diff options
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 271 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_hnd.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog.c | 416 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 262 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 323 |
5 files changed, 538 insertions, 738 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 5e6e101883..51b6e8d25b 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -29,6 +29,12 @@ extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; +extern fstring global_sam_name; +extern DOM_SID global_member_sid; +extern fstring global_myworkgroup; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_3; +extern DOM_SID global_sid_S_1_5; /*************************************************************************** lsa_reply_open_policy2 @@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid) d_q->uni_dom_max_len = domlen * 2; d_q->uni_dom_str_len = domlen * 2; - d_q->buffer_dom_name = 4; /* domain buffer pointer */ - d_q->buffer_dom_sid = 2; /* domain sid pointer */ + d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */ /* this string is supposed to be character short */ make_unistr2(&(d_q->uni_domain_name), dom_name, domlen); @@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata, /*************************************************************************** -make_dom_ref +make_dom_ref - adds a domain if it's not already in, returns the index ***************************************************************************/ -static void make_dom_ref(DOM_R_REF *ref, int num_domains, - char **dom_names, DOM_SID **dom_sids) +static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) { - int i; + int num = 0; + int len; - if (num_domains > MAX_REF_DOMAINS) + if (dom_name != NULL) { - num_domains = MAX_REF_DOMAINS; + for (num = 0; num < ref->num_ref_doms_1; num++) + { + fstring domname; + fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name)); + if (strequal(domname, dom_name)) + { + return num; + } + } + + } + else + { + num = ref->num_ref_doms_1; + } + + if (num >= MAX_REF_DOMAINS) + { + /* index not found, already at maximum domain limit */ + return -1; } ref->undoc_buffer = 1; - ref->num_ref_doms_1 = num_domains; + ref->num_ref_doms_1 = num+1; ref->undoc_buffer2 = 1; ref->max_entries = MAX_REF_DOMAINS; - ref->num_ref_doms_2 = num_domains; + ref->num_ref_doms_2 = num+1; - for (i = 0; i < num_domains; i++) - { - int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0; + len = dom_name != NULL ? strlen(dom_name) : 0; - make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0); - ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0; + make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0); + ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0; - make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len); - make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]); - } + make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len); + make_dom_sid2(&(ref->ref_dom[num].ref_dom ), dom_sid ); + return num; } /*************************************************************************** make_reply_lookup_rids ***************************************************************************/ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { int i; - make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids); + r_l->num_entries = 0; + r_l->undoc_buffer = 0; + r_l->num_entries2 = 0; +#if 0 r_l->num_entries = num_entries; r_l->undoc_buffer = 1; r_l->num_entries2 = num_entries; @@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l, for (i = 0; i < num_entries; i++) { - make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01); + make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid); + make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]); } r_l->num_entries3 = num_entries; +#endif } /*************************************************************************** make_lsa_trans_names ***************************************************************************/ -static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn, +static void make_lsa_trans_names(DOM_R_REF *ref, + LSA_TRANS_NAME_ENUM *trn, int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - uint32 *total) + uint32 *mapped_count) { - uint32 status = 0x0; int i; - (*total) = 0; + int total = 0; + (*mapped_count) = 0; SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); for (i = 0; i < num_entries; i++) { + uint32 status = 0x0; + DOM_SID find_sid = sid[i].sid; + DOM_SID tmp = sid[i].sid; uint32 rid = 0xffffffff; - uint8 num_auths = sid[i].sid.num_auths; + int dom_idx = -1; fstring name; - uint32 type; + fstring dom_name; + uint8 sid_name_use = 0; - SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths); + memset(dom_name, 0, sizeof(dom_name)); + memset(name , 0, sizeof(name )); - /* find the rid to look up */ - if (num_auths != 0) + if (map_domain_sid_to_name(&find_sid, dom_name)) + { + sid_name_use = SID_NAME_DOMAIN; + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + } + else if (sid_split_rid (&find_sid, &rid) && + map_domain_sid_to_name(&find_sid, dom_name)) + { + if (sid_equal(&find_sid, &global_sam_sid)) + { + status = lookup_name(&tmp, name, &sid_name_use); + } + else + { + status = 0xC0000000 | NT_STATUS_NONE_MAPPED; + } + } + else { - rid = sid[i].sid.sub_auths[num_auths-1]; - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - - status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status; - status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status; - status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status; } + dom_idx = make_dom_ref(ref, dom_name, &find_sid); + if (status == 0x0) { - make_lsa_trans_name(&(trn->name [(*total)]), - &(trn->uni_name[(*total)]), - type, name, (*total)); - (*total)++; + (*mapped_count)++; + } + else + { + snprintf(name, sizeof(name), "%08x", rid); + sid_name_use = SID_NAME_UNKNOWN; + } + make_lsa_trans_name(&(trn->name [total]), + &(trn->uni_name[total]), + sid_name_use, name, dom_idx); + total++; } - trn->num_entries = (*total); + trn->num_entries = total; trn->ptr_trans_names = 1; - trn->num_entries2 = (*total); + trn->num_entries2 = total; } /*************************************************************************** @@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, lsa_reply_lookup_sids ***************************************************************************/ static void lsa_reply_lookup_sids(prs_struct *rdata, - int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + DOM_SID2 *sid, int num_entries) { LSA_R_LOOKUP_SIDS r_l; DOM_R_REF ref; @@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, ZERO_STRUCT(names); /* set up the LSA Lookup SIDs response */ - make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids); - make_lsa_trans_names(&names, num_entries, sid, &mapped_count); + make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); /* store the response in the SMB stream */ @@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata, lsa_reply_lookup_rids ***************************************************************************/ static void lsa_reply_lookup_rids(prs_struct *rdata, - int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS], - int num_ref_doms, - char **dom_names, DOM_SID **dom_sids) + int num_entries, + uint32 dom_rids[MAX_LOOKUP_SIDS], + uint8 dom_types[MAX_LOOKUP_SIDS]) { LSA_R_LOOKUP_RIDS r_l; ZERO_STRUCT(r_l); /* set up the LSA Lookup RIDs response */ - make_reply_lookup_rids(&r_l, num_entries, dom_rids, - num_ref_doms, dom_names, dom_sids); + make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types); + r_l.status = 0x0; /* store the response in the SMB stream */ @@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_QUERY_INFO q_i; - pstring dom_name; + fstring name; + DOM_SID *sid = NULL; + memset(name, 0, sizeof(name)); ZERO_STRUCT(q_i); /* grab the info class and policy handle */ lsa_io_q_query("", &q_i, data, 0); - pstrcpy(dom_name, lp_workgroup()); + switch (q_i.info_class) + { + case 0x03: + { + fstrcpy(name, global_myworkgroup); + sid = &global_member_sid; + break; + } + case 0x05: + { + fstrcpy(name, global_sam_name); + sid = &global_sam_sid; + break; + } + default: + { + DEBUG(5,("unknown info level in Lsa Query: %d\n", + q_i.info_class)); + break; + } + } /* construct reply. return status is always 0x0 */ - lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid); + lsa_reply_query_info(&q_i, rdata, name, sid); } /*************************************************************************** @@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data, prs_struct *rdata ) { LSA_Q_LOOKUP_SIDS q_l; - pstring dom_name; - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; - ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); /* grab the info class and policy handle */ lsa_io_q_lookup_sids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - /* construct reply. return status is always 0x0 */ - lsa_reply_lookup_sids(rdata, - q_l.sids.num_entries, q_l.sids.sid, /* SIDs */ - 4, dom_names, sid_array); + lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries); } /*************************************************************************** @@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, { int i; LSA_Q_LOOKUP_RIDS q_l; - pstring dom_name; uint32 dom_rids[MAX_LOOKUP_SIDS]; - uint32 dummy_g_rid; - - DOM_SID sid_S_1_1; - DOM_SID sid_S_1_3; - DOM_SID sid_S_1_5; - - DOM_SID *sid_array[4]; - char *dom_names[4]; + uint8 dom_types[MAX_LOOKUP_SIDS]; ZERO_STRUCT(q_l); - ZERO_STRUCT(sid_S_1_1); - ZERO_STRUCT(sid_S_1_3); - ZERO_STRUCT(sid_S_1_5); ZERO_ARRAY(dom_rids); /* grab the info class and policy handle */ lsa_io_q_lookup_rids("", &q_l, data, 0); - pstrcpy(dom_name, lp_workgroup()); - - string_to_sid(&sid_S_1_1, "S-1-1"); - string_to_sid(&sid_S_1_3, "S-1-3"); - string_to_sid(&sid_S_1_5, "S-1-5"); - - dom_names[0] = dom_name; - sid_array[0] = &global_sam_sid; - - dom_names[1] = "Everyone"; - sid_array[1] = &sid_S_1_1; - - dom_names[2] = "don't know"; - sid_array[2] = &sid_S_1_3; - - dom_names[3] = "NT AUTHORITY"; - sid_array[3] = &sid_S_1_5; - SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries); /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - fstring user_name; - fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); - - /* - * Map to the UNIX username. - */ - map_username(user_name); - - /* - * Do any case conversions. - */ - (void)Get_Pwnam(user_name, True); + fstring name; + fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer)); - if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) + if (lookup_rid(name, &dom_rids[i], &dom_types[i])) { /* WHOOPS! we should really do something about this... */ dom_rids[i] = 0; @@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data, /* construct reply. return status is always 0x0 */ lsa_reply_lookup_rids(rdata, - q_l.num_entries, dom_rids, /* text-converted SIDs */ - 4, dom_names, sid_array); + q_l.num_entries, + dom_rids, /* text-converted SIDs */ + dom_types); /* SID_NAME_USE types */ } /*************************************************************************** diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c index b807c40604..dabc5520ff 100644 --- a/source3/rpc_server/srv_lsa_hnd.c +++ b/source3/rpc_server/srv_lsa_hnd.c @@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) { struct policy *p = find_lsa_policy(hnd); - if (!p) { + if (!p) + { DEBUG(3,("Error closing policy\n")); return False; } @@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd) bitmap_clear(bmap, p->pnum); ZERO_STRUCTP(p); + ZERO_STRUCTP(hnd); free(p); diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 04118800e2..77b17dca2f 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -1,4 +1,3 @@ - /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -544,7 +543,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, net_login_network: *************************************************************************/ static uint32 net_login_network(NET_ID_INFO_2 *id2, - struct smb_passwd *smb_pass) + struct smb_passwd *smb_pass, + user_struct *vuser) { DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n", id2->hdr_lm_chal_resp.str_str_len, @@ -593,221 +593,213 @@ static void api_net_sam_logon( uint16 vuid, prs_struct *data, prs_struct *rdata) { - NET_Q_SAM_LOGON q_l; - NET_ID_INFO_CTR ctr; - NET_USER_INFO_3 usr_info; - uint32 status = 0x0; - DOM_CRED srv_cred; - struct smb_passwd *smb_pass = NULL; - UNISTR2 *uni_samlogon_user = NULL; - - user_struct *vuser = NULL; - - if ((vuser = get_valid_user_struct(vuid)) == NULL) - return; - - q_l.sam_id.ctr = &ctr; - - net_io_q_sam_logon("", &q_l, data, 0); - - /* checks and updates credentials. creates reply credentials */ - if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), - &(q_l.sam_id.client.cred), &srv_cred)) - { - status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; - } - else - { - memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); - } - - /* find the username */ - - if (status == 0) - { - switch (q_l.sam_id.logon_level) - { - case INTERACTIVE_LOGON_TYPE: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); - - DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); - break; - } - case NET_LOGON_TYPE: - { - uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); - - DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); - break; - } - default: - { - DEBUG(2,("SAM Logon: unsupported switch value\n")); - status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; - break; - } - } /* end switch */ - } /* end if status == 0 */ - - /* check username exists */ - - if (status == 0) - { - pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, - uni_samlogon_user->uni_str_len)); - - DEBUG(3,("User:[%s]\n", samlogon_user)); + NET_Q_SAM_LOGON q_l; + NET_ID_INFO_CTR ctr; + NET_USER_INFO_3 usr_info; + uint32 status = 0x0; + DOM_CRED srv_cred; + struct smb_passwd *smb_pass = NULL; + UNISTR2 *uni_samlogon_user = NULL; - /* - * Convert to a UNIX username. - */ - map_username(samlogon_user); + user_struct *vuser = NULL; - /* - * Do any case conversions. - */ - (void)Get_Pwnam(samlogon_user, True); - - become_root(True); - smb_pass = getsmbpwnam(samlogon_user); - unbecome_root(True); - - if (smb_pass == NULL) - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - else if (smb_pass->acct_ctrl & ACB_PWNOTREQ) - status = 0; - else if (smb_pass->acct_ctrl & ACB_DISABLED) - status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; - } - - /* Validate password - if required. */ - - if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ)) - { - switch (q_l.sam_id.logon_level) - { - case INTERACTIVE_LOGON_TYPE: - { - /* interactive login. */ - status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); - break; - } - case NET_LOGON_TYPE: - { - /* network login. lm challenge and 24 byte responses */ - status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass); - break; - } - } - } - - /* lkclXXXX this is the point at which, if the login was - successful, that the SAM Local Security Authority should - record that the user is logged in to the domain. - */ - - /* return the profile plus other bits :-) */ - - if (status == 0) - { - DOM_GID *gids = NULL; - int num_gids = 0; - NTTIME dummy_time; - pstring logon_script; - pstring profile_path; - pstring home_dir; - pstring home_drive; - pstring my_name; - pstring my_workgroup; - pstring domain_groups; - uint32 r_uid; - uint32 r_gid; - - /* set up pointer indicating user/password failed to be found */ - usr_info.ptr_user_info = 0; - - dummy_time.low = 0xffffffff; - dummy_time.high = 0x7fffffff; - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - pstrcpy(logon_script, lp_logon_script()); - pstrcpy(profile_path, lp_logon_path()); - - pstrcpy(my_workgroup, lp_workgroup()); - - pstrcpy(home_drive, lp_logon_drive()); - pstrcpy(home_dir, lp_logon_home()); - - pstrcpy(my_name, global_myname); - strupper(my_name); + if ((vuser = get_valid_user_struct(vuid)) == NULL) + return; - /* - * This is the point at which we get the group - * database - we should be getting the gid_t list - * from /etc/group and then turning the uids into - * rids and then into machine sids for this user. - * JRA. - */ + q_l.sam_id.ctr = &ctr; - get_domain_user_groups(domain_groups, samlogon_user); + net_io_q_sam_logon("", &q_l, data, 0); - /* - * make_dom_gids allocates the gids array. JRA. - */ - gids = NULL; - num_gids = make_dom_gids(domain_groups, &gids); - - sam_logon_in_ssb = False; - - if (pdb_name_to_rid(samlogon_user, &r_uid, &r_gid)) - { - make_net_user_info3(&usr_info, - &dummy_time, /* logon_time */ - &dummy_time, /* logoff_time */ - &dummy_time, /* kickoff_time */ - &dummy_time, /* pass_last_set_time */ - &dummy_time, /* pass_can_change_time */ - &dummy_time, /* pass_must_change_time */ - - samlogon_user , /* user_name */ - vuser->real_name, /* full_name */ - logon_script , /* logon_script */ - profile_path , /* profile_path */ - home_dir , /* home_dir */ - home_drive , /* dir_drive */ - - 0, /* logon_count */ - 0, /* bad_pw_count */ - - r_uid , /* RID user_id */ - r_gid , /* RID group_id */ - num_gids, /* uint32 num_groups */ - gids , /* DOM_GID *gids */ - 0x20 , /* uint32 user_flgs (?) */ - - NULL, /* char sess_key[16] */ - - my_name , /* char *logon_srv */ - my_workgroup, /* char *logon_dom */ - - &global_sam_sid, /* DOM_SID *dom_sid */ - NULL); /* char *other_sids */ - } - else - { - status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - } - - /* Free any allocated groups array. */ - if(gids) - free((char *)gids); - } - - net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); + /* checks and updates credentials. creates reply credentials */ + if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred), + &(q_l.sam_id.client.cred), &srv_cred)) + { + status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + } + else + { + memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred)); + } + + /* find the username */ + + if (status == 0) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name); + + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); + break; + } + case NET_LOGON_TYPE: + { + uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name); + + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); + break; + } + default: + { + DEBUG(2,("SAM Logon: unsupported switch value\n")); + status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS; + break; + } + } /* end switch */ + } /* end if status == 0 */ + + /* check username exists */ + + if (status == 0) + { + pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer, + uni_samlogon_user->uni_str_len)); + + DEBUG(3,("User:[%s]\n", samlogon_user)); + + /* + * Convert to a UNIX username. + */ + map_username(samlogon_user); + + /* + * Do any case conversions. + */ + (void)Get_Pwnam(samlogon_user, True); + + become_root(True); + smb_pass = getsmbpwnam(samlogon_user); + unbecome_root(True); + + if (smb_pass == NULL) + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) && + IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)) + { + status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED; + } + } + + /* validate password - if required */ + + if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))) + { + switch (q_l.sam_id.logon_level) + { + case INTERACTIVE_LOGON_TYPE: + { + /* interactive login. */ + status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser); + break; + } + case NET_LOGON_TYPE: + { + /* network login. lm challenge and 24 byte responses */ + status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser); + break; + } + } + } + + /* lkclXXXX this is the point at which, if the login was + successful, that the SAM Local Security Authority should + record that the user is logged in to the domain. + */ + + /* return the profile plus other bits :-) */ + + if (status == 0) + { + DOM_GID *gids = NULL; + int num_gids = 0; + NTTIME dummy_time; + pstring logon_script; + pstring profile_path; + pstring home_dir; + pstring home_drive; + pstring my_name; + pstring my_workgroup; + DOMAIN_GRP *grp_mem; + uint32 r_uid; + uint32 r_gid; + + /* set up pointer indicating user/password failed to be found */ + usr_info.ptr_user_info = 0; + + dummy_time.low = 0xffffffff; + dummy_time.high = 0x7fffffff; + + /* XXXX hack to get standard_sub_basic() to use sam logon username */ + /* possibly a better way would be to do a become_user() call */ + sam_logon_in_ssb = True; + + pstrcpy(logon_script, lp_logon_script()); + pstrcpy(profile_path, lp_logon_path()); + + pstrcpy(my_workgroup, lp_workgroup()); + + pstrcpy(home_drive, lp_logon_drive()); + pstrcpy(home_dir, lp_logon_home()); + pstrcpy(my_name, global_myname); + strupper(my_name); + + status = lookup_user_rids(samlogon_user, &r_uid, &r_gid); + status = status == 0 ? getusergroupsnam(samlogon_user, &grp_mem, &num_gids) : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP; + + if (status == 0x0) + { + gids = NULL; + num_gids = make_dom_gids(grp_mem, num_gids, &gids); + + make_net_user_info3(&usr_info, + &dummy_time, /* logon_time */ + &dummy_time, /* logoff_time */ + &dummy_time, /* kickoff_time */ + &dummy_time, /* pass_last_set_time */ + &dummy_time, /* pass_can_change_time */ + &dummy_time, /* pass_must_change_time */ + + samlogon_user , /* user_name */ + vuser->real_name, /* full_name */ + logon_script , /* logon_script */ + profile_path , /* profile_path */ + home_dir , /* home_dir */ + home_drive , /* dir_drive */ + + 0, /* logon_count */ + 0, /* bad_pw_count */ + + r_uid , /* RID user_id */ + r_gid , /* RID group_id */ + num_gids, /* uint32 num_groups */ + gids , /* DOM_GID *gids */ + 0x20 , /* uint32 user_flgs (?) */ + + NULL, /* char sess_key[16] */ + + my_name , /* char *logon_srv */ + my_workgroup, /* char *logon_dom */ + + &global_sam_sid, /* DOM_SID *dom_sid */ + NULL); /* char *other_sids */ + } + else + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + } + + /* Free any allocated groups array. */ + if (gids) + { + free((char *)gids); + } + } + + net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status); } diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 323298ef7a..b70a71b5c0 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -30,9 +30,11 @@ extern int DEBUGLEVEL; extern BOOL sam_logon_in_ssb; extern pstring samlogon_user; -extern fstring global_myworkgroup; +extern fstring global_sam_name; extern pstring global_myname; extern DOM_SID global_sam_sid; +extern DOM_SID global_sid_S_1_1; +extern DOM_SID global_sid_S_1_5_20; extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; @@ -79,8 +81,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, user_name_len = strlen(pwd->smb_name); make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len); - make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, - user_name_len, 1); + make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1, + user_name_len-1, 1); pw_buf[(*num_entries)].user_rid = pwd->user_rid; bzero( pw_buf[(*num_entries)].nt_pwd , 16); @@ -292,24 +294,21 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u, if (status == 0x0) { - DOM_SID user_sid; - DOM_SID everyone_sid; + DOM_SID usr_sid; - user_sid = global_sam_sid; + usr_sid = global_sam_sid; - SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1); + SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1); /* * Add the user RID. */ - user_sid.sub_auths[user_sid.num_auths++] = rid; + sid_append_rid(&usr_sid, rid); - string_to_sid(&everyone_sid, "S-1-1"); - - /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */ - /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ - make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &everyone_sid); - make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid); + /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */ + /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */ + make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1); + make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid); } make_samr_r_unknown_3(&r_u, @@ -400,37 +399,92 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u, prs_struct *rdata) { SAMR_R_ENUM_DOM_GROUPS r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries; + DOMAIN_GRP *grps = NULL; + int num_entries = 0; BOOL got_grps; - char *dummy_group = "Domain Admins"; + DOM_SID sid; + fstring sid_str; r_e.status = 0x0; r_e.num_entries = 0; /* find the policy handle. open a policy on it. */ - if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1)) + if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid)) { r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; } - DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); + sid_to_string(sid_str, &sid); + + DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str)); + + /* well-known groups */ + if (sid_equal(&sid, &global_sid_S_1_5_20)) + { + char *name; + got_grps = True; + + while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) + { + DOMAIN_GRP tmp_grp; + + fstrcpy(tmp_grp.name , name); + fstrcpy(tmp_grp.comment, ""); + tmp_grp.rid = domain_group_rids[num_entries].rid; + tmp_grp.attr = 0x7; + + if (!add_domain_group(&grps, &num_entries, &tmp_grp)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } + } + } + else if (sid_equal(&sid, &global_sam_sid)) + { + BOOL ret; + char *name; + got_grps = True; + + while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL)) + { + DOMAIN_GRP tmp_grp; + + fstrcpy(tmp_grp.name , name); + fstrcpy(tmp_grp.comment, ""); + tmp_grp.rid = domain_group_rids[num_entries].rid; + tmp_grp.attr = 0x7; - got_grps = True; - num_entries = 1; - make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group)); - pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS; + if (!add_domain_group(&grps, &num_entries, &tmp_grp)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } + } + + become_root(True); + ret = enumdomgroups(&grps, &num_entries); + unbecome_root(True); + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + } + } if (r_e.status == 0 && got_grps) { - make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status); + make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status); } /* store the response in the SMB stream */ samr_io_r_enum_dom_groups("", &r_e, rdata, 0); - DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); + if (grps != NULL) + { + free(grps); + } + DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); } /******************************************************************* @@ -455,11 +509,10 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, prs_struct *rdata) { SAMR_R_ENUM_DOM_ALIASES r_e; - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; + LOCAL_GRP *alss = NULL; int num_entries = 0; DOM_SID sid; fstring sid_str; - fstring sam_sid_str; r_e.status = 0x0; r_e.num_entries = 0; @@ -471,34 +524,57 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, } sid_to_string(sid_str, &sid); - sid_to_string(sam_sid_str, &global_sam_sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); /* well-known aliases */ - if (strequal(sid_str, "S-1-5-32")) + if (sid_equal(&sid, &global_sid_S_1_5_20)) { char *name; - while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) + + while ((name = builtin_alias_rids[num_entries].name) != NULL) { - make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)); - pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; - num_entries++; + LOCAL_GRP tmp_als; + + fstrcpy(tmp_als.name , name); + fstrcpy(tmp_als.comment, ""); + tmp_als.rid = builtin_alias_rids[num_entries].rid; + + if (!add_domain_alias(&alss, &num_entries, &tmp_als)) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + break; + } } } - else if (strequal(sid_str, sam_sid_str)) + else if (sid_equal(&sid, &global_sam_sid)) { + BOOL ret; /* local aliases */ - /* oops! there's no code to deal with this */ - DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n")); num_entries = 0; + + become_root(True); + ret = enumdomaliases(&alss, &num_entries); + unbecome_root(True); + if (!ret) + { + r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY; + } } - make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status); + if (r_e.status == 0x0) + { + make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status); + } /* store the response in the SMB stream */ samr_io_r_enum_dom_aliases("", &r_e, rdata, 0); + if (alss != NULL) + { + free(alss); + } + DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__)); } @@ -669,50 +745,92 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u, { uint32 rid[MAX_SAM_ENTRIES]; uint32 status = 0; - int num_rids = q_u->num_sids1; + int num_rids = 0; + int i; + struct sam_passwd *sam_pass; + DOM_SID usr_sid; + DOM_SID dom_sid; + uint32 user_rid; + fstring sam_sid_str; + fstring dom_sid_str; + fstring usr_sid_str; SAMR_R_LOOKUP_IDS r_u; DEBUG(5,("samr_lookup_ids: %d\n", __LINE__)); + /* find the policy handle. open a policy on it. */ + if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid)) + { + status = 0xC0000000 | NT_STATUS_INVALID_HANDLE; + } + else + { + sid_to_string(dom_sid_str, &dom_sid ); + sid_to_string(sam_sid_str, &global_sam_sid); + } + if (num_rids > MAX_SAM_ENTRIES) { num_rids = MAX_SAM_ENTRIES; DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids)); } -#if 0 - int i; - SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids); - - for (i = 0; i < num_rids && status == 0; i++) + if (status == 0x0) { - struct sam_passwd *sam_pass; - fstring user_name; - + usr_sid = q_u->sid[0].sid; + sid_split_rid(&usr_sid, &user_rid); + sid_to_string(usr_sid_str, &usr_sid); - fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer, - q_u->uni_user_name[i].uni_str_len)); + } + if (status == 0x0) + { /* find the user account */ become_root(True); - sam_pass = get_smb21pwd_entry(user_name, 0); + sam_pass = getsam21pwrid(user_rid); unbecome_root(True); if (sam_pass == NULL) { status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; - rid[i] = 0; + num_rids = 0; + } + } + + if (status == 0x0) + { + if (sid_equal(&dom_sid, &global_sid_S_1_5_20)) + { + DEBUG(5,("lookup on S-1-5-20\n")); + } + else if (sid_equal(&dom_sid, &usr_sid)) + { + DOMAIN_GRP *mem_grp = NULL; + BOOL ret; + + DEBUG(5,("lookup on Domain SID\n")); + + become_root(True); + ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids); + unbecome_root(True); + + num_rids = MIN(num_rids, MAX_SAM_ENTRIES); + + if (mem_grp != NULL) + { + for (i = 0; i < num_rids; i++) + { + rid[i] = mem_grp[i].rid; + } + free(mem_grp); + } } else { - rid[i] = sam_pass->user_rid; + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; } } -#endif - - num_rids = 1; - rid[0] = BUILTIN_ALIAS_RID_USERS; make_samr_r_lookup_ids(&r_u, num_rids, rid, status); @@ -743,7 +861,8 @@ static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdat static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, prs_struct *rdata) { - uint32 rid[MAX_SAM_ENTRIES]; + uint32 rid [MAX_SAM_ENTRIES]; + uint8 type[MAX_SAM_ENTRIES]; uint32 status = 0; int i; int num_rids = q_u->num_rids1; @@ -763,17 +882,12 @@ static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u, for (i = 0; i < num_rids && status == 0; i++) { fstring name; - - status = 0xC0000000 | NT_STATUS_NONE_MAPPED; - fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len)); - status = (status != 0x0) ? lookup_user_rid (name, &(rid[i])) : status; - status = (status != 0x0) ? lookup_group_rid(name, &(rid[i])) : status; - status = (status != 0x0) ? lookup_alias_rid(name, &(rid[i])) : status; + status = lookup_rid(name, &(rid[i]), &(type[i])); } - make_samr_r_lookup_names(&r_u, num_rids, rid, status); + make_samr_r_lookup_names(&r_u, num_rids, rid, type, status); /* store the response in the SMB stream */ samr_io_r_lookup_names("", &r_u, rdata, 0); @@ -1017,7 +1131,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid) { struct smb_passwd *smb_pass; - if (!pdb_rid_is_user(user_rid)) + if (!pwdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); return False; @@ -1050,7 +1164,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid) LOGON_HRS hrs; int i; - if (!pdb_rid_is_user(user_rid)) + if (!pwdb_rid_is_user(user_rid)) { DEBUG(4,("RID 0x%x is not a user RID\n", user_rid)); return False; @@ -1255,10 +1369,20 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, if (status == 0x0) { - pstring groups; - get_domain_user_groups(groups, sam_pass->smb_name); + DOMAIN_GRP *mem_grp = NULL; + BOOL ret; + + become_root(True); + ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups); + unbecome_root(True); + gids = NULL; - num_groups = make_dom_gids(groups, &gids); + num_groups = make_dom_gids(mem_grp, num_groups, &gids); + + if (mem_grp != NULL) + { + free(mem_grp); + } } /* construct the response. lkclXXXX: gids are not copied! */ @@ -1322,7 +1446,7 @@ static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u, case 0x02: { switch_value = 0x2; - make_unk_info2(&ctr.info.inf2, global_myworkgroup, global_myname); + make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname); break; } diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 097ab92d76..25dceb41a0 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -22,325 +22,4 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* this module apparently provides an implementation of DCE/RPC over a - * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC - * documentation are available (in on-line form) from the X-Open group. - * - * this module should provide a level of abstraction between SMB - * and DCE/RPC, while minimising the amount of mallocs, unnecessary - * data copies, and network traffic. - * - * in this version, which takes a "let's learn what's going on and - * get something running" approach, there is additional network - * traffic generated, but the code should be easier to understand... - * - * ... if you read the docs. or stare at packets for weeks on end. - * - */ - -#include "includes.h" -#include "nterr.h" - -extern int DEBUGLEVEL; - -/* - * A list of the rids of well known BUILTIN and Domain users - * and groups. - */ - -rid_name builtin_alias_rids[] = -{ - { BUILTIN_ALIAS_RID_ADMINS , "Administrators" }, - { BUILTIN_ALIAS_RID_USERS , "Users" }, - { BUILTIN_ALIAS_RID_GUESTS , "Guests" }, - { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" }, - - { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" }, - { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" }, - { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" }, - { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" }, - { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID users. */ -rid_name domain_user_rids[] = -{ - { DOMAIN_USER_RID_ADMIN , "Administrator" }, - { DOMAIN_USER_RID_GUEST , "Guest" }, - { 0 , NULL } -}; - -/* array lookup of well-known Domain RID groups. */ -rid_name domain_group_rids[] = -{ - { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" }, - { DOMAIN_GROUP_RID_USERS , "Domain Users" }, - { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" }, - { 0 , NULL } -}; - -int make_dom_gids(char *gids_str, DOM_GID **ppgids) -{ - char *ptr; - pstring s2; - int count; - DOM_GID *gids; - - *ppgids = NULL; - - DEBUG(4,("make_dom_gids: %s\n", gids_str)); - - if (gids_str == NULL || *gids_str == 0) - return 0; - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)); - count++) - ; - - gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count ); - if(!gids) - { - DEBUG(0,("make_dom_gids: malloc fail !\n")); - return 0; - } - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)) && - count < LSA_MAX_GROUPS; - count++) - { - /* the entries are of the form GID/ATTR, ATTR being optional.*/ - char *attr; - uint32 rid = 0; - int i; - - attr = strchr(s2,'/'); - if (attr) - *attr++ = 0; - - if (!attr || !*attr) - attr = "7"; /* default value for attribute is 7 */ - - /* look up the RID string and see if we can turn it into a rid number */ - for (i = 0; builtin_alias_rids[i].name != NULL; i++) - { - if (strequal(builtin_alias_rids[i].name, s2)) - { - rid = builtin_alias_rids[i].rid; - break; - } - } - - if (rid == 0) - rid = atoi(s2); - - if (rid == 0) - { - DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr)); - count--; - } - else - { - gids[count].g_rid = rid; - gids[count].attr = atoi(attr); - - DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr)); - } - } - - *ppgids = gids; - return count; -} - - -/******************************************************************* - gets a domain user's groups - ********************************************************************/ -void get_domain_user_groups(char *domain_groups, char *user) -{ - pstring tmp; - - if (domain_groups == NULL || user == NULL) return; - - /* any additional groups this user is in. e.g power users */ - pstrcpy(domain_groups, lp_domain_groups()); - - /* can only be a user or a guest. cannot be guest _and_ admin */ - if (user_in_list(user, lp_domain_guest_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain guest group access %s granted\n", tmp)); - } - else - { - slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain group access %s granted\n", tmp)); - - if (user_in_list(user, lp_domain_admin_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain admin group access %s granted\n", tmp)); - } - } -} - - -/******************************************************************* - lookup_group_name - ********************************************************************/ -uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type) -{ - int i = 0; - (*type) = SID_NAME_DOM_GRP; - - DEBUG(5,("lookup_group_name: rid: %d", rid)); - - while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0) - { - i++; - } - - if (domain_group_rids[i].rid != 0) - { - fstrcpy(group_name, domain_group_rids[i].name); - DEBUG(5,(" = %s\n", group_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_name - ********************************************************************/ -uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) -{ - int i = 0; - (*type) = SID_NAME_WKN_GRP; - - DEBUG(5,("lookup_alias_name: rid: %d", rid)); - - while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0) - { - i++; - } - - if (builtin_alias_rids[i].rid != 0) - { - fstrcpy(alias_name, builtin_alias_rids[i].name); - DEBUG(5,(" = %s\n", alias_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_user_name - ********************************************************************/ -uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type) -{ - struct sam_disp_info *disp_info; - int i = 0; - (*type) = SID_NAME_USER; - - DEBUG(5,("lookup_user_name: rid: %d", rid)); - - /* look up the well-known domain user rids first */ - while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0) - { - i++; - } - - if (domain_user_rids[i].rid != 0) - { - fstrcpy(user_name, domain_user_rids[i].name); - DEBUG(5,(" = %s\n", user_name)); - return 0x0; - } - - /* ok, it's a user. find the user account */ - become_root(True); - disp_info = getsamdisprid(rid); - unbecome_root(True); - - if (disp_info != NULL) - { - fstrcpy(user_name, disp_info->smb_name); - DEBUG(5,(" = %s\n", user_name)); - return 0x0; - } - - DEBUG(5,(" none mapped\n")); - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_group_rid - ********************************************************************/ -uint32 lookup_group_rid(char *group_name, uint32 *rid) -{ - char *grp_name; - int i = -1; /* start do loop at -1 */ - - do /* find, if it exists, a group rid for the group name*/ - { - i++; - (*rid) = domain_group_rids[i].rid; - grp_name = domain_group_rids[i].name; - - } while (grp_name != NULL && !strequal(grp_name, group_name)); - - return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_alias_rid - ********************************************************************/ -uint32 lookup_alias_rid(char *alias_name, uint32 *rid) -{ - char *als_name; - int i = -1; /* start do loop at -1 */ - - do /* find, if it exists, a alias rid for the alias name*/ - { - i++; - (*rid) = builtin_alias_rids[i].rid; - als_name = builtin_alias_rids[i].name; - - } while (als_name != NULL && !strequal(als_name, alias_name)); - - return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED; -} - -/******************************************************************* - lookup_user_rid - ********************************************************************/ -uint32 lookup_user_rid(char *user_name, uint32 *rid) -{ - struct sam_passwd *sam_pass; - (*rid) = 0; - - /* find the user account */ - become_root(True); - sam_pass = getsam21pwnam(user_name); - unbecome_root(True); - - if (sam_pass != NULL) - { - (*rid) = sam_pass->user_rid; - return 0x0; - } - - return 0xC0000000 | NT_STATUS_NONE_MAPPED; -} +/* retired module */ |