diff options
| author | Matthew Chapman <matty@samba.org> | 1999-02-24 01:52:30 +0000 |
|---|---|---|
| committer | Matthew Chapman <matty@samba.org> | 1999-02-24 01:52:30 +0000 |
| commit | 05f772b431f9c77a2fb37736fc4f801d84cac365 (patch) | |
| tree | 12722ff39b9a869d85beb4aa228192c2a1fe110f /source3/rpc_client | |
| parent | 1e71ecdcb21f24e70ee5edbbc05de0284fa588f4 (diff) | |
| download | samba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.gz samba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.bz2 samba-05f772b431f9c77a2fb37736fc4f801d84cac365.zip | |
Win9x user level security.
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer)
* Added real SAMR_ENUM_DOM_GROUPS (corresponding to
SamrEnumerateGroupsInDomain). The existing one is just an alias for
SamrQueryDisplayInformation (see below).
* Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is
what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are
simple user/group list requests used by Win9x and I suspect (haven't
checked) the "low speed connection" User Manager.
* Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and
0x33. Usually the first is with info level 3 and the second 4 but there is
some overlap so indeed these should be implemented as just aliases.
* Return ERRDOS/ERRmoredata on extra data instead of
STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results
in an SMBreadX as usual.
Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of
users and groups - which Win95 proceeds to truncate at.
(This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e)
Diffstat (limited to 'source3/rpc_client')
| -rw-r--r-- | source3/rpc_client/cli_samr.c | 78 |
1 files changed, 65 insertions, 13 deletions
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 6791195e71..d95bd99eac 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -405,6 +405,7 @@ BOOL samr_chgpasswd_user(struct cli_state *cli, uint16 fnum, return valid_pwc; } + /**************************************************************************** do a SAMR unknown 0x38 command ****************************************************************************/ @@ -536,7 +537,7 @@ BOOL samr_enum_dom_groups(struct cli_state *cli, uint16 fnum, prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); /* store the parameters */ - make_samr_q_enum_dom_groups(&q_e, pol, 3, 0, size); + make_samr_q_enum_dom_groups(&q_e, pol, size); /* turn parameters into data stream */ samr_io_q_enum_dom_groups("", &q_e, &data, 0); @@ -561,13 +562,12 @@ BOOL samr_enum_dom_groups(struct cli_state *cli, uint16 fnum, { int i; int name_idx = 0; - int desc_idx = 0; *num_sam_groups = r_e.num_entries2; if (*num_sam_groups > MAX_SAM_ENTRIES) { *num_sam_groups = MAX_SAM_ENTRIES; - DEBUG(2,("samr_enum_dom_groups: sam user entries limited to %d\n", + DEBUG(2,("samr_enum_dom_groups: sam group entries limited to %d\n", *num_sam_groups)); } @@ -580,21 +580,16 @@ BOOL samr_enum_dom_groups(struct cli_state *cli, uint16 fnum, for (i = 0; i < *num_sam_groups; i++) { - (*sam)[i].rid = r_e.sam[i].rid_grp; + (*sam)[i].rid = r_e.sam[i].rid; (*sam)[i].acct_name[0] = 0; (*sam)[i].acct_desc[0] = 0; - if (r_e.sam[i].hdr_grp_name.buffer) + if (r_e.sam[i].hdr_name.buffer) { - unistr2_to_ascii((*sam)[i].acct_name, &r_e.str[name_idx].uni_grp_name, sizeof((*sam)[i].acct_name)-1); + unistr2_to_ascii((*sam)[i].acct_name, &r_e.uni_grp_name[name_idx], sizeof((*sam)[i].acct_name)-1); name_idx++; } - if (r_e.sam[i].hdr_grp_desc.buffer) - { - unistr2_to_ascii((*sam)[i].acct_desc, &r_e.str[name_idx].uni_grp_desc, sizeof((*sam)[i].acct_desc)-1); - desc_idx++; - } - DEBUG(5,("samr_enum_dom_groups: idx: %4d rid: %8x acct: %s desc: %s\n", - i, (*sam)[i].rid, (*sam)[i].acct_name, (*sam)[i].acct_desc)); + DEBUG(5,("samr_enum_dom_groups: idx: %4d rid: %8x acct: %s\n", + i, (*sam)[i].rid, (*sam)[i].acct_name)); } valid_pol = True; } @@ -1630,6 +1625,63 @@ BOOL samr_open_domain(struct cli_state *cli, uint16 fnum, } /**************************************************************************** +do a SAMR Query Lookup Domain +****************************************************************************/ +BOOL samr_query_lookup_domain(struct cli_state *cli, uint16 fnum, + POLICY_HND *pol, const char *dom_name, + DOM_SID *dom_sid) +{ + prs_struct data; + prs_struct rdata; + + SAMR_Q_LOOKUP_DOMAIN q_o; + BOOL valid_query = False; + + if (pol == NULL || dom_name == NULL || dom_sid == NULL) return False; + + /* create and send a MSRPC command with api SAMR_LOOKUP_DOMAIN */ + + prs_init(&data , 1024, 4, SAFETY_MARGIN, False); + prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True ); + + DEBUG(4,("SAMR Query Lookup Domain.\n")); + + /* store the parameters */ + make_samr_q_lookup_domain(&q_o, pol, dom_name); + + /* turn parameters into data stream */ + samr_io_q_lookup_domain("", &q_o, &data, 0); + + /* send the data on \PIPE\ */ + if (rpc_api_pipe_req(cli, fnum, SAMR_LOOKUP_DOMAIN, &data, &rdata)) + { + SAMR_R_LOOKUP_DOMAIN r_o; + BOOL p; + + samr_io_r_lookup_domain("", &r_o, &rdata, 0); + p = rdata.offset != 0; + + if (p && r_o.status != 0) + { + /* report error code */ + DEBUG(0,("SAMR_R_LOOKUP_DOMAIN: %s\n", get_nt_error_msg(r_o.status))); + p = False; + } + + if (p && r_o.ptr_sid != 0) + { + sid_copy(dom_sid, &r_o.dom_sid.sid); + valid_query = True; + } + } + + prs_mem_free(&data ); + prs_mem_free(&rdata ); + + return valid_query; +} + +/**************************************************************************** do a SAMR Query Lookup Names ****************************************************************************/ BOOL samr_query_lookup_names(struct cli_state *cli, uint16 fnum, |