summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-12-02 01:45:50 +0000
committerJean-François Micouleau <jfm@samba.org>2001-12-02 01:45:50 +0000
commit633ee99afa1f25fcd16796bedec571471f3617ca (patch)
treef5ebcd2439bdb9e65cf737ae5465c86e142b5c60 /source3
parent043dfe985c07dfe1ec87f78ef4de71eeb2ae13af (diff)
downloadsamba-633ee99afa1f25fcd16796bedec571471f3617ca.tar.gz
samba-633ee99afa1f25fcd16796bedec571471f3617ca.tar.bz2
samba-633ee99afa1f25fcd16796bedec571471f3617ca.zip
added queryuseraliases to rpcclient
and some comments to the samr server code, to explain what we should return here. J.F. (This used to be commit 06cb20a46d9d9f8abf0d92ba4cfa4d23187ad715)
Diffstat (limited to 'source3')
-rw-r--r--source3/libsmb/cli_samr.c49
-rw-r--r--source3/rpc_server/srv_samr_nt.c33
-rw-r--r--source3/rpcclient/cmd_samr.c68
3 files changed, 150 insertions, 0 deletions
diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c
index d609572942..49010324e3 100644
--- a/source3/libsmb/cli_samr.c
+++ b/source3/libsmb/cli_samr.c
@@ -407,6 +407,55 @@ NTSTATUS cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx,
return result;
}
+/* Query user aliases */
+
+NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *user_pol, uint32 num_sids, DOM_SID2 *sid,
+ uint32 *num_aliases, uint32 **als_rids)
+{
+ prs_struct qbuf, rbuf;
+ SAMR_Q_QUERY_USERALIASES q;
+ SAMR_R_QUERY_USERALIASES r;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint ptr=1;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Initialise parse structures */
+
+ prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+ /* Marshall data and send request */
+
+ init_samr_q_query_useraliases(&q, user_pol, num_sids, &ptr, sid);
+
+ if (!samr_io_q_query_useraliases("", &q, &qbuf, 0) ||
+ !rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) {
+ goto done;
+ }
+
+ /* Unmarshall response */
+
+ if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) {
+ goto done;
+ }
+
+ /* Return output parameters */
+
+ if (NT_STATUS_IS_OK(result = r.status)) {
+ *num_aliases = r.num_entries;
+ *als_rids = r.rid;
+ }
+
+ done:
+ prs_mem_free(&qbuf);
+ prs_mem_free(&rbuf);
+
+ return result;
+}
+
/* Query user groups */
NTSTATUS cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index f791ba2e34..8882b0801a 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1849,6 +1849,19 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
struct samr_info *info = NULL;
BOOL ret;
+ /*
+ * from the SID in the request:
+ * we should send back the list of DOMAIN GROUPS
+ * the user is a member of
+ *
+ * and only the DOMAIN GROUPS
+ * no ALIASES !!! neither aliases of the domain
+ * nor aliases of the builtin SID
+ *
+ * JFM, 12/2/2001
+ */
+
+
r_u->status = NT_STATUS_OK;
DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
@@ -2704,6 +2717,26 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
/* until i see a real useraliases query, we fack one up */
+ /* I have seen one, JFM 2/12/2001 */
+ /*
+ * Explanation of what this call does:
+ * for all the SID given in the request:
+ * return a list of alias (local groups)
+ * that have those SID as members.
+ *
+ * and that's the alias in the domain specified
+ * in the policy_handle
+ *
+ * if the policy handle is on an incorrect sid
+ * for example a user's sid
+ * we should reply NT_STATUS_OBJECT_TYPE_MISMATCH
+ */
+
+
+
+
+
+
rid[0] = BUILTIN_ALIAS_RID_USERS;
init_samr_r_query_useraliases(r_u, num_rids, rid, NT_STATUS_OK);
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 0b58d0ae4f..4ccd428576 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -538,6 +538,73 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli,
return result;
}
+/* Query aliases a user is a member of */
+
+static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int argc, char **argv)
+{
+ POLICY_HND connect_pol,
+ domain_pol,
+ user_pol;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ uint32 user_rid, num_aliases, *alias_rids;
+ int i;
+ fstring server;
+ DOM_SID tmp_sid;
+ DOM_SID2 sid;
+ DOM_SID global_sid_Builtin;
+
+ string_to_sid(&global_sid_Builtin, "S-1-5-32");
+
+ if (argc != 3) {
+ printf("Usage: %s builtin|domain rid\n", argv[0]);
+ return NT_STATUS_OK;
+ }
+
+ sscanf(argv[2], "%i", &user_rid);
+
+ slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+ strupper (server);
+
+ result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
+ &connect_pol);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+ if (StrCaseCmp(argv[1], "domain")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &domain_sid, &domain_pol);
+ else if (StrCaseCmp(argv[1], "builtin")==0)
+ result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+ MAXIMUM_ALLOWED_ACCESS,
+ &global_sid_Builtin, &domain_pol);
+ else
+ return NT_STATUS_OK;
+
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+ sid_copy(&tmp_sid, &domain_sid);
+ sid_append_rid(&tmp_sid, user_rid);
+ init_dom_sid2(&sid, &tmp_sid);
+
+ result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids);
+ if (!NT_STATUS_IS_OK(result)) {
+ goto done;
+ }
+
+ for (i = 0; i < num_aliases; i++) {
+ printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
+ }
+
+ done:
+ return result;
+}
+
/* Query members of a group */
static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli,
@@ -1163,6 +1230,7 @@ struct cmd_set samr_commands[] = {
{ "queryuser", cmd_samr_query_user, PIPE_SAMR, "Query user info", "" },
{ "querygroup", cmd_samr_query_group, PIPE_SAMR, "Query group info", "" },
{ "queryusergroups", cmd_samr_query_usergroups, PIPE_SAMR, "Query user groups", "" },
+ { "queryuseraliases", cmd_samr_query_useraliases, PIPE_SAMR, "Query user aliases", "" },
{ "querygroupmem", cmd_samr_query_groupmem, PIPE_SAMR, "Query group membership", "" },
{ "queryaliasmem", cmd_samr_query_aliasmem, PIPE_SAMR, "Query alias membership", "" },
{ "querydispinfo", cmd_samr_query_dispinfo, PIPE_SAMR, "Query display info", "" },