diff options
author | Volker Lendecke <vlendec@samba.org> | 2004-12-30 17:01:49 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:46 -0500 |
commit | 8da7a605576bf7dc4f96759b65f1387c6a52467d (patch) | |
tree | f03c92ab3058db1db7f8a3e5a086aadf3f4609cc /source4/rpc_server/samr | |
parent | 3450ed666c50ec908557213672ff6b1b4534e9c1 (diff) | |
download | samba-8da7a605576bf7dc4f96759b65f1387c6a52467d.tar.gz samba-8da7a605576bf7dc4f96759b65f1387c6a52467d.tar.bz2 samba-8da7a605576bf7dc4f96759b65f1387c6a52467d.zip |
r4414: Various bits&pieces:
* Implement samr_search_domain, filter out all elements with no "objectSid"
attribute and all objects outside a specified domain sid.
* Minor cleanups in dcerpc_samr.c due to that.
* Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe
one step further.
* Same for samr_info_DomInfo1.
Volker
(This used to be commit cdec89611355fb75d253ecf5b658d0e23de8e440)
Diffstat (limited to 'source4/rpc_server/samr')
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 164 |
1 files changed, 107 insertions, 57 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 216feaa52a..d16afa2802 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -341,6 +341,39 @@ static NTSTATUS samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX * } /* + return DomInfo1 +*/ +static NTSTATUS samr_info_DomInfo1(struct samr_domain_state *state, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo1 *info) +{ + const char * const attrs[] = { "minPwdLength", "pwdHistoryLength", + "pwdProperties", "maxPwdAge", + "minPwdAge", NULL }; + int ret; + struct ldb_message **res; + + ret = samdb_search(state->sam_ctx, mem_ctx, NULL, &res, attrs, + "dn=%s", state->domain_dn); + if (ret != 1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + info->min_password_length = + samdb_result_uint(res[0], "minPwdLength", 0); + info->password_history_length = + samdb_result_uint(res[0], "pwdHistoryLength", 0); + info->password_properties = + samdb_result_uint(res[0], "pwdProperties", 0); + info->max_password_age = + samdb_result_int64(res[0], "maxPwdAge", 0); + info->min_password_age = + samdb_result_int64(res[0], "minPwdAge", 0); + + return NT_STATUS_OK; +} + +/* return DomInfo2 */ static NTSTATUS samr_info_DomInfo2(struct samr_domain_state *state, TALLOC_CTX *mem_ctx, @@ -399,6 +432,9 @@ static NTSTATUS samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_ ZERO_STRUCTP(r->out.info); switch (r->in.level) { + case 1: + return samr_info_DomInfo1(d_state, mem_ctx, + &r->out.info->info1); case 2: return samr_info_DomInfo2(d_state, mem_ctx, &r->out.info->info2); } @@ -568,14 +604,19 @@ static NTSTATUS samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); d_state = h->data; + + domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); + if (domain_sid == NULL) + return NT_STATUS_NO_MEMORY; /* search for all domain groups in this domain. This could possibly be cached and resumed based on resume_key */ - ldb_cnt = samdb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, - &res, attrs, - "(&(grouptype=%s)(objectclass=group))", - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_GLOBAL_GROUP)); + ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, + d_state->domain_dn, &res, attrs, + domain_sid, + "(&(grouptype=%s)(objectclass=group))", + ldb_hexstr(mem_ctx, + GTYPE_SECURITY_GLOBAL_GROUP)); if (ldb_cnt == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -590,22 +631,17 @@ static NTSTATUS samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC } count = 0; - domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); for (i=0;i<ldb_cnt;i++) { - struct dom_sid *alias_sid; + struct dom_sid *group_sid; - alias_sid = samdb_result_dom_sid(mem_ctx, res[i], + group_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid"); - - if (alias_sid == NULL) + if (group_sid == NULL) continue; - if (!dom_sid_in_domain(domain_sid, alias_sid)) - continue; - entries[count].idx = - alias_sid->sub_auths[alias_sid->num_auths-1]; + group_sid->sub_auths[group_sid->num_auths-1]; entries[count].name.string = samdb_result_string(res[i], "sAMAccountName", ""); count += 1; @@ -1069,17 +1105,22 @@ static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLO DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); d_state = h->data; + + domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); + if (domain_sid == NULL) + return NT_STATUS_NO_MEMORY; /* search for all domain groups in this domain. This could possibly be cached and resumed based on resume_key */ - ldb_cnt = samdb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, - &res, attrs, - "(&(|(grouptype=%s)(grouptype=%s)))" - "(objectclass=group))", - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), - ldb_hexstr(mem_ctx, - GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)); + ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, + d_state->domain_dn, + &res, attrs, domain_sid, + "(&(|(grouptype=%s)(grouptype=%s)))" + "(objectclass=group))", + ldb_hexstr(mem_ctx, + GTYPE_SECURITY_BUILTIN_LOCAL_GROUP), + ldb_hexstr(mem_ctx, + GTYPE_SECURITY_DOMAIN_LOCAL_GROUP)); if (ldb_cnt == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1094,7 +1135,6 @@ static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLO } count = 0; - domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); for (i=0;i<ldb_cnt;i++) { struct dom_sid *alias_sid; @@ -1105,9 +1145,6 @@ static NTSTATUS samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLO if (alias_sid == NULL) continue; - if (!dom_sid_in_domain(domain_sid, alias_sid)) - continue; - entries[count].idx = alias_sid->sub_auths[alias_sid->num_auths-1]; entries[count].name.string = @@ -1201,9 +1238,14 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_NO_MEMORY; } - count = samdb_search(d_state->sam_ctx, mem_ctx, - d_state->domain_dn, &res, attrs, - "%s))", filter); + domain_sid = dom_sid_parse_talloc(mem_ctx, + d_state->domain_sid); + if (domain_sid == NULL) + return NT_STATUS_NO_MEMORY; + + count = samdb_search_domain(d_state->sam_ctx, mem_ctx, + d_state->domain_dn, &res, attrs, + domain_sid, "%s))", filter); if (count < 0) return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1213,10 +1255,6 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL if (r->out.rids->ids == NULL) return NT_STATUS_NO_MEMORY; - domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); - if (domain_sid == NULL) - return NT_STATUS_NO_MEMORY; - for (i=0; i<count; i++) { struct dom_sid *alias_sid; @@ -1227,9 +1265,6 @@ static NTSTATUS samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALL continue; } - if (!dom_sid_in_domain(domain_sid, alias_sid)) - continue; - r->out.rids->ids[r->out.rids->count] = alias_sid->sub_auths[alias_sid->num_auths-1]; r->out.rids->count += 1; @@ -2801,6 +2836,7 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC struct samr_account_state *a_state; struct samr_domain_state *d_state; struct ldb_message **res; + struct dom_sid *domain_sid; const char * const attrs[2] = { "objectSid", NULL }; struct samr_RidArray *array; int count; @@ -2809,11 +2845,16 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC a_state = h->data; d_state = a_state->domain_state; + domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); + if (domain_sid == NULL) + return NT_STATUS_NO_MEMORY; - count = samdb_search(a_state->sam_ctx, mem_ctx, NULL, &res, attrs, - "(&(member=%s)(grouptype=%s)(objectclass=group))", - a_state->account_dn, - ldb_hexstr(mem_ctx, GTYPE_SECURITY_GLOBAL_GROUP)); + count = samdb_search_domain(a_state->sam_ctx, mem_ctx, NULL, &res, + attrs, domain_sid, + "(&(member=%s)(grouptype=%s)(objectclass=group))", + a_state->account_dn, + ldb_hexstr(mem_ctx, + GTYPE_SECURITY_GLOBAL_GROUP)); if (count < 0) return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -2826,14 +2867,10 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC if (count > 0) { int i; - struct dom_sid *domain_sid; - - domain_sid = dom_sid_parse_talloc(mem_ctx, - d_state->domain_sid); array->rid = talloc_array_p(mem_ctx, struct samr_RidType, count); - if ((domain_sid == NULL) || (array->rid == NULL)) + if (array->rid == NULL) return NT_STATUS_NO_MEMORY; for (i=0; i<count; i++) { @@ -2846,9 +2883,6 @@ static NTSTATUS samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC continue; } - if (!dom_sid_in_domain(domain_sid, group_sid)) - continue; - array->rid[array->count].rid = group_sid->sub_auths[group_sid->num_auths-1]; array->rid[array->count].type = 7; @@ -2908,10 +2942,15 @@ static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_INVALID_INFO_CLASS; } - /* search for all domain groups in this domain. This could possibly be - cached and resumed based on resume_key */ - ldb_cnt = samdb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, - &res, attrs, "%s", filter); + domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); + if (domain_sid == NULL) + return NT_STATUS_NO_MEMORY; + + /* search for all requested objects in this domain. This could + possibly be cached and resumed based on resume_key */ + ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, + d_state->domain_dn, &res, attrs, + domain_sid, "%s", filter); if (ldb_cnt == -1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -2944,7 +2983,6 @@ static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_NO_MEMORY; count = 0; - domain_sid = dom_sid_parse_talloc(mem_ctx, d_state->domain_sid); for (i=0; i<ldb_cnt; i++) { struct dom_sid *objectsid; @@ -2954,9 +2992,6 @@ static NTSTATUS samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC if (objectsid == NULL) continue; - if (!dom_sid_in_domain(domain_sid, objectsid)) - continue; - switch(r->in.level) { case 1: entriesGeneral[count].idx = count; @@ -3167,7 +3202,22 @@ static NTSTATUS samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, TALLOC_C static NTSTATUS samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryDisplayInfo2 *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + struct samr_QueryDisplayInfo q; + NTSTATUS result; + + q.in.domain_handle = r->in.domain_handle; + q.in.level = r->in.level; + q.in.start_idx = r->in.start_idx; + q.in.max_entries = r->in.max_entries; + q.in.buf_size = r->in.buf_size; + + result = samr_QueryDisplayInfo(dce_call, mem_ctx, &q); + + r->out.total_size = q.out.total_size; + r->out.returned_size = q.out.returned_size; + r->out.info = q.out.info; + + return result; } |