summaryrefslogtreecommitdiff
path: root/source3/rpc_parse
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_parse')
-rw-r--r--source3/rpc_parse/parse_samr.c91
1 files changed, 80 insertions, 11 deletions
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 34aa75f1d0..137883cc7e 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -1440,7 +1440,8 @@ inits a SAM_DISPINFO_1 structure.
********************************************************************/
NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_entries,
- uint32 start_idx, DISP_USER_INFO *disp_user_info)
+ uint32 start_idx, DISP_USER_INFO *disp_user_info,
+ DOM_SID *domain_sid)
{
uint32 len_sam_name, len_sam_full, len_sam_desc;
uint32 i;
@@ -1468,6 +1469,9 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en
const char *username;
const char *fullname;
const char *acct_desc;
+ uint32 user_rid;
+ const DOM_SID *user_sid;
+ fstring user_sid_string, domain_sid_string;
DEBUG(11, ("init_sam_dispinfo_1: entry: %d\n",i));
@@ -1486,14 +1490,25 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en
if (!acct_desc)
acct_desc = "";
+ user_sid = pdb_get_user_sid(pwd);
+
+ if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
+ DEBUG(0, ("init_sam_dispinfo_1: User %s has SID %s, which conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ username,
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
len_sam_name = strlen(username);
len_sam_full = strlen(fullname);
len_sam_desc = strlen(acct_desc);
init_sam_entry1(&sam->sam[i], start_idx + i + 1,
len_sam_name, len_sam_full, len_sam_desc,
- pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd));
-
+ user_rid, pdb_get_acct_ctrl(pwd));
+
ZERO_STRUCTP(&sam->str[i].uni_acct_name);
ZERO_STRUCTP(&sam->str[i].uni_full_name);
ZERO_STRUCTP(&sam->str[i].uni_acct_desc);
@@ -1560,7 +1575,8 @@ inits a SAM_DISPINFO_2 structure.
********************************************************************/
NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_entries,
- uint32 start_idx, DISP_USER_INFO *disp_user_info)
+ uint32 start_idx, DISP_USER_INFO *disp_user_info,
+ DOM_SID *domain_sid )
{
uint32 len_sam_name, len_sam_desc;
uint32 i;
@@ -1583,20 +1599,39 @@ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_en
ZERO_STRUCTP(sam->str);
for (i = 0; i < num_entries; i++) {
+ uint32 user_rid;
+ const DOM_SID *user_sid;
+ const char *username;
+ const char *acct_desc;
+ fstring user_sid_string, domain_sid_string;
+
DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i));
pwd=disp_user_info[i+start_idx].sam;
- len_sam_name = strlen(pdb_get_username(pwd));
- len_sam_desc = strlen(pdb_get_acct_desc(pwd));
+ username = pdb_get_username(pwd);
+ acct_desc = pdb_get_acct_desc(pwd);
+ user_sid = pdb_get_user_sid(pwd);
+
+ if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
+ DEBUG(0, ("init_sam_dispinfo_2: User %s has SID %s, which conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ username,
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ len_sam_name = strlen(username);
+ len_sam_desc = strlen(acct_desc);
init_sam_entry2(&sam->sam[i], start_idx + i + 1,
len_sam_name, len_sam_desc,
- pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd));
+ user_rid, pdb_get_acct_ctrl(pwd));
ZERO_STRUCTP(&sam->str[i].uni_srv_name);
ZERO_STRUCTP(&sam->str[i].uni_srv_desc);
- init_unistr2(&sam->str[i].uni_srv_name, pdb_get_username(pwd), len_sam_name);
+ init_unistr2(&sam->str[i].uni_srv_name, username, len_sam_name);
init_unistr2(&sam->str[i].uni_srv_desc, pdb_get_acct_desc(pwd), len_sam_desc);
}
@@ -5844,7 +5879,7 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
*************************************************************************/
-void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
+NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *domain_sid)
{
NTTIME logon_time, logoff_time, kickoff_time,
pass_last_set_time, pass_can_change_time,
@@ -5865,6 +5900,12 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
const char* workstations = pdb_get_workstations(pw);
const char* munged_dial = pdb_get_munged_dial(pw);
+ uint32 user_rid;
+ const DOM_SID *user_sid;
+
+ uint32 group_rid;
+ const DOM_SID *group_sid;
+
len_user_name = user_name != NULL ? strlen(user_name )+1 : 0;
len_full_name = full_name != NULL ? strlen(full_name )+1 : 0;
len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0;
@@ -5907,8 +5948,34 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
ZERO_STRUCT(usr->nt_pwd);
ZERO_STRUCT(usr->lm_pwd);
- usr->user_rid = pdb_get_user_rid(pw);
- usr->group_rid = pdb_get_group_rid(pw);
+ user_sid = pdb_get_user_sid(pw);
+
+ if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
+ fstring user_sid_string;
+ fstring domain_sid_string;
+ DEBUG(0, ("init_sam_user_info_21A: User %s has SID %s, \nwhich conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ user_name,
+ sid_to_string(user_sid_string, user_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ group_sid = pdb_get_group_sid(pw);
+
+ if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
+ fstring group_sid_string;
+ fstring domain_sid_string;
+ DEBUG(0, ("init_sam_user_info_21A: User %s has Primary Group SID %s, \n"
+ "which conflicts with the domain sid %s. Failing operation.\n",
+ user_name,
+ sid_to_string(group_sid_string, group_sid),
+ sid_to_string(domain_sid_string, domain_sid)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ usr->user_rid = user_rid;
+ usr->group_rid = group_rid;
usr->acb_info = pdb_get_acct_ctrl(pw);
usr->unknown_3 = pdb_get_unknown3(pw);
@@ -5937,6 +6004,8 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw)
memcpy(&usr->logon_hrs.hours, pdb_get_hours(pw), MAX_HOURS_LEN);
} else
memset(&usr->logon_hrs, 0xff, sizeof(usr->logon_hrs));
+
+ return NT_STATUS_OK;
}
/*******************************************************************