summaryrefslogtreecommitdiff
path: root/source3/rpc_client
diff options
context:
space:
mode:
authorMatthew Chapman <matty@samba.org>1999-02-24 01:52:30 +0000
committerMatthew Chapman <matty@samba.org>1999-02-24 01:52:30 +0000
commit05f772b431f9c77a2fb37736fc4f801d84cac365 (patch)
tree12722ff39b9a869d85beb4aa228192c2a1fe110f /source3/rpc_client
parent1e71ecdcb21f24e70ee5edbbc05de0284fa588f4 (diff)
downloadsamba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.gz
samba-05f772b431f9c77a2fb37736fc4f801d84cac365.tar.bz2
samba-05f772b431f9c77a2fb37736fc4f801d84cac365.zip
Win9x user level security.
* Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e)
Diffstat (limited to 'source3/rpc_client')
-rw-r--r--source3/rpc_client/cli_samr.c78
1 files changed, 65 insertions, 13 deletions
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 6791195e71..d95bd99eac 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -405,6 +405,7 @@ BOOL samr_chgpasswd_user(struct cli_state *cli, uint16 fnum,
return valid_pwc;
}
+
/****************************************************************************
do a SAMR unknown 0x38 command
****************************************************************************/
@@ -536,7 +537,7 @@ BOOL samr_enum_dom_groups(struct cli_state *cli, uint16 fnum,
prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True );
/* store the parameters */
- make_samr_q_enum_dom_groups(&q_e, pol, 3, 0, size);
+ make_samr_q_enum_dom_groups(&q_e, pol, size);
/* turn parameters into data stream */
samr_io_q_enum_dom_groups("", &q_e, &data, 0);
@@ -561,13 +562,12 @@ BOOL samr_enum_dom_groups(struct cli_state *cli, uint16 fnum,
{
int i;
int name_idx = 0;
- int desc_idx = 0;
*num_sam_groups = r_e.num_entries2;
if (*num_sam_groups > MAX_SAM_ENTRIES)
{
*num_sam_groups = MAX_SAM_ENTRIES;
- DEBUG(2,("samr_enum_dom_groups: sam user entries limited to %d\n",
+ DEBUG(2,("samr_enum_dom_groups: sam group entries limited to %d\n",
*num_sam_groups));
}
@@ -580,21 +580,16 @@ BOOL samr_enum_dom_groups(struct cli_state *cli, uint16 fnum,
for (i = 0; i < *num_sam_groups; i++)
{
- (*sam)[i].rid = r_e.sam[i].rid_grp;
+ (*sam)[i].rid = r_e.sam[i].rid;
(*sam)[i].acct_name[0] = 0;
(*sam)[i].acct_desc[0] = 0;
- if (r_e.sam[i].hdr_grp_name.buffer)
+ if (r_e.sam[i].hdr_name.buffer)
{
- unistr2_to_ascii((*sam)[i].acct_name, &r_e.str[name_idx].uni_grp_name, sizeof((*sam)[i].acct_name)-1);
+ unistr2_to_ascii((*sam)[i].acct_name, &r_e.uni_grp_name[name_idx], sizeof((*sam)[i].acct_name)-1);
name_idx++;
}
- if (r_e.sam[i].hdr_grp_desc.buffer)
- {
- unistr2_to_ascii((*sam)[i].acct_desc, &r_e.str[name_idx].uni_grp_desc, sizeof((*sam)[i].acct_desc)-1);
- desc_idx++;
- }
- DEBUG(5,("samr_enum_dom_groups: idx: %4d rid: %8x acct: %s desc: %s\n",
- i, (*sam)[i].rid, (*sam)[i].acct_name, (*sam)[i].acct_desc));
+ DEBUG(5,("samr_enum_dom_groups: idx: %4d rid: %8x acct: %s\n",
+ i, (*sam)[i].rid, (*sam)[i].acct_name));
}
valid_pol = True;
}
@@ -1630,6 +1625,63 @@ BOOL samr_open_domain(struct cli_state *cli, uint16 fnum,
}
/****************************************************************************
+do a SAMR Query Lookup Domain
+****************************************************************************/
+BOOL samr_query_lookup_domain(struct cli_state *cli, uint16 fnum,
+ POLICY_HND *pol, const char *dom_name,
+ DOM_SID *dom_sid)
+{
+ prs_struct data;
+ prs_struct rdata;
+
+ SAMR_Q_LOOKUP_DOMAIN q_o;
+ BOOL valid_query = False;
+
+ if (pol == NULL || dom_name == NULL || dom_sid == NULL) return False;
+
+ /* create and send a MSRPC command with api SAMR_LOOKUP_DOMAIN */
+
+ prs_init(&data , 1024, 4, SAFETY_MARGIN, False);
+ prs_init(&rdata, 0 , 4, SAFETY_MARGIN, True );
+
+ DEBUG(4,("SAMR Query Lookup Domain.\n"));
+
+ /* store the parameters */
+ make_samr_q_lookup_domain(&q_o, pol, dom_name);
+
+ /* turn parameters into data stream */
+ samr_io_q_lookup_domain("", &q_o, &data, 0);
+
+ /* send the data on \PIPE\ */
+ if (rpc_api_pipe_req(cli, fnum, SAMR_LOOKUP_DOMAIN, &data, &rdata))
+ {
+ SAMR_R_LOOKUP_DOMAIN r_o;
+ BOOL p;
+
+ samr_io_r_lookup_domain("", &r_o, &rdata, 0);
+ p = rdata.offset != 0;
+
+ if (p && r_o.status != 0)
+ {
+ /* report error code */
+ DEBUG(0,("SAMR_R_LOOKUP_DOMAIN: %s\n", get_nt_error_msg(r_o.status)));
+ p = False;
+ }
+
+ if (p && r_o.ptr_sid != 0)
+ {
+ sid_copy(dom_sid, &r_o.dom_sid.sid);
+ valid_query = True;
+ }
+ }
+
+ prs_mem_free(&data );
+ prs_mem_free(&rdata );
+
+ return valid_query;
+}
+
+/****************************************************************************
do a SAMR Query Lookup Names
****************************************************************************/
BOOL samr_query_lookup_names(struct cli_state *cli, uint16 fnum,