summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-07-16 05:34:56 +0000
committerGerald Carter <jerry@samba.org>2003-07-16 05:34:56 +0000
commit4a090ba06a54f5da179ac02bb307cc03d08831bf (patch)
treeed652ef36be7f16682c358816334f969a22f1c27 /source3/rpc_server
parent95fe82670032a3a43571b46d7bbf2c26bc8cdcd9 (diff)
downloadsamba-4a090ba06a54f5da179ac02bb307cc03d08831bf.tar.gz
samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.tar.bz2
samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.zip
trying to get HEAD building again. If you want the code
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE (This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_dfs_nt.c2
-rw-r--r--source3/rpc_server/srv_lsa.c185
-rw-r--r--source3/rpc_server/srv_lsa_nt.c222
-rw-r--r--source3/rpc_server/srv_netlog_nt.c26
-rw-r--r--source3/rpc_server/srv_pipe.c42
-rw-r--r--source3/rpc_server/srv_samr_nt.c212
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c85
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c33
-rw-r--r--source3/rpc_server/srv_util.c27
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c4
10 files changed, 345 insertions, 493 deletions
diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
index da92e5c06b..eba4eaec75 100644
--- a/source3/rpc_server/srv_dfs_nt.c
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -135,7 +135,7 @@ WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u,
pstrcpy(altpath, servername);
pstrcat(altpath, "\\");
pstrcat(altpath, sharename);
- strlower(altpath);
+ strlower_m(altpath);
}
DEBUG(5,("init_reply_dfs_remove: Request to remove %s -> %s\\%s.\n",
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 1c4ef6c8e6..679cfb73bb 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -642,176 +642,45 @@ static BOOL api_lsa_query_info2(pipes_struct *p)
}
-
-/***************************************************************************
- api_lsa_enum_acctrights
- ***************************************************************************/
-static BOOL api_lsa_enum_acct_rights(pipes_struct *p)
-{
- LSA_Q_ENUM_ACCT_RIGHTS q_u;
- LSA_R_ENUM_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/***************************************************************************
- api_lsa_enum_acct_with_right
- ***************************************************************************/
-static BOOL api_lsa_enum_acct_with_right(pipes_struct *p)
-{
- LSA_Q_ENUM_ACCT_WITH_RIGHT q_u;
- LSA_R_ENUM_ACCT_WITH_RIGHT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_acct_with_right("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_acct_with_right: failed to unmarshall LSA_Q_ENUM_ACCT_WITH_RIGHT.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_acct_with_right(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_acct_with_right("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_acct_with_right: Failed to marshall LSA_R_ENUM_ACCT_WITH_RIGHT.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/***************************************************************************
- api_lsa_add_acctrights
- ***************************************************************************/
-static BOOL api_lsa_add_acct_rights(pipes_struct *p)
-{
- LSA_Q_ADD_ACCT_RIGHTS q_u;
- LSA_R_ADD_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/***************************************************************************
- api_lsa_remove_acctrights
- ***************************************************************************/
-static BOOL api_lsa_remove_acct_rights(pipes_struct *p)
-{
- LSA_Q_REMOVE_ACCT_RIGHTS q_u;
- LSA_R_REMOVE_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-
/***************************************************************************
\PIPE\ntlsa commands
***************************************************************************/
-
NTSTATUS rpc_lsa_init(void)
{
- static const struct api_struct api_lsa_cmds[] =
- {
- { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
- { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
- { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
- { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
- { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
- { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
- { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
- { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
- { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs },
- { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
- { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts },
- { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
- { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account },
- { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
- { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
- { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
- { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
- { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
- { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
- { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
- { "LSA_ENUMACCTWITHRIGHT", LSA_ENUMACCTWITHRIGHT, api_lsa_enum_acct_with_right },
- { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights },
- { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights},
- /* be careful of the adding of new RPC's. See commentrs below about
- * ADS DC capabilities */
- { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 },
- };
-
+static const struct api_struct api_lsa_cmds[] =
+{
+ { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
+ { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
+ { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
+ { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
+ { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
+ { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
+ { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
+ { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
+ { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs },
+ { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
+ { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts },
+ { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
+ { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account },
+ { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
+ { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
+ { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
+ { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
+ { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
+ { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
+ /* be careful of the adding of new RPC's. See commentrs below about
+ ADS DC capabilities */
+ { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }
+};
/*
* NOTE: Certain calls can not be enabled if we aren't an ADS DC. Make sure
* these calls are always last and that you decrement by the amount of calls
* to disable.
- */
+ */
int funcs = sizeof(api_lsa_cmds) / sizeof(struct api_struct);
if (!(SEC_ADS == lp_security() && ROLE_DOMAIN_PDC == lp_server_role())) {
- funcs -= 1;
+ funcs -= 1;
}
return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds,
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 3581be0181..ca3021a876 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -403,8 +403,16 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL
/* get the generic lsa policy SD until we store it */
lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
- if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status))
- return status;
+ if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
+ if (geteuid() != 0) {
+ return status;
+ }
+ DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
+ acc_granted, des_access));
+ DEBUGADD(4,("but overwritten by euid == 0\n"));
+ acc_granted = des_access;
+ }
+
/* associate the domain SID with the (unique) handle. */
if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
@@ -441,8 +449,15 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *
/* get the generic lsa policy SD until we store it */
lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size);
- if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status))
- return status;
+ if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) {
+ if (geteuid() != 0) {
+ return status;
+ }
+ DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
+ acc_granted, des_access));
+ DEBUGADD(4,("but overwritten by euid == 0\n"));
+ acc_granted = des_access;
+ }
/* associate the domain SID with the (unique) handle. */
if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
@@ -547,7 +562,7 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
- name = lp_workgroup();
+ name = get_global_sam_name();
sid = get_global_sam_sid();
break;
case ROLE_DOMAIN_MEMBER:
@@ -573,23 +588,8 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
return NT_STATUS_ACCESS_DENIED;
/* Request PolicyAccountDomainInformation. */
- switch (lp_server_role()) {
- case ROLE_DOMAIN_PDC:
- case ROLE_DOMAIN_BDC:
- name = lp_workgroup();
- sid = get_global_sam_sid();
- break;
- case ROLE_DOMAIN_MEMBER:
- name = global_myname();
- sid = get_global_sam_sid();
- break;
- case ROLE_STANDALONE:
- name = global_myname();
- sid = get_global_sam_sid();
- break;
- default:
- return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
- }
+ name = get_global_sam_name();
+ sid = get_global_sam_sid();
init_dom_query(&r_u->dom.id5, name, sid);
break;
case 0x06:
@@ -645,7 +645,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_
num_entries = MAX_LOOKUP_SIDS;
DEBUG(5,("_lsa_lookup_sids: truncating SID lookup list to %d\n", num_entries));
}
-
+
ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM));
@@ -859,7 +859,7 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU
return NT_STATUS_ACCESS_DENIED;
/* get the list of mapped groups (domain, local, builtin) */
- if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED))
return NT_STATUS_OK;
if (q_u->enum_context >= num_entries)
@@ -964,8 +964,6 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS
{
struct lsa_info *info=NULL;
GROUP_MAP map;
- int i=0;
-
LUID_ATTR *set=NULL;
r_u->status = NT_STATUS_OK;
@@ -974,9 +972,10 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid))
return NT_STATUS_NO_SUCH_GROUP;
+#if 0 /* privileges currently not implemented! */
DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count));
if (map.priv_set.count!=0) {
@@ -997,6 +996,9 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS
init_lsa_r_enum_privsaccount(r_u, set, map.priv_set.count, 0);
free_privilege(&map.priv_set);
+#endif
+
+ init_lsa_r_enum_privsaccount(r_u, set, 0, 0);
return r_u->status;
}
@@ -1015,7 +1017,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITHOUT_PRIV))
+ if (!pdb_getgrsid(&map, info->sid))
return NT_STATUS_NO_SUCH_GROUP;
/*
@@ -1027,7 +1029,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
they can be ORed together
*/
- r_u->access=map.systemaccount;
+ r_u->access = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
return r_u->status;
}
@@ -1046,16 +1048,12 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid))
return NT_STATUS_NO_SUCH_GROUP;
- map.systemaccount=q_u->access;
-
if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
- free_privilege(&map.priv_set);
-
return r_u->status;
}
@@ -1065,20 +1063,22 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
{
+#if 0
struct lsa_info *info=NULL;
GROUP_MAP map;
int i=0;
-
LUID_ATTR *luid_attr=NULL;
PRIVILEGE_SET *set=NULL;
+#endif
r_u->status = NT_STATUS_OK;
+#if 0 /* privileges are not implemented */
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid))
return NT_STATUS_NO_SUCH_GROUP;
set=&q_u->set;
@@ -1100,6 +1100,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
free_privilege(&map.priv_set);
+#endif
return r_u->status;
}
@@ -1109,20 +1110,22 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
{
+#if 0
struct lsa_info *info=NULL;
GROUP_MAP map;
int i=0;
-
LUID_ATTR *luid_attr=NULL;
PRIVILEGE_SET *set=NULL;
+#endif
r_u->status = NT_STATUS_OK;
+#if 0 /* privileges are not implemented */
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!pdb_getgrsid(&map, info->sid))
return NT_STATUS_NO_SUCH_GROUP;
if (q_u->allrights!=0) {
@@ -1156,7 +1159,7 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
-
+#endif
return r_u->status;
}
@@ -1240,13 +1243,13 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
switch (lp_server_role()) {
case ROLE_DOMAIN_PDC:
case ROLE_DOMAIN_BDC:
- nb_name = lp_workgroup();
+ nb_name = get_global_sam_name();
/* ugly temp hack for these next two */
/* This should be a 'netbios domain -> DNS domain' mapping */
dnsdomname[0] = '\0';
get_mydomname(dnsdomname);
- strlower(dnsdomname);
+ strlower_m(dnsdomname);
dns_name = dnsdomname;
forest_name = dnsdomname;
@@ -1273,140 +1276,3 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
return r_u->status;
}
-
-
-/***************************************************************************
- For a given SID, enumerate all the privilege this account has.
- ***************************************************************************/
-NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
-{
- struct lsa_info *info=NULL;
- char **rights = NULL;
- int num_rights = 0;
- int i;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
- r_u->status = privilege_enum_account_rights(&q_u->sid.sid, &num_rights, &rights);
-
- init_r_enum_acct_rights(r_u, num_rights, (const char **)rights);
-
- for (i=0;i<num_rights;i++) {
- free(rights[i]);
- }
- safe_free(rights);
-
- return r_u->status;
-}
-
-/***************************************************************************
-return a list of SIDs for a particular privilege
- ***************************************************************************/
-NTSTATUS _lsa_enum_acct_with_right(pipes_struct *p,
- LSA_Q_ENUM_ACCT_WITH_RIGHT *q_u,
- LSA_R_ENUM_ACCT_WITH_RIGHT *r_u)
-{
- struct lsa_info *info=NULL;
- char *right;
- DOM_SID *sids = NULL;
- uint32 count = 0;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
- right = unistr2_tdup(p->mem_ctx, &q_u->right);
-
- DEBUG(5,("lsa_enum_acct_with_right on right %s\n", right));
-
- r_u->status = privilege_enum_account_with_right(right, &count, &sids);
-
- init_r_enum_acct_with_right(r_u, count, sids);
-
- safe_free(sids);
-
- return r_u->status;
-}
-
-/***************************************************************************
- add privileges to a acct by SID
- ***************************************************************************/
-NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u)
-{
- struct lsa_info *info=NULL;
- int i;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
- DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n",
- sid_string_static(&q_u->sid.sid), q_u->rights.count));
-
- for (i=0;i<q_u->rights.count;i++) {
- DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
- }
-
-
- for (i=0;i<q_u->rights.count;i++) {
- r_u->status = privilege_add_account_right(unistr2_static(&q_u->rights.strings[i].string),
- &q_u->sid.sid);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- DEBUG(2,("Failed to add right '%s'\n",
- unistr2_static(&q_u->rights.strings[i].string)));
- break;
- }
- }
-
- init_r_add_acct_rights(r_u);
-
- return r_u->status;
-}
-
-
-/***************************************************************************
- remove privileges from a acct by SID
- ***************************************************************************/
-NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u)
-{
- struct lsa_info *info=NULL;
- int i;
-
- r_u->status = NT_STATUS_OK;
-
- /* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
- return NT_STATUS_INVALID_HANDLE;
-
-
- DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n",
- sid_string_static(&q_u->sid.sid),
- q_u->removeall,
- q_u->rights.count));
-
- for (i=0;i<q_u->rights.count;i++) {
- DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string)));
- }
-
- for (i=0;i<q_u->rights.count;i++) {
- r_u->status = privilege_remove_account_right(unistr2_static(&q_u->rights.strings[i].string),
- &q_u->sid.sid);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- DEBUG(2,("Failed to remove right '%s'\n",
- unistr2_static(&q_u->rights.strings[i].string)));
- break;
- }
- }
-
- init_r_remove_acct_rights(r_u);
-
- return r_u->status;
-}
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index aa573b8154..c4a87d2e26 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -524,6 +524,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
auth_serversupplied_info *server_info = NULL;
extern userdom_struct current_user_info;
SAM_ACCOUNT *sampw;
+ struct auth_context *auth_context = NULL;
usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
if (!usr_info)
@@ -598,10 +599,11 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username));
+ status = NT_STATUS_OK;
+
switch (ctr->switch_value) {
case NET_LOGON_TYPE:
{
- struct auth_context *auth_context = NULL;
if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) {
return status;
}
@@ -615,11 +617,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
ctr->auth.id2.nt_chal_resp.buffer,
ctr->auth.id2.nt_chal_resp.str_str_len)) {
status = NT_STATUS_NO_MEMORY;
- } else {
- status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
- }
- (auth_context->free)(&auth_context);
-
+ }
break;
}
case INTERACTIVE_LOGON_TYPE:
@@ -628,8 +626,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
convert this to chellange/responce for the auth
subsystem to chew on */
{
- struct auth_context *auth_context = NULL;
const uint8 *chal;
+
if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
return status;
}
@@ -643,12 +641,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
ctr->auth.id1.nt_owf.data,
p->dc.sess_key)) {
status = NT_STATUS_NO_MEMORY;
- } else {
- status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
}
-
- (auth_context->free)(&auth_context);
-
break;
}
default:
@@ -656,6 +649,12 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
return NT_STATUS_INVALID_INFO_CLASS;
} /* end switch */
+ if ( NT_STATUS_IS_OK(status) ) {
+ status = auth_context->check_ntlm_password(auth_context,
+ user_info, &server_info);
+ }
+
+ (auth_context->free)(&auth_context);
free_user_info(&user_info);
DEBUG(5, ("_net_sam_logon: check_password returned status %s\n",
@@ -731,8 +730,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
init_net_user_info3(p->mem_ctx, usr_info,
user_rid,
- group_rid,
-
+ group_rid,
pdb_get_username(sampw),
pdb_get_fullname(sampw),
pdb_get_homedir(sampw),
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 6a9e591f64..9a63ebc7a3 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -227,7 +227,7 @@ BOOL create_next_pdu(pipes_struct *p)
if (auth_seal || auth_verify) {
RPC_HDR_AUTH auth_info;
- init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL,
+ init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL,
(auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0));
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n"));
@@ -263,11 +263,9 @@ BOOL create_next_pdu(pipes_struct *p)
prs_struct rverf;
prs_struct rauth;
- uchar sign[8];
-
data = prs_data_p(&outgoing_pdu) + data_pos;
- init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL,
+ init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL,
RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) {
@@ -284,12 +282,12 @@ BOOL create_next_pdu(pipes_struct *p)
p->netsec_auth.seq_num));
}
- RSIVAL(sign, 0, p->netsec_auth.seq_num);
- SIVAL(sign, 4, 0);
-
- init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, sign, nullbytes);
+ init_rpc_auth_netsec_chk(&verf, netsec_sig, nullbytes, nullbytes, nullbytes);
- netsec_encode(&p->netsec_auth, &verf, data, data_len);
+ netsec_encode(&p->netsec_auth,
+ AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL,
+ SENDER_IS_ACCEPTOR,
+ &verf, data, data_len);
smb_io_rpc_auth_netsec_chk("", &verf, &outgoing_pdu, 0);
@@ -458,13 +456,17 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
p->ntlmssp_hash[256] = 0;
p->ntlmssp_hash[257] = 0;
}
+
+ dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
+ sizeof(p->ntlmssp_hash));
+
/* NTLMSSPhash(p->ntlmssp_hash, p24); */
p->ntlmssp_seq_num = 0;
}
fstrcpy(p->user_name, user_name);
- fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account));
+ fstrcpy(p->pipe_user_name, server_info->unix_name);
fstrcpy(p->domain, domain);
fstrcpy(p->wks, wks);
@@ -546,7 +548,7 @@ BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p)
return False;
}
- if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != NTLMSSP_AUTH_LEVEL) {
+ if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL) {
DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n",
(int)autha_info.auth_type, (int)autha_info.auth_level ));
return False;
@@ -1070,7 +1072,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
/*** Authentication info ***/
- init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
+ init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
goto err_exit;
@@ -1105,7 +1107,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
re-used from the auth2 the client did before. */
p->dc = last_dcinfo;
- init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, NETSEC_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1);
+ init_rpc_hdr_auth(&auth_info, NETSEC_AUTH_TYPE, RPC_PIPE_AUTH_SEAL_LEVEL, RPC_HDR_AUTH_LEN, 1);
if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) {
DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n"));
goto err_exit;
@@ -1226,7 +1228,14 @@ BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in)
* has already been consumed.
*/
char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN;
+ dump_data_pw("NTLMSSP hash (v1)\n", p->ntlmssp_hash,
+ sizeof(p->ntlmssp_hash));
+
+ dump_data_pw("Incoming RPC PDU (NTLMSSP sealed)\n",
+ data, data_len);
NTLMSSPcalc_p(p, (uchar*)data, data_len);
+ dump_data_pw("Incoming RPC PDU (NTLMSSP unsealed)\n",
+ data, data_len);
crc32 = crc32_calc_buffer(data, data_len);
}
@@ -1335,7 +1344,7 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
}
if ((auth_info.auth_type != NETSEC_AUTH_TYPE) ||
- (auth_info.auth_level != NETSEC_AUTH_LEVEL)) {
+ (auth_info.auth_level != RPC_PIPE_AUTH_SEAL_LEVEL)) {
DEBUG(0,("Invalid auth info %d or level %d on schannel\n",
auth_info.auth_type, auth_info.auth_level));
return False;
@@ -1346,7 +1355,10 @@ BOOL api_pipe_netsec_process(pipes_struct *p, prs_struct *rpc_in)
return False;
}
- if (!netsec_decode(&p->netsec_auth, &netsec_chk,
+ if (!netsec_decode(&p->netsec_auth,
+ AUTH_PIPE_NETSEC|AUTH_PIPE_SIGN|AUTH_PIPE_SEAL,
+ SENDER_IS_INITIATOR,
+ &netsec_chk,
prs_data_p(rpc_in)+old_offset, data_len)) {
DEBUG(0,("failed to decode PDU\n"));
return False;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index fc29df3976..9324fd4765 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -44,10 +44,10 @@ extern rid_name builtin_alias_rids[];
typedef struct _disp_info {
BOOL user_dbloaded;
uint32 num_user_account;
- DISP_USER_INFO *disp_user_info;
+ SAM_ACCOUNT *disp_user_info;
BOOL group_dbloaded;
uint32 num_group_account;
- DISP_GROUP_INFO *disp_group_info;
+ DOMAIN_GRP *disp_group_info;
} DISP_INFO;
struct samr_info {
@@ -151,28 +151,29 @@ static struct samr_info *get_samr_info_by_sid(DOM_SID *psid)
return info;
}
-
/*******************************************************************
Function to free the per handle data.
********************************************************************/
+
static void free_samr_users(struct samr_info *info)
{
int i;
if (info->disp_info.user_dbloaded){
for (i=0; i<info->disp_info.num_user_account; i++) {
+ SAM_ACCOUNT *sam = &info->disp_info.disp_user_info[i];
/* Not really a free, actually a 'clear' */
- pdb_free_sam(&info->disp_info.disp_user_info[i].sam);
+ pdb_free_sam(&sam);
}
}
info->disp_info.user_dbloaded=False;
info->disp_info.num_user_account=0;
}
-
/*******************************************************************
Function to free the per handle data.
********************************************************************/
+
static void free_samr_db(struct samr_info *info)
{
/* Groups are talloced */
@@ -183,7 +184,6 @@ static void free_samr_db(struct samr_info *info)
info->disp_info.num_group_account=0;
}
-
static void free_samr_info(void *ptr)
{
struct samr_info *info=(struct samr_info *) ptr;
@@ -212,7 +212,7 @@ static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass)
static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL all_machines)
{
SAM_ACCOUNT *pwd = NULL;
- DISP_USER_INFO *pwd_array = NULL;
+ SAM_ACCOUNT *pwd_array = NULL;
NTSTATUS nt_status = NT_STATUS_OK;
TALLOC_CTX *mem_ctx = info->mem_ctx;
@@ -255,8 +255,8 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOO
if (info->disp_info.num_user_account % MAX_SAM_ENTRIES == 0) {
DEBUG(10,("load_sampwd_entries: allocating more memory\n"));
- pwd_array=(DISP_USER_INFO *)talloc_realloc(mem_ctx, info->disp_info.disp_user_info,
- (info->disp_info.num_user_account+MAX_SAM_ENTRIES)*sizeof(DISP_USER_INFO));
+ pwd_array=(SAM_ACCOUNT *)talloc_realloc(mem_ctx, info->disp_info.disp_user_info,
+ (info->disp_info.num_user_account+MAX_SAM_ENTRIES)*sizeof(SAM_ACCOUNT));
if (pwd_array==NULL)
return NT_STATUS_NO_MEMORY;
@@ -264,8 +264,8 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOO
info->disp_info.disp_user_info=pwd_array;
}
- /* link the SAM_ACCOUNT to the array */
- info->disp_info.disp_user_info[info->disp_info.num_user_account].sam=pwd;
+ /* Copy the SAM_ACCOUNT into the array */
+ info->disp_info.disp_user_info[info->disp_info.num_user_account]=*pwd;
DEBUG(10,("load_sampwd_entries: entry: %d\n", info->disp_info.num_user_account));
@@ -288,7 +288,7 @@ static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOO
static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
{
GROUP_MAP *map=NULL;
- DISP_GROUP_INFO *grp_array = NULL;
+ DOMAIN_GRP *grp_array = NULL;
uint32 group_entries = 0;
uint32 i;
TALLOC_CTX *mem_ctx = info->mem_ctx;
@@ -304,7 +304,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
become_root();
- if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED)) {
DEBUG(1, ("load_group_domain_entries: pdb_enum_group_mapping() failed!\n"));
return NT_STATUS_NO_MEMORY;
}
@@ -313,8 +313,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
info->disp_info.num_group_account=group_entries;
- grp_array=(DISP_GROUP_INFO *)talloc(mem_ctx, info->disp_info.num_group_account*sizeof(DISP_GROUP_INFO));
-
+ grp_array=(DOMAIN_GRP *)talloc(mem_ctx, info->disp_info.num_group_account*sizeof(DOMAIN_GRP));
if (group_entries!=0 && grp_array==NULL) {
DEBUG(1, ("load_group_domain_entries: talloc() failed for grp_array!\n"));
SAFE_FREE(map);
@@ -324,13 +323,10 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
info->disp_info.disp_group_info=grp_array;
for (i=0; i<group_entries; i++) {
-
- grp_array[i].grp=(DOMAIN_GRP *)talloc(mem_ctx, sizeof(DOMAIN_GRP));
-
- fstrcpy(grp_array[i].grp->name, map[i].nt_name);
- fstrcpy(grp_array[i].grp->comment, map[i].comment);
- sid_split_rid(&map[i].sid, &grp_array[i].grp->rid);
- grp_array[i].grp->attr=SID_NAME_DOM_GRP;
+ fstrcpy(grp_array[i].name, map[i].nt_name);
+ fstrcpy(grp_array[i].comment, map[i].comment);
+ sid_split_rid(&map[i].sid, &grp_array[i].rid);
+ grp_array[i].attr=SID_NAME_DOM_GRP;
}
SAFE_FREE(map);
@@ -691,7 +687,7 @@ makes a SAM_ENTRY / UNISTR2* structure from a user list.
********************************************************************/
static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp,
- uint32 num_entries, uint32 start_idx, DISP_USER_INFO *disp_user_info,
+ uint32 num_entries, uint32 start_idx, SAM_ACCOUNT *disp_user_info,
DOM_SID *domain_sid)
{
uint32 i;
@@ -721,7 +717,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UN
}
for (i = 0; i < num_entries; i++) {
- pwd = disp_user_info[i+start_idx].sam;
+ pwd = &disp_user_info[i+start_idx];
temp_name = pdb_get_username(pwd);
init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1);
user_sid = pdb_get_user_sid(pwd);
@@ -900,7 +896,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
/* well-known aliases */
if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
- pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+ pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED);
if (num_entries != 0) {
*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
@@ -937,7 +933,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
uint32 trid;
- if(!pdb_getgrgid(&smap, grp->gr_gid, MAPPING_WITHOUT_PRIV))
+ if(!pdb_getgrgid(&smap, grp->gr_gid))
continue;
if (smap.sid_name_use!=SID_NAME_ALIAS) {
@@ -1018,7 +1014,7 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
*p_num_entries = 0;
- pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+ pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
num_entries=group_entries-start_idx;
@@ -1128,6 +1124,7 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
/*******************************************************************
samr_reply_query_dispinfo
********************************************************************/
+
NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
SAMR_R_QUERY_DISPINFO *r_u)
{
@@ -1346,7 +1343,7 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
!sid_check_is_in_builtin(&sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!pdb_getgrsid(&map, sid, MAPPING_WITHOUT_PRIV))
+ if (!pdb_getgrsid(&map, sid))
return NT_STATUS_NO_SUCH_ALIAS;
switch (q_u->switch_level) {
@@ -2207,6 +2204,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
uint32 acc_granted;
SEC_DESC *psd;
size_t sd_size;
+ uint32 new_rid = 0;
/* check this, when giving away 'add computer to domain' privs */
uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;
@@ -2225,7 +2223,7 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
*/
rpcstr_pull(account, user_account.buffer, sizeof(account), user_account.uni_str_len*2, 0);
- strlower(account);
+ strlower_m(account);
pdb_init_sam(&sam_pass);
@@ -2262,23 +2260,30 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
*/
DEBUG(10,("checking account %s at pos %d for $ termination\n",account, strlen(account)-1));
-#if 0
- if ((acb_info & ACB_WSTRUST) && (account[strlen(account)-1] == '$')) {
- pstrcpy(add_script, lp_addmachine_script());
- } else if ((!(acb_info & ACB_WSTRUST)) && (account[strlen(account)-1] != '$')) {
- pstrcpy(add_script, lp_adduser_script());
- } else {
- DEBUG(0, ("_api_samr_create_user: mismatch between trust flags and $ termination\n"));
- pdb_free_sam(&sam_pass);
- return NT_STATUS_UNSUCCESSFUL;
- }
-#endif
+
+ /*
+ * we used to have code here that made sure the acb_info flags
+ * matched with the users named (e.g. an account flags as a machine
+ * trust account ended in '$'). It has been ifdef'd out for a long
+ * time, so I replaced it with this comment. --jerry
+ */
/* the passdb lookup has failed; check to see if we need to run the
add user/machine script */
pw = Get_Pwnam(account);
+ /*********************************************************************
+ * HEADS UP! If we have to create a new user account, we have to get
+ * a new RID from somewhere. This used to be done by the passdb
+ * backend. It has been moved into idmap now. Since idmap is now
+ * wrapped up behind winbind, this means you have to run winbindd if you
+ * want new accounts to get a new RID when "enable rid algorithm = no".
+ * Tough. We now have a uniform way of allocating RIDs regardless
+ * of what ever passdb backend people may use.
+ * --jerry (2003-07-10)
+ *********************************************************************/
+
if ( !pw ) {
/*
* we can't check both the ending $ and the acb_info.
@@ -2298,11 +2303,19 @@ NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_
add_ret = smbrun(add_script,NULL);
DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret));
}
+ else /* no add user script -- ask winbindd to do it */
+ {
+ if ( !winbind_create_user( account, &new_rid ) ) {
+ DEBUG(3,("_api_samr_create_user: winbind_create_user(%s) failed\n",
+ account));
+ }
+ }
}
- nt_status = pdb_init_sam_new(&sam_pass, account);
- if (!NT_STATUS_IS_OK(nt_status))
+ /* implicit call to getpwnam() next. we have a valid SID coming out of this call */
+
+ if ( !NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pass, account, new_rid)) )
return nt_status;
pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
@@ -2575,17 +2588,10 @@ NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_EN
return r_u->status;
}
- switch (lp_server_role()) {
- case ROLE_DOMAIN_PDC:
- case ROLE_DOMAIN_BDC:
- name = lp_workgroup();
- break;
- default:
- name = global_myname();
- }
+ name = get_global_sam_name();
fstrcpy(dom[0],name);
- strupper(dom[0]);
+ strupper_m(dom[0]);
fstrcpy(dom[1],"Builtin");
if (!make_enum_domains(p->mem_ctx, &r_u->sam, &r_u->uni_dom_name, num_entries, dom))
@@ -2738,6 +2744,41 @@ static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, DOM_SID *sid)
}
/*******************************************************************
+ The GROUPSID field in the SAM_ACCOUNT changed. Try to tell unix.
+ ********************************************************************/
+static BOOL set_unix_primary_group(SAM_ACCOUNT *sampass)
+{
+ struct group *grp;
+ gid_t gid;
+
+ if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sampass),
+ &gid))) {
+ DEBUG(2,("Could not get gid for primary group of "
+ "user %s\n", pdb_get_username(sampass)));
+ return False;
+ }
+
+ grp = getgrgid(gid);
+
+ if (grp == NULL) {
+ DEBUG(2,("Could not find primary group %d for "
+ "user %s\n", gid, pdb_get_username(sampass)));
+ return False;
+ }
+
+ if (smb_set_primary_group(grp->gr_name,
+ pdb_get_username(sampass)) != 0) {
+ DEBUG(2,("Could not set primary group for user %s to "
+ "%s\n",
+ pdb_get_username(sampass), grp->gr_name));
+ return False;
+ }
+
+ return True;
+}
+
+
+/*******************************************************************
set_user_info_21
********************************************************************/
@@ -2766,6 +2807,9 @@ static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, DOM_SID *sid)
* id21. I don't know if they need to be set. --jerry
*/
+ if (IS_SAM_CHANGED(pwd, PDB_GROUPSID))
+ set_unix_primary_group(pwd);
+
/* write the change out */
if(!pdb_update_sam_account(pwd)) {
pdb_free_sam(&pwd);
@@ -2833,6 +2877,9 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid)
ZERO_STRUCT(plaintext_buf);
+ if (IS_SAM_CHANGED(pwd, PDB_GROUPSID))
+ set_unix_primary_group(pwd);
+
if(!pdb_update_sam_account(pwd)) {
pdb_free_sam(&pwd);
return False;
@@ -3181,12 +3228,12 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
if (sid_equal(&alias_sid, &global_sid_Builtin)) {
DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
- if(!get_builtin_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_builtin_group_from_sid(als_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
if (sid_equal(&alias_sid, get_global_sam_sid())) {
DEBUG(10, ("lookup on Server SID\n"));
- if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_local_group_from_sid(als_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
}
}
@@ -3287,7 +3334,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
sid_append_rid(&group_sid, group_rid);
DEBUG(10, ("lookup on Domain SID\n"));
- if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
if(!get_uid_list_of_group(map.gid, &uid, &num_uids))
@@ -3371,13 +3418,13 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
if (sid_compare(&alias_sid, get_global_sam_sid())>0) {
DEBUG(10, ("adding member on Server SID\n"));
- if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_local_group_from_sid(alias_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
if (sid_compare(&alias_sid, &global_sid_Builtin)>0) {
DEBUG(10, ("adding member on BUILTIN SID\n"));
- if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+ if( !get_local_group_from_sid(alias_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
} else
@@ -3396,7 +3443,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD
}
/* check a real user exist before we run the script to add a user to a group */
- if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) {
+ if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) {
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
@@ -3468,7 +3515,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE
return NT_STATUS_NO_SUCH_ALIAS;
}
- if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+ if( !get_local_group_from_sid(alias_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
if ((grp=getgrgid(map.gid)) == NULL)
@@ -3538,7 +3585,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
DEBUG(10, ("lookup on Domain SID\n"));
- if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
sid_copy(&user_sid, get_global_sam_sid());
@@ -3556,7 +3603,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
}
/* check a real user exist before we run the script to add a user to a group */
- if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) {
+ if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) {
pdb_free_sam(&sam_user);
return NT_STATUS_NO_SUCH_USER;
}
@@ -3633,7 +3680,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
sid_copy(&user_sid, get_global_sam_sid());
sid_append_rid(&user_sid, q_u->rid);
- if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+ if (!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
if ((grp=getgrgid(map.gid)) == NULL)
@@ -3678,12 +3725,25 @@ static int smb_delete_user(const char *unix_user)
pstring del_script;
int ret;
+ /* try winbindd first since it is impossible to determine where
+ a user came from via NSS. Try the delete user script if this fails
+ meaning the user did not exist in winbindd's list of accounts */
+
+ if ( winbind_delete_user( unix_user ) ) {
+ DEBUG(3,("winbind_delete_user: removed user (%s)\n", unix_user));
+ return 0;
+ }
+
+
+ /* fall back to 'delete user script' */
+
pstrcpy(del_script, lp_deluser_script());
if (! *del_script)
return -1;
all_string_sub(del_script, "%u", unix_user, sizeof(pstring));
ret = smbrun(del_script,NULL);
DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret));
+
return ret;
}
@@ -3778,7 +3838,7 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
DEBUG(10, ("lookup on Domain SID\n"));
- if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
gid=map.gid;
@@ -3840,7 +3900,7 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
DEBUG(10, ("lookup on Local SID\n"));
- if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_local_group_from_sid(alias_sid, &map))
return NT_STATUS_NO_SUCH_ALIAS;
gid=map.gid;
@@ -3877,12 +3937,9 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
fstring sid_string;
struct group *grp;
struct samr_info *info;
- PRIVILEGE_SET priv_set;
uint32 acc_granted;
gid_t gid;
- init_privilege(&priv_set);
-
/* Find the policy handle. Open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
@@ -3917,7 +3974,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
sid_append_rid(&info_sid, r_u->rid);
sid_to_string(sid_string, &info_sid);
- if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK))
+ if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL))
return NT_STATUS_ACCESS_DENIED;
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
@@ -3942,12 +3999,9 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
fstring sid_string;
struct group *grp;
struct samr_info *info;
- PRIVILEGE_SET priv_set;
uint32 acc_granted;
gid_t gid;
- init_privilege(&priv_set);
-
/* Find the policy handle. Open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
@@ -3982,7 +4036,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
sid_to_string(sid_string, &info_sid);
/* add the group to the mapping table */
- if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK))
+ if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL))
return NT_STATUS_ACCESS_DENIED;
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
@@ -4018,7 +4072,7 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM
return r_u->status;
}
- if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV))
+ if (!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_INVALID_HANDLE;
ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR));
@@ -4070,7 +4124,7 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
return r_u->status;
}
- if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV))
+ if (!get_domain_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
ctr=q_u->ctr;
@@ -4083,17 +4137,13 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1);
break;
default:
- free_privilege(&map.priv_set);
return NT_STATUS_INVALID_INFO_CLASS;
}
if(!pdb_update_group_mapping_entry(&map)) {
- free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}
- free_privilege(&map.priv_set);
-
return NT_STATUS_OK;
}
@@ -4117,7 +4167,7 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
return r_u->status;
}
- if (!get_local_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV))
+ if (!get_local_group_from_sid(group_sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
ctr=&q_u->ctr;
@@ -4127,17 +4177,13 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1);
break;
default:
- free_privilege(&map.priv_set);
return NT_STATUS_INVALID_INFO_CLASS;
}
if(!pdb_update_group_mapping_entry(&map)) {
- free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}
- free_privilege(&map.priv_set);
-
return NT_STATUS_OK;
}
@@ -4212,7 +4258,7 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string));
/* check if that group really exists */
- if (!get_domain_group_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
+ if (!get_domain_group_from_sid(info->sid, &map))
return NT_STATUS_NO_SUCH_GROUP;
/* get a (unique) handle. open a policy on it. */
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 24459a26f0..2d316051af 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -273,7 +273,34 @@ static Printer_entry *find_printer_index_by_hnd(pipes_struct *p, POLICY_HND *hnd
}
/****************************************************************************
- find printer index by handle
+ look for a printer object cached on an open printer handle
+****************************************************************************/
+
+WERROR find_printer_in_print_hnd_cache( TALLOC_CTX *ctx, NT_PRINTER_INFO_LEVEL_2 **info2,
+ const char *printername )
+{
+ Printer_entry *p;
+
+ DEBUG(10,("find_printer_in_print_hnd_cache: printer [%s]\n", printername));
+
+ for ( p=printers_list; p; p=p->next )
+ {
+ if ( p->printer_type==PRINTER_HANDLE_IS_PRINTER
+ && p->printer_info
+ && StrCaseCmp(p->dev.handlename, printername) == 0 )
+ {
+ DEBUG(10,("Found printer\n"));
+ *info2 = dup_printer_2( ctx, p->printer_info->info_2 );
+ if ( *info2 )
+ return WERR_OK;
+ }
+ }
+
+ return WERR_INVALID_PRINTER_NAME;
+}
+
+/****************************************************************************
+ destroy any cached printer_info_2 structures on open handles
****************************************************************************/
void invalidate_printer_hnd_cache( char *printername )
@@ -1025,9 +1052,9 @@ static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx )
}
if ( sending_msg_count ) {
- cli_spoolss_rrpcn( &notify_cli, mem_ctx, &p->notify.client_hnd,
- data_len, data, p->notify.change, 0 );
- }
+ cli_spoolss_rrpcn( &notify_cli, mem_ctx, &p->notify.client_hnd,
+ data_len, data, p->notify.change, 0 );
+ }
}
done:
@@ -2339,7 +2366,6 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint
return WERR_OK;
}
-#if 0 /* JERRY */
/* REG_BINARY
* uint32 size = 0x114
* uint32 major = 5
@@ -2348,14 +2374,23 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint
* extra unicode string = e.g. "Service Pack 3"
*/
if (!StrCaseCmp(value, "OSVersion")) {
- *type = 0x4;
- if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
+ *type = 0x3;
+ *needed = 0x114;
+
+ if((*data = (uint8 *)talloc(ctx, (*needed)*sizeof(uint8) )) == NULL)
return WERR_NOMEM;
- SIVAL(*data, 0, 2);
- *needed = 0x4;
+ ZERO_STRUCTP( *data );
+
+ SIVAL(*data, 0, *needed); /* size */
+ SIVAL(*data, 4, 5); /* Windows 2000 == 5.0 */
+ SIVAL(*data, 8, 0);
+ SIVAL(*data, 12, 2195); /* build */
+
+ /* leave extra string empty */
+
return WERR_OK;
}
-#endif
+
if (!StrCaseCmp(value, "DefaultSpoolDirectory")) {
fstring string;
@@ -4330,8 +4365,8 @@ static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *p
GUID guid;
if (is_printer_published(print_hnd, snum, &guid)) {
- asprintf(&guid_str, "{%s}", uuid_string_static(guid));
- strupper(guid_str);
+ asprintf(&guid_str, "{%s}", smb_uuid_string_static(guid));
+ strupper_m(guid_str);
init_unistr(&printer->guid, guid_str);
printer->action = SPOOL_DS_PUBLISH;
} else {
@@ -4681,7 +4716,7 @@ WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_
*/
unistr2_to_ascii(name, servername, sizeof(name)-1);
- strupper(name);
+ strupper_m(name);
switch (level) {
case 1:
@@ -7609,12 +7644,12 @@ static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environmen
{
pstring path;
pstring long_archi;
- pstring short_archi;
+ const char *short_archi;
DRIVER_DIRECTORY_1 *info=NULL;
unistr2_to_ascii(long_archi, uni_environment, sizeof(long_archi)-1);
- if (get_short_archi(short_archi, long_archi)==False)
+ if (!(short_archi = get_short_archi(long_archi)))
return WERR_INVALID_ENVIRONMENT;
if((info=(DRIVER_DIRECTORY_1 *)malloc(sizeof(DRIVER_DIRECTORY_1))) == NULL)
@@ -8440,7 +8475,7 @@ WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_
/****************************************************************************
****************************************************************************/
-static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getjob_level_1(print_queue_struct **queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
{
int i=0;
BOOL found=False;
@@ -8453,7 +8488,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin
}
for (i=0; i<count && found==False; i++) {
- if (queue[i].job==(int)jobid)
+ if ((*queue)[i].job==(int)jobid)
found=True;
}
@@ -8463,7 +8498,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin
return WERR_INVALID_PARAM;
}
- fill_job_info_1(info_1, &(queue[i-1]), i, snum);
+ fill_job_info_1(info_1, &((*queue)[i-1]), i, snum);
*needed += spoolss_size_job_info_1(info_1);
@@ -8485,7 +8520,7 @@ static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uin
/****************************************************************************
****************************************************************************/
-static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
+static WERROR getjob_level_2(print_queue_struct **queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed)
{
int i = 0;
BOOL found = False;
@@ -8506,7 +8541,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin
for ( i=0; i<count && found==False; i++ )
{
- if (queue[i].job == (int)jobid)
+ if ((*queue)[i].job == (int)jobid)
found = True;
}
@@ -8537,7 +8572,7 @@ static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uin
}
}
- fill_job_info_2(info_2, &(queue[i-1]), i, snum, ntprinter, devmode);
+ fill_job_info_2(info_2, &((*queue)[i-1]), i, snum, ntprinter, devmode);
*needed += spoolss_size_job_info_2(info_2);
@@ -8601,11 +8636,11 @@ WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_
switch ( level ) {
case 1:
- wstatus = getjob_level_1(queue, count, snum, jobid,
+ wstatus = getjob_level_1(&queue, count, snum, jobid,
buffer, offered, needed);
break;
case 2:
- wstatus = getjob_level_2(queue, count, snum, jobid,
+ wstatus = getjob_level_2(&queue, count, snum, jobid,
buffer, offered, needed);
break;
default:
@@ -9143,12 +9178,12 @@ static WERROR getprintprocessordirectory_level_1(UNISTR2 *name,
{
pstring path;
pstring long_archi;
- pstring short_archi;
+ const char *short_archi;
PRINTPROCESSOR_DIRECTORY_1 *info=NULL;
unistr2_to_ascii(long_archi, environment, sizeof(long_archi)-1);
- if (get_short_archi(short_archi, long_archi)==False)
+ if (!(short_archi = get_short_archi(long_archi)))
return WERR_INVALID_ENVIRONMENT;
if((info=(PRINTPROCESSOR_DIRECTORY_1 *)malloc(sizeof(PRINTPROCESSOR_DIRECTORY_1))) == NULL)
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 4d9130fb97..ea66a7d38b 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -432,10 +432,13 @@ static void init_srv_share_info_1004(pipes_struct *p, SRV_SHARE_INFO_1004* sh100
static void init_srv_share_info_1005(pipes_struct *p, SRV_SHARE_INFO_1005* sh1005, int snum)
{
- sh1005->dfs_root_flag = 0;
+ sh1005->share_info_flags = 0;
if(lp_host_msdfs() && lp_msdfs_root(snum))
- sh1005->dfs_root_flag = 3;
+ sh1005->share_info_flags |=
+ SHARE_1005_IN_DFS | SHARE_1005_DFS_ROOT;
+ sh1005->share_info_flags |=
+ lp_csc_policy(snum) << SHARE_1005_CSC_POLICY_SHIFT;
}
/***************************************************************************
Fill in a share info level 1006 structure.
@@ -1513,6 +1516,19 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
type = STYPE_DISKTREE;
break;
case 1005:
+ /* XP re-sets the csc policy even if it wasn't changed by the
+ user, so we must compare it to see if it's what is set in
+ smb.conf, so that we can contine other ops like setting
+ ACLs on a share */
+ if (((q_u->info.share.info1005.share_info_flags &
+ SHARE_1005_CSC_POLICY_MASK) >>
+ SHARE_1005_CSC_POLICY_SHIFT) == lp_csc_policy(snum))
+ return WERR_OK;
+ else {
+ DEBUG(3, ("_srv_net_share_set_info: client is trying to change csc policy from the network; must be done with smb.conf\n"));
+ return WERR_ACCESS_DENIED;
+ }
+ break;
case 1006:
case 1007:
return WERR_ACCESS_DENIED;
@@ -1840,8 +1856,6 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
struct current_user user;
connection_struct *conn = NULL;
BOOL became_user = False;
- fstring dev;
- fstrcpy(dev, "A:");
ZERO_STRUCT(st);
@@ -1855,7 +1869,7 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
get_current_user(&user, p);
become_root();
- conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status);
+ conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
unbecome_root();
if (conn == NULL) {
@@ -1889,7 +1903,7 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
}
}
- sd_size = conn->vfs_ops.get_nt_acl(fsp, fsp->fsp_name, &psd);
+ sd_size = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
if (sd_size == 0) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename));
@@ -1945,12 +1959,9 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
struct current_user user;
connection_struct *conn = NULL;
BOOL became_user = False;
- fstring dev;
- fstrcpy(dev, "A:");
ZERO_STRUCT(st);
-
r_u->status = WERR_OK;
unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname));
@@ -1961,7 +1972,7 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
get_current_user(&user, p);
become_root();
- conn = make_connection(qualname, null_pw, dev, user.vuid, &nt_status);
+ conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status);
unbecome_root();
if (conn == NULL) {
@@ -1996,7 +2007,7 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
}
}
- ret = conn->vfs_ops.set_nt_acl(fsp, fsp->fsp_name, q_u->sec_info, q_u->sec_desc);
+ ret = SMB_VFS_SET_NT_ACL(fsp, fsp->fsp_name, q_u->sec_info, q_u->sec_desc);
if (ret == False) {
DEBUG(3,("_srv_net_file_set_secdesc: Unable to set NT ACL on file %s\n", filename));
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index f96ccaef67..03e53118a8 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -129,7 +129,7 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- if (NT_STATUS_IS_ERR(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
+ if (!NT_STATUS_IS_OK(sid_to_gid(pdb_get_group_sid(sam_pass), &gid))) {
/* this should never happen */
DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n"));
pdb_free_sam(&sam_pass);
@@ -147,14 +147,17 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
return NT_STATUS_UNSUCCESSFUL;
}
+ become_root();
+
for (i=0;i<num_groups;i++) {
- if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) {
+
+ if (!get_group_from_gid(groups[i], &map)) {
DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i]));
continue;
}
/* if it's not an alias, continue */
- if (map.sid_name_use!=SID_NAME_ALIAS) {
+ if (map.sid_name_use != SID_NAME_ALIAS) {
DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
continue;
}
@@ -194,7 +197,9 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
break;
}
- free(groups);
+ unbecome_root();
+
+ if(num_groups) free(groups);
/* now check for the user's gid (the primary group rid) */
for (i=0; i<cur_rid && grid!=rids[i]; i++)
@@ -208,11 +213,15 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
- if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+ become_root();
+
+ if(!get_group_from_gid(gid, &map)) {
DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
goto done;
}
+ unbecome_root();
+
/* the primary group isn't an alias */
if (map.sid_name_use!=SID_NAME_ALIAS) {
DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
@@ -280,11 +289,17 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+ /* we must wrap this is become/unbecome root for ldap backends */
+ become_root();
+
/* first get the list of the domain groups */
- if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED))
return False;
DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
+ unbecome_root();
+ /* end wrapper for group enumeration */
+
/*
* alloc memory. In the worse case, we alloc memory for nothing.
* but I prefer to alloc for nothing
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index bda7b14a42..25fa029237 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -40,10 +40,10 @@ static void create_wks_info_100(WKS_INFO_100 *inf)
DEBUG(5,("create_wks_info_100: %d\n", __LINE__));
pstrcpy (my_name, global_myname());
- strupper(my_name);
+ strupper_m(my_name);
pstrcpy (domain, lp_workgroup());
- strupper(domain);
+ strupper_m(domain);
init_wks_info_100(inf,
0x000001f4, /* platform id info */