diff options
-rw-r--r-- | source3/include/proto.h | 2 | ||||
-rw-r--r-- | source3/include/smb.h | 28 | ||||
-rw-r--r-- | source3/lib/util.c | 39 | ||||
-rw-r--r-- | source3/param/loadparm.c | 6 | ||||
-rw-r--r-- | source3/pipenetlog.c | 27 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 2 |
6 files changed, 100 insertions, 4 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 5bd1745958..4613137d0d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -178,6 +178,8 @@ char *lp_announce_version(void); char *lp_netbios_aliases(void); char *lp_domainsid(void); char *lp_domain_groups(void); +char *lp_domain_admin_users(void); +char *lp_domain_guest_users(void); BOOL lp_dns_proxy(void); BOOL lp_wins_support(void); BOOL lp_wins_proxy(void); diff --git a/source3/include/smb.h b/source3/include/smb.h index 7921e77108..0965b6b90b 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -66,6 +66,8 @@ typedef int BOOL; typedef int smb_shm_offset_t; #define NULL_OFFSET (smb_shm_offset_t)(0) +/* limiting size of ipc replies */ +#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024)) /* Samba needs type definitions for int16, int32, uint16 and uint32. @@ -298,6 +300,32 @@ typedef fstring string; #define NETSERVERGETINFO 0x15 #define NETSHAREENUM 0x0f +/* well-known RIDs - Relative IDs */ + +/* RIDs - Well-known users ... */ +#define DOMAIN_USER_RID_ADMIN (0x000001F4L) +#define DOMAIN_USER_RID_GUEST (0x000001F5L) + +/* RIDs - well-known groups ... */ +#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) +#define DOMAIN_GROUP_RID_USERS (0x00000201L) +#define DOMAIN_GROUP_RID_GUESTS (0x00000202L) + +/* RIDs - well-known aliases ... */ +#define DOMAIN_ALIAS_RID_ADMINS (0x00000220L) +#define DOMAIN_ALIAS_RID_USERS (0x00000221L) +#define DOMAIN_ALIAS_RID_GUESTS (0x00000222L) +#define DOMAIN_ALIAS_RID_POWER_USERS (0x00000223L) + +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) +#define DOMAIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) +#define DOMAIN_ALIAS_RID_PRINT_OPS (0x00000226L) +#define DOMAIN_ALIAS_RID_BACKUP_OPS (0x00000227L) + +#define DOMAIN_ALIAS_RID_REPLICATOR (0x00000228L) + + + /* 32 bit time (sec) since 01jan1970 - cifs6.txt, section 3.5, page 30 */ typedef struct time_info { diff --git a/source3/lib/util.c b/source3/lib/util.c index ec0f9f0efc..96c0774e92 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -4509,6 +4509,28 @@ char *tab_depth(int depth) return spaces; } + +/* array lookup of well-known RID aliases. the purpose of these escapes me.. */ +static struct +{ + uint32 rid; + char *rid_name; + +} rid_lookups[] = +{ + { DOMAIN_ALIAS_RID_ADMINS , "admins" }, + { DOMAIN_ALIAS_RID_USERS , "users" }, + { DOMAIN_ALIAS_RID_GUESTS , "guests" }, + { DOMAIN_ALIAS_RID_POWER_USERS , "power_users" }, + + { DOMAIN_ALIAS_RID_ACCOUNT_OPS , "account_ops" }, + { DOMAIN_ALIAS_RID_SYSTEM_OPS , "system_ops" }, + { DOMAIN_ALIAS_RID_PRINT_OPS , "print_ops" }, + { DOMAIN_ALIAS_RID_BACKUP_OPS , "backup_ops" }, + { DOMAIN_ALIAS_RID_REPLICATOR , "replicator" }, + { 0 , NULL } +}; + int make_domain_gids(char *gids_str, DOM_GID *gids) { char *ptr; @@ -4523,12 +4545,26 @@ int make_domain_gids(char *gids_str, DOM_GID *gids) { /* the entries are of the form GID/ATTR, ATTR being optional.*/ char *attr; + uint32 rid = 0; + int i; attr = strchr(s2,'/'); if (attr) *attr++ = 0; if (!attr || !*attr) attr = "7"; /* default value for attribute is 7 */ - gids[count].gid = atoi(s2); + /* look up the RID string and see if we can turn it into a rid number */ + for (i = 0; rid_lookups[i].rid_name != NULL; i++) + { + if (strequal(rid_lookups[i].rid_name, s2)) + { + rid = rid_lookups[i].rid; + break; + } + } + + if (rid == 0) rid = atoi(s2); + + gids[count].gid = rid; gids[count].attr = atoi(attr); DEBUG(5,("group id: %d attr: %d\n", gids[count].gid, gids[count].attr)); @@ -4536,3 +4572,4 @@ int make_domain_gids(char *gids_str, DOM_GID *gids) return count; } + diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index d0dfe4ace7..a72471c5a9 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -128,6 +128,8 @@ typedef struct char *szValidChars; char *szWorkGroup; char *szDomainController; + char *szDomainAdminUsers; + char *szDomainGuestUsers; char *szUsernameMap; char *szCharacterSet; char *szLogonScript; @@ -447,6 +449,8 @@ struct parm_struct {"domain sid", P_USTRING, P_GLOBAL, &Globals.szDomainSID, NULL}, {"domain groups", P_USTRING, P_GLOBAL, &Globals.szDomainGroups, NULL}, {"domain controller",P_STRING, P_GLOBAL, &Globals.szDomainController,NULL}, + {"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL}, + {"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL}, {"username map", P_STRING, P_GLOBAL, &Globals.szUsernameMap, NULL}, {"character set", P_STRING, P_GLOBAL, &Globals.szCharacterSet, handle_character_set}, {"logon script", P_STRING, P_GLOBAL, &Globals.szLogonScript, NULL}, @@ -865,6 +869,8 @@ FN_GLOBAL_STRING(lp_netbios_aliases,&Globals.szNetbiosAliases) FN_GLOBAL_STRING(lp_domainsid,&Globals.szDomainSID) FN_GLOBAL_STRING(lp_domain_groups,&Globals.szDomainGroups) +FN_GLOBAL_STRING(lp_domain_admin_users,&Globals.szDomainAdminUsers) +FN_GLOBAL_STRING(lp_domain_guest_users,&Globals.szDomainGuestUsers) FN_GLOBAL_BOOL(lp_dns_proxy,&Globals.bDNSproxy) FN_GLOBAL_BOOL(lp_wins_support,&Globals.bWINSsupport) diff --git a/source3/pipenetlog.c b/source3/pipenetlog.c index 0563a61591..ad4ad63369 100644 --- a/source3/pipenetlog.c +++ b/source3/pipenetlog.c @@ -508,6 +508,7 @@ static void api_lsa_sam_logon( user_struct *vuser, pstring home_drive; pstring my_name; pstring my_workgroup; + pstring domain_groups; pstring dom_sid; extern pstring myname; @@ -518,6 +519,9 @@ static void api_lsa_sam_logon( user_struct *vuser, pstrcpy(samlogon_user, unistr2(q_l.sam_id.auth.id1.uni_user_name.buffer)); + DEBUG(3,("SAM Logon. Domain:[%s]. User [%s]\n", + lp_workgroup(), samlogon_user)); + /* hack to get standard_sub_basic() to use the sam logon username */ sam_logon_in_ssb = True; @@ -529,7 +533,28 @@ static void api_lsa_sam_logon( user_struct *vuser, pstrcpy(home_drive , lp_logon_drive ()); pstrcpy(home_dir , lp_logon_home ()); - num_gids = make_domain_gids(lp_domain_groups(), gids); + /* any additional groups this user is in. e.g power users */ + pstrcpy(domain_groups, lp_domain_groups()); + + /* one RID group always added: 512 (Admin); 513 (Users); 514 (Guests) */ + + if (user_in_list(samlogon_user, lp_domain_guest_users())) + { + DEBUG(3,("domain guest access granted\n")); + strcat(domain_groups, " 514/7 "); + } + else if (user_in_list(samlogon_user, lp_domain_admin_users())) + { + DEBUG(3,("domain admin access granted\n")); + strcat(domain_groups, " 512/7 "); + } + else + { + DEBUG(3,("domain user access granted\n")); + strcat(domain_groups, " 513/7 "); + } + + num_gids = make_domain_gids(domain_groups, gids); sam_logon_in_ssb = False; diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 4f6c85de9f..efae39889d 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -52,8 +52,6 @@ extern fstring myworkgroup; #define ERROR_INVALID_LEVEL 124 #define ERROR_MORE_DATA 234 -#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024)) - #define ACCESS_READ 0x01 #define ACCESS_WRITE 0x02 #define ACCESS_CREATE 0x04 |