summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-05-14 01:30:40 +0000
committerJeremy Allison <jra@samba.org>1998-05-14 01:30:40 +0000
commita4276507e43487f47445eab11d4ac1b080b3270e (patch)
tree24c44403b3a64828533904d689a16f239ba6e955 /source3/rpc_server
parent329fe213439a4ef253e0b16221f98d2ade032e06 (diff)
downloadsamba-a4276507e43487f47445eab11d4ac1b080b3270e.tar.gz
samba-a4276507e43487f47445eab11d4ac1b080b3270e.tar.bz2
samba-a4276507e43487f47445eab11d4ac1b080b3270e.zip
chgpasswd.c: Added comments to #ifdefs
ipc.c: Caused samba password changing not to be done if UNIX password changing requested and not successful. util.c: Added string_to_sid() and sid_to_string() functions. lib/rpc/client/cli_samr.c: lib/rpc/include/rpc_misc.h: lib/rpc/parse/parse_lsa.c: lib/rpc/parse/parse_misc.c: lib/rpc/parse/parse_net.c: lib/rpc/parse/parse_samr.c: lib/rpc/server/srv_lsa.c: lib/rpc/server/srv_lsa_hnd.c: lib/rpc/server/srv_netlog.c: lib/rpc/server/srv_samr.c: lib/rpc/server/srv_util.c: Changes so that instead of passing SIDs around as char *, they are converted to DOM_SID at the earliest opportunity, and passed around as that. Also added dynamic memory allocation of group sids. Preparing to auto-generate machine sid. Jeremy. (This used to be commit 134d6fa79c1b6b9505a2c84ba9bfb91dd3be76e5)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lsa.c75
-rw-r--r--source3/rpc_server/srv_lsa_hnd.c29
-rw-r--r--source3/rpc_server/srv_netlog.c402
-rw-r--r--source3/rpc_server/srv_samr.c7
-rw-r--r--source3/rpc_server/srv_util.c117
5 files changed, 338 insertions, 292 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 60b74cf599..df4b95db9e 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -6,7 +6,8 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
- *
+ * Copyright (C) Jeremy Allison 1998.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@@ -52,7 +53,7 @@ static void lsa_reply_open_policy(prs_struct *rdata)
/***************************************************************************
make_dom_query
***************************************************************************/
-static void make_dom_query(DOM_QUERY *d_q, char *dom_name, char *dom_sid)
+static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
{
int domlen = strlen(dom_name);
@@ -73,7 +74,7 @@ lsa_reply_query_info
***************************************************************************/
static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
prs_struct *rdata,
- uint32 enum_context, char *dom_name, char *dom_sid)
+ uint32 enum_context, char *dom_name, DOM_SID *dom_sid)
{
LSA_R_ENUM_TRUST_DOM r_e;
@@ -89,7 +90,7 @@ static void lsa_reply_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM *q_e,
lsa_reply_query_info
***************************************************************************/
static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
- char *dom_name, char *dom_sid)
+ char *dom_name, DOM_SID *dom_sid)
{
LSA_R_QUERY_INFO r_q;
@@ -112,14 +113,10 @@ make_dom_ref
pretty much hard-coded choice of "other" sids, unfortunately...
***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref,
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+static void make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
int len_dom_name = strlen(dom_name);
- int len_other_sid1 = strlen(other_sid1);
- int len_other_sid2 = strlen(other_sid2);
- int len_other_sid3 = strlen(other_sid3);
ref->undoc_buffer = 1;
ref->num_ref_doms_1 = 4;
@@ -128,9 +125,9 @@ static void make_dom_ref(DOM_R_REF *ref,
ref->num_ref_doms_2 = 4;
make_uni_hdr2(&(ref->hdr_dom_name ), len_dom_name , len_dom_name , 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[0]), len_other_sid1, len_other_sid1, 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[1]), len_other_sid2, len_other_sid2, 0);
- make_uni_hdr2(&(ref->hdr_ref_dom[2]), len_other_sid3, len_other_sid3, 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[0]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[1]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
+ make_uni_hdr2(&(ref->hdr_ref_dom[2]), sizeof(DOM_SID), sizeof(DOM_SID), 0);
if (dom_name != NULL)
{
@@ -148,8 +145,8 @@ make_reply_lookup_rids
***************************************************************************/
static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
int i;
@@ -232,8 +229,8 @@ lsa_reply_lookup_sids
***************************************************************************/
static void lsa_reply_lookup_sids(prs_struct *rdata,
int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
@@ -254,8 +251,8 @@ lsa_reply_lookup_rids
***************************************************************************/
static void lsa_reply_lookup_rids(prs_struct *rdata,
int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- char *dom_name, char *dom_sid,
- char *other_sid1, char *other_sid2, char *other_sid3)
+ char *dom_name, DOM_SID *dom_sid,
+ DOM_SID *other_sid1, DOM_SID *other_sid2, DOM_SID *other_sid3)
{
LSA_R_LOOKUP_RIDS r_l;
@@ -309,16 +306,16 @@ static void api_lsa_query_info( int uid, prs_struct *data,
{
LSA_Q_QUERY_INFO q_i;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
/* grab the info class and policy handle */
lsa_io_q_query("", &q_i, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+ string_to_sid(&dom_sid, lp_domain_sid());
/* construct reply. return status is always 0x0 */
- lsa_reply_query_info(&q_i, rdata, dom_name, dom_sid);
+ lsa_reply_query_info(&q_i, rdata, dom_name, &dom_sid);
}
/***************************************************************************
@@ -329,19 +326,26 @@ static void api_lsa_lookup_sids( int uid, prs_struct *data,
{
LSA_Q_LOOKUP_SIDS q_l;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
+ DOM_SID sid_S_1_1;
+ DOM_SID sid_S_1_3;
+ DOM_SID sid_S_1_5;
/* grab the info class and policy handle */
lsa_io_q_lookup_sids("", &q_l, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+
+ string_to_sid(&dom_sid , lp_domain_sid());
+ string_to_sid(&sid_S_1_1, "S-1-1");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_sids(rdata,
- q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
- dom_name, dom_sid, /* domain name, domain SID */
- "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+ q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
+ dom_name, &dom_sid, /* domain name, domain SID */
+ &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
}
/***************************************************************************
@@ -353,7 +357,10 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
int i;
LSA_Q_LOOKUP_RIDS q_l;
pstring dom_name;
- pstring dom_sid;
+ DOM_SID dom_sid;
+ DOM_SID sid_S_1_1;
+ DOM_SID sid_S_1_3;
+ DOM_SID sid_S_1_5;
uint32 dom_rids[MAX_LOOKUP_SIDS];
uint32 dummy_g_rid;
@@ -361,7 +368,11 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
lsa_io_q_lookup_rids("", &q_l, data, 0);
pstrcpy(dom_name, lp_workgroup());
- pstrcpy(dom_sid , lp_domain_sid());
+
+ string_to_sid(&dom_sid , lp_domain_sid());
+ string_to_sid(&sid_S_1_1, "S-1-1");
+ string_to_sid(&sid_S_1_3, "S-1-3");
+ string_to_sid(&sid_S_1_5, "S-1-5");
/* convert received RIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
@@ -376,9 +387,9 @@ static void api_lsa_lookup_names( int uid, prs_struct *data,
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_rids(rdata,
- q_l.num_entries, dom_rids, /* text-converted SIDs */
- dom_name, dom_sid, /* domain name, domain SID */
- "S-1-1", "S-1-3", "S-1-5"); /* the three other SIDs */
+ q_l.num_entries, dom_rids, /* text-converted SIDs */
+ dom_name, &dom_sid, /* domain name, domain SID */
+ &sid_S_1_1, &sid_S_1_3, &sid_S_1_5); /* the three other SIDs */
}
/***************************************************************************
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
index 1d1341d16e..91844ee8a2 100644
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -206,22 +206,23 @@ BOOL set_lsa_policy_samr_pol_status(POLICY_HND *hnd, uint32 pol_status)
****************************************************************************/
BOOL set_lsa_policy_samr_sid(POLICY_HND *hnd, DOM_SID *sid)
{
- int pnum = find_lsa_policy_by_hnd(hnd);
+ pstring sidstr;
+ int pnum = find_lsa_policy_by_hnd(hnd);
- if (OPEN_POL(pnum))
- {
- DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
- timestring(), dom_sid_to_string(sid), pnum));
+ if (OPEN_POL(pnum))
+ {
+ DEBUG(3,("%s Setting policy sid=%s pnum=%x\n",
+ timestring(), sid_to_string(sidstr, sid), pnum));
- memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
- return True;
- }
- else
- {
- DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
- timestring(), dom_sid_to_string(sid), pnum));
- return False;
- }
+ memcpy(&(Policy[pnum].dev.samr.sid), sid, sizeof(*sid));
+ return True;
+ }
+ else
+ {
+ DEBUG(3,("%s Error setting policy sid=%s (pnum=%x)\n",
+ timestring(), sid_to_string(sidstr, sid), pnum));
+ return False;
+ }
}
/****************************************************************************
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 958f0bf14d..edc2d859df 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -6,7 +6,8 @@
* Copyright (C) Andrew Tridgell 1992-1997,
* Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
* Copyright (C) Paul Ashton 1997.
- *
+ * Copyright (C) Jeremy Allison 1998.
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@@ -563,200 +564,213 @@ static void api_net_sam_logon( int uid,
prs_struct *data,
prs_struct *rdata)
{
- NET_Q_SAM_LOGON q_l;
- NET_ID_INFO_CTR ctr;
- NET_USER_INFO_3 usr_info;
- uint32 status = 0x0;
- DOM_CRED srv_cred;
- struct smb_passwd *smb_pass = NULL;
- UNISTR2 *uni_samlogon_user = NULL;
-
- user_struct *vuser = NULL;
-
- if ((vuser = get_valid_user_struct(uid)) == NULL) return;
-
- q_l.sam_id.ctr = &ctr;
-
- net_io_q_sam_logon("", &q_l, data, 0);
-
- /* checks and updates credentials. creates reply credentials */
- if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
- &(q_l.sam_id.client.cred), &srv_cred))
- {
- status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
- }
- else
- {
- memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
- }
-
- /* find the username */
-
- if (status == 0x0)
- {
- switch (q_l.sam_id.logon_level)
- {
- case 1:
- {
- uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
-
- DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ",
- lp_workgroup()));
- break;
- }
- case 2:
- {
- uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
-
- DEBUG(3,("SAM Logon (Network). Domain:[%s]. ",
- lp_workgroup()));
- break;
- }
- default:
- {
- DEBUG(2,("SAM Logon: unsupported switch value\n"));
- status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
- break;
- }
- }
- }
-
- /* check username exists */
-
- if (status == 0x0)
- {
- pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
- uni_samlogon_user->uni_str_len));
-
- DEBUG(3,("User:[%s]\n", samlogon_user));
-
- become_root(True);
- smb_pass = getsampwnam(samlogon_user);
- unbecome_root(True);
-
- if (smb_pass == NULL)
- {
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- }
- }
-
- /* validate password. */
-
- if (status == 0x0)
- {
- switch (q_l.sam_id.logon_level)
- {
- case 1:
- {
- /* interactive login. */
- status = net_login_interactive(&q_l.sam_id.ctr->auth.id1,
- smb_pass, vuser);
- break;
- }
- case 2:
- {
- /* network login. lm challenge and 24 byte responses */
- status = net_login_network(&q_l.sam_id.ctr->auth.id2,
- smb_pass, vuser);
- break;
- }
- }
- }
+ NET_Q_SAM_LOGON q_l;
+ NET_ID_INFO_CTR ctr;
+ NET_USER_INFO_3 usr_info;
+ uint32 status = 0x0;
+ DOM_CRED srv_cred;
+ struct smb_passwd *smb_pass = NULL;
+ UNISTR2 *uni_samlogon_user = NULL;
+
+ user_struct *vuser = NULL;
+
+ if ((vuser = get_valid_user_struct(uid)) == NULL)
+ return;
+
+ q_l.sam_id.ctr = &ctr;
+
+ net_io_q_sam_logon("", &q_l, data, 0);
+
+ /* checks and updates credentials. creates reply credentials */
+ if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
+ &(q_l.sam_id.client.cred), &srv_cred))
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+ else
+ {
+ memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
+ }
+
+ /* find the username */
+
+ if (status == 0)
+ {
+ switch (q_l.sam_id.logon_level)
+ {
+ case INTERACTIVE_LOGON_TYPE:
+ {
+ uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
+
+ DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
+ break;
+ }
+ case NET_LOGON_TYPE:
+ {
+ uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
+
+ DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
+ break;
+ }
+ default:
+ {
+ DEBUG(2,("SAM Logon: unsupported switch value\n"));
+ status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+ break;
+ }
+ } /* end switch */
+ } /* end if status == 0 */
+
+ /* check username exists */
+
+ if (status == 0)
+ {
+ pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
+ uni_samlogon_user->uni_str_len));
+
+ DEBUG(3,("User:[%s]\n", samlogon_user));
+
+ become_root(True);
+ smb_pass = getsampwnam(samlogon_user);
+ unbecome_root(True);
+
+ if (smb_pass == NULL)
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+ }
+
+ /* validate password. */
+
+ if (status == 0)
+ {
+ switch (q_l.sam_id.logon_level)
+ {
+ case INTERACTIVE_LOGON_TYPE:
+ {
+ /* interactive login. */
+ status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
+ break;
+ }
+ case NET_LOGON_TYPE:
+ {
+ /* network login. lm challenge and 24 byte responses */
+ status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
+ break;
+ }
+ }
+ }
- /* lkclXXXX this is the point at which, if the login was
- successful, that the SAM Local Security Authority should
- record that the user is logged in to the domain.
- */
-
- /* return the profile plus other bits :-) */
-
- if (status == 0x0)
- {
- DOM_GID gids[LSA_MAX_GROUPS];
- int num_gids = 0;
- NTTIME dummy_time;
- pstring logon_script;
- pstring profile_path;
- pstring home_dir;
- pstring home_drive;
- pstring my_name;
- pstring my_workgroup;
- pstring domain_groups;
- pstring dom_sid;
- pstring other_sids;
- uint32 r_uid;
- uint32 r_gid;
-
- /* set up pointer indicating user/password failed to be found */
- usr_info.ptr_user_info = 0;
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a become_user() call */
- sam_logon_in_ssb = True;
-
- pstrcpy(logon_script, lp_logon_script ());
- pstrcpy(profile_path, lp_logon_path ());
- pstrcpy(dom_sid , lp_domain_sid ());
- pstrcpy(other_sids , lp_domain_other_sids());
- pstrcpy(my_workgroup, lp_workgroup ());
-
- pstrcpy(home_drive , lp_logon_drive ());
- pstrcpy(home_dir , lp_logon_home ());
-
- pstrcpy(my_name , global_myname );
- strupper(my_name);
-
- get_domain_user_groups(domain_groups, samlogon_user);
-
- num_gids = make_dom_gids(domain_groups, gids);
-
- sam_logon_in_ssb = False;
-
- if (name_to_rid(samlogon_user, &r_uid, &r_gid))
- {
- make_net_user_info3(&usr_info,
-
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- samlogon_user , /* user_name */
- vuser->real_name, /* full_name */
- logon_script , /* logon_script */
- profile_path , /* profile_path */
- home_dir , /* home_dir */
- home_drive , /* dir_drive */
-
- 0, /* logon_count */
- 0, /* bad_pw_count */
-
- r_uid , /* RID user_id */
- r_gid , /* RID group_id */
- num_gids, /* uint32 num_groups */
- gids , /* DOM_GID *gids */
- 0x20 , /* uint32 user_flgs (?) */
-
- NULL, /* char sess_key[16] */
-
- my_name , /* char *logon_srv */
- my_workgroup, /* char *logon_dom */
-
- dom_sid, /* char *dom_sid */
- other_sids); /* char *other_sids */
- }
- else
- {
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- }
- }
-
- net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
+ /* lkclXXXX this is the point at which, if the login was
+ successful, that the SAM Local Security Authority should
+ record that the user is logged in to the domain.
+ */
+
+ /* return the profile plus other bits :-) */
+
+ if (status == 0)
+ {
+ DOM_GID *gids = NULL;
+ int num_gids = 0;
+ NTTIME dummy_time;
+ pstring logon_script;
+ pstring profile_path;
+ pstring home_dir;
+ pstring home_drive;
+ pstring my_name;
+ pstring my_workgroup;
+ pstring domain_groups;
+ DOM_SID dom_sid;
+ char *other_sids;
+ uint32 r_uid;
+ uint32 r_gid;
+
+ /* set up pointer indicating user/password failed to be found */
+ usr_info.ptr_user_info = 0;
+
+ dummy_time.low = 0xffffffff;
+ dummy_time.high = 0x7fffffff;
+
+ /* XXXX hack to get standard_sub_basic() to use sam logon username */
+ /* possibly a better way would be to do a become_user() call */
+ sam_logon_in_ssb = True;
+
+ pstrcpy(logon_script, lp_logon_script());
+ pstrcpy(profile_path, lp_logon_path());
+ string_to_sid(&dom_sid, lp_domain_sid());
+
+ pstrcpy(other_sids, lp_domain_other_sids());
+ pstrcpy(my_workgroup, lp_workgroup());
+
+ pstrcpy(home_drive, lp_logon_drive());
+ pstrcpy(home_dir, lp_logon_home());
+
+ pstrcpy(my_name, global_myname);
+ strupper(my_name);
+
+ /*
+ * This is the point at which we get the group
+ * database - we should be getting the gid_t list
+ * from /etc/group and then turning the uids into
+ * rids and then into machine sids for this user.
+ * JRA.
+ */
+
+ get_domain_user_groups(domain_groups, samlogon_user);
+
+ /*
+ * make_dom_gids allocates the gids array. JRA.
+ */
+ gids = NULL;
+ num_gids = make_dom_gids(domain_groups, &gids);
+
+ sam_logon_in_ssb = False;
+
+ if (name_to_rid(samlogon_user, &r_uid, &r_gid))
+ {
+ make_net_user_info3(&usr_info,
+ &dummy_time, /* logon_time */
+ &dummy_time, /* logoff_time */
+ &dummy_time, /* kickoff_time */
+ &dummy_time, /* pass_last_set_time */
+ &dummy_time, /* pass_can_change_time */
+ &dummy_time, /* pass_must_change_time */
+
+ samlogon_user , /* user_name */
+ vuser->real_name, /* full_name */
+ logon_script , /* logon_script */
+ profile_path , /* profile_path */
+ home_dir , /* home_dir */
+ home_drive , /* dir_drive */
+
+ 0, /* logon_count */
+ 0, /* bad_pw_count */
+
+ r_uid , /* RID user_id */
+ r_gid , /* RID group_id */
+ num_gids, /* uint32 num_groups */
+ gids , /* DOM_GID *gids */
+ 0x20 , /* uint32 user_flgs (?) */
+
+ NULL, /* char sess_key[16] */
+
+ my_name , /* char *logon_srv */
+ my_workgroup, /* char *logon_dom */
+
+ &dom_sid, /* DOM_SID *dom_sid */
+ other_sids); /* char *other_sids */
+ }
+ else
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* Free any allocated groups array. */
+ if(gids)
+ free((char *)gids);
+ }
+
+ net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
}
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 6f834e454a..8070336f87 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -1018,7 +1018,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
uint32 status = 0x0;
struct smb_passwd *smb_pass;
- DOM_GID gids[LSA_MAX_GROUPS];
+ DOM_GID *gids = NULL;
int num_groups = 0;
int pol_idx;
uint32 rid;
@@ -1053,7 +1053,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
{
pstring groups;
get_domain_user_groups(groups, smb_pass->smb_name);
- num_groups = make_dom_gids(groups, gids);
+ gids = NULL;
+ num_groups = make_dom_gids(groups, &gids);
}
/* construct the response. lkclXXXX: gids are not copied! */
@@ -1062,6 +1063,8 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
/* store the response in the SMB stream */
samr_io_r_query_usergroups("", &r_u, rdata, 0);
+ if(gids)
+ free((char *)gids);
DEBUG(5,("samr_query_usergroups: %d\n", __LINE__));
}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index e842e3b9f9..204a9eac8e 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -79,57 +79,74 @@ rid_name domain_group_rids[] =
};
-int make_dom_gids(char *gids_str, DOM_GID *gids)
+int make_dom_gids(char *gids_str, DOM_GID **ppgids)
{
- char *ptr;
- pstring s2;
- int count;
-
- DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0) return 0;
-
- for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) && count < LSA_MAX_GROUPS; count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr(s2,'/');
- if (attr) *attr++ = 0;
- if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; domain_alias_rids[i].name != NULL; i++)
- {
- if (strequal(domain_alias_rids[i].name, s2))
- {
- rid = domain_alias_rids[i].rid;
- break;
- }
- }
-
- if (rid == 0) rid = atoi(s2);
-
- if (rid == 0)
- {
- DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n",
- s2, attr));
- count--;
- }
- else
- {
- gids[count].g_rid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n",
- gids[count].g_rid,
- gids[count].attr));
- }
- }
-
- return count;
+ char *ptr;
+ pstring s2;
+ int count;
+ DOM_GID *gids;
+
+ *ppgids = NULL;
+
+ DEBUG(4,("make_dom_gids: %s\n", gids_str));
+
+ if (gids_str == NULL || *gids_str == 0)
+ return 0;
+
+ for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL); count++)
+ ;
+
+ gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
+ if(!gids)
+ {
+ DEBUG(0,("make_dom_gids: malloc fail !\n"));
+ return 0;
+ }
+
+ for (count = 0, ptr = gids_str; next_token(&ptr, s2, NULL) &&
+ count < LSA_MAX_GROUPS; count++)
+ {
+ /* the entries are of the form GID/ATTR, ATTR being optional.*/
+ char *attr;
+ uint32 rid = 0;
+ int i;
+
+ attr = strchr(s2,'/');
+ if (attr)
+ *attr++ = 0;
+
+ if (!attr || !*attr)
+ attr = "7"; /* default value for attribute is 7 */
+
+ /* look up the RID string and see if we can turn it into a rid number */
+ for (i = 0; domain_alias_rids[i].name != NULL; i++)
+ {
+ if (strequal(domain_alias_rids[i].name, s2))
+ {
+ rid = domain_alias_rids[i].rid;
+ break;
+ }
+ }
+
+ if (rid == 0)
+ rid = atoi(s2);
+
+ if (rid == 0)
+ {
+ DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
+ count--;
+ }
+ else
+ {
+ gids[count].g_rid = rid;
+ gids[count].attr = atoi(attr);
+
+ DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
+ }
+ }
+
+ *ppgids = gids;
+ return count;
}
/*******************************************************************