diff options
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 454 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.h | 8 | ||||
-rw-r--r-- | source4/rpc_server/samr/samr_password.c | 74 |
3 files changed, 268 insertions, 268 deletions
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 943379bea7..3c08851e09 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. endpoint server for the samr pipe @@ -7,17 +7,17 @@ Copyright (C) Volker Lendecke 2004 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 Copyright (C) Matthias Dieter Wallnöfer 2009 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -88,8 +88,8 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) - +} while (0) + #define SET_INT64(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if (samdb_msg_add_int64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \ @@ -97,8 +97,8 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) - +} while (0) + #define SET_UINT64(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if (samdb_msg_add_uint64(sam_ctx, mem_ctx, msg, attr, r->in.info->field) != LDB_SUCCESS) { \ @@ -106,7 +106,7 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) +} while (0) #define CHECK_FOR_MULTIPLES(value, flag, poss_flags) \ do { \ @@ -114,8 +114,8 @@ return NT_STATUS_INVALID_PARAMETER; \ } \ } while (0) \ - -/* Set account flags, discarding flags that cannot be set with SAMR */ + +/* Set account flags, discarding flags that cannot be set with SAMR */ #define SET_AFLAGS(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if ((r->in.info->field & (ACB_NORMAL | ACB_DOMTRUST | ACB_WSTRUST | ACB_SVRTRUST)) == 0) { \ @@ -130,8 +130,8 @@ } \ set_el = ldb_msg_find_element(msg, attr); \ set_el->flags = LDB_FLAG_MOD_REPLACE; \ -} while (0) - +} while (0) + #define SET_LHOURS(msg, field, attr) do { \ struct ldb_message_element *set_el; \ if (samdb_msg_add_logon_hours(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != LDB_SUCCESS) { \ @@ -154,8 +154,8 @@ -/* - samr_Connect +/* + samr_Connect create a connection to the SAM database */ @@ -195,8 +195,8 @@ static NTSTATUS dcesrv_samr_Connect(struct dcesrv_call_state *dce_call, TALLOC_C } -/* - samr_Close +/* + samr_Close */ static NTSTATUS dcesrv_samr_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_Close *r) @@ -215,8 +215,8 @@ static NTSTATUS dcesrv_samr_Close(struct dcesrv_call_state *dce_call, TALLOC_CTX } -/* - samr_SetSecurity +/* + samr_SetSecurity */ static NTSTATUS dcesrv_samr_SetSecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetSecurity *r) @@ -225,8 +225,8 @@ static NTSTATUS dcesrv_samr_SetSecurity(struct dcesrv_call_state *dce_call, TALL } -/* - samr_QuerySecurity +/* + samr_QuerySecurity */ static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QuerySecurity *r) @@ -251,8 +251,8 @@ static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TA } -/* - samr_Shutdown +/* + samr_Shutdown we refuse this operation completely. If a admin wants to shutdown samr in Samba then they should use the samba admin tools to disable the samr pipe @@ -264,8 +264,8 @@ static NTSTATUS dcesrv_samr_Shutdown(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_LookupDomain +/* + samr_LookupDomain this maps from a domain name to a SID */ @@ -295,7 +295,7 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL "(objectClass=builtinDomain)"); } else if (strcasecmp_m(r->in.domain_name->string, lpcfg_sam_name(dce_call->conn->dce_ctx->lp_ctx)) == 0) { ret = gendb_search_dn(c_state->sam_ctx, - mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), + mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), &dom_msgs, dom_attrs); } else { return NT_STATUS_NO_SUCH_DOMAIN; @@ -303,10 +303,10 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL if (ret != 1) { return NT_STATUS_NO_SUCH_DOMAIN; } - + sid = samdb_result_dom_sid(mem_ctx, dom_msgs[0], "objectSid"); - + if (sid == NULL) { return NT_STATUS_NO_SUCH_DOMAIN; } @@ -317,8 +317,8 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL } -/* - samr_EnumDomains +/* + samr_EnumDomains list the domains in the SAM */ @@ -351,7 +351,7 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL if (array == NULL) { return NT_STATUS_NO_MEMORY; } - + array->count = 0; array->entries = NULL; @@ -377,8 +377,8 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL } -/* - samr_OpenDomain +/* + samr_OpenDomain */ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_OpenDomain *r) @@ -417,9 +417,9 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO ret = gendb_search(c_state->sam_ctx, mem_ctx, ldb_get_default_basedn(c_state->sam_ctx), &dom_msgs, dom_attrs, - "(objectSid=%s)", + "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); - + if (ret == 0) { talloc_free(d_state); return NT_STATUS_NO_SUCH_DOMAIN; @@ -445,7 +445,7 @@ static NTSTATUS dcesrv_samr_OpenDomain(struct dcesrv_call_state *dce_call, TALLO talloc_free(d_state); return NT_STATUS_NO_MEMORY; } - + h_domain->data = talloc_steal(h_domain, d_state); *r->out.domain_handle = h_domain->wire_handle; @@ -465,11 +465,11 @@ static NTSTATUS dcesrv_samr_info_DomInfo1(struct samr_domain_state *state, ldb_msg_find_attr_as_uint(dom_msgs[0], "minPwdLength", 0); info->password_history_length = ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdHistoryLength", 0); - info->password_properties = + info->password_properties = ldb_msg_find_attr_as_uint(dom_msgs[0], "pwdProperties", 0); - info->max_password_age = + info->max_password_age = ldb_msg_find_attr_as_int64(dom_msgs[0], "maxPwdAge", 0); - info->min_password_age = + info->min_password_age = ldb_msg_find_attr_as_int64(dom_msgs[0], "minPwdAge", 0); return NT_STATUS_OK; @@ -478,7 +478,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo1(struct samr_domain_state *state, /* return DomInfo2 */ -static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state, +static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state *state, TALLOC_CTX *mem_ctx, struct ldb_message **dom_msgs, struct samr_DomGeneralInformation *info) @@ -488,7 +488,7 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state "domainReplica", ""); - info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", + info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 0x8000000000000000LL); info->oem_information.string = ldb_msg_find_attr_as_string(dom_msgs[0], @@ -496,11 +496,11 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state ""); info->domain_name.string = state->domain_name; - info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", + info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", 0); switch (state->role) { case ROLE_DOMAIN_CONTROLLER: - /* This pulls the NetBIOS name from the + /* This pulls the NetBIOS name from the cn=NTDS Settings,cn=<NETBIOS name of PDC>,.... string */ if (samdb_is_pdc(state->sam_ctx)) { @@ -542,7 +542,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo3(struct samr_domain_state *state, struct ldb_message **dom_msgs, struct samr_DomInfo3 *info) { - info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", + info->force_logoff_time = ldb_msg_find_attr_as_uint64(dom_msgs[0], "forceLogoff", 0x8000000000000000LL); return NT_STATUS_OK; @@ -603,7 +603,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo7(struct samr_domain_state *state, switch (state->role) { case ROLE_DOMAIN_CONTROLLER: - /* This pulls the NetBIOS name from the + /* This pulls the NetBIOS name from the cn=NTDS Settings,cn=<NETBIOS name of PDC>,.... string */ if (samdb_is_pdc(state->sam_ctx)) { @@ -631,7 +631,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo8(struct samr_domain_state *state, struct ldb_message **dom_msgs, struct samr_DomInfo8 *info) { - info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", + info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", time(NULL)); info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime", @@ -666,8 +666,8 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation2(struct samr_domain_state if (!NT_STATUS_IS_OK(status)) { return status; } - - info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", + + info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", -18000000000LL); info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow", -18000000000LL); @@ -684,7 +684,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo12(struct samr_domain_state *state, struct ldb_message **dom_msgs, struct samr_DomInfo12 *info) { - info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", + info->lockout_duration = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockoutDuration", -18000000000LL); info->lockout_window = ldb_msg_find_attr_as_int64(dom_msgs[0], "lockOutObservationWindow", -18000000000LL); @@ -701,7 +701,7 @@ static NTSTATUS dcesrv_samr_info_DomInfo13(struct samr_domain_state *state, struct ldb_message **dom_msgs, struct samr_DomInfo13 *info) { - info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", + info->sequence_num = ldb_msg_find_attr_as_uint64(dom_msgs[0], "modifiedCount", time(NULL)); info->domain_create_time = ldb_msg_find_attr_as_uint(dom_msgs[0], "creationTime", @@ -712,8 +712,8 @@ static NTSTATUS dcesrv_samr_info_DomInfo13(struct samr_domain_state *state, return NT_STATUS_OK; } -/* - samr_QueryDomainInfo +/* + samr_QueryDomainInfo */ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -725,7 +725,7 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, struct ldb_message **dom_msgs; const char * const *attrs = NULL; - + *r->out.info = NULL; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -733,7 +733,7 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, d_state = h->data; switch (r->in.level) { - case 1: + case 1: { static const char * const attrs2[] = { "minPwdLength", "pwdHistoryLength", @@ -756,14 +756,14 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, } case 3: { - static const char * const attrs2[] = {"forceLogoff", + static const char * const attrs2[] = {"forceLogoff", NULL}; attrs = attrs2; break; } case 4: { - static const char * const attrs2[] = {"oEMInformation", + static const char * const attrs2[] = {"oEMInformation", NULL}; attrs = attrs2; break; @@ -787,8 +787,8 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, } case 8: { - static const char * const attrs2[] = { "modifiedCount", - "creationTime", + static const char * const attrs2[] = { "modifiedCount", + "creationTime", NULL }; attrs = attrs2; break; @@ -802,27 +802,27 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, { static const char * const attrs2[] = { "oEMInformation", "forceLogoff", - "modifiedCount", - "lockoutDuration", - "lockOutObservationWindow", - "lockoutThreshold", + "modifiedCount", + "lockoutDuration", + "lockOutObservationWindow", + "lockoutThreshold", NULL}; attrs = attrs2; break; } case 12: { - static const char * const attrs2[] = { "lockoutDuration", - "lockOutObservationWindow", - "lockoutThreshold", + static const char * const attrs2[] = { "lockoutDuration", + "lockOutObservationWindow", + "lockoutThreshold", NULL}; attrs = attrs2; break; } case 13: { - static const char * const attrs2[] = { "modifiedCount", - "creationTime", + static const char * const attrs2[] = { "modifiedCount", + "creationTime", NULL }; attrs = attrs2; break; @@ -856,40 +856,40 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, switch (r->in.level) { case 1: - return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs, &info->info1); case 2: - return dcesrv_samr_info_DomGeneralInformation(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomGeneralInformation(d_state, mem_ctx, dom_msgs, &info->general); case 3: - return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs, &info->info3); case 4: - return dcesrv_samr_info_DomOEMInformation(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomOEMInformation(d_state, mem_ctx, dom_msgs, &info->oem); case 5: - return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs, &info->info5); case 6: - return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs, &info->info6); case 7: - return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs, &info->info7); case 8: - return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs, &info->info8); case 9: - return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs, &info->info9); case 11: - return dcesrv_samr_info_DomGeneralInformation2(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomGeneralInformation2(d_state, mem_ctx, dom_msgs, &info->general2); case 12: - return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs, &info->info12); case 13: - return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs, + return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs, &info->info13); default: return NT_STATUS_INVALID_INFO_CLASS; @@ -897,8 +897,8 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, } -/* - samr_SetDomainInfo +/* + samr_SetDomainInfo */ static NTSTATUS dcesrv_samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetDomainInfo *r) @@ -992,8 +992,8 @@ static NTSTATUS dcesrv_samr_SetDomainInfo(struct dcesrv_call_state *dce_call, TA return NT_STATUS_OK; } -/* - samr_CreateDomainGroup +/* + samr_CreateDomainGroup */ static NTSTATUS dcesrv_samr_CreateDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_CreateDomainGroup *r) @@ -1064,8 +1064,8 @@ static int compare_SamEntry(struct samr_SamEntry *e1, struct samr_SamEntry *e2) return e1->idx - e2->idx; } -/* - samr_EnumDomainGroups +/* + samr_EnumDomainGroups */ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_EnumDomainGroups *r) @@ -1160,8 +1160,8 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, } -/* - samr_CreateUser2 +/* + samr_CreateUser2 This call uses transactions to ensure we don't get a new conflicting user while we are processing this, and to ensure the user either @@ -1236,8 +1236,8 @@ static NTSTATUS dcesrv_samr_CreateUser2(struct dcesrv_call_state *dce_call, TALL } -/* - samr_CreateUser +/* + samr_CreateUser */ static NTSTATUS dcesrv_samr_CreateUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_CreateUser *r) @@ -1258,8 +1258,8 @@ static NTSTATUS dcesrv_samr_CreateUser(struct dcesrv_call_state *dce_call, TALLO return dcesrv_samr_CreateUser2(dce_call, mem_ctx, &r2); } -/* - samr_EnumDomainUsers +/* + samr_EnumDomainUsers */ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_EnumDomainUsers *r) @@ -1281,7 +1281,7 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); d_state = h->data; - + /* search for all domain users in this domain. This could possibly be cached and resumed on resume_key */ ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, @@ -1323,7 +1323,7 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, first<count && entries[first].idx <= *r->in.resume_handle; first++) ; - /* return the rest, limit by max_size. Note that we + /* return the rest, limit by max_size. Note that we use the w2k3 element size value of 54 */ *r->out.num_entries = count - first; *r->out.num_entries = MIN(*r->out.num_entries, @@ -1352,8 +1352,8 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, } -/* - samr_CreateDomAlias +/* + samr_CreateDomAlias */ static NTSTATUS dcesrv_samr_CreateDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_CreateDomAlias *r) @@ -1417,8 +1417,8 @@ static NTSTATUS dcesrv_samr_CreateDomAlias(struct dcesrv_call_state *dce_call, T } -/* - samr_EnumDomainAliases +/* + samr_EnumDomainAliases */ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_EnumDomainAliases *r) @@ -1443,7 +1443,7 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call /* search for all domain aliases in this domain. This could possibly be cached and resumed based on resume_key */ ldb_cnt = samdb_search_domain(d_state->sam_ctx, mem_ctx, NULL, - &res, attrs, + &res, attrs, d_state->domain_sid, "(&(|(grouptype=%d)(grouptype=%d)))" "(objectclass=group))", @@ -1516,8 +1516,8 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call } -/* - samr_GetAliasMembership +/* + samr_GetAliasMembership */ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetAliasMembership *r) @@ -1595,8 +1595,8 @@ static NTSTATUS dcesrv_samr_GetAliasMembership(struct dcesrv_call_state *dce_cal } -/* - samr_LookupNames +/* + samr_LookupNames */ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_LookupNames *r) @@ -1637,8 +1637,8 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL r->out.rids->ids[i] = 0; r->out.types->ids[i] = SID_NAME_UNKNOWN; - count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, - "sAMAccountName=%s", + count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, + "sAMAccountName=%s", ldb_binary_encode_string(mem_ctx, r->in.names[i].string)); if (count != 1) { status = STATUS_SOME_UNMAPPED; @@ -1650,7 +1650,7 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL status = STATUS_SOME_UNMAPPED; continue; } - + atype = ldb_msg_find_attr_as_uint(res[0], "sAMAccountType", 0); if (atype == 0) { status = STATUS_SOME_UNMAPPED; @@ -1658,7 +1658,7 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL } rtype = ds_atype_map(atype); - + if (rtype == SID_NAME_UNKNOWN) { status = STATUS_SOME_UNMAPPED; continue; @@ -1668,7 +1668,7 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL r->out.types->ids[i] = rtype; num_mapped++; } - + if (num_mapped == 0) { return NT_STATUS_NONE_MAPPED; } @@ -1676,8 +1676,8 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL } -/* - samr_LookupRids +/* + samr_LookupRids */ static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_LookupRids *r) @@ -1724,8 +1724,8 @@ static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLO } -/* - samr_OpenGroup +/* + samr_OpenGroup */ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_OpenGroup *r) @@ -1764,14 +1764,14 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_NO_SUCH_GROUP; } if (ret != 1) { - DEBUG(0,("Found %d records matching sid %s\n", + DEBUG(0,("Found %d records matching sid %s\n", ret, dom_sid_string(mem_ctx, sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } groupname = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL); if (groupname == NULL) { - DEBUG(0,("sAMAccountName field missing for sid %s\n", + DEBUG(0,("sAMAccountName field missing for sid %s\n", dom_sid_string(mem_ctx, sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -1803,8 +1803,8 @@ static NTSTATUS dcesrv_samr_OpenGroup(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_OK; } -/* - samr_QueryGroupInfo +/* + samr_QueryGroupInfo */ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryGroupInfo *r) @@ -1822,7 +1822,7 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP); a_state = h->data; - + /* pull all the group attributes */ ret = gendb_search_dn(a_state->sam_ctx, mem_ctx, a_state->account_dn, &res, attrs); @@ -1874,8 +1874,8 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T } -/* - samr_SetGroupInfo +/* + samr_SetGroupInfo */ static NTSTATUS dcesrv_samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetGroupInfo *r) @@ -1894,7 +1894,7 @@ static NTSTATUS dcesrv_samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TAL msg = ldb_msg_new(mem_ctx); if (msg == NULL) { return NT_STATUS_NO_MEMORY; - } + } msg->dn = ldb_dn_copy(mem_ctx, g_state->account_dn); if (!msg->dn) { @@ -1928,8 +1928,8 @@ static NTSTATUS dcesrv_samr_SetGroupInfo(struct dcesrv_call_state *dce_call, TAL } -/* - samr_AddGroupMember +/* + samr_AddGroupMember */ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_AddGroupMember *r) @@ -1967,7 +1967,7 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T if (res->count == 0) { return NT_STATUS_NO_SUCH_USER; } - + if (res->count > 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -2005,8 +2005,8 @@ static NTSTATUS dcesrv_samr_AddGroupMember(struct dcesrv_call_state *dce_call, T } -/* - samr_DeleteDomainGroup +/* + samr_DeleteDomainGroup */ static NTSTATUS dcesrv_samr_DeleteDomainGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_DeleteDomainGroup *r) @@ -2033,8 +2033,8 @@ static NTSTATUS dcesrv_samr_DeleteDomainGroup(struct dcesrv_call_state *dce_call } -/* - samr_DeleteGroupMember +/* + samr_DeleteGroupMember */ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_DeleteGroupMember *r) @@ -2072,7 +2072,7 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call if (res->count == 0) { return NT_STATUS_NO_SUCH_USER; } - + if (res->count > 1) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -2109,8 +2109,8 @@ static NTSTATUS dcesrv_samr_DeleteGroupMember(struct dcesrv_call_state *dce_call } -/* - samr_QueryGroupMember +/* + samr_QueryGroupMember */ static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryGroupMember *r) @@ -2180,8 +2180,8 @@ static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call, } -/* - samr_SetMemberAttributesOfGroup +/* + samr_SetMemberAttributesOfGroup */ static NTSTATUS dcesrv_samr_SetMemberAttributesOfGroup(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetMemberAttributesOfGroup *r) @@ -2190,8 +2190,8 @@ static NTSTATUS dcesrv_samr_SetMemberAttributesOfGroup(struct dcesrv_call_state } -/* - samr_OpenAlias +/* + samr_OpenAlias */ static NTSTATUS dcesrv_samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_OpenAlias *r) @@ -2228,14 +2228,14 @@ static NTSTATUS dcesrv_samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC return NT_STATUS_NO_SUCH_ALIAS; } if (ret != 1) { - DEBUG(0,("Found %d records matching sid %s\n", + DEBUG(0,("Found %d records matching sid %s\n", ret, dom_sid_string(mem_ctx, sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } alias_name = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL); if (alias_name == NULL) { - DEBUG(0,("sAMAccountName field missing for sid %s\n", + DEBUG(0,("sAMAccountName field missing for sid %s\n", dom_sid_string(mem_ctx, sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -2268,8 +2268,8 @@ static NTSTATUS dcesrv_samr_OpenAlias(struct dcesrv_call_state *dce_call, TALLOC } -/* - samr_QueryAliasInfo +/* + samr_QueryAliasInfo */ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryAliasInfo *r) @@ -2328,8 +2328,8 @@ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, T } -/* - samr_SetAliasInfo +/* + samr_SetAliasInfo */ static NTSTATUS dcesrv_samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetAliasInfo *r) @@ -2379,8 +2379,8 @@ static NTSTATUS dcesrv_samr_SetAliasInfo(struct dcesrv_call_state *dce_call, TAL } -/* - samr_DeleteDomAlias +/* + samr_DeleteDomAlias */ static NTSTATUS dcesrv_samr_DeleteDomAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_DeleteDomAlias *r) @@ -2407,8 +2407,8 @@ static NTSTATUS dcesrv_samr_DeleteDomAlias(struct dcesrv_call_state *dce_call, T } -/* - samr_AddAliasMember +/* + samr_AddAliasMember */ static NTSTATUS dcesrv_samr_AddAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_AddAliasMember *r) @@ -2429,7 +2429,7 @@ static NTSTATUS dcesrv_samr_AddAliasMember(struct dcesrv_call_state *dce_call, T d_state = a_state->domain_state; ret = gendb_search(d_state->sam_ctx, mem_ctx, NULL, - &msgs, attrs, "(objectsid=%s)", + &msgs, attrs, "(objectsid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (ret == 1) { @@ -2479,8 +2479,8 @@ static NTSTATUS dcesrv_samr_AddAliasMember(struct dcesrv_call_state *dce_call, T } -/* - samr_DeleteAliasMember +/* + samr_DeleteAliasMember */ static NTSTATUS dcesrv_samr_DeleteAliasMember(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_DeleteAliasMember *r) @@ -2498,7 +2498,7 @@ static NTSTATUS dcesrv_samr_DeleteAliasMember(struct dcesrv_call_state *dce_call d_state = a_state->domain_state; memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "distinguishedName", "(objectSid=%s)", + "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); if (memberdn == NULL) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -2531,8 +2531,8 @@ static NTSTATUS dcesrv_samr_DeleteAliasMember(struct dcesrv_call_state *dce_call } -/* - samr_GetMembersInAlias +/* + samr_GetMembersInAlias */ static NTSTATUS dcesrv_samr_GetMembersInAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetMembersInAlias *r) @@ -2578,8 +2578,8 @@ static NTSTATUS dcesrv_samr_GetMembersInAlias(struct dcesrv_call_state *dce_call return NT_STATUS_OK; } -/* - samr_OpenUser +/* + samr_OpenUser */ static NTSTATUS dcesrv_samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_OpenUser *r) @@ -2609,20 +2609,20 @@ static NTSTATUS dcesrv_samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_ /* search for the user record */ ret = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &msgs, attrs, - "(&(objectSid=%s)(objectclass=user))", + "(&(objectSid=%s)(objectclass=user))", ldap_encode_ndr_dom_sid(mem_ctx, sid)); if (ret == 0) { return NT_STATUS_NO_SUCH_USER; } if (ret != 1) { - DEBUG(0,("Found %d records matching sid %s\n", ret, + DEBUG(0,("Found %d records matching sid %s\n", ret, dom_sid_string(mem_ctx, sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } account_name = ldb_msg_find_attr_as_string(msgs[0], "sAMAccountName", NULL); if (account_name == NULL) { - DEBUG(0,("sAMAccountName field missing for sid %s\n", + DEBUG(0,("sAMAccountName field missing for sid %s\n", dom_sid_string(mem_ctx, sid))); return NT_STATUS_INTERNAL_DB_CORRUPTION; } @@ -2656,8 +2656,8 @@ static NTSTATUS dcesrv_samr_OpenUser(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_DeleteUser +/* + samr_DeleteUser */ static NTSTATUS dcesrv_samr_DeleteUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_DeleteUser *r) @@ -2674,8 +2674,8 @@ static NTSTATUS dcesrv_samr_DeleteUser(struct dcesrv_call_state *dce_call, TALLO ret = ldb_delete(a_state->sam_ctx, a_state->account_dn); if (ret != LDB_SUCCESS) { - DEBUG(1, ("Failed to delete user: %s: %s\n", - ldb_dn_get_linearized(a_state->account_dn), + DEBUG(1, ("Failed to delete user: %s: %s\n", + ldb_dn_get_linearized(a_state->account_dn), ldb_errstring(a_state->sam_ctx))); return NT_STATUS_UNSUCCESSFUL; } @@ -2687,8 +2687,8 @@ static NTSTATUS dcesrv_samr_DeleteUser(struct dcesrv_call_state *dce_call, TALLO } -/* - samr_QueryUserInfo +/* + samr_QueryUserInfo */ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryUserInfo *r) @@ -2762,13 +2762,13 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA } case 5: { - static const char * const attrs2[] = {"sAMAccountName", + static const char * const attrs2[] = {"sAMAccountName", "displayName", "objectSid", "primaryGroupID", "homeDirectory", "homeDrive", - "scriptPath", + "scriptPath", "profilePath", "description", "userWorkstations", @@ -3077,7 +3077,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_UINT (msg, info21.country_code, "countryCode"); QUERY_UINT (msg, info21.code_page, "codePage"); break; - + default: talloc_free(info); @@ -3090,8 +3090,8 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA } -/* - samr_SetUserInfo +/* + samr_SetUserInfo */ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetUserInfo *r) @@ -3212,9 +3212,9 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL SET_UINT64(msg, info21.last_logoff, "lastLogoff"); IFSET(SAMR_FIELD_ACCT_EXPIRY) SET_UINT64(msg, info21.acct_expiry, "accountExpires"); - IFSET(SAMR_FIELD_ACCOUNT_NAME) + IFSET(SAMR_FIELD_ACCOUNT_NAME) SET_STRING(msg, info21.account_name, "samAccountName"); - IFSET(SAMR_FIELD_FULL_NAME) + IFSET(SAMR_FIELD_FULL_NAME) SET_STRING(msg, info21.full_name, "displayName"); IFSET(SAMR_FIELD_HOME_DIRECTORY) SET_STRING(msg, info21.home_directory, "homeDirectory"); @@ -3230,7 +3230,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL SET_STRING(msg, info21.workstations, "userWorkstations"); IFSET(SAMR_FIELD_COMMENT) SET_STRING(msg, info21.comment, "comment"); - IFSET(SAMR_FIELD_PARAMETERS) + IFSET(SAMR_FIELD_PARAMETERS) SET_PARAMETERS(msg, info21.parameters, "userParameters"); IFSET(SAMR_FIELD_PRIMARY_GID) SET_UINT(msg, info21.primary_gid, "primaryGroupID"); @@ -3312,7 +3312,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL SET_UINT64(msg, info23.info.last_logoff, "lastLogoff"); IFSET(SAMR_FIELD_ACCT_EXPIRY) SET_UINT64(msg, info23.info.acct_expiry, "accountExpires"); - IFSET(SAMR_FIELD_ACCOUNT_NAME) + IFSET(SAMR_FIELD_ACCOUNT_NAME) SET_STRING(msg, info23.info.account_name, "samAccountName"); IFSET(SAMR_FIELD_FULL_NAME) SET_STRING(msg, info23.info.full_name, "displayName"); @@ -3421,7 +3421,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL SET_UINT64(msg, info25.info.last_logoff, "lastLogoff"); IFSET(SAMR_FIELD_ACCT_EXPIRY) SET_UINT64(msg, info25.info.acct_expiry, "accountExpires"); - IFSET(SAMR_FIELD_ACCOUNT_NAME) + IFSET(SAMR_FIELD_ACCOUNT_NAME) SET_STRING(msg, info25.info.account_name, "samAccountName"); IFSET(SAMR_FIELD_FULL_NAME) SET_STRING(msg, info25.info.full_name, "displayName"); @@ -3544,8 +3544,8 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL } -/* - samr_GetGroupsForUser +/* + samr_GetGroupsForUser */ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetGroupsForUser *r) @@ -3615,8 +3615,8 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, } -/* - samr_QueryDisplayInfo +/* + samr_QueryDisplayInfo */ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryDisplayInfo *r) @@ -3716,11 +3716,11 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, switch(r->in.level) { case 1: entriesGeneral[count].idx = count + 1; - entriesGeneral[count].rid = + entriesGeneral[count].rid = objectsid->sub_auths[objectsid->num_auths-1]; entriesGeneral[count].acct_flags = samdb_result_acct_flags(d_state->sam_ctx, mem_ctx, - res[i], + res[i], d_state->domain_dn); entriesGeneral[count].account_name.string = ldb_msg_find_attr_as_string(res[i], @@ -3738,7 +3738,7 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, /* No idea why we need to or in ACB_NORMAL here, but this is what Win2k3 seems to do... */ entriesFull[count].acct_flags = samdb_result_acct_flags(d_state->sam_ctx, mem_ctx, - res[i], + res[i], d_state->domain_dn) | ACB_NORMAL; entriesFull[count].account_name.string = ldb_msg_find_attr_as_string(res[i], "sAMAccountName", @@ -3834,8 +3834,8 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, } -/* - samr_GetDisplayEnumerationIndex +/* + samr_GetDisplayEnumerationIndex */ static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetDisplayEnumerationIndex *r) @@ -3844,8 +3844,8 @@ static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex(struct dcesrv_call_state } -/* - samr_TestPrivateFunctionsDomain +/* + samr_TestPrivateFunctionsDomain */ static NTSTATUS dcesrv_samr_TestPrivateFunctionsDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_TestPrivateFunctionsDomain *r) @@ -3854,8 +3854,8 @@ static NTSTATUS dcesrv_samr_TestPrivateFunctionsDomain(struct dcesrv_call_state } -/* - samr_TestPrivateFunctionsUser +/* + samr_TestPrivateFunctionsUser */ static NTSTATUS dcesrv_samr_TestPrivateFunctionsUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_TestPrivateFunctionsUser *r) @@ -3864,8 +3864,8 @@ static NTSTATUS dcesrv_samr_TestPrivateFunctionsUser(struct dcesrv_call_state *d } -/* - samr_GetUserPwInfo +/* + samr_GetUserPwInfo */ static NTSTATUS dcesrv_samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetUserPwInfo *r) @@ -3889,8 +3889,8 @@ static NTSTATUS dcesrv_samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TA } -/* - samr_RemoveMemberFromForeignDomain +/* + samr_RemoveMemberFromForeignDomain */ static NTSTATUS dcesrv_samr_RemoveMemberFromForeignDomain(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_RemoveMemberFromForeignDomain *r) @@ -3907,7 +3907,7 @@ static NTSTATUS dcesrv_samr_RemoveMemberFromForeignDomain(struct dcesrv_call_sta d_state = h->data; memberdn = samdb_search_string(d_state->sam_ctx, mem_ctx, NULL, - "distinguishedName", "(objectSid=%s)", + "distinguishedName", "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, r->in.sid)); /* Nothing to do */ if (memberdn == NULL) { @@ -3957,8 +3957,8 @@ static NTSTATUS dcesrv_samr_RemoveMemberFromForeignDomain(struct dcesrv_call_sta } -/* - samr_QueryDomainInfo2 +/* + samr_QueryDomainInfo2 just an alias for samr_QueryDomainInfo */ @@ -3974,13 +3974,13 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo2(struct dcesrv_call_state *dce_call, r1.out.info = r->out.info; status = dcesrv_samr_QueryDomainInfo(dce_call, mem_ctx, &r1); - + return status; } -/* - samr_QueryUserInfo2 +/* + samr_QueryUserInfo2 just an alias for samr_QueryUserInfo */ @@ -3993,15 +3993,15 @@ static NTSTATUS dcesrv_samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, T r1.in.user_handle = r->in.user_handle; r1.in.level = r->in.level; r1.out.info = r->out.info; - + status = dcesrv_samr_QueryUserInfo(dce_call, mem_ctx, &r1); return status; } -/* - samr_QueryDisplayInfo2 +/* + samr_QueryDisplayInfo2 */ static NTSTATUS dcesrv_samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryDisplayInfo2 *r) @@ -4024,8 +4024,8 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call } -/* - samr_GetDisplayEnumerationIndex2 +/* + samr_GetDisplayEnumerationIndex2 */ static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetDisplayEnumerationIndex2 *r) @@ -4034,8 +4034,8 @@ static NTSTATUS dcesrv_samr_GetDisplayEnumerationIndex2(struct dcesrv_call_state } -/* - samr_QueryDisplayInfo3 +/* + samr_QueryDisplayInfo3 */ static NTSTATUS dcesrv_samr_QueryDisplayInfo3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_QueryDisplayInfo3 *r) @@ -4058,8 +4058,8 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo3(struct dcesrv_call_state *dce_call } -/* - samr_AddMultipleMembersToAlias +/* + samr_AddMultipleMembersToAlias */ static NTSTATUS dcesrv_samr_AddMultipleMembersToAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_AddMultipleMembersToAlias *r) @@ -4068,8 +4068,8 @@ static NTSTATUS dcesrv_samr_AddMultipleMembersToAlias(struct dcesrv_call_state * } -/* - samr_RemoveMultipleMembersFromAlias +/* + samr_RemoveMultipleMembersFromAlias */ static NTSTATUS dcesrv_samr_RemoveMultipleMembersFromAlias(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_RemoveMultipleMembersFromAlias *r) @@ -4078,12 +4078,12 @@ static NTSTATUS dcesrv_samr_RemoveMultipleMembersFromAlias(struct dcesrv_call_st } -/* - samr_GetDomPwInfo +/* + samr_GetDomPwInfo this fetches the default password properties for a domain - note that w2k3 completely ignores the domain name in this call, and + note that w2k3 completely ignores the domain name in this call, and always returns the information for the servers primary domain */ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -4104,7 +4104,7 @@ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TAL } /* The domain name in this call is ignored */ - ret = gendb_search_dn(sam_ctx, + ret = gendb_search_dn(sam_ctx, mem_ctx, NULL, &msgs, attrs); if (ret <= 0) { talloc_free(sam_ctx); @@ -4130,8 +4130,8 @@ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TAL } -/* - samr_Connect2 +/* + samr_Connect2 */ static NTSTATUS dcesrv_samr_Connect2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_Connect2 *r) @@ -4146,8 +4146,8 @@ static NTSTATUS dcesrv_samr_Connect2(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_SetUserInfo2 +/* + samr_SetUserInfo2 just an alias for samr_SetUserInfo */ @@ -4164,8 +4164,8 @@ static NTSTATUS dcesrv_samr_SetUserInfo2(struct dcesrv_call_state *dce_call, TAL } -/* - samr_SetBootKeyInformation +/* + samr_SetBootKeyInformation */ static NTSTATUS dcesrv_samr_SetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetBootKeyInformation *r) @@ -4174,8 +4174,8 @@ static NTSTATUS dcesrv_samr_SetBootKeyInformation(struct dcesrv_call_state *dce_ } -/* - samr_GetBootKeyInformation +/* + samr_GetBootKeyInformation */ static NTSTATUS dcesrv_samr_GetBootKeyInformation(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_GetBootKeyInformation *r) @@ -4184,8 +4184,8 @@ static NTSTATUS dcesrv_samr_GetBootKeyInformation(struct dcesrv_call_state *dce_ } -/* - samr_Connect3 +/* + samr_Connect3 */ static NTSTATUS dcesrv_samr_Connect3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_Connect3 *r) @@ -4200,8 +4200,8 @@ static NTSTATUS dcesrv_samr_Connect3(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_Connect4 +/* + samr_Connect4 */ static NTSTATUS dcesrv_samr_Connect4(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_Connect4 *r) @@ -4216,8 +4216,8 @@ static NTSTATUS dcesrv_samr_Connect4(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_Connect5 +/* + samr_Connect5 */ static NTSTATUS dcesrv_samr_Connect5(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_Connect5 *r) @@ -4239,8 +4239,8 @@ static NTSTATUS dcesrv_samr_Connect5(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_RidToSid +/* + samr_RidToSid */ static NTSTATUS dcesrv_samr_RidToSid(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_RidToSid *r) @@ -4262,8 +4262,8 @@ static NTSTATUS dcesrv_samr_RidToSid(struct dcesrv_call_state *dce_call, TALLOC_ } -/* - samr_SetDsrmPassword +/* + samr_SetDsrmPassword */ static NTSTATUS dcesrv_samr_SetDsrmPassword(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_SetDsrmPassword *r) @@ -4272,7 +4272,7 @@ static NTSTATUS dcesrv_samr_SetDsrmPassword(struct dcesrv_call_state *dce_call, } -/* +/* samr_ValidatePassword For now the call checks the password complexity (if active) and the minimum diff --git a/source4/rpc_server/samr/dcesrv_samr.h b/source4/rpc_server/samr/dcesrv_samr.h index 7d12d3c4bd..8193ee6d5b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.h +++ b/source4/rpc_server/samr/dcesrv_samr.h @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. endpoint server for the samr pipe - definitions Copyright (C) Andrew Tridgell 2004 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index d95a31d322..f2dcd05d89 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -1,21 +1,21 @@ -/* +/* Unix SMB/CIFS implementation. samr server password set/change handling Copyright (C) Andrew Tridgell 2004 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -30,10 +30,10 @@ #include "libcli/auth/libcli_auth.h" #include "../lib/util/util_ldb.h" -/* - samr_ChangePasswordUser +/* + samr_ChangePasswordUser */ -NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, +NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_ChangePasswordUser *r) { @@ -98,7 +98,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, if (memcmp(checkHash.hash, nt_pwd, 16) != 0) { return NT_STATUS_WRONG_PASSWORD; } - + /* The NT Cross is not required by Win2k3 R2, but if present check the nt cross hash */ if (r->in.cross1_present && r->in.nt_cross && lm_pwd) { @@ -159,8 +159,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call, return NT_STATUS_OK; } -/* - samr_OemChangePasswordUser2 +/* + samr_OemChangePasswordUser2 */ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, @@ -206,7 +206,7 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, /* we need the users dn and the domain dn (derived from the user SID). We also need the current lm password hash in order to decrypt the incoming password */ - ret = gendb_search(sam_ctx, + ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(&(sAMAccountName=%s)(objectclass=user))", r->in.account->string); @@ -224,18 +224,18 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, } /* decrypt the password we have been given */ - lm_pwd_blob = data_blob(lm_pwd->hash, sizeof(lm_pwd->hash)); + lm_pwd_blob = data_blob(lm_pwd->hash, sizeof(lm_pwd->hash)); arcfour_crypt_blob(pwbuf->data, 516, &lm_pwd_blob); data_blob_free(&lm_pwd_blob); - + if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) { DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; } - + if (!convert_string_talloc_convenience(mem_ctx, lpcfg_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), - CH_DOS, CH_UNIX, - (const char *)new_password.data, + CH_DOS, CH_UNIX, + (const char *)new_password.data, new_password.length, (void **)&new_pass, NULL, false)) { DEBUG(3,("samr: failed to convert incoming password buffer to unix charset\n")); @@ -243,8 +243,8 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, } if (!convert_string_talloc_convenience(mem_ctx, lpcfg_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), - CH_DOS, CH_UTF16, - (const char *)new_password.data, + CH_DOS, CH_UTF16, + (const char *)new_password.data, new_password.length, (void **)&new_unicode_password.data, &unicode_pw_len, false)) { DEBUG(3,("samr: failed to convert incoming password buffer to UTF16 charset\n")); @@ -277,11 +277,11 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, * from the database since they were already checked against the user- * provided ones. */ status = samdb_set_password(sam_ctx, mem_ctx, - user_dn, NULL, + user_dn, NULL, &new_unicode_password, NULL, NULL, lm_pwd, NULL, /* this is a user password change */ - NULL, + NULL, NULL); if (!NT_STATUS_IS_OK(status)) { ldb_transaction_cancel(sam_ctx); @@ -301,13 +301,13 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call, } -/* - samr_ChangePasswordUser3 +/* + samr_ChangePasswordUser3 */ -NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, +NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct samr_ChangePasswordUser3 *r) -{ +{ NTSTATUS status; DATA_BLOB new_password; struct ldb_context *sam_ctx = NULL; @@ -343,7 +343,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, /* we need the users dn and the domain dn (derived from the user SID). We also need the current lm and nt password hashes in order to decrypt the incoming passwords */ - ret = gendb_search(sam_ctx, + ret = gendb_search(sam_ctx, mem_ctx, NULL, &res, attrs, "(&(sAMAccountName=%s)(objectclass=user))", r->in.account->string); @@ -376,7 +376,7 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, status = NT_STATUS_WRONG_PASSWORD; goto failed; } - + if (r->in.nt_verifier == NULL) { status = NT_STATUS_WRONG_PASSWORD; goto failed; @@ -397,8 +397,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, if (lm_pwd && r->in.lm_verifier != NULL) { char *new_pass; if (!convert_string_talloc_convenience(mem_ctx, lpcfg_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), - CH_UTF16, CH_UNIX, - (const char *)new_password.data, + CH_UTF16, CH_UNIX, + (const char *)new_password.data, new_password.length, (void **)&new_pass, NULL, false)) { E_deshash(new_pass, new_lm_hash); @@ -428,11 +428,11 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, * from the database since they were already checked against the user- * provided ones. */ status = samdb_set_password(sam_ctx, mem_ctx, - user_dn, NULL, + user_dn, NULL, &new_password, NULL, NULL, lm_pwd, nt_pwd, /* this is a user password change */ - &reason, + &reason, &dominfo); if (!NT_STATUS_IS_OK(status)) { @@ -466,8 +466,8 @@ failed: } -/* - samr_ChangePasswordUser2 +/* + samr_ChangePasswordUser2 easy - just a subset of samr_ChangePasswordUser3 */ @@ -518,11 +518,11 @@ NTSTATUS samr_set_password(struct dcesrv_call_state *dce_call, DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; } - + /* set the password - samdb needs to know both the domain and user DNs, so the domain password policy can be used */ return samdb_set_password(sam_ctx, mem_ctx, - account_dn, domain_dn, + account_dn, domain_dn, &new_password, NULL, NULL, NULL, NULL, /* This is a password set, not change */ @@ -560,18 +560,18 @@ NTSTATUS samr_set_password_ex(struct dcesrv_call_state *dce_call, MD5Update(&ctx, &pwbuf->data[516], 16); MD5Update(&ctx, session_key.data, session_key.length); MD5Final(co_session_key.data, &ctx); - + arcfour_crypt_blob(pwbuf->data, 516, &co_session_key); if (!extract_pw_from_buffer(mem_ctx, pwbuf->data, &new_password)) { DEBUG(3,("samr: failed to decode password buffer\n")); return NT_STATUS_WRONG_PASSWORD; } - + /* set the password - samdb needs to know both the domain and user DNs, so the domain password policy can be used */ return samdb_set_password(sam_ctx, mem_ctx, - account_dn, domain_dn, + account_dn, domain_dn, &new_password, NULL, NULL, NULL, NULL, /* This is a password set, not change */ |