summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--source3/include/gums.h224
-rw-r--r--source3/sam/gumm_tdb.c70
-rw-r--r--source3/sam/gums.c131
-rw-r--r--source3/sam/gums_api.c814
-rw-r--r--source3/sam/gums_helper.c607
5 files changed, 1846 insertions, 0 deletions
diff --git a/source3/include/gums.h b/source3/include/gums.h
new file mode 100644
index 0000000000..d1799f377d
--- /dev/null
+++ b/source3/include/gums.h
@@ -0,0 +1,224 @@
+/*
+ Unix SMB/CIFS implementation.
+ GUMS structures
+ Copyright (C) Simo Sorce 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _GUMS_H
+#define _GUMS_H
+
+#define GUMS_VERSION_MAJOR 0
+#define GUMS_VERSION_MINOR 1
+
+#define GUMS_OBJ_NORMAL_USER 1
+#define GUMS_OBJ_GROUP 2
+#define GUMS_OBJ_DOMAIN 3
+#define GUMS_OBJ_ALIAS 4
+#define GUMS_OBJ_WORKSTATION_TRUST 5
+#define GUMS_OBJ_SERVER_TRUST 6
+#define GUMS_OBJ_DOMAIN_TRUST 7
+
+typedef struct gums_object
+{
+ TALLOC_CTX *mem_ctx;
+
+ uint32 type; /* Object Type */
+ uint32 version; /* Object Version */
+ uint32 seq_num; /* Object Sequence Number */
+
+ SEC_DESC *sec_desc; /* Security Descriptor */
+
+ DOM_SID *sid; /* Object Sid */
+ char *name; /* Object Name */
+ char *description; /* Object Description */
+
+ void *data; /* Object Specific data */
+
+} GUMS_OBJECT;
+
+typedef struct gums_user
+{
+ DOM_SID *group_sid; /* Primary Group SID */
+
+ NTTIME *logon_time; /* logon time */
+ NTTIME *logoff_time; /* logoff time */
+ NTTIME *kickoff_time; /* kickoff time */
+ NTTIME *pass_last_set_time; /* password last set time */
+ NTTIME *pass_can_change_time; /* password can change time */
+ NTTIME *pass_must_change_time; /* password must change time */
+
+ char *full_name; /* user's full name string */
+ char *home_dir; /* home directory string */
+ char *dir_drive; /* home directory drive string */
+ char *logon_script; /* logon script string */
+ char *profile_path; /* profile path string */
+ char *workstations; /* login from workstations string */
+ char *unknown_str; /* don't know what this is, yet. */
+ char *munged_dial; /* munged path name and dial-back tel number */
+
+ DATA_BLOB *lm_pw; /* .data is Null if no password */
+ DATA_BLOB *nt_pw; /* .data is Null if no password */
+
+ uint32 unknown_3; /* 0x00ff ffff */
+
+ uint16 logon_divs; /* 168 - number of hours in a week */
+ uint32 hours_len; /* normally 21 bytes */
+ uint8 hours[MAX_HOURS_LEN];
+
+ uint32 unknown_5; /* 0x0002 0000 */
+ uint32 unknown_6; /* 0x0000 04ec */
+
+} GUMS_USER;
+
+typedef struct gums_group
+{
+ uint32 count; /* Number of SIDs */
+ DOM_SID *members; /* SID array */
+
+} GUMS_GROUP;
+
+typedef struct gums_data_set
+{
+ int type; /* GUMS_SET_xxx */
+ void *data;
+
+} GUMS_DATA_SET;
+
+typedef struct gums_commit_set
+{
+ TALLOC_CTX *mem_ctx;
+
+ uint32 type; /* Object type */
+ DOM_SID sid; /* Object Sid */
+ uint32 count; /* number of changes */
+ GUMS_DATA_SET *data;
+} GUMS_COMMIT_SET;
+
+typedef struct gums_privilege
+{
+ TALLOC_CTX *mem_ctx;
+
+ uint32 type; /* Object Type */
+ uint32 version; /* Object Version */
+ uint32 seq_num; /* Object Sequence Number */
+
+ LUID_ATTR *privilege; /* Privilege Type */
+ char *name; /* Object Name */
+ char *description; /* Object Description */
+
+ uint32 count;
+ DOM_SID *members;
+
+} GUMS_PRIVILEGE;
+
+
+typedef struct gums_functions
+{
+ /* Generic object functions */
+
+ NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name);
+ NTSTATUS (*set_domain_sid) (const DOM_SID *sid);
+
+ NTSTATUS (*get_sequence_number) (void);
+
+ NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type);
+ NTSTATUS (*delete_object) (const DOM_SID *sid);
+
+ NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
+ NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name);
+ /* This function is used to get the list of all objects changed since b_time, it is
+ used to support PDC<->BDC synchronization */
+ NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
+
+ NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
+ NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
+ NTSTATUS (*enumerate_objects_stop) (void *handle);
+
+ /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
+ Never use this function to update an object in the database, use set_object_values() */
+ NTSTATUS (*set_object) (const GUMS_OBJECT *object);
+
+ /* set object values function */
+ NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
+
+ /* Group related functions */
+ NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
+ NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
+ NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
+
+ NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
+
+ NTSTATUS (*lock_sid) (const DOM_SID *sid);
+ NTSTATUS (*unlock_sid) (const DOM_SID *sid);
+
+ /* privileges related functions */
+
+ NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
+ NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
+ NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
+ NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
+ /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
+ NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
+
+} GUMS_FUNCTIONS;
+
+/* define value types */
+
+#define GUMS_SET_PRIMARY_GROUP 1
+#define GUMS_SET_SEC_DESC 2
+
+/* user specific type values */
+#define GUMS_SET_LOGON_TIME 10 /* keep NTTIME consecutive */
+#define GUMS_SET_LOGOFF_TIME 11 /* too ease checking */
+#define GUMS_SET_KICKOFF_TIME 13
+#define GUMS_SET_PASS_LAST_SET_TIME 14
+#define GUMS_SET_PASS_CAN_CHANGE_TIME 15
+#define GUMS_SET_PASS_MUST_CHANGE_TIME 16 /* NTTIME end */
+
+#define GUMS_SET_NAME 20 /* keep strings consecutive */
+#define GUMS_SET_DESCRIPTION 21 /* too ease checking */
+#define GUMS_SET_FULL_NAME 22
+#define GUMS_SET_HOME_DIRECTORY 23
+#define GUMS_SET_DRIVE 24
+#define GUMS_SET_LOGON_SCRIPT 25
+#define GUMS_SET_PROFILE_PATH 26
+#define GUMS_SET_WORKSTATIONS 27
+#define GUMS_SET_UNKNOWN_STRING 28
+#define GUMS_SET_MUNGED_DIAL 29 /* strings end */
+
+#define GUMS_SET_LM_PASSWORD 40
+#define GUMS_SET_NT_PASSWORD 41
+#define GUMS_SET_PLAINTEXT_PASSWORD 42
+#define GUMS_SET_UNKNOWN_3 43
+#define GUMS_SET_LOGON_DIVS 44
+#define GUMS_SET_HOURS_LEN 45
+#define GUMS_SET_HOURS 46
+#define GUMS_SET_UNKNOWN_5 47
+#define GUMS_SET_UNKNOWN_6 48
+
+#define GUMS_SET_MUST_CHANGE_PASS 50
+#define GUMS_SET_CANNOT_CHANGE_PASS 51
+#define GUMS_SET_PASS_NEVER_EXPIRE 52
+#define GUMS_SET_ACCOUNT_DISABLED 53
+#define GUMS_SET_ACCOUNT_LOCKOUT 54
+
+/*group specific type values */
+#define GUMS_ADD_SID_LIST 60
+#define GUMS_DEL_SID_LIST 61
+#define GUMS_SET_SID_LIST 62
+
+#endif /* _GUMS_H */
diff --git a/source3/sam/gumm_tdb.c b/source3/sam/gumm_tdb.c
new file mode 100644
index 0000000000..967890e99c
--- /dev/null
+++ b/source3/sam/gumm_tdb.c
@@ -0,0 +1,70 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Copyright (C) Simo Sorce 2000-2002
+ * Copyright (C) Gerald Carter 2000
+ * Copyright (C) Jeremy Allison 2001
+ * Copyright (C) Andrew Bartlett 2002
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+static int tdbgumm_debug_level = DBGC_ALL;
+#undef DBGC_CLASS
+#define DBGC_CLASS tdbgumm_debug_level
+
+#define GUMM_VERSION "20021012"
+#define TDB_FILE_NAME "gums_storage.tdb"
+#define TDB_FORMAT_STRING "B"
+#define DOMAIN_PREFIX "DOMAIN_"
+#define USER_PREFIX "USER_"
+#define GROUP_PREFIX "GROUP_"
+#define SID_PREFIX "SID_"
+
+static TDB_CONTEXT *gumm_tdb = NULL;
+
+/***************************************************************
+ objects enumeration.
+****************************************************************/
+
+static NTSTATUS enumerate_objects(DOM_SID **sids, const DOM_SID *sid, const int obj_type);
+{
+ TDB_CONTEXT *enum_tdb = NULL;
+ TDB_DATA key;
+
+ /* Open tdb gums module */
+ if (!(enum_tdb = tdb_open_log(TDB_FILE_NAME, 0, TDB_DEFAULT, update?(O_RDWR|O_CREAT):O_RDONLY, 0600)))
+ {
+ DEBUG(0, ("Unable to open/create gumm tdb database\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ enum_key = tdb_firstkey(enum_tdb);
+
+
+
+ tdb_close(enum_tdb);
+
+ return NT_STATUS_OK;
+}
+
+
+static NTSTATUS module_init()
+{
+}
+
diff --git a/source3/sam/gums.c b/source3/sam/gums.c
new file mode 100644
index 0000000000..41218cee36
--- /dev/null
+++ b/source3/sam/gums.c
@@ -0,0 +1,131 @@
+/*
+ Unix SMB/CIFS implementation.
+ Grops and Users Management System initializations.
+ Copyright (C) Simo Sorce 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_GUMS*/
+
+#define GMV_MAJOR 0
+#define GMV_MINOR 1
+
+GUMS_FUNCTIONS *gums_storage;
+static void *dl_handle;
+
+PRIVS privs[] = {
+ {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
+ {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"},
+ {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"},
+ {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"},
+ {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"},
+ {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"},
+ {PRIV_TCB, "SeTCB", "TCB"},
+ {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
+ {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
+ {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
+ {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
+ {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"},
+ {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
+ {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
+ {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
+ {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"},
+ {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
+ {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
+ {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
+ {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
+ {PRIV_AUDIT, "SeAudit", "Audit"},
+ {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
+ {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"},
+ {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
+ {PRIV_UNDOCK, "SeUndock", "Undock"},
+ {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"},
+ {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"},
+ {PRIV_ALL, "SaAllPrivs", "All Privileges"}
+};
+
+NTSTATUS gums_init(const char *module_name)
+{
+ int (*module_version)(int);
+ NTSTATUS (*module_init)();
+/* gums_module_init module_init;*/
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+
+ DEBUG(5, ("Opening gums module %s\n", module_name));
+ dl_handle = sys_dlopen(module_name, RTLD_NOW);
+ if (!dl_handle) {
+ DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror()));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ module_version = sys_dlsym(dl_handle, "gumm_version");
+ if (!module_version) {
+ DEBUG(0, ("ERROR: Failed to find gums module version!\n"));
+ goto error;
+ }
+
+ if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) {
+ DEBUG(0, ("ERROR: Module's major version does not match gums version!\n"));
+ goto error;
+ }
+
+ if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) {
+ DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n"));
+ }
+
+ module_open = sys_dlsym(dl_handle, "gumm_init");
+ if (!module_open) {
+ DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
+ goto error;
+ }
+
+ DEBUG(5, ("Initializing module %s\n", module_name));
+
+ ret = module_init(&gums_storage);
+ goto done;
+
+error:
+ ret = NT_STATUS_UNSUCCESSFUL;
+ sys_dlclose(dl_handle);
+
+done:
+ return ret;
+}
+
+NTSTATUS gums_unload(void)
+{
+ NSTATUS ret;
+ NTSTATUS (*module_finalize)();
+
+ if (!dl_handle)
+ return NT_STATUS_UNSUCCESSFUL;
+
+ module_close = sys_dlsym(dl_handle, "gumm_finalize");
+ if (!module_finalize) {
+ DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ DEBUG(5, ("Finalizing module %s\n", module_name));
+
+ ret = module_finalize();
+ sys_dlclose(dl_handle);
+3
+ return ret;
+}
diff --git a/source3/sam/gums_api.c b/source3/sam/gums_api.c
new file mode 100644
index 0000000000..c6c8402c93
--- /dev/null
+++ b/source3/sam/gums_api.c
@@ -0,0 +1,814 @@
+/*
+ Unix SMB/CIFS implementation.
+ GUMS structures
+ Copyright (C) Simo Sorce 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern GUMS_FUNCTIONS *gums_storage;
+
+/* Functions to get info from a GUMS object */
+
+NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj)
+{
+ *type = obj->type;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj)
+{
+ *version = obj->version;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj)
+{
+ *sec_desc = obj->sec_desc;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj)
+{
+ *sid = obj->sid;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj)
+{
+ *name = obj->name;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj)
+{
+ *description = obj->description;
+ return NT_STATUS_OK;
+}
+
+/* User specific functions */
+
+NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
+{
+ if (!priv_set)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *priv_set = obj->priv_set;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!sid)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *sid = ((GUMS_USER *)(obj->data))->group_sid;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!nt_pwd)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *nt_pwd = ((GUMS_USER *)(obj->data))->nt_pw;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!lm_pwd)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *lm_pwd = ((GUMS_USER *)(obj->data))->lm_pw;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!fullname)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *fullname = ((GUMS_USER *)(obj->data))->full_name;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!homedir)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *homedir = ((GUMS_USER *)(obj->data))->home_dir;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!dirdrive)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *dirdrive = ((GUMS_USER *)(obj->data))->dir_drive;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!logon_script)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *logon_script = ((GUMS_USER *)(obj->data))->logon_script;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!profile_path)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *profile_path = ((GUMS_USER *)(obj->data))->profile_path;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!workstations)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *workstations = ((GUMS_USER *)(obj->data))->workstations;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!unknown_str)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *unknown_str = ((GUMS_USER *)(obj->data))->unknown_str;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!munged_dial)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *munged_dial = ((GUMS_USER *)(obj->data))->munged_dial;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_logon_time(NTTIME **logon_time, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!logon_time)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *logon_time = ((GUMS_USER *)(obj->data))->logon_time;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_logoff_time(NTTIME **logoff_time, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!logoff_time)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *logoff_time = ((GUMS_USER *)(obj->data))->logoff_time;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_kickoff_time(NTTIME **kickoff_time, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!kickoff_time)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *kickoff_time = ((GUMS_USER *)(obj->data))->kickoff_time;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_pass_last_set_time(NTTIME **pass_last_set_time, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!pass_last_set_time)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *pass_last_set_time = ((GUMS_USER *)(obj->data))->pass_last_set_time;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_pass_can_change_time(NTTIME **pass_can_change_time, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!pass_can_change_time)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *pass_can_change_time = ((GUMS_USER *)(obj->data))->pass_can_change_time;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_pass_must_change_time(NTTIME **pass_must_change_time, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!pass_must_change_time)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *pass_must_change_time = ((GUMS_USER *)(obj->data))->pass_must_change_time;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!logon_divs)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *logon_divs = ((GUMS_USER *)(obj->data))->logon_divs;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!hours_len)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *hours_len = ((GUMS_USER *)(obj->data))->hours_len;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!hours)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *hours = ((GUMS_USER *)(obj->data))->hours;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_unknown_3(uint32 *unknown3, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!unknown3)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *unknown3 = ((GUMS_USER *)(obj->data))->unknown_3;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_unknown_5(uint32 *unknown5, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!unknown5)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *unknown5 = ((GUMS_USER *)(obj->data))->unknown_5;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_get_user_unknown_6(uint32 *unknown6, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!unknown6)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *unknown6 = ((GUMS_USER *)(obj->data))->unknown_6;
+ return NT_STATUS_OK;
+}
+
+/* Group specific functions */
+
+NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj)
+{
+ if (obj->type != GUMS_OBJ_GROUP &&
+ obj->type != GUMS_OBJ_ALIAS)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+ if (!members)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ *count = ((GUMS_GROUP *)(obj->data))->count;
+ *members = ((GUMS_GROUP *)(obj->data))->members;
+ return NT_STATUS_OK;
+}
+
+/* set functions */
+
+NTSTATUS gums_create_data_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type)
+{
+ TALLOC_CTX *mem_ctx;
+ GUMS_COMMIT_SET *set;
+
+ mem_ctx = talloc_init_named("commit_set");
+ if (mem_ctx == NULL)
+ return NT_STATUS_NO_MEMORY;
+ set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET));
+ if (set == NULL) {
+ talloc_destroy(mem_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ set->mem_ctx = mem_ctx;
+ set->type = type;
+ sid_copy(&(set->sid), sid);
+ set->count = 0;
+ set->data = NULL;
+ *com_set = set;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
+{
+ GUMS_DATA_SET *data_set;
+ SEC_DESC *new_sec_desc;
+
+ if (!mem_ctx || !com_set || !sec_desc)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = GUMS_SET_SEC_DESC;
+ new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
+ if (new_sec_desc == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ (SEC_DESC *)(data_set->data) = new_sec_desc;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
+{
+ GUMS_DATA_SET *data_set;
+ LUID_ATTR *new_priv;
+
+ if (!mem_ctx || !com_set)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = GUMS_ADD_PRIVILEGE;
+ if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
+ return NT_STATUS_NO_MEMORY;
+
+ (SEC_DESC *)(data_set->data) = new_priv;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
+{
+ GUMS_DATA_SET *data_set;
+ LUID_ATTR *new_priv;
+
+ if (!mem_ctx || !com_set)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = GUMS_DEL_PRIVILEGE;
+ if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
+ return NT_STATUS_NO_MEMORY;
+
+ (SEC_DESC *)(data_set->data) = new_priv;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
+{
+ GUMS_DATA_SET *data_set;
+ PRIVILEGE_SET *new_priv_set;
+
+ if (!mem_ctx || !com_set || !priv_set)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = GUMS_SET_SEC_DESC;
+ if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
+ return NT_STATUS_NO_MEMORY;
+
+ (SEC_DESC *)(data_set->data) = new_priv_set;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
+{
+ GUMS_DATA_SET *data_set;
+ char *new_str;
+
+ if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = type;
+ new_str = talloc_strdup(mem_ctx, str);
+ if (new_str == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ (char *)(data_set->data) = new_str;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
+{
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
+}
+
+NTSTATUS gums_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
+{
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
+}
+
+NTSTATUS gums_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
+}
+
+NTSTATUS gums_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
+}
+
+NTSTATUS gums_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
+}
+
+NTSTATUS gums_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
+}
+
+NTSTATUS gums_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
+}
+
+NTSTATUS gums_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
+}
+
+NTSTATUS gums_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
+}
+
+NTSTATUS gums_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
+}
+
+NTSTATUS gums_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *time)
+{
+ GUMS_DATA_SET *data_set;
+ NTTIME *new_time;
+
+ if (!mem_ctx || !com_set || !time || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = type;
+ new_time = talloc(mem_ctx, sizeof(NTTIME));
+ if (new_time == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ new_time->low = time->low;
+ new_time->high = time->high;
+ (char *)(data_set->data) = new_time;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
+}
+
+NTSTATUS gums_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
+}
+
+NTSTATUS gums_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
+}
+
+NTSTATUS gums_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
+}
+
+NTSTATUS gums_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
+}
+
+NTSTATUS gums_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
+{
+ if (com_set->type != GUMS_OBJ_NORMAL_USER)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
+}
+
+NTSTATUS gums_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+{
+ GUMS_DATA_SET *data_set;
+ DOM_SID **new_sids;
+ int i;
+
+ if (!mem_ctx || !com_set || !sids)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = GUMS_ADD_SID_LIST;
+ new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ if (new_sids == NULL)
+ return NT_STATUS_NO_MEMORY;
+ for (i = 0; i < count; i++) {
+ new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ if (new_sids[i] == NULL)
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ (SEC_DESC *)(data_set->data) = new_sids;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+{
+ if (!mem_ctx || !com_set || !sids)
+ return NT_STATUS_INVALID_PARAMETER;
+ if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_add_sids_to_group(mem_ctx, com_set, sids, count);
+}
+
+NTSTATUS gums_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+{
+ if (!mem_ctx || !com_set || !sids)
+ return NT_STATUS_INVALID_PARAMETER;
+ if (com_set->type != GUMS_OBJ_ALIAS)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ return gums_add_sids_to_group(mem_ctx, com_set, sids, count);
+}
+
+NTSTATUS gums_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+{
+ GUMS_DATA_SET *data_set;
+ DOM_SID **new_sids;
+ int i;
+
+ if (!mem_ctx || !com_set || !sids)
+ return NT_STATUS_INVALID_PARAMETER;
+ if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = GUMS_DEL_SID_LIST;
+ new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ if (new_sids == NULL)
+ return NT_STATUS_NO_MEMORY;
+ for (i = 0; i < count; i++) {
+ new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ if (new_sids[i] == NULL)
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ (SEC_DESC *)(data_set->data) = new_sids;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
+{
+ GUMS_DATA_SET *data_set;
+ DOM_SID **new_sids;
+ int i;
+
+ if (!mem_ctx || !com_set || !sids)
+ return NT_STATUS_INVALID_PARAMETER;
+ if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ com_set->count = com_set->count + 1;
+ if (com_set->count == 1) { /* first data set */
+ data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
+ } else {
+ data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
+ }
+ if (data_set == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ com_set->data = data_set;
+ data_set = &((com_set->data)[com_set->count - 1]);
+
+ data_set->type = GUMS_SET_SID_LIST;
+ new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
+ if (new_sids == NULL)
+ return NT_STATUS_NO_MEMORY;
+ for (i = 0; i < count; i++) {
+ new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
+ if (new_sids[i] == NULL)
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ (SEC_DESC *)(data_set->data) = new_sids;
+
+ return NT_STATUS_OK;
+}
+
+
+NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
+{
+ return gums_storage->set_object_values(set->sid, set->count, set->data);
+}
+
+NTSTATUS gums_destroy_data_set(GUMS_COMMIT_SET **com_set)
+{
+ talloc_destroy((*com_set)->mem_ctx);
+ *com_set = NULL;
+
+ return NT_STATUS_OK;
+}
+
diff --git a/source3/sam/gums_helper.c b/source3/sam/gums_helper.c
new file mode 100644
index 0000000000..d581d6574e
--- /dev/null
+++ b/source3/sam/gums_helper.c
@@ -0,0 +1,607 @@
+/*
+ Unix SMB/CIFS implementation.
+ GUMS backends helper functions
+ Copyright (C) Simo Sorce 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern GUMS_FUNCTIONS *gums_storage;
+
+extern DOM_SID global_sid_World;
+extern DOM_SID global_sid_Builtin_Administrators;
+extern DOM_SID global_sid_Builtin_Power_Users;
+extern DOM_SID global_sid_Builtin_Account_Operators;
+extern DOM_SID global_sid_Builtin_Server_Operators;
+extern DOM_SID global_sid_Builtin_Print_Operators;
+extern DOM_SID global_sid_Builtin_Backup_Operators;
+extern DOM_SID global_sid_Builtin_Replicator;
+extern DOM_SID global_sid_Builtin_Users;
+extern DOM_SID global_sid_Builtin_Guests;
+
+
+/* defines */
+
+#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
+#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
+
+/****************************************************************************
+ Check if a user is a mapped group.
+
+ This function will check if the group SID is mapped onto a
+ system managed gid or onto a winbind manged sid.
+ In the first case it will be threated like a mapped group
+ and the backend should take the member list with a getgrgid
+ and ignore any user that have been possibly set into the group
+ object.
+
+ In the second case, the group is a fully SAM managed group
+ served back to the system through winbind. In this case the
+ members of a Local group are "unrolled" to cope with the fact
+ that unix cannot contain groups inside groups.
+ The backend MUST never call any getgr* / getpw* function or
+ loops with winbind may happen.
+ ****************************************************************************/
+
+/*
+NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
+{
+ NTSTATUS result;
+ gid_t id;
+
+ /* look if mapping exist, do not make idmap alloc an uid if SID is not found * /
+ result = idmap_get_gid_from_sid(&id, sid, False);
+ if (NT_STATUS_IS_OK(result)) {
+ *mapped = gid_is_in_winbind_range(id);
+ } else {
+ *mapped = False;
+ }
+
+ return result;
+}
+*/
+
+/****************************************************************************
+ duplicate alloc luid_attr
+ ****************************************************************************/
+NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
+{
+ *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
+ if (*new_la == NULL) {
+ DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ (*new_la)->luid.high = old_la.luid.high;
+ (*new_la)->luid.low = old_la.luid.low;
+ (*new_la)->attr = old_la.attr;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ initialise a privilege list
+ ****************************************************************************/
+void init_privilege(PRIVILEGE_SET *priv_set)
+{
+ priv_set->count=0;
+ priv_set->control=0;
+ priv_set->set=NULL;
+}
+
+/****************************************************************************
+ add a privilege to a privilege array
+ ****************************************************************************/
+NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
+{
+ LUID_ATTR *new_set;
+
+ /* check if the privilege is not already in the list */
+ if (check_priv_in_privilege(priv_set, set))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ /* we can allocate memory to add the new privilege */
+
+ new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
+ if (new_set==NULL) {
+ DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ new_set[priv_set->count].luid.high=set.luid.high;
+ new_set[priv_set->count].luid.low=set.luid.low;
+ new_set[priv_set->count].attr=set.attr;
+
+ priv_set->count++;
+ priv_set->set=new_set;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ add all the privileges to a privilege array
+ ****************************************************************************/
+NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
+{
+ NTSTATUS result = NT_STATUS_OK;
+ LUID_ATTR set;
+
+ set.attr=0;
+ set.luid.high=0;
+
+ set.luid.low=SE_PRIV_ADD_USERS;
+ result = add_privilege(priv_set, ctx, set);
+ NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
+
+ set.luid.low=SE_PRIV_ADD_MACHINES;
+ result = add_privilege(priv_set, ctx, set);
+ NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
+
+ set.luid.low=SE_PRIV_PRINT_OPERATOR;
+ result = add_privilege(priv_set, ctx, set);
+ NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
+
+done:
+ return result;
+}
+
+/****************************************************************************
+ check if the privilege list is empty
+ ****************************************************************************/
+BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
+{
+ return (priv_set->count == 0);
+}
+
+/****************************************************************************
+ check if the privilege is in the privilege list
+ ****************************************************************************/
+BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
+{
+ int i;
+
+ /* if the list is empty, obviously we can't have it */
+ if (check_empty_privilege(priv_set))
+ return False;
+
+ for (i=0; i<priv_set->count; i++) {
+ LUID_ATTR *cur_set;
+
+ cur_set=&priv_set->set[i];
+ /* check only the low and high part. Checking the attr field has no meaning */
+ if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
+ return True;
+ }
+
+ return False;
+}
+
+/****************************************************************************
+ remove a privilege from a privilege array
+ ****************************************************************************/
+NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
+{
+ LUID_ATTR *new_set;
+ LUID_ATTR *old_set;
+ int i,j;
+
+ /* check if the privilege is in the list */
+ if (!check_priv_in_privilege(priv_set, set))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ /* special case if it's the only privilege in the list */
+ if (priv_set->count==1) {
+ init_privilege(priv_set);
+ return NT_STATUS_OK;
+ }
+
+ /*
+ * the privilege is there, create a new list,
+ * and copy the other privileges
+ */
+
+ old_set = priv_set->set;
+
+ new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
+ if (new_set==NULL) {
+ DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0, j=0; i<priv_set->count; i++) {
+ if ((old_set[i].luid.low == set.luid.low) &&
+ (old_set[i].luid.high == set.luid.high)) {
+ continue;
+ }
+
+ new_set[j].luid.low = old_set[i].luid.low;
+ new_set[j].luid.high = old_set[i].luid.high;
+ new_set[j].attr = old_set[i].attr;
+
+ j++;
+ }
+
+ if (j != priv_set->count - 1) {
+ DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
+ DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ /* ok everything is fine */
+
+ priv_set->count--;
+ priv_set->set=new_set;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ duplicates a privilege array
+ ****************************************************************************/
+NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
+{
+ LUID_ATTR *new_set;
+ LUID_ATTR *old_set;
+ int i;
+
+ *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
+ init_privilege(*new_priv_set);
+
+ /* special case if there are no privileges in the list */
+ if (priv_set->count == 0) {
+ return NT_STATUS_OK;
+ }
+
+ /*
+ * create a new list,
+ * and copy the other privileges
+ */
+
+ old_set = priv_set->set;
+
+ new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
+ if (new_set==NULL) {
+ DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i < priv_set->count; i++) {
+
+ new_set[i].luid.low = old_set[i].luid.low;
+ new_set[i].luid.high = old_set[i].luid.high;
+ new_set[i].attr = old_set[i].attr;
+ }
+
+ (*new_priv_set)->count = priv_set->count;
+ (*new_priv_set)->control = priv_set->control;
+ (*new_priv_set)->set = new_set;
+
+ return NT_STATUS_OK;
+}
+
+#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
+#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
+ (READ_CONTROL_ACCESS | \
+ SA_RIGHT_ALIAS_LOOKUP_INFO | \
+ SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */
+
+#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
+
+NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
+{
+ DOM_SID *world = &global_sid_World;
+ DOM_SID *admins = &global_sid_Builtin_Administrators;
+ SEC_ACCESS sa;
+ SEC_ACE sacl_ace;
+ SEC_ACE dacl_aces[2];
+ SEC_ACL *sacl = NULL;
+ SEC_ACL *dacl = NULL;
+ size_t psize;
+
+ init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS);
+ init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG);
+
+ sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace);
+ if (!sacl) {
+ DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS);
+ init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
+ init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS);
+ init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
+
+ dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces);
+ if (!sacl) {
+ DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
+ if (!(*sec_desc)) {
+ DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask)
+{
+ NTSTATUS result;
+ SEC_ACE *new_aces;
+ unsigned num_aces;
+ int i;
+
+ num_aces = sec_desc->dacl->num_aces + 1;
+ result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask);
+ if (NT_STATUS_IS_OK(result)) {
+ sec_desc->dacl->ace = new_aces;
+ sec_desc->dacl->num_aces = num_aces;
+ sec_desc->dacl->size = SEC_ACL_HEADER_SIZE;
+ for (i = 0; i < num_aces; i++) {
+ sec_desc->dacl->size += sec_desc->dacl->ace[i].size;
+ }
+ }
+ return result;
+}
+
+NTSTATUS gums_init_builtin_groups(void)
+{
+ NTSTATUS result;
+ GUMS_OBJECT g_obj;
+ GUMS_GROUP *g_grp;
+ GUMS_PRIVILEGE g_priv;
+
+ /* Build the well known Builtin Local Groups */
+ g_obj.type = GUMS_OBJ_GROUP;
+ g_obj.version = 1;
+ g_obj.seq_num = 0;
+ g_obj.mem_ctx = talloc_init_named("gums_init_backend_acct");
+ if (g_obj.mem_ctx == NULL) {
+ DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Administrators */
+
+ /* alloc group structure */
+ g_obj.data = (void *)talloc(g_obj.mem_ctx, sizeof(GUMS_OBJ_GROUP));
+ ALLOC_CHECK("gums_init_backend", g_obj.data, result, done);
+
+ /* make admins sid */
+ g_grp = (GUMS_GROUP *)g_obj.data;
+ sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
+
+ /* make security descriptor */
+ result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
+ NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
+
+ /* make privilege set */
+ /* From BDC join trace:
+ SeSecurityPrivilege
+ SeBackupPrivilege
+ SeRestorePrivilege
+ SeSystemtimePrivilege
+ SeShutdownPrivilege
+ SeRemoteShutdownPrivilege
+ SeTakeOwnershipPrivilege
+ SeDebugPrivilege
+ SeSystemEnvironmentPrivilege
+ SeSystemProfilePrivilege
+ SeProfileSingleProcessPrivilege
+ SeIncreaseBasePriorityPrivilege
+ SeLocalDriverPrivilege
+ SeCreatePagefilePrivilege
+ SeIncreaseQuotaPrivilege
+ */
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* numebr of group members */
+ g_grp->count = 0;
+ g_grp->members = NULL;
+
+ /* store Administrators group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Power Users */
+ /* Domain Controllers Does NOT have power Users */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
+
+ /* make privilege set */
+ /* SE_PRIV_??? */
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Power Users group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Account Operators */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
+
+ /* make privilege set */
+ /* From BDC join trace:
+ SeShutdownPrivilege
+ */
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Account Operators group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Server Operators */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
+
+ /* make privilege set */
+ /* From BDC join trace:
+ SeBackupPrivilege
+ SeRestorePrivilege
+ SeSystemtimePrivilege
+ SeShutdownPrivilege
+ SeRemoteShutdownPrivilege
+ */
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Server Operators group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Print Operators */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
+
+ /* make privilege set */
+ /* From BDC join trace:
+ SeShutdownPrivilege
+ */
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Print Operators group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Backup Operators */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
+
+ /* make privilege set */
+ /* From BDC join trace:
+ SeBackupPrivilege
+ SeRestorePrivilege
+ SeShutdownPrivilege
+ */
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Backup Operators group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Replicator */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
+
+ /* make privilege set */
+ /* From BDC join trace:
+ SeBackupPrivilege
+ SeRestorePrivilege
+ SeShutdownPrivilege
+ */
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Replicator group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Users */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Users);
+
+ /* add ACE to sec dsec dacl */
+ sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
+ sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Users group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* Guests */
+
+ sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
+
+ /* set name */
+ g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
+ ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
+
+ /* set description */
+ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
+ ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
+
+ /* store Guests group */
+ result = gums_storage->set_object(&g_obj);
+
+ /* set default privileges */
+ g_priv.type = GUMS_OBJ_GROUP;
+ g_priv.version = 1;
+ g_priv.seq_num = 0;
+ g_priv.mem_ctx = talloc_init_named("gums_init_backend_priv");
+ if (g_priv.mem_ctx == NULL) {
+ DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+
+
+done:
+ talloc_destroy(g_obj.mem_ctx);
+ talloc_destroy(g_priv.mem_ctx);
+ return result;
+}
+
generated by cgit (git 2.34.1) at 2024-11-13 12:58:08 +0000