY_DOMAIN_INFO 0x08
#define SAMR_CREATE_DOM_GROUP 0x0a
+#define SAMR_ENUM_DOM_GROUPS 0x0b
#define SAMR_ENUM_DOM_USERS 0x0d
#define SAMR_CREATE_DOM_ALIAS 0x0e
#define SAMR_ENUM_DOM_ALIASES 0x0f
@@ -117,8 +119,11 @@ SamrTestPrivateFunctionsUser
#define SAMR_QUERY_DISPINFO 0x28
#define SAMR_UNKNOWN_2C 0x2c
-#define SAMR_ENUM_DOM_GROUPS 0x30
+#define SAMR_QUERY_DISPINFO3 0x30 /* Alias for SAMR_QUERY_DISPINFO
+ with info level 3 */
#define SAMR_UNKNOWN_32 0x32
+#define SAMR_QUERY_DISPINFO4 0x33 /* Alias for SAMR_QUERY_DISPINFO
+ with info level 4 */
#define SAMR_UNKNOWN_34 0x34
#define SAMR_CHGPASSWD_USER 0x37
@@ -446,6 +451,28 @@ typedef struct r_samr_query_domain_info
} SAMR_R_QUERY_DOMAIN_INFO;
+/* SAMR_Q_LOOKUP_DOMAIN - obtain SID for a local domain */
+typedef struct q_samr_lookup_domain_info
+{
+ POLICY_HND connect_pol;
+
+ UNIHDR hdr_domain;
+ UNISTR2 uni_domain;
+
+} SAMR_Q_LOOKUP_DOMAIN;
+
+
+/* SAMR_R_LOOKUP_DOMAIN */
+typedef struct r_samr_lookup_domain_info
+{
+ uint32 ptr_sid;
+ DOM_SID2 dom_sid;
+
+ uint32 status;
+
+} SAMR_R_LOOKUP_DOMAIN;
+
+
/****************************************************************************
SAMR_Q_OPEN_DOMAIN - unknown_0 values seen associated with SIDs:
@@ -481,6 +508,7 @@ typedef struct samr_entry_info
} SAM_ENTRY;
+
/* SAMR_Q_ENUM_DOM_USERS - SAM rids and names */
typedef struct q_samr_enum_dom_users_info
{
@@ -516,37 +544,15 @@ typedef struct r_samr_enum_dom_users_info
} SAMR_R_ENUM_DOM_USERS;
-typedef struct samr_entry_info3
-{
- uint32 grp_idx;
-
- uint32 rid_grp;
- uint32 attr;
-
- UNIHDR hdr_grp_name;
- UNIHDR hdr_grp_desc;
-
-} SAM_ENTRY3;
-
-typedef struct samr_str_entry_info3
-{
- UNISTR2 uni_grp_name;
- UNISTR2 uni_grp_desc;
-
-} SAM_STR3;
-
/* SAMR_Q_ENUM_DOM_GROUPS - SAM rids and names */
typedef struct q_samr_enum_dom_groups_info
{
POLICY_HND pol; /* policy handle */
- /* these are possibly an enumeration context handle... */
- uint16 switch_level; /* 0x0003 */
- uint16 unknown_0; /* 0x0000 */
- uint32 start_idx; /* presumably the start enumeration index */
- uint32 unknown_1; /* 0x0000 07d0 */
+ /* this is possibly an enumeration context handle... */
+ uint32 unknown_0; /* 0x0000 0000 */
- uint32 max_size; /* 0x0000 7fff */
+ uint32 max_size; /* 0x0000 ffff */
} SAMR_Q_ENUM_DOM_GROUPS;
@@ -554,24 +560,24 @@ typedef struct q_samr_enum_dom_groups_info
/* SAMR_R_ENUM_DOM_GROUPS - SAM rids and names */
typedef struct r_samr_enum_dom_groups_info
{
- uint32 unknown_0; /* 0x0000 0492 or 0x0000 00be */
- uint32 unknown_1; /* 0x0000 049a or 0x0000 00be */
- uint32 switch_level; /* 0x0000 0003 */
-
uint32 num_entries;
uint32 ptr_entries;
uint32 num_entries2;
+ uint32 ptr_entries2;
- SAM_ENTRY3 sam[MAX_SAM_ENTRIES];
- SAM_STR3 str[MAX_SAM_ENTRIES];
+ uint32 num_entries3;
+
+ SAM_ENTRY sam[MAX_SAM_ENTRIES];
+ UNISTR2 uni_grp_name[MAX_SAM_ENTRIES];
+
+ uint32 num_entries4;
uint32 status;
} SAMR_R_ENUM_DOM_GROUPS;
-
/* SAMR_Q_ENUM_DOM_ALIASES - SAM rids and names */
typedef struct q_samr_enum_dom_aliases_info
{
@@ -584,6 +590,7 @@ typedef struct q_samr_enum_dom_aliases_info
} SAMR_Q_ENUM_DOM_ALIASES;
+
/* SAMR_R_ENUM_DOM_ALIASES - SAM rids and names */
typedef struct r_samr_enum_dom_aliases_info
{
@@ -605,20 +612,7 @@ typedef struct r_samr_enum_dom_aliases_info
} SAMR_R_ENUM_DOM_ALIASES;
-
-/* SAMR_Q_QUERY_DISPINFO - SAM rids, names and descriptions */
-typedef struct q_samr_query_disp_info
-{
- POLICY_HND pol; /* policy handle */
-
- uint16 switch_level; /* 0x0001 and 0x0002 seen */
- uint16 unknown_0; /* 0x0000 and 0x2000 seen */
- uint32 start_idx; /* presumably the start enumeration index */
- uint32 unknown_1; /* 0x0000 07d0, 0x0000 0400 and 0x0000 0200 seen */
-
- uint32 max_size; /* 0x0000 7fff, 0x0000 7ffe and 0x0000 3fff seen*/
-
-} SAMR_Q_QUERY_DISPINFO;
+/* -- Level 1 Display Info - User Information -- */
typedef struct samr_entry_info1
{
@@ -644,15 +638,13 @@ typedef struct samr_str_entry_info1
typedef struct sam_entry_info_1
{
- uint32 num_entries;
- uint32 ptr_entries;
- uint32 num_entries2;
-
SAM_ENTRY1 sam[MAX_SAM_ENTRIES];
SAM_STR1 str[MAX_SAM_ENTRIES];
+} SAM_DISPINFO_1;
-} SAM_INFO_1;
+
+/* -- Level 2 Display Info - Trust Account Information -- */
typedef struct samr_entry_info2
{
@@ -676,36 +668,135 @@ typedef struct samr_str_entry_info2
typedef struct sam_entry_info_2
{
- uint32 num_entries;
- uint32 ptr_entries;
- uint32 num_entries2;
-
SAM_ENTRY2 sam[MAX_SAM_ENTRIES];
SAM_STR2 str[MAX_SAM_ENTRIES];
-} SAM_INFO_2;
+} SAM_DISPINFO_2;
+
-typedef struct sam_info_ctr_info
+/* -- Level 3 Display Info - Domain Group Information -- */
+
+typedef struct samr_entry_info3
+{
+ uint32 grp_idx;
+
+ uint32 rid_grp;
+ uint32 attr; /* SE_GROUP_xxx, usually 7 */
+
+ UNIHDR hdr_grp_name;
+ UNIHDR hdr_grp_desc;
+
+} SAM_ENTRY3;
+
+typedef struct samr_str_entry_info3
+{
+ UNISTR2 uni_grp_name;
+ UNISTR2 uni_grp_desc;
+
+} SAM_STR3;
+
+typedef struct sam_entry_info_3
+{
+ SAM_ENTRY3 sam[MAX_SAM_ENTRIES];
+ SAM_STR3 str[MAX_SAM_ENTRIES];
+
+} SAM_DISPINFO_3;
+
+
+/* -- Level 4 Display Info - User List (ASCII) -- */
+
+typedef struct samr_entry_info4
+{
+ uint32 user_idx;
+ STRHDR hdr_acct_name;
+
+} SAM_ENTRY4;
+
+typedef struct samr_str_entry_info4
+{
+ STRING2 acct_name;
+
+} SAM_STR4;
+
+typedef struct sam_entry_info_4
+{
+ SAM_ENTRY4 sam[MAX_SAM_ENTRIES];
+ SAM_STR4 str[MAX_SAM_ENTRIES];
+
+} SAM_DISPINFO_4;
+
+
+/* -- Level 5 Display Info - Group List (ASCII) -- */
+
+typedef struct samr_entry_info5
+{
+ uint32 grp_idx;
+ STRHDR hdr_grp_name;
+
+} SAM_ENTRY5;
+
+typedef struct samr_str_entry_info5
+{
+ STRING2 grp_name;
+
+} SAM_STR5;
+
+typedef struct sam_entry_info_5
+{
+ SAM_ENTRY5 sam[MAX_SAM_ENTRIES];
+ SAM_STR5 str[MAX_SAM_ENTRIES];
+
+} SAM_DISPINFO_5;
+
+
+typedef struct sam_dispinfo_ctr_info
{
union
{
- SAM_INFO_1 *info1; /* server info */
- SAM_INFO_2 *info2; /* user info */
+ SAM_DISPINFO_1 *info1; /* users/names/descriptions */
+ SAM_DISPINFO_2 *info2; /* trust accounts */
+ SAM_DISPINFO_3 *info3; /* domain groups/descriptions */
+ SAM_DISPINFO_4 *info4; /* user list (ASCII) - used by Win95 */
+ SAM_DISPINFO_5 *info5; /* group list (ASCII) */
void *info; /* allows assignment without typecasting, */
} sam;
-} SAM_INFO_CTR;
+} SAM_DISPINFO_CTR;
+
+
+/* SAMR_Q_QUERY_DISPINFO - SAM rids, names and descriptions */
+typedef struct q_samr_query_disp_info
+{
+ POLICY_HND domain_pol;
+
+ uint16 switch_level; /* see SAM_DISPINFO_CTR above */
+ /* align */
+
+ uint32 start_idx; /* start enumeration index */
+ uint32 max_entries; /* maximum number of entries to return */
+ uint32 max_size; /* recommended data size; if exceeded server
+ should return STATUS_MORE_ENTRIES */
-/* SAMR_R_QUERY_DISPINFO - SAM rids, names and descriptions */
+} SAMR_Q_QUERY_DISPINFO;
+
+
+/* SAMR_R_QUERY_DISPINFO */
typedef struct r_samr_query_dispinfo_info
{
- uint32 unknown_0; /* container length? 0x0000 0492 or 0x0000 00be */
- uint32 unknown_1; /* container length? 0x0000 049a or 0x0000 00be */
- uint16 switch_level; /* 0x0001 or 0x0002 */
- /*uint8 pad[2] */
+ uint32 total_size; /* total data size for all matching entries
+ (0 = uncalculated) */
+ uint32 data_size; /* actual data size returned = size of SAM_ENTRY
+ structures + total length of strings */
+
+ uint16 switch_level; /* see SAM_DISPINFO_CTR above */
+ /* align */
+
+ uint32 num_entries; /* number of entries returned */
+ uint32 ptr_entries;
+ uint32 num_entries2;
- SAM_INFO_CTR *ctr;
+ SAM_DISPINFO_CTR *ctr;
uint32 status;