summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c22
-rw-r--r--source3/rpc_server/srv_samr_nt.c7
-rw-r--r--source3/rpc_server/srv_util.c208
3 files changed, 67 insertions, 170 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 5f85d4db9c..d15175d4ae 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -27,8 +27,6 @@
#include "includes.h"
-extern BOOL sam_logon_in_ssb;
-extern pstring samlogon_user;
extern pstring global_myname;
extern DOM_SID global_sam_sid;
@@ -642,16 +640,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
int num_gids = 0;
pstring my_name;
pstring my_workgroup;
- pstring domain_groups;
/* set up pointer indicating user/password failed to be found */
usr_info->ptr_user_info = 0;
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a change_to_user() call */
- sam_logon_in_ssb = True;
- pstrcpy(samlogon_user, nt_username);
-
pstrcpy(my_workgroup, lp_workgroup());
pstrcpy(my_name, global_myname);
strupper(my_name);
@@ -664,17 +656,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
* JRA.
*/
- *domain_groups = 0;
-
- get_domain_user_groups(domain_groups, nt_username);
-
- /*
- * make_dom_gids allocates the gids array. JRA.
- */
- gids = NULL;
- num_gids = make_dom_gids(p->mem_ctx, domain_groups, &gids);
-
- sam_logon_in_ssb = False;
+ gids = NULL;
+ get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account);
init_net_user_info3(p->mem_ctx, usr_info, server_info->sam_account,
0, /* logon_count */
@@ -687,6 +670,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
my_workgroup, /* char *logon_dom */
&global_sam_sid, /* DOM_SID *dom_sid */
NULL); /* char *other_sids */
+
}
free_server_info(&server_info);
return status;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 5e19fd1e7c..853a130859 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1854,11 +1854,13 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
if (ret == False) {
samr_clear_sam_passwd(sam_pass);
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
- if(!new_get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) {
+ if(!get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) {
samr_clear_sam_passwd(sam_pass);
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_GROUP;
}
@@ -1868,6 +1870,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
samr_clear_sam_passwd(sam_pass);
+ pdb_free_sam(&sam_pass);
return r_u->status;
}
@@ -2745,7 +2748,7 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
for (i=0; i<q_u->num_sids1; i++) {
- r_u->status=new_get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid));
+ r_u->status=get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid));
/*
* if there is an error, we just continue as
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 80090cf6e0..5c781c20ae 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -76,84 +76,10 @@ rid_name domain_group_rids[] =
{ 0 , NULL }
};
-int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
-{
- char *ptr;
- pstring s2;
- int count;
- DOM_GID *gids;
-
- *ppgids = NULL;
-
- DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0)
- return 0;
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2));
- count++)
- ;
-
- gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count );
- if(!gids)
- {
- DEBUG(0,("make_dom_gids: talloc fail !\n"));
- return 0;
- }
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2)) &&
- count < LSA_MAX_GROUPS;
- count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr_m(s2,'/');
- if (attr)
- *attr++ = 0;
-
- if (!attr || !*attr)
- attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; builtin_alias_rids[i].name != NULL; i++)
- {
- if (strequal(builtin_alias_rids[i].name, s2))
- {
- rid = builtin_alias_rids[i].rid;
- break;
- }
- }
-
- if (rid == 0)
- rid = atoi(s2);
-
- if (rid == 0)
- {
- DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
- count--;
- }
- else
- {
- gids[count].g_rid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
- }
- }
-
- *ppgids = gids;
- return count;
-}
-
/*******************************************************************
gets a domain user's groups
********************************************************************/
-NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
+NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
{
SAM_ACCOUNT *sam_pass=NULL;
char *sep;
@@ -186,7 +112,7 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
sep = lp_winbind_separator();
- DEBUG(10,("new_get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
+ DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
sid_peek_rid(q_sid, &rid);
@@ -195,27 +121,30 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
become_root();
ret = pdb_getsampwrid(sam_pass, rid);
unbecome_root();
- if (ret == False)
+ if (ret == False) {
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
+ }
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
gid=pdb_get_gid(sam_pass);
grp = glist = getgrent_list();
- if (grp == NULL)
+ if (grp == NULL) {
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
-
+ }
for (; grp != NULL; grp = grp->next) {
if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) {
- DEBUG(10,("new_get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
+ DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
continue;
}
/* if it's not an alias, continue */
if (map.sid_name_use!=SID_NAME_ALIAS) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
continue;
}
@@ -224,24 +153,24 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
/* if the sid is not in the correct domain, continue */
if (!sid_equal(&tmp_sid, sid)) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
continue;
}
/* Don't return winbind groups as they are not local! */
if (strchr_m(map.nt_name, *sep) != NULL) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
continue;
}
/* Don't return user private groups... */
if (Get_Pwnam(map.nt_name) != 0) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
continue;
}
/* the group is fine, we can check if there is the user we're looking for */
- DEBUG(10,("new_get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
for(num=0; grp->gr_mem[num]!=NULL; num++) {
if(strcmp(grp->gr_mem[num], user_name)==0) {
@@ -249,69 +178,70 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
if (new_rids==NULL) {
- DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
rids=new_rids;
sid_peek_rid(&map.sid, &(rids[cur_rid]));
- DEBUG(10,("new_get_alias_user_groups: user found in group %s\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name));
cur_rid++;
break;
}
}
-
}
-
+
grent_free(glist);
-
+
/* now check for the user's gid (the primary group rid) */
for (i=0; i<cur_rid && grid!=rids[i]; i++)
;
-
+
/* the user's gid is already there */
if (i!=cur_rid) {
- DEBUG(10,("new_get_alias_user_groups: user is already in the list. good.\n"));
+ DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
goto done;
}
-
- DEBUG(10,("new_get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
-
+
+ DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
+
if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) {
- DEBUG(0,("new_get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+ DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
goto done;
}
-
+
/* the primary group isn't an alias */
if (map.sid_name_use!=SID_NAME_ALIAS) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
goto done;
}
sid_copy(&tmp_sid, &map.sid);
sid_split_rid(&tmp_sid, &rid);
-
+
/* if the sid is not in the correct domain, continue */
if (!sid_equal(&tmp_sid, sid)) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
goto done;
}
/* Don't return winbind groups as they are not local! */
if (strchr_m(map.nt_name, *sep) != NULL) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
goto done;
}
/* Don't return user private groups... */
if (Get_Pwnam(map.nt_name) != 0) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
goto done;
}
new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
if (new_rids==NULL) {
- DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
rids=new_rids;
@@ -322,7 +252,8 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups
done:
*prids=rids;
*numgroups=cur_rid;
-
+ pdb_free_sam(&sam_pass);
+
return NT_STATUS_OK;
}
@@ -330,7 +261,7 @@ done:
/*******************************************************************
gets a domain user's groups
********************************************************************/
-BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
+BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
{
GROUP_MAP *map=NULL;
int i, num, num_entries, cur_gid=0;
@@ -345,13 +276,12 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- DEBUG(10,("new_get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+ DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
/* first get the list of the domain groups */
if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return False;
- DEBUG(10,("new_get_domain_user_groups: there are %d mapped groups\n", num_entries));
-
+ DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
/*
* alloc memory. In the worse case, we alloc memory for nothing.
@@ -364,7 +294,7 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
for(i=0; i<num_entries; i++) {
if ((grp=getgrgid(map[i].gid)) == NULL) {
/* very weird !!! */
- DEBUG(5,("new_get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
+ DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
continue;
}
@@ -372,8 +302,8 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
if(strcmp(grp->gr_mem[num], user_name)==0) {
/* we found the user, add the group to the list */
sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
- gids[cur_gid].attr=map[i].sid_name_use;
- DEBUG(10,("new_get_domain_user_groups: user found in group %s\n", map[i].nt_name));
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
cur_gid++;
break;
}
@@ -387,22 +317,36 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
/* the user's gid is already there */
if (i!=cur_gid) {
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[i].g_rid=gids[0].g_rid;
+ gids[0].g_rid=grid;
goto done;
}
for(i=0; i<num_entries; i++) {
sid_peek_rid(&map[i].sid, &tmp_rid);
if (tmp_rid==grid) {
- gids[cur_gid].g_rid=tmp_rid;
- gids[cur_gid].attr=map[i].sid_name_use;
- DEBUG(10,("new_get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[cur_gid].g_rid=gids[0].g_rid;
+ gids[0].g_rid=tmp_rid;
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
cur_gid++;
goto done; /* leave the loop early */
}
}
+ DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
+ DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
+
done:
- *pgids=gids;
+ *pgids=gids;
*numgroups=cur_gid;
safe_free(map);
@@ -410,40 +354,6 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids
}
/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, const char *user)
-{
- pstring tmp;
-
- if (domain_groups == NULL || user == NULL) return;
-
- /* can only be a user or a guest. cannot be guest _and_ admin */
- if (user_in_list(user, lp_domain_guest_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain guest group access %s granted\n", tmp));
- }
- else
- {
- slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain group access %s granted\n", tmp));
-
- if (user_in_list(user, lp_domain_admin_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain admin group access %s granted\n", tmp));
- }
- }
-}
-
-/*******************************************************************
Look up a local (domain) rid and return a name and type.
********************************************************************/
NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type)