diff options
author | Luke Leighton <lkcl@samba.org> | 1998-10-21 22:36:26 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-10-21 22:36:26 +0000 |
commit | eadc5b8c6ecdd6892647d391e1976b2c708d1ea0 (patch) | |
tree | 8aa495516461fd94ddbafcb6a52e0a4825de1ae6 /source3/rpc_server | |
parent | 21e107fd42eb953affac28239588458c6c0ee323 (diff) | |
download | samba-eadc5b8c6ecdd6892647d391e1976b2c708d1ea0.tar.gz samba-eadc5b8c6ecdd6892647d391e1976b2c708d1ea0.tar.bz2 samba-eadc5b8c6ecdd6892647d391e1976b2c708d1ea0.zip |
domain aliases added a bit better: does local aliases if you query
for sid S-1-5-20 and does (nothing at the moment) if you query for
your own sid.
(This used to be commit da40f26f4b2f7ce286076b4e39dffd76aa2ef8e6)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_hnd.c | 23 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 68 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 1 |
5 files changed, 70 insertions, 34 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 93584b5acf..a355f0b311 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -28,7 +28,7 @@ #include "nterr.h" extern int DEBUGLEVEL; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; /*************************************************************************** lsa_reply_open_policy2 @@ -373,7 +373,7 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, pstrcpy(dom_name, lp_workgroup()); /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_machine_sid); + lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); } /*************************************************************************** @@ -406,7 +406,7 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, string_to_sid(&sid_S_1_5, "S-1-5"); dom_names[0] = dom_name; - sid_array[0] = &global_machine_sid; + sid_array[0] = &global_sam_sid; dom_names[1] = "Everyone"; sid_array[1] = &sid_S_1_1; @@ -458,7 +458,7 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, string_to_sid(&sid_S_1_5, "S-1-5"); dom_names[0] = dom_name; - sid_array[0] = &global_machine_sid; + sid_array[0] = &global_sam_sid; dom_names[1] = "Everyone"; sid_array[1] = &sid_S_1_1; diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index b1e695360f..b807c40604 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -225,7 +225,28 @@ BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) } /**************************************************************************** - set samr rid + get samr sid +****************************************************************************/ +BOOL get_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid) +{ + struct policy *p = find_lsa_policy(hnd); + + if (p != NULL && p->open) + { + pstring sidstr; + memcpy(sid, &p->dev.samr.sid, sizeof(*sid)); + DEBUG(3,("Getting policy sid=%s pnum=%x\n", + sid_to_string(sidstr, sid), p->pnum)); + + return True; + } + + DEBUG(3,("Error getting policy\n")); + return False; +} + +/**************************************************************************** + get samr rid ****************************************************************************/ uint32 get_lsa_policy_samr_rid(POLICY_HND *hnd) { diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 79a659faf8..4228eab3e0 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -32,7 +32,7 @@ extern int DEBUGLEVEL; extern BOOL sam_logon_in_ssb; extern pstring samlogon_user; extern pstring global_myname; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; /************************************************************************* make_net_r_req_chal: @@ -790,7 +790,7 @@ static void api_net_sam_logon( uint16 vuid, my_name , /* char *logon_srv */ my_workgroup, /* char *logon_dom */ - &global_machine_sid, /* DOM_SID *dom_sid */ + &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ } else diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 06ed6603b3..9a37f76121 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -32,10 +32,11 @@ extern BOOL sam_logon_in_ssb; extern pstring samlogon_user; extern pstring global_myworkgroup; extern pstring global_myname; -extern DOM_SID global_machine_sid; +extern DOM_SID global_sam_sid; extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; +extern rid_name builtin_alias_rids[]; /******************************************************************* This next function should be replaced with something that @@ -295,7 +296,7 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, DOM_SID user_sid; DOM_SID everyone_sid; - user_sid = global_machine_sid; + user_sid = global_sam_sid; SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1); @@ -457,29 +458,44 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES r_e; SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; int num_entries; - BOOL got_aliases; - char *dummy_alias = "admins"; + DOM_SID sid; + fstring sid_str; + fstring sam_sid_str; r_e.status = 0x0; r_e.num_entries = 0; /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) + if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid)) { r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; } - DEBUG(5,("samr_reply_enum_dom_aliases: %d\n", __LINE__)); + sid_to_string(sid_str, &sid); + sid_to_string(sam_sid_str, &global_sam_sid); - got_aliases = True; - num_entries = 1; - make_unistr2(&(pass[0].uni_user_name), dummy_alias, strlen(dummy_alias)); - pass[0].user_rid = BUILTIN_ALIAS_RID_ADMINS; + DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); - if (r_e.status == 0 && got_aliases) + /* well-known aliases */ + if (strequal(sid_str, "S-1-5-20")) { - make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); + char *name; + while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) + { + make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); + pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; + num_entries++; + } } + else if (strequal(sid_str, sam_sid_str)) + { + /* local aliases */ + /* oops! there's no code to deal with this */ + DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n")); + num_entries = 0; + } + + make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); /* store the response in the SMB stream */ samr_io_r_enum_dom_aliases("", &r_e, rdata, 0); @@ -1276,12 +1292,12 @@ static void api_samr_query_usergroups( uint16 vuid, prs_struct *data, prs_struct /******************************************************************* - samr_reply_unknown_8 + samr_reply_query_dom_info ********************************************************************/ -static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, +static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, prs_struct *rdata) { - SAMR_R_UNKNOWN_8 r_u; + SAMR_R_QUERY_DOMAIN_INFO r_u; SAM_UNK_CTR ctr; uint16 switch_value = 0x0; uint32 status = 0x0; @@ -1291,13 +1307,13 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, r_u.ctr = &ctr; - DEBUG(5,("samr_reply_unknown_8: %d\n", __LINE__)); + DEBUG(5,("samr_reply_query_dom_info: %d\n", __LINE__)); /* find the policy handle. open a policy on it. */ if (r_u.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->domain_pol)) == -1)) { r_u.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - DEBUG(5,("samr_reply_unknown_8: invalid handle\n")); + DEBUG(5,("samr_reply_query_dom_info: invalid handle\n")); } if (status == 0x0) @@ -1319,27 +1335,27 @@ static void samr_reply_unknown_8(SAMR_Q_UNKNOWN_8 *q_u, } } - make_samr_r_unknown_8(&r_u, switch_value, &ctr, status); + make_samr_r_query_dom_info(&r_u, switch_value, &ctr, status); /* store the response in the SMB stream */ - samr_io_r_unknown_8("", &r_u, rdata, 0); + samr_io_r_query_dom_info("", &r_u, rdata, 0); - DEBUG(5,("samr_unknown_8: %d\n", __LINE__)); + DEBUG(5,("samr_query_dom_info: %d\n", __LINE__)); } /******************************************************************* - api_samr_unknown_8 + api_samr_query_dom_info ********************************************************************/ -static void api_samr_unknown_8( uint16 vuid, prs_struct *data, prs_struct *rdata) +static void api_samr_query_dom_info( uint16 vuid, prs_struct *data, prs_struct *rdata) { - SAMR_Q_UNKNOWN_8 q_e; + SAMR_Q_QUERY_DOMAIN_INFO q_e; /* grab the samr unknown 8 command */ - samr_io_q_unknown_8("", &q_e, data, 0); + samr_io_q_query_dom_info("", &q_e, data, 0); /* construct reply. */ - samr_reply_unknown_8(&q_e, rdata); + samr_reply_query_dom_info(&q_e, rdata); } @@ -1595,7 +1611,7 @@ static struct api_struct api_samr_cmds [] = { "SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names }, { "SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user }, { "SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo }, - { "SAMR_UNKNOWN_8" , SAMR_UNKNOWN_8 , api_samr_unknown_8 }, + { "SAMR_QUERY_DOMAIN_INFO", SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info }, { "SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups }, { "SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo }, { "SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo }, diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 4756d2f338..b3557c7768 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -42,7 +42,6 @@ #include "nterr.h" extern int DEBUGLEVEL; -extern DOM_SID global_machine_sid; /* * A list of the rids of well known BUILTIN and Domain users |