diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-08-17 22:34:08 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-07 08:37:24 +0200 |
commit | ad244f72525d3cad5238d65dee16a4562cae533d (patch) | |
tree | 392eb8923aa70e66c0c298d31e01a7b73c9db8b1 /source4/rpc_server | |
parent | 5f2832a5dc02e6d240c398e3fada4c92ae99d4ea (diff) | |
download | samba-ad244f72525d3cad5238d65dee16a4562cae533d.tar.gz samba-ad244f72525d3cad5238d65dee16a4562cae533d.tar.bz2 samba-ad244f72525d3cad5238d65dee16a4562cae533d.zip |
s4:samr - Fix up the SAMR server to support the primary group of a user in the right way
When doing some tests with the NT User Manager for Domains on s4 I noticed that the
handling of the primary group for a user wasn't correct. So I fixed this.
Also some cosmetic changes (tab indent corrections).
Diffstat (limited to 'source4/rpc_server')
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 317 |
1 files changed, 189 insertions, 128 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index c755601230..6dda06a6b8 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -6,6 +6,7 @@ Copyright (C) Andrew Tridgell 2004 Copyright (C) Volker Lendecke 2004 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 + Copyright (C) Matthias Dieter Wallnöfer 2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -737,9 +738,12 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, switch (r->in.level) { case 1: { - static const char * const attrs2[] = { "minPwdLength", "pwdHistoryLength", - "pwdProperties", "maxPwdAge", - "minPwdAge", NULL }; + static const char * const attrs2[] = { "minPwdLength", + "pwdHistoryLength", + "pwdProperties", + "maxPwdAge", + "minPwdAge", + NULL }; attrs = attrs2; break; } @@ -797,7 +801,8 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, break; case 11: { - static const char * const attrs2[] = { "oEMInformation", "forceLogoff", + static const char * const attrs2[] = { "oEMInformation", + "forceLogoff", "modifiedCount", "lockoutDuration", "lockOutObservationWindow", @@ -1272,7 +1277,8 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL cn_name[cn_name_len - 1] = '\0'; container = "CN=Computers"; obj_class = "computer"; - samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS); + samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, + "primaryGroupID", DOMAIN_RID_DOMAIN_MEMBERS); } else if (r->in.acct_flags == ACB_SVRTRUST) { if (cn_name[cn_name_len - 1] != '$') { @@ -1282,7 +1288,8 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL cn_name[cn_name_len - 1] = '\0'; container = "OU=Domain Controllers"; obj_class = "computer"; - samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, "primaryGroupID", DOMAIN_RID_DCS); + samdb_msg_add_int(d_state->sam_ctx, mem_ctx, msg, + "primaryGroupID", DOMAIN_RID_DCS); } else { ldb_transaction_cancel(d_state->sam_ctx); return NT_STATUS_INVALID_PARAMETER; @@ -1295,8 +1302,10 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_FOOBAR; } - samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", account_name); - samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", obj_class); + samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "sAMAccountName", + account_name); + samdb_msg_add_string(d_state->sam_ctx, mem_ctx, msg, "objectClass", + obj_class); /* create the user */ ret = ldb_add(d_state->sam_ctx, msg); @@ -1453,7 +1462,8 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, struct ldb_result *res; int ret, num_filtered_entries, i, first; struct samr_SamEntry *entries; - const char * const attrs[] = { "objectSid", "sAMAccountName", "userAccountControl", NULL }; + const char * const attrs[] = { "objectSid", "sAMAccountName", + "userAccountControl", NULL }; struct samr_SamArray *sam; *r->out.resume_handle = 0; @@ -1769,7 +1779,8 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal memberdn = samdb_search_string(d_state->sam_ctx, - mem_ctx, NULL, "distinguishedName", + mem_ctx, NULL, + "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sids->sids[i].sid)); @@ -1936,7 +1947,8 @@ static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLO ids[i] = SID_NAME_UNKNOWN; - sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rids[i]); + sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, + r->in.rids[i]); if (sid == NULL) { names[i].string = NULL; status = STATUS_SOME_UNMAPPED; @@ -2079,7 +2091,8 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T a_state = h->data; - ret = ldb_search(a_state->sam_ctx, mem_ctx, &res, a_state->account_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=*"); + ret = ldb_search(a_state->sam_ctx, mem_ctx, &res, a_state->account_dn, + LDB_SCOPE_SUBTREE, attrs, "objectClass=*"); if (ret == LDB_ERR_NO_SUCH_OBJECT) { return NT_STATUS_NO_SUCH_GROUP; @@ -2363,7 +2376,6 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call default: return NT_STATUS_UNSUCCESSFUL; } - } @@ -2699,8 +2711,8 @@ static NTSTATUS dcesrv_samr_AddAliasMember(struct dcesrv_call_state *dce_call, T ret, dom_sid_string(mem_ctx, r->in.sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } else if (ret == 0) { - status = samdb_create_foreign_security_principal(d_state->sam_ctx, mem_ctx, - r->in.sid, &memberdn); + status = samdb_create_foreign_security_principal( + d_state->sam_ctx, mem_ctx, r->in.sid, &memberdn); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2974,15 +2986,21 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA switch (r->in.level) { case 1: { - static const char * const attrs2[] = {"sAMAccountName", "displayName", - "primaryroupID", "description", - "comment", NULL}; + static const char * const attrs2[] = {"sAMAccountName", + "displayName", + "primaryroupID", + "description", + "comment", + NULL}; attrs = attrs2; break; } case 2: { - static const char * const attrs2[] = {"comment", "countryCode", "codePage", NULL}; + static const char * const attrs2[] = {"comment", + "countryCode", + "codePage", + NULL}; attrs = attrs2; break; } @@ -3003,13 +3021,15 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA "logonHours", "badPwdCount", "logonCount", - "userAccountControl", NULL}; + "userAccountControl", + NULL}; attrs = attrs2; break; } case 4: { - static const char * const attrs2[] = {"logonHours", NULL}; + static const char * const attrs2[] = {"logonHours", + NULL}; attrs = attrs2; break; } @@ -3039,73 +3059,88 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA } case 6: { - static const char * const attrs2[] = {"sAMAccountName", "displayName", NULL}; + static const char * const attrs2[] = {"sAMAccountName", + "displayName", + NULL}; attrs = attrs2; break; } case 7: { - static const char * const attrs2[] = {"sAMAccountName", NULL}; + static const char * const attrs2[] = {"sAMAccountName", + NULL}; attrs = attrs2; break; } case 8: { - static const char * const attrs2[] = {"displayName", NULL}; + static const char * const attrs2[] = {"displayName", + NULL}; attrs = attrs2; break; } case 9: { - static const char * const attrs2[] = {"primaryGroupID", NULL}; + static const char * const attrs2[] = {"primaryGroupID", + NULL}; attrs = attrs2; break; } case 10: { - static const char * const attrs2[] = {"homeDirectory", "homeDrive", NULL}; + static const char * const attrs2[] = {"homeDirectory", + "homeDrive", + NULL}; attrs = attrs2; break; } case 11: { - static const char * const attrs2[] = {"scriptPath", NULL}; + static const char * const attrs2[] = {"scriptPath", + NULL}; attrs = attrs2; break; } case 12: { - static const char * const attrs2[] = {"profilePath", NULL}; + static const char * const attrs2[] = {"profilePath", + NULL}; attrs = attrs2; break; } case 13: { - static const char * const attrs2[] = {"description", NULL}; + static const char * const attrs2[] = {"description", + NULL}; attrs = attrs2; break; } case 14: { - static const char * const attrs2[] = {"userWorkstations", NULL}; + static const char * const attrs2[] = {"userWorkstations", + NULL}; attrs = attrs2; break; } case 16: { - static const char * const attrs2[] = {"userAccountControl", "pwdLastSet", NULL}; + static const char * const attrs2[] = {"userAccountControl", + "pwdLastSet", + NULL}; attrs = attrs2; break; } case 17: { - static const char * const attrs2[] = {"accountExpires", NULL}; + static const char * const attrs2[] = {"accountExpires", + NULL}; attrs = attrs2; break; } case 20: { - static const char * const attrs2[] = {"userParameters", NULL}; + static const char * const attrs2[] = {"userParameters", + NULL}; attrs = attrs2; break; } @@ -3345,6 +3380,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL break; case 6: + SET_STRING(msg, info6.account_name, "samAccountName"); SET_STRING(msg, info6.full_name, "displayName"); break; @@ -3394,68 +3430,77 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL break; case 21: -#define IFSET(bit) if (bit & r->in.info->info21.fields_present) +#define IFSET(bit) if (bit & r->in.info->info21.fields_present) IFSET(SAMR_FIELD_ACCT_EXPIRY) - SET_UINT64(msg, info21.acct_expiry, "accountExpires"); + SET_UINT64(msg, info21.acct_expiry, "accountExpires"); IFSET(SAMR_FIELD_ACCOUNT_NAME) SET_STRING(msg, info21.account_name, "samAccountName"); IFSET(SAMR_FIELD_FULL_NAME) SET_STRING(msg, info21.full_name, "displayName"); - IFSET(SAMR_FIELD_DESCRIPTION) - SET_STRING(msg, info21.description, "description"); - IFSET(SAMR_FIELD_COMMENT) - SET_STRING(msg, info21.comment, "comment"); - IFSET(SAMR_FIELD_LOGON_SCRIPT) - SET_STRING(msg, info21.logon_script, "scriptPath"); - IFSET(SAMR_FIELD_PROFILE_PATH) - SET_STRING(msg, info21.profile_path, "profilePath"); IFSET(SAMR_FIELD_HOME_DIRECTORY) SET_STRING(msg, info21.home_directory, "homeDirectory"); IFSET(SAMR_FIELD_HOME_DRIVE) SET_STRING(msg, info21.home_drive, "homeDrive"); + IFSET(SAMR_FIELD_LOGON_SCRIPT) + SET_STRING(msg, info21.logon_script, "scriptPath"); + IFSET(SAMR_FIELD_PROFILE_PATH) + SET_STRING(msg, info21.profile_path, "profilePath"); + IFSET(SAMR_FIELD_DESCRIPTION) + SET_STRING(msg, info21.description, "description"); IFSET(SAMR_FIELD_WORKSTATIONS) SET_STRING(msg, info21.workstations, "userWorkstations"); - IFSET(SAMR_FIELD_LOGON_HOURS) - SET_LHOURS(msg, info21.logon_hours, "logonHours"); - IFSET(SAMR_FIELD_ACCT_FLAGS) - SET_AFLAGS(msg, info21.acct_flags, "userAccountControl"); + IFSET(SAMR_FIELD_COMMENT) + SET_STRING(msg, info21.comment, "comment"); IFSET(SAMR_FIELD_PARAMETERS) SET_PARAMETERS(msg, info21.parameters, "userParameters"); + IFSET(SAMR_FIELD_PRIMARY_GID) + SET_UINT(msg, info21.primary_gid, "primaryGroupID"); + IFSET(SAMR_FIELD_ACCT_FLAGS) + SET_AFLAGS(msg, info21.acct_flags, "userAccountControl"); + IFSET(SAMR_FIELD_LOGON_HOURS) + SET_LHOURS(msg, info21.logon_hours, "logonHours"); IFSET(SAMR_FIELD_COUNTRY_CODE) SET_UINT (msg, info21.country_code, "countryCode"); IFSET(SAMR_FIELD_CODE_PAGE) - SET_UINT (msg, info21.code_page, "codePage"); + SET_UINT (msg, info21.code_page, "codePage"); #undef IFSET break; case 23: #define IFSET(bit) if (bit & r->in.info->info23.info.fields_present) IFSET(SAMR_FIELD_ACCT_EXPIRY) - SET_UINT64(msg, info23.info.acct_expiry, "accountExpires"); + SET_UINT64(msg, info23.info.acct_expiry, "accountExpires"); IFSET(SAMR_FIELD_ACCOUNT_NAME) - SET_STRING(msg, info23.info.account_name, "samAccountName"); - IFSET(SAMR_FIELD_FULL_NAME) - SET_STRING(msg, info23.info.full_name, "displayName"); - IFSET(SAMR_FIELD_DESCRIPTION) - SET_STRING(msg, info23.info.description, "description"); - IFSET(SAMR_FIELD_COMMENT) - SET_STRING(msg, info23.info.comment, "comment"); - IFSET(SAMR_FIELD_LOGON_SCRIPT) - SET_STRING(msg, info23.info.logon_script, "scriptPath"); - IFSET(SAMR_FIELD_PROFILE_PATH) - SET_STRING(msg, info23.info.profile_path, "profilePath"); - IFSET(SAMR_FIELD_WORKSTATIONS) - SET_STRING(msg, info23.info.workstations, "userWorkstations"); - IFSET(SAMR_FIELD_LOGON_HOURS) - SET_LHOURS(msg, info23.info.logon_hours, "logonHours"); - IFSET(SAMR_FIELD_ACCT_FLAGS) - SET_AFLAGS(msg, info23.info.acct_flags, "userAccountControl"); - IFSET(SAMR_FIELD_PARAMETERS) + SET_STRING(msg, info23.info.account_name, "samAccountName"); + IFSET(SAMR_FIELD_FULL_NAME) + SET_STRING(msg, info23.info.full_name, "displayName"); + IFSET(SAMR_FIELD_HOME_DIRECTORY) + SET_STRING(msg, info23.info.home_directory, "homeDirectory"); + IFSET(SAMR_FIELD_HOME_DRIVE) + SET_STRING(msg, info23.info.home_drive, "homeDrive"); + IFSET(SAMR_FIELD_LOGON_SCRIPT) + SET_STRING(msg, info23.info.logon_script, "scriptPath"); + IFSET(SAMR_FIELD_PROFILE_PATH) + SET_STRING(msg, info23.info.profile_path, "profilePath"); + IFSET(SAMR_FIELD_DESCRIPTION) + SET_STRING(msg, info23.info.description, "description"); + IFSET(SAMR_FIELD_WORKSTATIONS) + SET_STRING(msg, info23.info.workstations, "userWorkstations"); + IFSET(SAMR_FIELD_COMMENT) + SET_STRING(msg, info23.info.comment, "comment"); + IFSET(SAMR_FIELD_PARAMETERS) SET_PARAMETERS(msg, info23.info.parameters, "userParameters"); - IFSET(SAMR_FIELD_COUNTRY_CODE) - SET_UINT (msg, info23.info.country_code, "countryCode"); - IFSET(SAMR_FIELD_CODE_PAGE) - SET_UINT (msg, info23.info.code_page, "codePage"); + IFSET(SAMR_FIELD_PRIMARY_GID) + SET_UINT(msg, info23.info.primary_gid, "primaryGroupID"); + IFSET(SAMR_FIELD_ACCT_FLAGS) + SET_AFLAGS(msg, info23.info.acct_flags, "userAccountControl"); + IFSET(SAMR_FIELD_LOGON_HOURS) + SET_LHOURS(msg, info23.info.logon_hours, "logonHours"); + IFSET(SAMR_FIELD_COUNTRY_CODE) + SET_UINT (msg, info23.info.country_code, "countryCode"); + IFSET(SAMR_FIELD_CODE_PAGE) + SET_UINT (msg, info23.info.code_page, "codePage"); + IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) { status = samr_set_password(dce_call, a_state->sam_ctx, @@ -3487,31 +3532,38 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL case 25: #define IFSET(bit) if (bit & r->in.info->info25.info.fields_present) IFSET(SAMR_FIELD_ACCT_EXPIRY) - SET_UINT64(msg, info25.info.acct_expiry, "accountExpires"); + SET_UINT64(msg, info25.info.acct_expiry, "accountExpires"); IFSET(SAMR_FIELD_ACCOUNT_NAME) - SET_STRING(msg, info25.info.account_name, "samAccountName"); - IFSET(SAMR_FIELD_FULL_NAME) - SET_STRING(msg, info25.info.full_name, "displayName"); - IFSET(SAMR_FIELD_DESCRIPTION) - SET_STRING(msg, info25.info.description, "description"); - IFSET(SAMR_FIELD_COMMENT) - SET_STRING(msg, info25.info.comment, "comment"); - IFSET(SAMR_FIELD_LOGON_SCRIPT) - SET_STRING(msg, info25.info.logon_script, "scriptPath"); - IFSET(SAMR_FIELD_PROFILE_PATH) - SET_STRING(msg, info25.info.profile_path, "profilePath"); - IFSET(SAMR_FIELD_WORKSTATIONS) - SET_STRING(msg, info25.info.workstations, "userWorkstations"); - IFSET(SAMR_FIELD_LOGON_HOURS) - SET_LHOURS(msg, info25.info.logon_hours, "logonHours"); - IFSET(SAMR_FIELD_ACCT_FLAGS) - SET_AFLAGS(msg, info25.info.acct_flags, "userAccountControl"); - IFSET(SAMR_FIELD_PARAMETERS) + SET_STRING(msg, info25.info.account_name, "samAccountName"); + IFSET(SAMR_FIELD_FULL_NAME) + SET_STRING(msg, info25.info.full_name, "displayName"); + IFSET(SAMR_FIELD_HOME_DIRECTORY) + SET_STRING(msg, info25.info.home_directory, "homeDirectory"); + IFSET(SAMR_FIELD_HOME_DRIVE) + SET_STRING(msg, info25.info.home_drive, "homeDrive"); + IFSET(SAMR_FIELD_LOGON_SCRIPT) + SET_STRING(msg, info25.info.logon_script, "scriptPath"); + IFSET(SAMR_FIELD_PROFILE_PATH) + SET_STRING(msg, info25.info.profile_path, "profilePath"); + IFSET(SAMR_FIELD_DESCRIPTION) + SET_STRING(msg, info25.info.description, "description"); + IFSET(SAMR_FIELD_WORKSTATIONS) + SET_STRING(msg, info25.info.workstations, "userWorkstations"); + IFSET(SAMR_FIELD_COMMENT) + SET_STRING(msg, info25.info.comment, "comment"); + IFSET(SAMR_FIELD_PARAMETERS) SET_PARAMETERS(msg, info25.info.parameters, "userParameters"); - IFSET(SAMR_FIELD_COUNTRY_CODE) - SET_UINT (msg, info25.info.country_code, "countryCode"); - IFSET(SAMR_FIELD_CODE_PAGE) - SET_UINT (msg, info25.info.code_page, "codePage"); + IFSET(SAMR_FIELD_PRIMARY_GID) + SET_UINT(msg, info25.info.primary_gid, "primaryGroupID"); + IFSET(SAMR_FIELD_ACCT_FLAGS) + SET_AFLAGS(msg, info25.info.acct_flags, "userAccountControl"); + IFSET(SAMR_FIELD_LOGON_HOURS) + SET_LHOURS(msg, info25.info.logon_hours, "logonHours"); + IFSET(SAMR_FIELD_COUNTRY_CODE) + SET_UINT (msg, info25.info.country_code, "countryCode"); + IFSET(SAMR_FIELD_CODE_PAGE) + SET_UINT (msg, info25.info.code_page, "codePage"); + IFSET(SAMR_FIELD_NT_PASSWORD_PRESENT) { status = samr_set_password_ex(dce_call, a_state->sam_ctx, @@ -3577,14 +3629,15 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, struct ldb_message **res; const char * const attrs[2] = { "objectSid", NULL }; struct samr_RidWithAttributeArray *array; - int count; + int i, count; DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); a_state = h->data; d_state = a_state->domain_state; - count = samdb_search_domain(a_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, + count = samdb_search_domain(a_state->sam_ctx, mem_ctx, + d_state->domain_dn, &res, attrs, d_state->domain_sid, "(&(member=%s)(grouptype=%d)(objectclass=group))", ldb_dn_get_linearized(a_state->account_dn), @@ -3599,29 +3652,34 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, array->count = 0; array->rids = NULL; - if (count > 0) { - int i; - array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute, - count); - - if (array->rids == NULL) - return NT_STATUS_NO_MEMORY; + array->rids = talloc_array(mem_ctx, struct samr_RidWithAttribute, + count + 1); + if (array->rids == NULL) + return NT_STATUS_NO_MEMORY; - for (i=0; i<count; i++) { - struct dom_sid *group_sid; + /* Adds the primary group */ + array->rids[0].rid = samdb_search_uint(a_state->sam_ctx, mem_ctx, + ~0, a_state->account_dn, + "primaryGroupID", NULL); + array->rids[0].attributes = SE_GROUP_MANDATORY + | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + array->count += 1; - group_sid = samdb_result_dom_sid(mem_ctx, res[i], - "objectSid"); - if (group_sid == NULL) { - DEBUG(0, ("Couldn't find objectSid attrib\n")); - continue; - } + /* Adds the additional groups */ + for (i = 0; i < count; i++) { + struct dom_sid *group_sid; - array->rids[array->count].rid = - group_sid->sub_auths[group_sid->num_auths-1]; - array->rids[array->count].attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; - array->count += 1; + group_sid = samdb_result_dom_sid(mem_ctx, res[i], "objectSid"); + if (group_sid == NULL) { + DEBUG(0, ("Couldn't find objectSid attrib\n")); + continue; } + + array->rids[i + 1].rid = + group_sid->sub_auths[group_sid->num_auths-1]; + array->rids[i + 1].attributes = SE_GROUP_MANDATORY + | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; + array->count += 1; } *r->out.rids = array; @@ -3640,12 +3698,13 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, struct samr_domain_state *d_state; struct ldb_message **res; int ldb_cnt, count, i; - const char * const attrs[] = { "objectSid", "sAMAccountName", "displayName", - "description", "userAccountControl", "pwdLastSet", NULL }; + const char * const attrs[] = { "objectSid", "sAMAccountName", + "displayName", "description", "userAccountControl", + "pwdLastSet", NULL }; struct samr_DispEntryFull *entriesFull = NULL; struct samr_DispEntryFullGroup *entriesFullGroup = NULL; struct samr_DispEntryAscii *entriesAscii = NULL; - struct samr_DispEntryGeneral * entriesGeneral = NULL; + struct samr_DispEntryGeneral *entriesGeneral = NULL; const char *filter; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -3689,8 +3748,8 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, switch (r->in.level) { case 1: entriesGeneral = talloc_array(mem_ctx, - struct samr_DispEntryGeneral, - ldb_cnt); + struct samr_DispEntryGeneral, + ldb_cnt); break; case 2: entriesFull = talloc_array(mem_ctx, @@ -3890,12 +3949,12 @@ static NTSTATUS dcesrv_samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TA a_state = h->data; - r->out.info->min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, - a_state->domain_state->domain_dn, "minPwdLength", - NULL); - r->out.info->password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, - a_state->account_dn, - "pwdProperties", NULL); + r->out.info->min_password_length = samdb_search_uint(a_state->sam_ctx, + mem_ctx, 0, a_state->domain_state->domain_dn, "minPwdLength", + NULL); + r->out.info->password_properties = samdb_search_uint(a_state->sam_ctx, + mem_ctx, 0, a_state->account_dn, "pwdProperties", NULL); + return NT_STATUS_OK; } @@ -4123,8 +4182,10 @@ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TAL return NT_STATUS_INTERNAL_DB_CORRUPTION; } - r->out.info->min_password_length = samdb_result_uint(msgs[0], "minPwdLength", 0); - r->out.info->password_properties = samdb_result_uint(msgs[0], "pwdProperties", 1); + r->out.info->min_password_length = samdb_result_uint(msgs[0], + "minPwdLength", 0); + r->out.info->password_properties = samdb_result_uint(msgs[0], + "pwdProperties", 1); talloc_free(msgs); |