summaryrefslogtreecommitdiff
path: root/source3/lsarpcd
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-09-30 19:09:57 +0000
committerLuke Leighton <lkcl@samba.org>1998-09-30 19:09:57 +0000
commitd8f609aeeb9ce70a97193d9e6709b82b78b39c39 (patch)
tree85e286f08c1db95835b726f2350971ba0da9e1dc /source3/lsarpcd
parent88460e63c5934ab3d00db2a8521d5ebd33dbefc3 (diff)
downloadsamba-d8f609aeeb9ce70a97193d9e6709b82b78b39c39.tar.gz
samba-d8f609aeeb9ce70a97193d9e6709b82b78b39c39.tar.bz2
samba-d8f609aeeb9ce70a97193d9e6709b82b78b39c39.zip
lsa_lookup_sids command added. severe debugging needed on lookup_sids
code. added "quality of service" capability to lsa_open_policy code. different lsa_open_policy queries are *not* dealt with in the server code. answers like "0xC000 0022" - access denied - will have to be made to lsa_lookup_sids calls when a "quality of service" request is *not* specified in the lsa_open_policy call. (This used to be commit 299a723d4e55712beb12362dfff3846d82b8516b)
Diffstat (limited to 'source3/lsarpcd')
-rw-r--r--source3/lsarpcd/srv_lsa.c145
1 files changed, 85 insertions, 60 deletions
diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c
index 85e10275b8..2e5ebc9e68 100644
--- a/source3/lsarpcd/srv_lsa.c
+++ b/source3/lsarpcd/srv_lsa.c
@@ -113,37 +113,38 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
lsa_io_r_query("", &r_q, rdata, 0);
}
+
/***************************************************************************
make_dom_ref
-
- pretty much hard-coded choice of "other" sids, unfortunately...
-
***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid,
- DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
+static void make_dom_ref(DOM_R_REF *ref, int num_domains,
+ char **dom_names, DOM_SID **dom_sids)
+
{
- int len_dom_name = strlen(dom_name);
+ int i;
- ref->undoc_buffer = 1;
- ref->num_ref_doms_1 = 4;
- ref->buffer_dom_name = 1;
- ref->max_entries = 32;
- ref->num_ref_doms_2 = 4;
+ if (num_domains > MAX_REF_DOMAINS)
+ {
+ num_domains = MAX_REF_DOMAINS;
+ }
- make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+ ref->undoc_buffer = 1;
+ ref->num_ref_doms_1 = num_domains;
+ ref->undoc_buffer2 = 1;
+ ref->max_entries = MAX_REF_DOMAINS;
+ ref->num_ref_doms_2 = num_domains;
- if (dom_name != NULL)
+ for (i = 0; i < num_domains; i++)
{
- make_unistr(&(ref->uni_dom_name), dom_name);
+ int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0;
+
+ make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0);
+ ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0;
+
+ make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len);
+ make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]);
}
- make_dom_sid2(&(ref->ref_dom[0]), dom_sid );
- make_dom_sid2(&(ref->ref_dom[1]), other_sid1);
- make_dom_sid2(&(ref->ref_dom[2]), other_sid2);
- make_dom_sid2(&(ref->ref_dom[3]), other_sid3);
}
/***************************************************************************
@@ -151,13 +152,12 @@ make_reply_lookup_rids
***************************************************************************/
static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, DOM_SID *dom_sid,
- DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
+ int num_ref_doms,
+ char **dom_names, DOM_SID **dom_sids)
{
int i;
- make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid,
- other_sid1, other_sid2, other_sid3);
+ make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids);
r_l->num_entries = num_entries;
r_l->undoc_buffer = 1;
@@ -193,9 +193,6 @@ static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
fstring name;
uint32 type;
- trn->ptr_name[i] = 0;
- trn->ptr_name[(*total)] = 0;
-
SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths);
/* find the rid to look up */
@@ -212,7 +209,6 @@ static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
if (status == 0x0)
{
- trn->ptr_name[i] = 1;
make_lsa_trans_name(&(trn->name[(*total)]), type, name, (*total));
(*total)++;
}
@@ -241,8 +237,8 @@ lsa_reply_lookup_sids
***************************************************************************/
static void lsa_reply_lookup_sids(prs_struct *rdata,
int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- char *dom_name, DOM_SID *dom_sid,
- DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
+ int num_ref_doms,
+ char **dom_names, DOM_SID **dom_sids)
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
@@ -254,7 +250,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
ZERO_STRUCT(names);
/* set up the LSA Lookup SIDs response */
- make_dom_ref(&ref, dom_name, dom_sid, other_sid1, other_sid2, other_sid3);
+ make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids);
make_lsa_trans_names(&names, num_entries, sid, &mapped_count);
make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
@@ -267,8 +263,8 @@ lsa_reply_lookup_rids
***************************************************************************/
static void lsa_reply_lookup_rids(prs_struct *rdata,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, DOM_SID *dom_sid,
- DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
+ int num_ref_doms,
+ char **dom_names, DOM_SID **dom_sids)
{
LSA_R_LOOKUP_RIDS r_l;
@@ -276,7 +272,7 @@ static void lsa_reply_lookup_rids(prs_struct *rdata,
/* set up the LSA Lookup RIDs response */
make_reply_lookup_rids(&r_l, num_entries, dom_rids,
- dom_name, dom_sid, other_sid1, other_sid2, other_sid3);
+ num_ref_doms, dom_names, dom_sids);
r_l.status = 0x0;
/* store the response in the SMB stream */
@@ -351,6 +347,9 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
DOM_SID sid_S_1_3;
DOM_SID sid_S_1_5;
+ DOM_SID *sid_array[4];
+ char *dom_names[4];
+
ZERO_STRUCT(q_l);
ZERO_STRUCT(sid_S_1_1);
ZERO_STRUCT(sid_S_1_3);
@@ -362,14 +361,25 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
pstrcpy(dom_name, lp_workgroup());
string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
+
+ dom_names[0] = dom_name;
+ sid_array[0] = &global_machine_sid;
+
+ dom_names[1] = "Everyone";
+ sid_array[1] = &sid_S_1_1;
+
+ dom_names[2] = "don't know";
+ sid_array[2] = &sid_S_1_3;
+
+ dom_names[3] = "NT AUTHORITY";
+ sid_array[3] = &sid_S_1_5;
/* construct reply. return status is always 0x0 */
- lsa_reply_lookup_sids(rdata,
- q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
- dom_name, &global_machine_sid, /* domain name, domain SID */
- &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
+ lsa_reply_lookup_sids(rdata,
+ q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
+ 4, dom_names, sid_array);
}
/***************************************************************************
@@ -381,11 +391,15 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
int i;
LSA_Q_LOOKUP_RIDS q_l;
pstring dom_name;
+ uint32 dom_rids[MAX_LOOKUP_SIDS];
+ uint32 dummy_g_rid;
+
DOM_SID sid_S_1_1;
DOM_SID sid_S_1_3;
DOM_SID sid_S_1_5;
- uint32 dom_rids[MAX_LOOKUP_SIDS];
- uint32 dummy_g_rid;
+
+ DOM_SID *sid_array[4];
+ char *dom_names[4];
ZERO_STRUCT(q_l);
ZERO_STRUCT(sid_S_1_1);
@@ -399,15 +413,27 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
pstrcpy(dom_name, lp_workgroup());
string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
+
+ dom_names[0] = dom_name;
+ sid_array[0] = &global_machine_sid;
+
+ dom_names[1] = "Everyone";
+ sid_array[1] = &sid_S_1_1;
+
+ dom_names[2] = "don't know";
+ sid_array[2] = &sid_S_1_3;
+
+ dom_names[3] = "NT AUTHORITY";
+ sid_array[3] = &sid_S_1_5;
SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries);
/* convert received RIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
{
- fstring user_name;
+ fstring user_name;
fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
/*
* Map to the UNIX username.
@@ -429,8 +455,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_rids(rdata,
q_l.num_entries, dom_rids, /* text-converted SIDs */
- dom_name, &global_machine_sid, /* domain name, domain SID */
- &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
+ 4, dom_names, sid_array);
}
/***************************************************************************
@@ -443,17 +468,17 @@ static void api_lsa_close( uint16 vuid, prs_struct *data,
char *q = mem_data(&(rdata->data), rdata->offset);
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
rdata->offset += 24;
}
@@ -468,17 +493,17 @@ static void api_lsa_open_secret( uint16 vuid, prs_struct *data,
char *q = mem_data(&(rdata->data), rdata->offset);
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0);
- q += 4;
+ q += 4;
SIVAL(q, 0, 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND);
- q += 4;
+ q += 4;
rdata->offset += 24;
}