diff options
author | Luke Leighton <lkcl@samba.org> | 1998-12-07 17:23:48 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-12-07 17:23:48 +0000 |
commit | 312f4f3960a9b1938ae133678cd8567be1331b99 (patch) | |
tree | 53d5bd2ddc2d8d43e9afa6e9c2f3ba5bd63fae36 /source3/rpc_client | |
parent | 149d11ce4a614f62936c93dc97447d024ffc61b0 (diff) | |
download | samba-312f4f3960a9b1938ae133678cd8567be1331b99.tar.gz samba-312f4f3960a9b1938ae133678cd8567be1331b99.tar.bz2 samba-312f4f3960a9b1938ae133678cd8567be1331b99.zip |
- lib/unix_sec_ctxt.c
attempt at taking lib/uid.c and getting a unix security context
change module that is independent of "cnums" and "snums".
a security context is needed for pipes, not just IPC$ or other
services.
- group database API
added add_group/alias_member, del_group/alias_member,
del_group/alias_entry functions. del_builtin_entry() is
deliberately set to NULL to cause an exception, you cannot
delete builtin aliases.
- parse_lsa.c srv_lsa.c
fixed lookup_names code, it was a load of trash and didn't do
anything.
- cmd_samr.c rpcclient.c srv_samr.c
added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
"addgroupmem", "addaliasmem", "createalias", "creategroup", to
both client and server code.
server code calls into unix stubs right now, which don't actually
do anything. the only instance where they are expected to do
anything is in appliance mode NOT even in the ldap code or anything.
client code modified to call samr_lookup_names() for group code
(because we can) and lsa_lookup_names() for alias code (because
we have to).
- srv_lookup.c
oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 5 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 374 |
2 files changed, 375 insertions, 4 deletions
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 0516cee96d..f0c9bdfe16 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -104,7 +104,7 @@ do a LSA Lookup Names BOOL lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, int num_names, - char **names, + const char **names, DOM_SID **sids, int *num_sids) { @@ -197,7 +197,10 @@ BOOL lsa_lookup_names(struct cli_state *cli, if (dom_idx != 0xffffffff) { sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid); + if (dom_rid != 0xffffffff) + { sid_append_rid(sid, dom_rid); + } } else { diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 4fc1c3f5a0..e950269ec3 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -150,6 +150,38 @@ BOOL get_samr_query_usergroups(struct cli_state *cli, } /**************************************************************************** +do a SAMR delete group +****************************************************************************/ +BOOL delete_samr_dom_group(struct cli_state *cli, + POLICY_HND *pol_open_domain, + uint32 group_rid) +{ + POLICY_HND pol_open_group; + + if (pol_open_domain == NULL) return False; + + /* send open domain (on group rid) */ + if (!samr_open_group(cli, pol_open_domain, + 0x00000010, group_rid, + &pol_open_group)) + { + return False; + } + + /* send group delete */ + if (!samr_delete_dom_group(cli, &pol_open_group)) + + { + DEBUG(5,("delete_samr_dom_group: error in delete domain group\n")); + samr_close(cli, &pol_open_group); + return False; + } + + return True; +} + + +/**************************************************************************** do a SAMR query group members ****************************************************************************/ BOOL get_samr_query_groupmem(struct cli_state *cli, @@ -182,6 +214,37 @@ BOOL get_samr_query_groupmem(struct cli_state *cli, } /**************************************************************************** +do a SAMR delete alias +****************************************************************************/ +BOOL delete_samr_dom_alias(struct cli_state *cli, + POLICY_HND *pol_open_domain, + uint32 alias_rid) +{ + POLICY_HND pol_open_alias; + + if (pol_open_domain == NULL) return False; + + /* send open domain (on alias rid) */ + if (!samr_open_alias(cli, pol_open_domain, + 0x000f001f, alias_rid, &pol_open_alias)) + { + return False; + } + + /* send alias delete */ + if (!samr_delete_dom_alias(cli, &pol_open_alias)) + + { + DEBUG(5,("delete_samr_dom_alias: error in delete domain alias\n")); + samr_close(cli, &pol_open_alias); + return False; + } + + return True; +} + + +/**************************************************************************** do a SAMR query alias members ****************************************************************************/ BOOL get_samr_query_aliasmem(struct cli_state *cli, @@ -195,7 +258,7 @@ BOOL get_samr_query_aliasmem(struct cli_state *cli, /* send open domain (on alias sid) */ if (!samr_open_alias(cli, pol_open_domain, - alias_rid, + 0x000f001f, alias_rid, &pol_open_alias)) { return False; @@ -842,7 +905,8 @@ BOOL samr_open_user(struct cli_state *cli, do a SAMR Open Alias ****************************************************************************/ BOOL samr_open_alias(struct cli_state *cli, - POLICY_HND *domain_pol, uint32 rid, + POLICY_HND *domain_pol, + uint32 flags, uint32 rid, POLICY_HND *alias_pol) { prs_struct data; @@ -861,7 +925,7 @@ BOOL samr_open_alias(struct cli_state *cli, prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); /* store the parameters */ - make_samr_q_open_alias(&q_o, domain_pol, 0x000f001f, rid); + make_samr_q_open_alias(&q_o, domain_pol, flags, rid); /* turn parameters into data stream */ samr_io_q_open_alias("", &q_o, &data, 0); @@ -896,6 +960,61 @@ BOOL samr_open_alias(struct cli_state *cli, } /**************************************************************************** +do a SAMR Delete Alias Member +****************************************************************************/ +BOOL samr_del_aliasmem(struct cli_state *cli, + POLICY_HND *alias_pol, DOM_SID *sid) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_DEL_ALIASMEM q_o; + BOOL valid_pol = False; + + if (alias_pol == NULL || sid == NULL) return False; + + /* create and send a MSRPC command with api SAMR_DEL_ALIASMEM */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Delete Alias Member.\n")); + + /* store the parameters */ + make_samr_q_del_aliasmem(&q_o, alias_pol, sid); + + /* turn parameters into data stream */ + samr_io_q_del_aliasmem("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_DEL_ALIASMEM, &data, &rdata)) + { + SAMR_R_DEL_ALIASMEM r_o; + BOOL p; + + samr_io_r_del_aliasmem("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_DEL_ALIASMEM: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + valid_pol = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_pol; +} + +/**************************************************************************** do a SAMR Add Alias Member ****************************************************************************/ BOOL samr_add_aliasmem(struct cli_state *cli, @@ -951,6 +1070,61 @@ BOOL samr_add_aliasmem(struct cli_state *cli, } /**************************************************************************** +do a SAMR Delete Domain Alias +****************************************************************************/ +BOOL samr_delete_dom_alias(struct cli_state *cli, + POLICY_HND *alias_pol) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_DELETE_DOM_ALIAS q_o; + BOOL valid_pol = False; + + if (alias_pol == NULL) return False; + + /* delete and send a MSRPC command with api SAMR_DELETE_DOM_ALIAS */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Delete Domain Alias.\n")); + + /* store the parameters */ + make_samr_q_delete_dom_alias(&q_o, alias_pol); + + /* turn parameters into data stream */ + samr_io_q_delete_dom_alias("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_DELETE_DOM_ALIAS, &data, &rdata)) + { + SAMR_R_DELETE_DOM_ALIAS r_o; + BOOL p; + + samr_io_r_delete_dom_alias("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_DELETE_DOM_ALIAS: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + valid_pol = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_pol; +} + +/**************************************************************************** do a SAMR Create Domain Alias ****************************************************************************/ BOOL samr_create_dom_alias(struct cli_state *cli, @@ -1122,6 +1296,61 @@ BOOL samr_open_group(struct cli_state *cli, } /**************************************************************************** +do a SAMR Delete Group Member +****************************************************************************/ +BOOL samr_del_groupmem(struct cli_state *cli, + POLICY_HND *group_pol, uint32 rid) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_DEL_GROUPMEM q_o; + BOOL valid_pol = False; + + if (group_pol == NULL) return False; + + /* create and send a MSRPC command with api SAMR_DEL_GROUPMEM */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Delete Group Member.\n")); + + /* store the parameters */ + make_samr_q_del_groupmem(&q_o, group_pol, rid); + + /* turn parameters into data stream */ + samr_io_q_del_groupmem("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_DEL_GROUPMEM, &data, &rdata)) + { + SAMR_R_DEL_GROUPMEM r_o; + BOOL p; + + samr_io_r_del_groupmem("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_DEL_GROUPMEM: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + valid_pol = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_pol; +} + +/**************************************************************************** do a SAMR Add Group Member ****************************************************************************/ BOOL samr_add_groupmem(struct cli_state *cli, @@ -1177,6 +1406,60 @@ BOOL samr_add_groupmem(struct cli_state *cli, } /**************************************************************************** +do a SAMR Delete Domain Group +****************************************************************************/ +BOOL samr_delete_dom_group(struct cli_state *cli, POLICY_HND *group_pol) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_DELETE_DOM_GROUP q_o; + BOOL valid_pol = False; + + if (group_pol == NULL) return False; + + /* delete and send a MSRPC command with api SAMR_DELETE_DOM_GROUP */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Delete Domain Group.\n")); + + /* store the parameters */ + make_samr_q_delete_dom_group(&q_o, group_pol); + + /* turn parameters into data stream */ + samr_io_q_delete_dom_group("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_DELETE_DOM_GROUP, &data, &rdata)) + { + SAMR_R_DELETE_DOM_GROUP r_o; + BOOL p; + + samr_io_r_delete_dom_group("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_DELETE_DOM_GROUP: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + valid_pol = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_pol; +} + +/**************************************************************************** do a SAMR Create Domain Group ****************************************************************************/ BOOL samr_create_dom_group(struct cli_state *cli, @@ -1349,6 +1632,91 @@ BOOL samr_open_domain(struct cli_state *cli, } /**************************************************************************** +do a SAMR Query Lookup Names +****************************************************************************/ +BOOL samr_query_lookup_names(struct cli_state *cli, + POLICY_HND *pol, uint32 flags, + uint32 num_names, const char **names, + uint32 *num_rids, + uint32 rid[MAX_LOOKUP_SIDS], + uint32 type[MAX_LOOKUP_SIDS]) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_LOOKUP_NAMES q_o; + BOOL valid_query = False; + + if (pol == NULL || flags == 0 || num_names == 0 || names == NULL || + num_rids == NULL || rid == NULL || type == NULL ) return False; + + /* create and send a MSRPC command with api SAMR_LOOKUP_NAMES */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Query Lookup NAMES.\n")); + + /* store the parameters */ + make_samr_q_lookup_names(&q_o, pol, flags, num_names, names); + + /* turn parameters into data stream */ + samr_io_q_lookup_names("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, SAMR_LOOKUP_NAMES, &data, &rdata)) + { + SAMR_R_LOOKUP_NAMES r_o; + BOOL p; + + samr_io_r_lookup_names("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_LOOKUP_NAMES: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p) + { + if (r_o.ptr_rids != 0 && r_o.ptr_types != 0 && + r_o.num_types1 == r_o.num_rids1) + { + int i; + + valid_query = True; + *num_rids = r_o.num_rids1; + + for (i = 0; i < r_o.num_rids1; i++) + { + rid[i] = r_o.rid[i]; + } + for (i = 0; i < r_o.num_types1; i++) + { + type[i] = r_o.type[i]; + } + } + else if (r_o.ptr_rids == 0 && r_o.ptr_types == 0) + { + valid_query = True; + *num_rids = 0; + } + else + { + p = False; + } + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_query; +} + +/**************************************************************************** do a SAMR Query Lookup RIDS ****************************************************************************/ BOOL samr_query_lookup_rids(struct cli_state *cli, |