diff options
author | Luke Leighton <lkcl@samba.org> | 1998-12-07 17:23:48 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-12-07 17:23:48 +0000 |
commit | 312f4f3960a9b1938ae133678cd8567be1331b99 (patch) | |
tree | 53d5bd2ddc2d8d43e9afa6e9c2f3ba5bd63fae36 /source3/include | |
parent | 149d11ce4a614f62936c93dc97447d024ffc61b0 (diff) | |
download | samba-312f4f3960a9b1938ae133678cd8567be1331b99.tar.gz samba-312f4f3960a9b1938ae133678cd8567be1331b99.tar.bz2 samba-312f4f3960a9b1938ae133678cd8567be1331b99.zip |
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
Diffstat (limited to 'source3/include')
-rw-r--r-- | source3/include/proto.h | 56 | ||||
-rw-r--r-- | source3/include/rpc_samr.h | 38 | ||||
-rw-r--r-- | source3/include/smb.h | 36 |
3 files changed, 106 insertions, 24 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 647e8fdff9..2e0f42e575 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -29,8 +29,11 @@ BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss); void *startaliasent(BOOL update); void endaliasent(void *vp); LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem); -BOOL add_alias_entry(LOCAL_GRP *newals); +BOOL add_alias_entry(LOCAL_GRP *newgrp); BOOL mod_alias_entry(LOCAL_GRP* als); +BOOL del_alias_entry(uint32 rid); +BOOL add_alias_member(uint32 rid, DOM_SID *member_sid); +BOOL del_alias_member(uint32 rid, DOM_SID *member_sid); LOCAL_GRP *getaliasntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem); LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); @@ -64,6 +67,8 @@ void endbuiltinent(void *vp); LOCAL_GRP *getbuiltinent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem); BOOL add_builtin_entry(LOCAL_GRP *newblt); BOOL mod_builtin_entry(LOCAL_GRP* blt); +BOOL add_builtin_member(uint32 rid, DOM_SID *member_sid); +BOOL del_builtin_member(uint32 rid, DOM_SID *member_sid); LOCAL_GRP *getbuiltinntnam(const char *name, LOCAL_GRP_MEMBER **mem, int *num_mem); LOCAL_GRP *getbuiltinrid(uint32 builtin_rid, LOCAL_GRP_MEMBER **mem, int *num_mem); LOCAL_GRP *getbuiltingid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem); @@ -92,7 +97,10 @@ void *startgroupent(BOOL update); void endgroupent(void *vp); DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem); BOOL add_group_entry(DOMAIN_GRP *newgrp); +BOOL del_group_entry(uint32 rid); BOOL mod_group_entry(DOMAIN_GRP* grp); +BOOL add_group_member(uint32 rid, uint32 member_rid); +BOOL del_group_member(uint32 rid, uint32 member_rid); DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem); DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem); DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem); @@ -336,6 +344,14 @@ time_t get_create_time(SMB_STRUCT_STAT *st,BOOL fake_dirs); char *ufc_crypt(char *key,char *salt); +/*The following definitions come from lib/unix_sec_ctxt.c */ + +void init_sec_ctxt(void); +BOOL become_unix_sec_ctxt(struct unix_sec_ctxt const *ctxt); +BOOL unbecome_unix_sec_ctxt(void); +void become_unix_root_sec_ctxt(void) ; +void unbecome_unix_root_sec_ctxt(void); + /*The following definitions come from lib/username.c */ char *get_home_dir(char *user); @@ -1501,7 +1517,7 @@ BOOL lsa_open_policy(struct cli_state *cli, BOOL lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, int num_names, - char **names, + const char **names, DOM_SID **sids, int *num_sids); BOOL lsa_lookup_sids(struct cli_state *cli, @@ -1591,10 +1607,16 @@ BOOL create_samr_domain_group(struct cli_state *cli, BOOL get_samr_query_usergroups(struct cli_state *cli, POLICY_HND *pol_open_domain, uint32 user_rid, uint32 *num_groups, DOM_GID *gid); +BOOL delete_samr_dom_group(struct cli_state *cli, + POLICY_HND *pol_open_domain, + uint32 group_rid); BOOL get_samr_query_groupmem(struct cli_state *cli, POLICY_HND *pol_open_domain, uint32 group_rid, uint32 *num_mem, uint32 *rid, uint32 *attr); +BOOL delete_samr_dom_alias(struct cli_state *cli, + POLICY_HND *pol_open_domain, + uint32 alias_rid); BOOL get_samr_query_aliasmem(struct cli_state *cli, POLICY_HND *pol_open_domain, uint32 alias_rid, uint32 *num_mem, DOM_SID2 *sid); @@ -1633,10 +1655,15 @@ BOOL samr_open_user(struct cli_state *cli, POLICY_HND *pol, uint32 unk_0, uint32 rid, POLICY_HND *user_pol); BOOL samr_open_alias(struct cli_state *cli, - POLICY_HND *domain_pol, uint32 rid, + POLICY_HND *domain_pol, + uint32 flags, uint32 rid, POLICY_HND *alias_pol); +BOOL samr_del_aliasmem(struct cli_state *cli, + POLICY_HND *alias_pol, DOM_SID *sid); BOOL samr_add_aliasmem(struct cli_state *cli, POLICY_HND *alias_pol, DOM_SID *sid); +BOOL samr_delete_dom_alias(struct cli_state *cli, + POLICY_HND *alias_pol); BOOL samr_create_dom_alias(struct cli_state *cli, POLICY_HND *domain_pol, const char *acct_name, POLICY_HND *alias_pol, uint32 *rid); @@ -1646,8 +1673,11 @@ BOOL samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol, uint32 flags, uint32 rid, POLICY_HND *group_pol); +BOOL samr_del_groupmem(struct cli_state *cli, + POLICY_HND *group_pol, uint32 rid); BOOL samr_add_groupmem(struct cli_state *cli, POLICY_HND *group_pol, uint32 rid); +BOOL samr_delete_dom_group(struct cli_state *cli, POLICY_HND *group_pol); BOOL samr_create_dom_group(struct cli_state *cli, POLICY_HND *domain_pol, const char *acct_name, POLICY_HND *group_pol, uint32 *rid); @@ -1656,6 +1686,12 @@ BOOL samr_set_groupinfo(struct cli_state *cli, BOOL samr_open_domain(struct cli_state *cli, POLICY_HND *connect_pol, uint32 flags, DOM_SID *sid, POLICY_HND *domain_pol); +BOOL samr_query_lookup_names(struct cli_state *cli, + POLICY_HND *pol, uint32 flags, + uint32 num_names, const char **names, + uint32 *num_rids, + uint32 rid[MAX_LOOKUP_SIDS], + uint32 type[MAX_LOOKUP_SIDS]); BOOL samr_query_lookup_rids(struct cli_state *cli, POLICY_HND *pol, uint32 flags, uint32 num_rids, uint32 *rids, @@ -1745,7 +1781,7 @@ void make_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd, void lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth); void lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, int depth); void make_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd, - int num_names, char **names); + int num_names, const char **names); void lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth); void lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth); void make_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd); @@ -1788,7 +1824,7 @@ void make_string2(STRING2 *str, char *buf, int len); void smb_io_string2(char *desc, STRING2 *str2, uint32 buffer, prs_struct *ps, int depth); void make_unistr2(UNISTR2 *str, char *buf, int len); void smb_io_unistr2(char *desc, UNISTR2 *uni2, uint32 buffer, prs_struct *ps, int depth); -void make_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type); +void make_dom_rid2(DOM_RID2 *rid2, uint32 rid, uint8 type, uint32 idx); void smb_io_dom_rid2(char *desc, DOM_RID2 *rid2, prs_struct *ps, int depth); void make_dom_rid3(DOM_RID3 *rid3, uint32 rid, uint8 type); void smb_io_dom_rid3(char *desc, DOM_RID3 *rid3, prs_struct *ps, int depth); @@ -2215,6 +2251,8 @@ void samr_io_r_delete_alias(char *desc, SAMR_R_DELETE_DOM_ALIAS *r_u, prs_struc void make_samr_q_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS *q_u, POLICY_HND *hnd, const char *acct_desc); void samr_io_q_create_dom_alias(char *desc, SAMR_Q_CREATE_DOM_ALIAS *q_u, prs_struct *ps, int depth); +void make_samr_r_create_dom_alias(SAMR_R_CREATE_DOM_ALIAS *r_u, POLICY_HND *pol, + uint32 rid, uint32 status); void samr_io_r_create_dom_alias(char *desc, SAMR_R_CREATE_DOM_ALIAS *r_u, prs_struct *ps, int depth); void make_samr_q_add_aliasmem(SAMR_Q_ADD_ALIASMEM *q_u, POLICY_HND *hnd, DOM_SID *sid); @@ -2234,6 +2272,9 @@ void samr_io_q_query_aliasmem(char *desc, SAMR_Q_QUERY_ALIASMEM *q_u, prs_struc void make_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM *r_u, uint32 num_sids, DOM_SID2 *sid, uint32 status); void samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM *r_u, prs_struct *ps, int depth); +void make_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, + POLICY_HND *pol, uint32 flags, + uint32 num_names, const char **name); void samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *ps, int depth); void make_samr_r_lookup_names(SAMR_R_LOOKUP_NAMES *r_u, uint32 num_rids, uint32 *rid, uint8 *type, uint32 status); @@ -2255,7 +2296,6 @@ void make_sam_user_info11(SAM_USER_INFO_11 *usr, uint32 rid_user, uint32 rid_group, uint16 acct_ctrl); -void sam_io_user_info11(char *desc, SAM_USER_INFO_11 *usr, prs_struct *ps, int depth); void make_sam_user_info21(SAM_USER_INFO_21 *usr, NTTIME *logon_time, @@ -2526,8 +2566,12 @@ void cmd_reg_get_key_sec(struct client_info *info); void cmd_sam_ntchange_pwd(struct client_info *info); void cmd_sam_test(struct client_info *info); +void cmd_sam_del_aliasmem(struct client_info *info); +void cmd_sam_delete_dom_alias(struct client_info *info); void cmd_sam_add_aliasmem(struct client_info *info); void cmd_sam_create_dom_alias(struct client_info *info); +void cmd_sam_del_groupmem(struct client_info *info); +void cmd_sam_delete_dom_group(struct client_info *info); void cmd_sam_add_groupmem(struct client_info *info); void cmd_sam_create_dom_group(struct client_info *info); void cmd_sam_enum_users(struct client_info *info); diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index c35761ffeb..a3090cefd6 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -993,24 +993,20 @@ typedef struct r_samr_query_useraliases_info /**************************************************************************** -SAMR_Q_LOOKUP_NAMES - do a conversion from SID to RID. - -the policy handle allocated by an "samr open secret" call is associated -with a SID. this policy handle is what is queried here, *not* the SID -itself. the response to the lookup rids is relative to this SID. +SAMR_Q_LOOKUP_NAMES - do a conversion from Names to RIDs+types. *****************************************************************************/ /* SAMR_Q_LOOKUP_NAMES */ typedef struct q_samr_lookup_names_info { POLICY_HND pol; /* policy handle */ - uint32 num_rids1; /* number of rids being looked up */ - uint32 rid; /* 0x0000 03e8 - RID of the server doing the query? */ + uint32 num_names1; /* number of names being looked up */ + uint32 flags; /* 0x0000 03e8 - unknown */ uint32 ptr; /* 0x0000 0000 - 32 bit unknown */ - uint32 num_rids2; /* number of rids being looked up */ + uint32 num_names2; /* number of names being looked up */ - UNIHDR hdr_user_name[MAX_LOOKUP_SIDS]; /* unicode account name header */ - UNISTR2 uni_user_name[MAX_LOOKUP_SIDS]; /* unicode account name string */ + UNIHDR hdr_name[MAX_LOOKUP_SIDS]; /* unicode account name header */ + UNISTR2 uni_name[MAX_LOOKUP_SIDS]; /* unicode account name string */ } SAMR_Q_LOOKUP_NAMES; @@ -1018,11 +1014,17 @@ typedef struct q_samr_lookup_names_info /* SAMR_R_LOOKUP_NAMES */ typedef struct r_samr_lookup_names_info { - uint32 num_entries; - uint32 undoc_buffer; /* undocumented buffer pointer */ + uint32 num_rids1; /* number of aliases being looked up */ + uint32 ptr_rids; /* pointer to aliases */ + uint32 num_rids2; /* number of aliases being looked up */ - uint32 num_entries2; - DOM_RID3 dom_rid[MAX_LOOKUP_SIDS]; /* domain RIDs being looked up */ + uint32 rid[MAX_LOOKUP_SIDS]; /* rids */ + + uint32 num_types1; /* number of users in aliases being looked up */ + uint32 ptr_types; /* pointer to users in aliases */ + uint32 num_types2; /* number of users in aliases being looked up */ + + uint32 type[MAX_LOOKUP_SIDS]; /* SID_ENUM type */ uint32 status; /* return code */ @@ -1040,7 +1042,7 @@ typedef struct q_samr_lookup_rids_info POLICY_HND pol; /* policy handle */ uint32 num_rids1; /* number of rids being looked up */ - uint32 flags; /* 0x0000 03e8 - RID of the server doing the query? */ + uint32 flags; /* 0x0000 03e8 - unknown */ uint32 ptr; /* 0x0000 0000 - 32 bit unknown */ uint32 num_rids2; /* number of rids being looked up */ @@ -1227,17 +1229,17 @@ typedef struct r_samr_query_aliasmem_info } SAMR_R_QUERY_ALIASMEM; -/* SAMR_Q_ADD_ALIASMEM - don't know! */ +/* SAMR_Q_ADD_ALIASMEM - add alias member */ typedef struct q_samr_add_alias_mem_info { POLICY_HND alias_pol; /* policy handle */ - DOM_SID sid; /* member sid to be "something"ed to do with the alias */ + DOM_SID sid; /* member sid to be added to the alias */ } SAMR_Q_ADD_ALIASMEM; -/* SAMR_R_ADD_ALIASMEM - probably an open */ +/* SAMR_R_ADD_ALIASMEM - add alias member */ typedef struct r_samr_add_alias_mem_info { uint32 status; /* return status */ diff --git a/source3/include/smb.h b/source3/include/smb.h index e4191f706d..1ed4ea7089 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -612,6 +612,34 @@ typedef struct connection_struct } connection_struct; +struct unix_sec_ctxt +{ + uid_t uid; + gid_t gid; + int ngroups; + gid_t *groups; + + char *name; +}; + +struct nt_sec_ctxt +{ + /* this should (will?) probably become a SEC_DESC */ + DOM_SID user_sid; + DOM_SID group_sid; + + char *name; + char *domain; +}; + +#if 0 +struct sec_ctxt +{ + struct unix_sec_ctxt unix; + struct nt_sec_ctxt nt; +}; +#endif + struct current_user { connection_struct *conn; @@ -898,6 +926,10 @@ struct groupdb_ops */ BOOL (*add_group_entry)(DOMAIN_GRP *); BOOL (*mod_group_entry)(DOMAIN_GRP *); + BOOL (*del_group_entry)(uint32); + + BOOL (*add_group_member)(uint32, uint32); + BOOL (*del_group_member)(uint32, uint32); /* * user group functions @@ -937,6 +969,10 @@ struct aliasdb_ops */ BOOL (*add_alias_entry)(LOCAL_GRP *); BOOL (*mod_alias_entry)(LOCAL_GRP *); + BOOL (*del_alias_entry)(uint32); + + BOOL (*add_alias_member)(uint32, DOM_SID*); + BOOL (*del_alias_member)(uint32, DOM_SID*); /* * user alias functions |