summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in39
-rw-r--r--source3/passdb/passdb.c116
-rw-r--r--source3/passdb/pdb_compat.c104
-rw-r--r--source3/passdb/pdb_get_set.c75
-rw-r--r--source3/rpc_parse/parse_samr.c91
-rw-r--r--source3/rpc_server/srv_samr_nt.c259
-rw-r--r--source3/rpc_server/srv_samr_util.c143
7 files changed, 461 insertions, 366 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 91fee728ab..f04d6de485 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -168,17 +168,19 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \
$(RPC_PARSE_OBJ1)
-LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \
+LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o \
libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \
- libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\
- rpc_client/cli_pipe.o libsmb/cli_spoolss_notify.o
+ libsmb/cli_dfs.o libsmb/cli_reg.o \
+ rpc_client/cli_pipe.o libsmb/cli_spoolss.o libsmb/cli_spoolss_notify.o
+
+LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o
LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po)
RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \
rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \
- rpc_server/srv_samr.o rpc_server/srv_samr_nt.o \
+ rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_samr_util.o \
rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
@@ -205,7 +207,8 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
passdb/machine_sid.o passdb/pdb_smbpasswd.o \
passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \
- passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o
+ passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o \
+ passdb/pdb_compat.o
GROUPDB_OBJ = groupdb/mapping.o
@@ -256,7 +259,8 @@ SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \
$(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \
$(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \
$(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \
- $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ) \
+ $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
+ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
@@ -364,12 +368,12 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
utils/net_rap.o utils/net_rpc.o \
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o
-NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
- $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
+NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
+ $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
+ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \
$(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
-
CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ)
MOUNT_OBJ = client/smbmount.o \
@@ -406,8 +410,8 @@ LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
$(UBIQX_OBJ) $(LIB_OBJ)
SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \
- $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \
- $(LIBMSRPC_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ)
+ $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \
+ $(LIBMSRPC_OBJ)
TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
@@ -428,13 +432,16 @@ SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \
PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \
$(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \
- $(LIBMSRPC_OBJ) $(RPC_CLIENT_OBJ) $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \
+ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) \
+ $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \
$(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
$(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
- $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) $(READLINE_OBJ) \
- $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
+ $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
+ $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ)
+
+NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
+ $(LIB_OBJ) $(NSSWINS_OBJ)
-NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) $(LIB_OBJ) $(NSSWINS_OBJ)
NSS_OBJ = $(NSS_OBJ_0:.o=.po)
PICOBJS = $(SMBWRAPPER_OBJ:.o=.po)
@@ -473,7 +480,7 @@ WINBINDD_OBJ1 = \
nsswitch/winbindd_dual.o
WINBINDD_OBJ = \
- $(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
+ $(WINBINDD_OBJ1) $(PASSDB_GET_SET_OBJ) \
$(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
$(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \
$(PROFILE_OBJ) $(UNIGRP_OBJ) \
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 88b624cc19..2bf3eccfb7 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -937,122 +937,6 @@ const char *pdb_unistr2_convert(const UNISTR2 *from)
}
/*************************************************************
- Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
- **************************************************************/
-
-void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
-{
-
- if (from == NULL || to == NULL)
- return;
-
- pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
- pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
- pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
- pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
- pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
-
- pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
-
- if (from->uni_user_name.buffer)
- pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name ));
- if (from->uni_full_name.buffer)
- pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name ));
- if (from->uni_home_dir.buffer)
- pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True);
- if (from->uni_dir_drive.buffer)
- pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True);
- if (from->uni_logon_script.buffer)
- pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True);
- if (from->uni_profile_path.buffer)
- pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True);
- if (from->uni_acct_desc.buffer)
- pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc ));
- if (from->uni_workstations.buffer)
- pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations));
- if (from->uni_unknown_str.buffer)
- pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str ));
- if (from->uni_munged_dial.buffer)
- pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
-
- if (from->user_rid)
- pdb_set_user_sid_from_rid(to, from->user_rid);
- if (from->group_rid)
- pdb_set_group_sid_from_rid(to, from->group_rid);
-
- pdb_set_acct_ctrl(to, from->acb_info);
- pdb_set_unknown_3(to, from->unknown_3);
-
- pdb_set_logon_divs(to, from->logon_divs);
- pdb_set_hours_len(to, from->logon_hrs.len);
- pdb_set_hours(to, from->logon_hrs.hours);
-
- pdb_set_unknown_5(to, from->unknown_5);
- pdb_set_unknown_6(to, from->unknown_6);
-}
-
-
-/*************************************************************
- Copies a sam passwd.
- **************************************************************/
-
-void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
-{
- if (from == NULL || to == NULL)
- return;
-
- pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
- pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
- pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
- pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
- pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
-
- pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
-
- if (from->uni_user_name.buffer)
- pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name ));
- if (from->uni_full_name.buffer)
- pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name ));
- if (from->uni_home_dir.buffer)
- pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True);
- if (from->uni_dir_drive.buffer)
- pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True);
- if (from->uni_logon_script.buffer)
- pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True);
- if (from->uni_profile_path.buffer)
- pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True);
- if (from->uni_acct_desc.buffer)
- pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc ));
- if (from->uni_workstations.buffer)
- pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations));
- if (from->uni_unknown_str.buffer)
- pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str ));
- if (from->uni_munged_dial.buffer)
- pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
-
- if (from->user_rid)
- pdb_set_user_sid_from_rid(to, from->user_rid);
- if (from->group_rid)
- pdb_set_group_sid_from_rid(to, from->group_rid);
-
- /* FIXME!! Do we need to copy the passwords here as well?
- I don't know. Need to figure this out --jerry */
-
- /* Passwords dealt with in caller --abartlet */
-
- pdb_set_acct_ctrl(to, from->acb_info);
- pdb_set_unknown_3(to, from->unknown_3);
-
- pdb_set_logon_divs(to, from->logon_divs);
- pdb_set_hours_len(to, from->logon_hrs.len);
- pdb_set_hours(to, from->logon_hrs.hours);
-
- pdb_set_unknown_5(to, from->unknown_5);
- pdb_set_unknown_6(to, from->unknown_6);
-}
-
-
-/*************************************************************
Change a password entry in the local smbpasswd file.
FIXME!! The function needs to be abstracted into the
diff --git a/source3/passdb/pdb_compat.c b/source3/passdb/pdb_compat.c
new file mode 100644
index 0000000000..713c92e3ac
--- /dev/null
+++ b/source3/passdb/pdb_compat.c
@@ -0,0 +1,104 @@
+/*
+ Unix SMB/CIFS implementation.
+ SAM_ACCOUNT access routines
+ Copyright (C) Jeremy Allison 1996-2001
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+ Copyright (C) Gerald (Jerry) Carter 2000-2001
+ Copyright (C) Andrew Bartlett 2001-2002
+ Copyright (C) Stefan (metze) Metzmacher 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_PASSDB
+
+uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass)
+{
+ uint32 u_rid;
+
+ if (sampass)
+ if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid))
+ return u_rid;
+
+ return (0);
+}
+
+uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
+{
+ uint32 g_rid;
+
+ if (sampass)
+ if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid))
+ return g_rid;
+ return (0);
+}
+
+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
+{
+ DOM_SID u_sid;
+ const DOM_SID *global_sam_sid;
+
+ if (!sampass)
+ return False;
+
+ if (!(global_sam_sid = get_global_sam_sid())) {
+ DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n"));
+ return False;
+ }
+
+ sid_copy(&u_sid, global_sam_sid);
+
+ if (!sid_append_rid(&u_sid, rid))
+ return False;
+
+ if (!pdb_set_user_sid(sampass, &u_sid))
+ return False;
+
+ DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
+ sid_string_static(&u_sid),rid));
+
+ return True;
+}
+
+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
+{
+ DOM_SID g_sid;
+ const DOM_SID *global_sam_sid;
+
+ if (!sampass)
+ return False;
+
+ if (!(global_sam_sid = get_global_sam_sid())) {
+ DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n"));
+ return False;
+ }
+
+ sid_copy(&g_sid, global_sam_sid);
+
+ if (!sid_append_rid(&g_sid, grid))
+ return False;
+
+ if (!pdb_set_group_sid(sampass, &g_sid))
+ return False;
+
+ DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n",
+ sid_string_static(&g_sid), grid));
+
+ return True;
+}
+
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 37530d0e46..dff4b40f4d 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -172,27 +172,6 @@ const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass)
return (NULL);
}
-uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass)
-{
- uint32 u_rid;
-
- if (sampass)
- if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid))
- return u_rid;
-
- return (0);
-}
-
-uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
-{
- uint32 g_rid;
-
- if (sampass)
- if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid))
- return g_rid;
- return (0);
-}
-
/**
* Get flags showing what is initalised in the SAM_ACCOUNT
* @param sampass the SAM_ACCOUNT in question
@@ -577,60 +556,6 @@ BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid)
return True;
}
-BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
-{
- DOM_SID u_sid;
- const DOM_SID *global_sam_sid;
-
- if (!sampass)
- return False;
-
- if (!(global_sam_sid = get_global_sam_sid())) {
- DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n"));
- return False;
- }
-
- sid_copy(&u_sid, global_sam_sid);
-
- if (!sid_append_rid(&u_sid, rid))
- return False;
-
- if (!pdb_set_user_sid(sampass, &u_sid))
- return False;
-
- DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
- sid_string_static(&u_sid),rid));
-
- return True;
-}
-
-BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
-{
- DOM_SID g_sid;
- const DOM_SID *global_sam_sid;
-
- if (!sampass)
- return False;
-
- if (!(global_sam_sid = get_global_sam_sid())) {
- DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n"));
- return False;
- }
-
- sid_copy(&g_sid, global_sam_sid);
-
- if (!sid_append_rid(&g_sid, grid))
- return False;
-
- if (!pdb_set_group_sid(sampass, &g_sid))
- return False;
-
- DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n",
- sid_string_static(&g_sid), grid));
-
- return True;
-}
-
/*********************************************************************
Set the user's UNIX name.
********************************************************************/
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 34aa75f1d0..137883cc7e 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -1440,7 +1440,8 @@ inits a SAM_DISPINFO_1 structure.
********************************************************************/
NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_entries,
- uint32 start_idx, DISP_USER_INFO *disp_user_info)
+ uint32 start_idx, DISP_USER_INFO *disp_user_info,
+ DOM_SID *domain_sid)
{
uint32 len_sam_name, len_sam_full, len_sam_desc;
uint32 i;
@@ -1468,6 +1469,9 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en
const char *username;
const char *fullname;
const char *acct_desc;
+ uint32 user_rid;
+ const DOM_SID *user_sid;
+ fstring user_sid_string, domain_sid_string;
DEBUG(11, ("init_sam_dispinfo_1: entry: %d\n",i));
@@ -1486,14 +1490,25 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en
if (!acct_desc)
acct_desc = "";
+ user_sid = pdb_get_user_sid(pwd);
+
+ if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
+ DEBUG(0, ("init_sam_dispinfo_1: User %s has SID %s, which conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ username,
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
len_sam_name = strlen(username);
len_sam_full = strlen(fullname);
len_sam_desc = strlen(acct_desc);
init_sam_entry1(&sam->sam[i], start_idx + i + 1,
len_sam_name, len_sam_full, len_sam_desc,
- pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd));
-
+ user_rid, pdb_get_acct_ctrl(pwd));
+
ZERO_STRUCTP(&sam->str[i].uni_acct_name);
ZERO_STRUCTP(&sam->str[i].uni_full_name);
ZERO_STRUCTP(&sam->str[i].uni_acct_desc);
@@ -1560,7 +1575,8 @@ inits a SAM_DISPINFO_2 structure.
********************************************************************/
NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_entries,
- uint32 start_idx, DISP_USER_INFO *disp_user_info)
+ uint32 start_idx, DISP_USER_INFO *disp_user_info,
+ DOM_SID *domain_sid )
{
uint32 len_sam_name, len_sam_desc;
uint32 i;
@@ -1583,20 +1599,39 @@ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_en
ZERO_STRUCTP(sam->str);
for (i = 0; i < num_entries; i++) {
+ uint32 user_rid;
+ const DOM_SID *user_sid;
+ const char *username;
+ const char *acct_desc;
+ fstring user_sid_string, domain_sid_string;
+
DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i));
pwd=disp_user_info[i+start_idx].sam;
- len_sam_name = strlen(pdb_get_username(pwd));
- len_sam_desc = strlen(pdb_get_acct_desc(pwd));
+ username = pdb_get_username(pwd);
+ acct_desc = pdb_get_acct_desc(pwd);
+ user_sid = pdb_get_user_sid(pwd);
+
+ if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
+ DEBUG(0, ("init_sam_dispinfo_2: User %s has SID %s, which conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ username,
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ len_sam_name = strlen(username);
+ len_sam_desc = strlen(acct_desc);
init_sam_entry2(&sam->sam[i], start_idx + i + 1,
len_sam_name, len_sam_desc,
- pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd));
+ user_rid, pdb_get_acct_ctrl(pwd));
ZERO_STRUCTP(&sam->str[i].uni_srv_name);
ZERO_STRUCTP(&sam->str[i].uni_srv_desc);
- init_unistr2(&sam->str[i].uni_srv_name, pdb_get_username(pwd), len_sam_name);
+ init_unistr2(&sam->str[i].uni_srv_name, username, len_sam_name);
init_unistr2(&sam->str[i].uni_srv_desc, pdb_get_acct_desc(pwd), len_sam_desc);
}
@@ -5844,7 +5879,7 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
*************************************************************************/
-void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
+NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *domain_sid)
{
NTTIME logon_time, logoff_time, kickoff_time,
pass_last_set_time, pass_can_change_time,
@@ -5865,6 +5900,12 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
const char* workstations = pdb_get_workstations(pw);
const char* munged_dial = pdb_get_munged_dial(pw);
+ uint32 user_rid;
+ const DOM_SID *user_sid;
+
+ uint32 group_rid;
+ const DOM_SID *group_sid;
+
len_user_name = user_name != NULL ? strlen(user_name )+1 : 0;
len_full_name = full_name != NULL ? strlen(full_name )+1 : 0;
len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0;
@@ -5907,8 +5948,34 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
ZERO_STRUCT(usr->nt_pwd);
ZERO_STRUCT(usr->lm_pwd);
- usr->user_rid = pdb_get_user_rid(pw);
- usr->group_rid = pdb_get_group_rid(pw);
+ user_sid = pdb_get_user_sid(pw);
+
+ if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
+ fstring user_sid_string;
+ fstring domain_sid_string;
+ DEBUG(0, ("init_sam_user_info_21A: User %s has SID %s, \nwhich conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ user_name,
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ group_sid = pdb_get_group_sid(pw);
+
+ if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
+ fstring group_sid_string;
+ fstring domain_sid_string;
+ DEBUG(0, ("init_sam_user_info_21A: User %s has Primary Group SID %s, \n"
+ "which conflicts with the domain sid %s. Failing operation.\n",
+ user_name,
+ sid_to_string(group_sid_string, group_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ usr->user_rid = user_rid;
+ usr->group_rid = group_rid;
usr->acb_info = pdb_get_acct_ctrl(pw);
usr->unknown_3 = pdb_get_unknown3(pw);
@@ -5937,6 +6004,8 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
memcpy(&usr->logon_hrs.hours, pdb_get_hours(pw), MAX_HOURS_LEN);
} else
memset(&usr->logon_hrs, 0xff, sizeof(usr->logon_hrs));
+
+ return NT_STATUS_OK;
}
/*******************************************************************
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 9e826436f6..9393917cde 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -126,19 +126,6 @@ static void free_samr_info(void *ptr)
Ensure password info is never given out. Paranioa... JRA.
********************************************************************/
-static void samr_clear_passwd_fields( SAM_USER_INFO_21 *pass, int num_entries)
-{
- int i;
-
- if (!pass)
- return;
-
- for (i = 0; i < num_entries; i++) {
- memset(&pass[i].lm_pwd, '\0', sizeof(pass[i].lm_pwd));
- memset(&pass[i].nt_pwd, '\0', sizeof(pass[i].nt_pwd));
- }
-}
-
static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass)
{
@@ -267,103 +254,6 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
/*******************************************************************
- This next function should be replaced with something that
- dynamically returns the correct user info..... JRA.
- ********************************************************************/
-
-static NTSTATUS get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
- int *total_entries, int *num_entries,
- int max_num_entries, uint16 acb_mask)
-{
- SAM_ACCOUNT *pwd = NULL;
- BOOL not_finished = True;
- NTSTATUS nt_status;
-
- (*num_entries) = 0;
- (*total_entries) = 0;
-
- if (pw_buf == NULL)
- return NT_STATUS_NO_MEMORY;
-
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) {
- return nt_status;
- }
-
- if (!pdb_setsampwent(False)) {
- DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n"));
- pdb_free_sam(&pwd);
- return NT_STATUS_ACCESS_DENIED;
- }
-
- while (((not_finished = pdb_getsampwent(pwd)) != False)
- && (*num_entries) < max_num_entries)
- {
- int user_name_len;
- const char *user_name;
-
- if (start_idx > 0) {
-
- pdb_free_sam(&pwd);
-
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) {
- pdb_endsampwent();
- return nt_status;
- }
-
- /* skip the requested number of entries.
- not very efficient, but hey... */
- start_idx--;
- continue;
- }
-
- user_name = pdb_get_username(pwd);
-
- if (!user_name) {
- DEBUG(2, ("account had NULL username!\n"));
- } else if (!(acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask))) {
- DEBUG(5,(" acb_mask %x rejects\n", acb_mask));
- } else {
- DEBUG(5,(" acb_mask %x accepts\n", acb_mask));
-
- user_name_len = strlen(user_name)+1;
- init_unistr2(&pw_buf[(*num_entries)].uni_user_name, user_name, user_name_len);
- init_uni_hdr(&pw_buf[(*num_entries)].hdr_user_name, user_name_len);
- pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd);
- memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16);
-
- /* Now check if the NT compatible password is available. */
- if (pdb_get_nt_passwd(pwd))
- memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16);
-
- pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd);
-
- DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
- (*num_entries), pdb_get_username(pwd), pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) ));
-
- (*num_entries)++;
- }
-
- (*total_entries)++;
-
- pdb_free_sam(&pwd);
-
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) {
- pdb_endsampwent();
- return nt_status;
- }
-
- }
-
- pdb_endsampwent();
- pdb_free_sam(&pwd);
-
- if (not_finished)
- return STATUS_MORE_ENTRIES;
- else
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
_samr_close_hnd
********************************************************************/
@@ -526,69 +416,118 @@ NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_
makes a SAM_ENTRY / UNISTR2* structure from a user list.
********************************************************************/
-static void make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp,
- uint32 num_sam_entries, SAM_USER_INFO_21 *pass)
+static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp,
+ uint32 num_entries, uint32 start_idx, DISP_USER_INFO *disp_user_info,
+ DOM_SID *domain_sid)
{
uint32 i;
SAM_ENTRY *sam;
UNISTR2 *uni_name;
-
+ SAM_ACCOUNT *pwd = NULL;
+ UNISTR2 uni_temp_name;
+ const char *temp_name;
+ const DOM_SID *user_sid;
+ uint32 user_rid;
+ fstring user_sid_string;
+ fstring domain_sid_string;
+
*sam_pp = NULL;
*uni_name_pp = NULL;
- if (num_sam_entries == 0)
- return;
+ if (num_entries == 0)
+ return NT_STATUS_OK;
- sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries);
+ sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_entries);
- uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries);
+ uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_entries);
if (sam == NULL || uni_name == NULL) {
- DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
- return;
+ DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n"));
+ return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(sam);
- ZERO_STRUCTP(uni_name);
-
- for (i = 0; i < num_sam_entries; i++) {
- int len = pass[i].uni_user_name.uni_str_len;
+ for (i = 0; i < num_entries; i++) {
+ int len = uni_temp_name.uni_str_len;
+
+ pwd = disp_user_info[i+start_idx].sam;
+ temp_name = pdb_get_username(pwd);
+ init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1);
+ user_sid = pdb_get_user_sid(pwd);
+
+ if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
+ DEBUG(0, ("make_user_sam_entry_list: User %s has SID %s, which conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ temp_name,
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
- init_sam_entry(&sam[i], len, pass[i].user_rid);
- copy_unistr2(&uni_name[i], &pass[i].uni_user_name);
+ init_sam_entry(&sam[i], len, user_rid);
+ copy_unistr2(&uni_name[i], &uni_temp_name);
}
*sam_pp = sam;
*uni_name_pp = uni_name;
+ return NT_STATUS_OK;
}
/*******************************************************************
samr_reply_enum_dom_users
********************************************************************/
-NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_R_ENUM_DOM_USERS *r_u)
+NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
+ SAMR_R_ENUM_DOM_USERS *r_u)
{
- SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
- int num_entries = 0;
- int total_entries = 0;
+ struct samr_info *info = NULL;
+ uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
+ int num_account;
+ uint32 enum_context=q_u->start_idx;
+ uint32 max_size=q_u->max_size;
+ uint32 temp_size;
+ enum remote_arch_types ra_type = get_remote_arch();
+ int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
+ uint32 max_entries = max_sam_entries;
+ DOM_SID domain_sid;
r_u->status = NT_STATUS_OK;
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->pol, NULL))
+ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
+ return NT_STATUS_INVALID_HANDLE;
+
+ if (!get_lsa_policy_samr_sid(p, &q_u->pol, &domain_sid))
return NT_STATUS_INVALID_HANDLE;
DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
become_root();
- r_u->status = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
- MAX_SAM_ENTRIES, q_u->acb_mask);
+ r_u->status=load_sampwd_entries(info, q_u->acb_mask);
unbecome_root();
-
- if (NT_STATUS_IS_ERR(r_u->status))
+
+ if (!NT_STATUS_IS_OK(r_u->status))
return r_u->status;
- samr_clear_passwd_fields(pass, num_entries);
+ num_account = info->disp_info.num_user_account;
+
+ if (enum_context > num_account) {
+ DEBUG(5, ("_samr_enum_dom_users: enumeration handle over total entries\n"));
+ return NT_STATUS_OK;
+ }
+
+ /* verify we won't overflow */
+ if (max_entries > num_account-enum_context) {
+ max_entries = num_account-enum_context;
+ DEBUG(5, ("_samr_enum_dom_users: only %d entries to return\n", max_entries));
+ }
+
+ /* calculate the size and limit on the number of entries we will return */
+ temp_size=max_entries*struct_size;
+
+ if (temp_size>max_size) {
+ max_entries=MIN((max_size/struct_size),max_entries);;
+ DEBUG(5, ("_samr_enum_dom_users: buffer size limits to only %d entries\n", max_entries));
+ }
/*
* Note from JRA. total_entries is not being used here. Currently if there is a
@@ -603,9 +542,20 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_
* value (again I think this is wrong).
*/
- make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name, num_entries, pass);
+ r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name,
+ max_entries, enum_context,
+ info->disp_info.disp_user_info,
+ &domain_sid);
+
+ if (!NT_STATUS_IS_OK(r_u->status))
+ return r_u->status;
+
+ if (enum_context+max_entries < num_account)
+ r_u->status = STATUS_MORE_ENTRIES;
+
+ DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__));
- init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_entries, num_entries);
+ init_samr_r_enum_dom_users(r_u, q_u->start_idx + max_entries, max_entries);
DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
@@ -891,7 +841,8 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
/*******************************************************************
samr_reply_query_dispinfo
********************************************************************/
-NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_QUERY_DISPINFO *r_u)
+NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
+ SAMR_R_QUERY_DISPINFO *r_u)
{
struct samr_info *info = NULL;
uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
@@ -906,9 +857,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_
NTSTATUS disp_ret;
uint32 num_account = 0;
enum remote_arch_types ra_type = get_remote_arch();
- int max_sam_entries;
-
- max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
+ int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
+ DOM_SID domain_sid;
DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__));
r_u->status = NT_STATUS_OK;
@@ -917,6 +867,9 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_
if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
+ if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &domain_sid))
+ return NT_STATUS_INVALID_HANDLE;
+
/*
* calculate how many entries we will return.
* based on
@@ -1015,7 +968,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_
if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_1))))
return NT_STATUS_NO_MEMORY;
}
- disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, info->disp_info.disp_user_info);
+ disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context,
+ info->disp_info.disp_user_info, &domain_sid);
if (!NT_STATUS_IS_OK(disp_ret))
return disp_ret;
break;
@@ -1024,7 +978,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_
if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_2))))
return NT_STATUS_NO_MEMORY;
}
- disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, info->disp_info.disp_user_info);
+ disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context,
+ info->disp_info.disp_user_info, &domain_sid);
if (!NT_STATUS_IS_OK(disp_ret))
return disp_ret;
break;
@@ -1582,7 +1537,8 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DO
get_user_info_21
*************************************************************************/
-static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, DOM_SID *user_sid)
+static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
+ DOM_SID *user_sid, DOM_SID *domain_sid)
{
SAM_ACCOUNT *sampass=NULL;
BOOL ret;
@@ -1607,7 +1563,7 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, DO
DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) ));
ZERO_STRUCTP(id21);
- init_sam_user_info21A(id21, sampass);
+ nt_status = init_sam_user_info21A(id21, sampass, domain_sid);
pdb_free_sam(&sampass);
@@ -1622,13 +1578,19 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
{
SAM_USERINFO_CTR *ctr;
struct samr_info *info = NULL;
-
+ DOM_SID domain_sid;
+ uint32 rid;
+
r_u->status=NT_STATUS_OK;
/* search for the handle */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
+ domain_sid = info->sid;
+
+ sid_split_rid(&domain_sid, &rid);
+
if (!sid_check_is_in_our_domain(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
@@ -1700,7 +1662,8 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21));
if (ctr->info.id21 == NULL)
return NT_STATUS_NO_MEMORY;
- if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, &info->sid)))
+ if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21,
+ &info->sid, &domain_sid)))
return r_u->status;
break;
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
new file mode 100644
index 0000000000..7a5b1e5f46
--- /dev/null
+++ b/source3/rpc_server/srv_samr_util.c
@@ -0,0 +1,143 @@
+/*
+ Unix SMB/CIFS implementation.
+ SAMR Pipe utility functions.
+ Copyright (C) Jeremy Allison 1996-2001
+ Copyright (C) Luke Kenneth Casson Leighton 1996-1998
+ Copyright (C) Gerald (Jerry) Carter 2000-2001
+ Copyright (C) Andrew Bartlett 2001-2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
+
+/*************************************************************
+ Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT
+ **************************************************************/
+
+void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from)
+{
+
+ if (from == NULL || to == NULL)
+ return;
+
+ pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
+ pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
+ pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
+ pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
+ pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
+
+ pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
+
+ if (from->uni_user_name.buffer)
+ pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name ));
+ if (from->uni_full_name.buffer)
+ pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name ));
+ if (from->uni_home_dir.buffer)
+ pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True);
+ if (from->uni_dir_drive.buffer)
+ pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True);
+ if (from->uni_logon_script.buffer)
+ pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True);
+ if (from->uni_profile_path.buffer)
+ pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True);
+ if (from->uni_acct_desc.buffer)
+ pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc ));
+ if (from->uni_workstations.buffer)
+ pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations));
+ if (from->uni_unknown_str.buffer)
+ pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str ));
+ if (from->uni_munged_dial.buffer)
+ pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
+
+ if (from->user_rid)
+ pdb_set_user_sid_from_rid(to, from->user_rid);
+ if (from->group_rid)
+ pdb_set_group_sid_from_rid(to, from->group_rid);
+
+ pdb_set_acct_ctrl(to, from->acb_info);
+ pdb_set_unknown_3(to, from->unknown_3);
+
+ pdb_set_logon_divs(to, from->logon_divs);
+ pdb_set_hours_len(to, from->logon_hrs.len);
+ pdb_set_hours(to, from->logon_hrs.hours);
+
+ pdb_set_unknown_5(to, from->unknown_5);
+ pdb_set_unknown_6(to, from->unknown_6);
+}
+
+
+/*************************************************************
+ Copies a sam passwd.
+ **************************************************************/
+
+void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
+{
+ if (from == NULL || to == NULL)
+ return;
+
+ pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True);
+ pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True);
+ pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True);
+ pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True);
+ pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True);
+
+ pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time));
+
+ if (from->uni_user_name.buffer)
+ pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name ));
+ if (from->uni_full_name.buffer)
+ pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name ));
+ if (from->uni_home_dir.buffer)
+ pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True);
+ if (from->uni_dir_drive.buffer)
+ pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True);
+ if (from->uni_logon_script.buffer)
+ pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True);
+ if (from->uni_profile_path.buffer)
+ pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True);
+ if (from->uni_acct_desc.buffer)
+ pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc ));
+ if (from->uni_workstations.buffer)
+ pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations));
+ if (from->uni_unknown_str.buffer)
+ pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str ));
+ if (from->uni_munged_dial.buffer)
+ pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial ));
+
+ if (from->user_rid)
+ pdb_set_user_sid_from_rid(to, from->user_rid);
+ if (from->group_rid)
+ pdb_set_group_sid_from_rid(to, from->group_rid);
+
+ /* FIXME!! Do we need to copy the passwords here as well?
+ I don't know. Need to figure this out --jerry */
+
+ /* Passwords dealt with in caller --abartlet */
+
+ pdb_set_acct_ctrl(to, from->acb_info);
+ pdb_set_unknown_3(to, from->unknown_3);
+
+ pdb_set_logon_divs(to, from->logon_divs);
+ pdb_set_hours_len(to, from->logon_hrs.len);
+ pdb_set_hours(to, from->logon_hrs.hours);
+
+ pdb_set_unknown_5(to, from->unknown_5);
+ pdb_set_unknown_6(to, from->unknown_6);
+}
+