summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lsa.c271
-rw-r--r--source3/rpc_server/srv_lsa_hnd.c4
-rw-r--r--source3/rpc_server/srv_netlog.c416
-rw-r--r--source3/rpc_server/srv_samr.c262
-rw-r--r--source3/rpc_server/srv_util.c323
5 files changed, 538 insertions, 738 deletions
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 5e6e101883..51b6e8d25b 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -29,6 +29,12 @@
extern int DEBUGLEVEL;
extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
+extern DOM_SID global_member_sid;
+extern fstring global_myworkgroup;
+extern DOM_SID global_sid_S_1_1;
+extern DOM_SID global_sid_S_1_3;
+extern DOM_SID global_sid_S_1_5;
/***************************************************************************
lsa_reply_open_policy2
@@ -84,8 +90,8 @@ static void make_dom_query(DOM_QUERY *d_q, char *dom_name, DOM_SID *dom_sid)
d_q->uni_dom_max_len = domlen * 2;
d_q->uni_dom_str_len = domlen * 2;
- d_q->buffer_dom_name = 4; /* domain buffer pointer */
- d_q->buffer_dom_sid = 2; /* domain sid pointer */
+ d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */
+ d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */
/* this string is supposed to be character short */
make_unistr2(&(d_q->uni_domain_name), dom_name, domlen);
@@ -137,50 +143,70 @@ static void lsa_reply_query_info(LSA_Q_QUERY_INFO *q_q, prs_struct *rdata,
/***************************************************************************
-make_dom_ref
+make_dom_ref - adds a domain if it's not already in, returns the index
***************************************************************************/
-static void make_dom_ref(DOM_R_REF *ref, int num_domains,
- char **dom_names, DOM_SID **dom_sids)
+static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
{
- int i;
+ int num = 0;
+ int len;
- if (num_domains > MAX_REF_DOMAINS)
+ if (dom_name != NULL)
{
- num_domains = MAX_REF_DOMAINS;
+ for (num = 0; num < ref->num_ref_doms_1; num++)
+ {
+ fstring domname;
+ fstrcpy(domname, unistr2_to_str(&ref->ref_dom[num].uni_dom_name));
+ if (strequal(domname, dom_name))
+ {
+ return num;
+ }
+ }
+
+ }
+ else
+ {
+ num = ref->num_ref_doms_1;
+ }
+
+ if (num >= MAX_REF_DOMAINS)
+ {
+ /* index not found, already at maximum domain limit */
+ return -1;
}
ref->undoc_buffer = 1;
- ref->num_ref_doms_1 = num_domains;
+ ref->num_ref_doms_1 = num+1;
ref->undoc_buffer2 = 1;
ref->max_entries = MAX_REF_DOMAINS;
- ref->num_ref_doms_2 = num_domains;
+ ref->num_ref_doms_2 = num+1;
- for (i = 0; i < num_domains; i++)
- {
- int len = dom_names[i] != NULL ? strlen(dom_names[i]) : 0;
+ len = dom_name != NULL ? strlen(dom_name) : 0;
- make_uni_hdr(&(ref->hdr_ref_dom[i].hdr_dom_name), len, len, len != 0 ? 1 : 0);
- ref->hdr_ref_dom[i].ptr_dom_sid = dom_sids[i] != NULL ? 1 : 0;
+ make_uni_hdr(&(ref->hdr_ref_dom[num].hdr_dom_name), len, len, len != 0 ? 1 : 0);
+ ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0;
- make_unistr2 (&(ref->ref_dom[i].uni_dom_name), dom_names[i], len);
- make_dom_sid2(&(ref->ref_dom[i].ref_dom ), dom_sids [i]);
- }
+ make_unistr2 (&(ref->ref_dom[num].uni_dom_name), dom_name, len);
+ make_dom_sid2(&(ref->ref_dom[num].ref_dom ), dom_sid );
+ return num;
}
/***************************************************************************
make_reply_lookup_rids
***************************************************************************/
static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
- int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+ int num_entries,
+ uint32 dom_rids[MAX_LOOKUP_SIDS],
+ uint8 dom_types[MAX_LOOKUP_SIDS])
{
int i;
- make_dom_ref(&(r_l->dom_ref), num_ref_doms, dom_names, dom_sids);
+ r_l->num_entries = 0;
+ r_l->undoc_buffer = 0;
+ r_l->num_entries2 = 0;
+#if 0
r_l->num_entries = num_entries;
r_l->undoc_buffer = 1;
r_l->num_entries2 = num_entries;
@@ -189,58 +215,85 @@ static void make_reply_lookup_rids(LSA_R_LOOKUP_RIDS *r_l,
for (i = 0; i < num_entries; i++)
{
- make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], 0x01);
+ make_dom_ref(&(r_l->dom_ref), dom_name, dom_sid);
+ make_dom_rid2(&(r_l->dom_rid[i]), dom_rids[i], dom_types[i]);
}
r_l->num_entries3 = num_entries;
+#endif
}
/***************************************************************************
make_lsa_trans_names
***************************************************************************/
-static void make_lsa_trans_names(LSA_TRANS_NAME_ENUM *trn,
+static void make_lsa_trans_names(DOM_R_REF *ref,
+ LSA_TRANS_NAME_ENUM *trn,
int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- uint32 *total)
+ uint32 *mapped_count)
{
- uint32 status = 0x0;
int i;
- (*total) = 0;
+ int total = 0;
+ (*mapped_count) = 0;
SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
for (i = 0; i < num_entries; i++)
{
+ uint32 status = 0x0;
+ DOM_SID find_sid = sid[i].sid;
+ DOM_SID tmp = sid[i].sid;
uint32 rid = 0xffffffff;
- uint8 num_auths = sid[i].sid.num_auths;
+ int dom_idx = -1;
fstring name;
- uint32 type;
+ fstring dom_name;
+ uint8 sid_name_use = 0;
- SMB_ASSERT_ARRAY(sid[i].sid.sub_auths, num_auths);
+ memset(dom_name, 0, sizeof(dom_name));
+ memset(name , 0, sizeof(name ));
- /* find the rid to look up */
- if (num_auths != 0)
+ if (map_domain_sid_to_name(&find_sid, dom_name))
+ {
+ sid_name_use = SID_NAME_DOMAIN;
+ dom_idx = make_dom_ref(ref, dom_name, &find_sid);
+ }
+ else if (sid_split_rid (&find_sid, &rid) &&
+ map_domain_sid_to_name(&find_sid, dom_name))
+ {
+ if (sid_equal(&find_sid, &global_sam_sid))
+ {
+ status = lookup_name(&tmp, name, &sid_name_use);
+ }
+ else
+ {
+ status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+ }
+ }
+ else
{
- rid = sid[i].sid.sub_auths[num_auths-1];
-
status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-
- status = (status != 0x0) ? lookup_user_name (rid, name, &type) : status;
- status = (status != 0x0) ? lookup_group_name(rid, name, &type) : status;
- status = (status != 0x0) ? lookup_alias_name(rid, name, &type) : status;
}
+ dom_idx = make_dom_ref(ref, dom_name, &find_sid);
+
if (status == 0x0)
{
- make_lsa_trans_name(&(trn->name [(*total)]),
- &(trn->uni_name[(*total)]),
- type, name, (*total));
- (*total)++;
+ (*mapped_count)++;
+ }
+ else
+ {
+ snprintf(name, sizeof(name), "%08x", rid);
+ sid_name_use = SID_NAME_UNKNOWN;
+
}
+ make_lsa_trans_name(&(trn->name [total]),
+ &(trn->uni_name[total]),
+ sid_name_use, name, dom_idx);
+ total++;
}
- trn->num_entries = (*total);
+ trn->num_entries = total;
trn->ptr_trans_names = 1;
- trn->num_entries2 = (*total);
+ trn->num_entries2 = total;
}
/***************************************************************************
@@ -260,9 +313,7 @@ static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
lsa_reply_lookup_sids
***************************************************************************/
static void lsa_reply_lookup_sids(prs_struct *rdata,
- int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+ DOM_SID2 *sid, int num_entries)
{
LSA_R_LOOKUP_SIDS r_l;
DOM_R_REF ref;
@@ -274,8 +325,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
ZERO_STRUCT(names);
/* set up the LSA Lookup SIDs response */
- make_dom_ref(&ref, num_ref_doms, dom_names, dom_sids);
- make_lsa_trans_names(&names, num_entries, sid, &mapped_count);
+ make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
/* store the response in the SMB stream */
@@ -286,17 +336,17 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
lsa_reply_lookup_rids
***************************************************************************/
static void lsa_reply_lookup_rids(prs_struct *rdata,
- int num_entries, uint32 dom_rids[MAX_LOOKUP_SIDS],
- int num_ref_doms,
- char **dom_names, DOM_SID **dom_sids)
+ int num_entries,
+ uint32 dom_rids[MAX_LOOKUP_SIDS],
+ uint8 dom_types[MAX_LOOKUP_SIDS])
{
LSA_R_LOOKUP_RIDS r_l;
ZERO_STRUCT(r_l);
/* set up the LSA Lookup RIDs response */
- make_reply_lookup_rids(&r_l, num_entries, dom_rids,
- num_ref_doms, dom_names, dom_sids);
+ make_reply_lookup_rids(&r_l, num_entries, dom_rids, dom_types);
+
r_l.status = 0x0;
/* store the response in the SMB stream */
@@ -365,17 +415,39 @@ static void api_lsa_query_info( uint16 vuid, prs_struct *data,
prs_struct *rdata )
{
LSA_Q_QUERY_INFO q_i;
- pstring dom_name;
+ fstring name;
+ DOM_SID *sid = NULL;
+ memset(name, 0, sizeof(name));
ZERO_STRUCT(q_i);
/* grab the info class and policy handle */
lsa_io_q_query("", &q_i, data, 0);
- pstrcpy(dom_name, lp_workgroup());
+ switch (q_i.info_class)
+ {
+ case 0x03:
+ {
+ fstrcpy(name, global_myworkgroup);
+ sid = &global_member_sid;
+ break;
+ }
+ case 0x05:
+ {
+ fstrcpy(name, global_sam_name);
+ sid = &global_sam_sid;
+ break;
+ }
+ default:
+ {
+ DEBUG(5,("unknown info level in Lsa Query: %d\n",
+ q_i.info_class));
+ break;
+ }
+ }
/* construct reply. return status is always 0x0 */
- lsa_reply_query_info(&q_i, rdata, dom_name, &global_sam_sid);
+ lsa_reply_query_info(&q_i, rdata, name, sid);
}
/***************************************************************************
@@ -385,44 +457,13 @@ static void api_lsa_lookup_sids( uint16 vuid, prs_struct *data,
prs_struct *rdata )
{
LSA_Q_LOOKUP_SIDS q_l;
- pstring dom_name;
- DOM_SID sid_S_1_1;
- DOM_SID sid_S_1_3;
- DOM_SID sid_S_1_5;
-
- DOM_SID *sid_array[4];
- char *dom_names[4];
-
ZERO_STRUCT(q_l);
- ZERO_STRUCT(sid_S_1_1);
- ZERO_STRUCT(sid_S_1_3);
- ZERO_STRUCT(sid_S_1_5);
/* grab the info class and policy handle */
lsa_io_q_lookup_sids("", &q_l, data, 0);
- pstrcpy(dom_name, lp_workgroup());
-
- string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
-
- dom_names[0] = dom_name;
- sid_array[0] = &global_sam_sid;
-
- dom_names[1] = "Everyone";
- sid_array[1] = &sid_S_1_1;
-
- dom_names[2] = "don't know";
- sid_array[2] = &sid_S_1_3;
-
- dom_names[3] = "NT AUTHORITY";
- sid_array[3] = &sid_S_1_5;
-
/* construct reply. return status is always 0x0 */
- lsa_reply_lookup_sids(rdata,
- q_l.sids.num_entries, q_l.sids.sid, /* SIDs */
- 4, dom_names, sid_array);
+ lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries);
}
/***************************************************************************
@@ -433,63 +474,24 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
{
int i;
LSA_Q_LOOKUP_RIDS q_l;
- pstring dom_name;
uint32 dom_rids[MAX_LOOKUP_SIDS];
- uint32 dummy_g_rid;
-
- DOM_SID sid_S_1_1;
- DOM_SID sid_S_1_3;
- DOM_SID sid_S_1_5;
-
- DOM_SID *sid_array[4];
- char *dom_names[4];
+ uint8 dom_types[MAX_LOOKUP_SIDS];
ZERO_STRUCT(q_l);
- ZERO_STRUCT(sid_S_1_1);
- ZERO_STRUCT(sid_S_1_3);
- ZERO_STRUCT(sid_S_1_5);
ZERO_ARRAY(dom_rids);
/* grab the info class and policy handle */
lsa_io_q_lookup_rids("", &q_l, data, 0);
- pstrcpy(dom_name, lp_workgroup());
-
- string_to_sid(&sid_S_1_1, "S-1-1");
- string_to_sid(&sid_S_1_3, "S-1-3");
- string_to_sid(&sid_S_1_5, "S-1-5");
-
- dom_names[0] = dom_name;
- sid_array[0] = &global_sam_sid;
-
- dom_names[1] = "Everyone";
- sid_array[1] = &sid_S_1_1;
-
- dom_names[2] = "don't know";
- sid_array[2] = &sid_S_1_3;
-
- dom_names[3] = "NT AUTHORITY";
- sid_array[3] = &sid_S_1_5;
-
SMB_ASSERT_ARRAY(q_l.lookup_name, q_l.num_entries);
/* convert received RIDs to strings, so we can do them. */
for (i = 0; i < q_l.num_entries; i++)
{
- fstring user_name;
- fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer));
-
- /*
- * Map to the UNIX username.
- */
- map_username(user_name);
-
- /*
- * Do any case conversions.
- */
- (void)Get_Pwnam(user_name, True);
+ fstring name;
+ fstrcpy(name, unistr2(q_l.lookup_name[i].str.buffer));
- if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid))
+ if (lookup_rid(name, &dom_rids[i], &dom_types[i]))
{
/* WHOOPS! we should really do something about this... */
dom_rids[i] = 0;
@@ -498,8 +500,9 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_rids(rdata,
- q_l.num_entries, dom_rids, /* text-converted SIDs */
- 4, dom_names, sid_array);
+ q_l.num_entries,
+ dom_rids, /* text-converted SIDs */
+ dom_types); /* SID_NAME_USE types */
}
/***************************************************************************
diff --git a/source3/rpc_server/srv_lsa_hnd.c b/source3/rpc_server/srv_lsa_hnd.c
index b807c40604..dabc5520ff 100644
--- a/source3/rpc_server/srv_lsa_hnd.c
+++ b/source3/rpc_server/srv_lsa_hnd.c
@@ -290,7 +290,8 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd)
{
struct policy *p = find_lsa_policy(hnd);
- if (!p) {
+ if (!p)
+ {
DEBUG(3,("Error closing policy\n"));
return False;
}
@@ -302,6 +303,7 @@ BOOL close_lsa_policy_hnd(POLICY_HND *hnd)
bitmap_clear(bmap, p->pnum);
ZERO_STRUCTP(p);
+ ZERO_STRUCTP(hnd);
free(p);
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 04118800e2..77b17dca2f 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -1,4 +1,3 @@
-
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
@@ -544,7 +543,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
net_login_network:
*************************************************************************/
static uint32 net_login_network(NET_ID_INFO_2 *id2,
- struct smb_passwd *smb_pass)
+ struct smb_passwd *smb_pass,
+ user_struct *vuser)
{
DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
id2->hdr_lm_chal_resp.str_str_len,
@@ -593,221 +593,213 @@ static void api_net_sam_logon( uint16 vuid,
prs_struct *data,
prs_struct *rdata)
{
- NET_Q_SAM_LOGON q_l;
- NET_ID_INFO_CTR ctr;
- NET_USER_INFO_3 usr_info;
- uint32 status = 0x0;
- DOM_CRED srv_cred;
- struct smb_passwd *smb_pass = NULL;
- UNISTR2 *uni_samlogon_user = NULL;
-
- user_struct *vuser = NULL;
-
- if ((vuser = get_valid_user_struct(vuid)) == NULL)
- return;
-
- q_l.sam_id.ctr = &ctr;
-
- net_io_q_sam_logon("", &q_l, data, 0);
-
- /* checks and updates credentials. creates reply credentials */
- if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
- &(q_l.sam_id.client.cred), &srv_cred))
- {
- status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
- }
- else
- {
- memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
- }
-
- /* find the username */
-
- if (status == 0)
- {
- switch (q_l.sam_id.logon_level)
- {
- case INTERACTIVE_LOGON_TYPE:
- {
- uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
-
- DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
- break;
- }
- case NET_LOGON_TYPE:
- {
- uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
-
- DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
- break;
- }
- default:
- {
- DEBUG(2,("SAM Logon: unsupported switch value\n"));
- status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
- break;
- }
- } /* end switch */
- } /* end if status == 0 */
-
- /* check username exists */
-
- if (status == 0)
- {
- pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
- uni_samlogon_user->uni_str_len));
-
- DEBUG(3,("User:[%s]\n", samlogon_user));
+ NET_Q_SAM_LOGON q_l;
+ NET_ID_INFO_CTR ctr;
+ NET_USER_INFO_3 usr_info;
+ uint32 status = 0x0;
+ DOM_CRED srv_cred;
+ struct smb_passwd *smb_pass = NULL;
+ UNISTR2 *uni_samlogon_user = NULL;
- /*
- * Convert to a UNIX username.
- */
- map_username(samlogon_user);
+ user_struct *vuser = NULL;
- /*
- * Do any case conversions.
- */
- (void)Get_Pwnam(samlogon_user, True);
-
- become_root(True);
- smb_pass = getsmbpwnam(samlogon_user);
- unbecome_root(True);
-
- if (smb_pass == NULL)
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- else if (smb_pass->acct_ctrl & ACB_PWNOTREQ)
- status = 0;
- else if (smb_pass->acct_ctrl & ACB_DISABLED)
- status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED;
- }
-
- /* Validate password - if required. */
-
- if ((status == 0) && !(smb_pass->acct_ctrl & ACB_PWNOTREQ))
- {
- switch (q_l.sam_id.logon_level)
- {
- case INTERACTIVE_LOGON_TYPE:
- {
- /* interactive login. */
- status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
- break;
- }
- case NET_LOGON_TYPE:
- {
- /* network login. lm challenge and 24 byte responses */
- status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass);
- break;
- }
- }
- }
-
- /* lkclXXXX this is the point at which, if the login was
- successful, that the SAM Local Security Authority should
- record that the user is logged in to the domain.
- */
-
- /* return the profile plus other bits :-) */
-
- if (status == 0)
- {
- DOM_GID *gids = NULL;
- int num_gids = 0;
- NTTIME dummy_time;
- pstring logon_script;
- pstring profile_path;
- pstring home_dir;
- pstring home_drive;
- pstring my_name;
- pstring my_workgroup;
- pstring domain_groups;
- uint32 r_uid;
- uint32 r_gid;
-
- /* set up pointer indicating user/password failed to be found */
- usr_info.ptr_user_info = 0;
-
- dummy_time.low = 0xffffffff;
- dummy_time.high = 0x7fffffff;
-
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a become_user() call */
- sam_logon_in_ssb = True;
-
- pstrcpy(logon_script, lp_logon_script());
- pstrcpy(profile_path, lp_logon_path());
-
- pstrcpy(my_workgroup, lp_workgroup());
-
- pstrcpy(home_drive, lp_logon_drive());
- pstrcpy(home_dir, lp_logon_home());
-
- pstrcpy(my_name, global_myname);
- strupper(my_name);
+ if ((vuser = get_valid_user_struct(vuid)) == NULL)
+ return;
- /*
- * This is the point at which we get the group
- * database - we should be getting the gid_t list
- * from /etc/group and then turning the uids into
- * rids and then into machine sids for this user.
- * JRA.
- */
+ q_l.sam_id.ctr = &ctr;
- get_domain_user_groups(domain_groups, samlogon_user);
+ net_io_q_sam_logon("", &q_l, data, 0);
- /*
- * make_dom_gids allocates the gids array. JRA.
- */
- gids = NULL;
- num_gids = make_dom_gids(domain_groups, &gids);
-
- sam_logon_in_ssb = False;
-
- if (pdb_name_to_rid(samlogon_user, &r_uid, &r_gid))
- {
- make_net_user_info3(&usr_info,
- &dummy_time, /* logon_time */
- &dummy_time, /* logoff_time */
- &dummy_time, /* kickoff_time */
- &dummy_time, /* pass_last_set_time */
- &dummy_time, /* pass_can_change_time */
- &dummy_time, /* pass_must_change_time */
-
- samlogon_user , /* user_name */
- vuser->real_name, /* full_name */
- logon_script , /* logon_script */
- profile_path , /* profile_path */
- home_dir , /* home_dir */
- home_drive , /* dir_drive */
-
- 0, /* logon_count */
- 0, /* bad_pw_count */
-
- r_uid , /* RID user_id */
- r_gid , /* RID group_id */
- num_gids, /* uint32 num_groups */
- gids , /* DOM_GID *gids */
- 0x20 , /* uint32 user_flgs (?) */
-
- NULL, /* char sess_key[16] */
-
- my_name , /* char *logon_srv */
- my_workgroup, /* char *logon_dom */
-
- &global_sam_sid, /* DOM_SID *dom_sid */
- NULL); /* char *other_sids */
- }
- else
- {
- status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- }
-
- /* Free any allocated groups array. */
- if(gids)
- free((char *)gids);
- }
-
- net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
+ /* checks and updates credentials. creates reply credentials */
+ if (!deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
+ &(q_l.sam_id.client.cred), &srv_cred))
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+ else
+ {
+ memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
+ }
+
+ /* find the username */
+
+ if (status == 0)
+ {
+ switch (q_l.sam_id.logon_level)
+ {
+ case INTERACTIVE_LOGON_TYPE:
+ {
+ uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
+
+ DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
+ break;
+ }
+ case NET_LOGON_TYPE:
+ {
+ uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
+
+ DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
+ break;
+ }
+ default:
+ {
+ DEBUG(2,("SAM Logon: unsupported switch value\n"));
+ status = 0xC0000000 | NT_STATUS_INVALID_INFO_CLASS;
+ break;
+ }
+ } /* end switch */
+ } /* end if status == 0 */
+
+ /* check username exists */
+
+ if (status == 0)
+ {
+ pstrcpy(samlogon_user, unistrn2(uni_samlogon_user->buffer,
+ uni_samlogon_user->uni_str_len));
+
+ DEBUG(3,("User:[%s]\n", samlogon_user));
+
+ /*
+ * Convert to a UNIX username.
+ */
+ map_username(samlogon_user);
+
+ /*
+ * Do any case conversions.
+ */
+ (void)Get_Pwnam(samlogon_user, True);
+
+ become_root(True);
+ smb_pass = getsmbpwnam(samlogon_user);
+ unbecome_root(True);
+
+ if (smb_pass == NULL)
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+ else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) &&
+ IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))
+ {
+ status = 0xC0000000 | NT_STATUS_ACCOUNT_DISABLED;
+ }
+ }
+
+ /* validate password - if required */
+
+ if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)))
+ {
+ switch (q_l.sam_id.logon_level)
+ {
+ case INTERACTIVE_LOGON_TYPE:
+ {
+ /* interactive login. */
+ status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
+ break;
+ }
+ case NET_LOGON_TYPE:
+ {
+ /* network login. lm challenge and 24 byte responses */
+ status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
+ break;
+ }
+ }
+ }
+
+ /* lkclXXXX this is the point at which, if the login was
+ successful, that the SAM Local Security Authority should
+ record that the user is logged in to the domain.
+ */
+
+ /* return the profile plus other bits :-) */
+
+ if (status == 0)
+ {
+ DOM_GID *gids = NULL;
+ int num_gids = 0;
+ NTTIME dummy_time;
+ pstring logon_script;
+ pstring profile_path;
+ pstring home_dir;
+ pstring home_drive;
+ pstring my_name;
+ pstring my_workgroup;
+ DOMAIN_GRP *grp_mem;
+ uint32 r_uid;
+ uint32 r_gid;
+
+ /* set up pointer indicating user/password failed to be found */
+ usr_info.ptr_user_info = 0;
+
+ dummy_time.low = 0xffffffff;
+ dummy_time.high = 0x7fffffff;
+
+ /* XXXX hack to get standard_sub_basic() to use sam logon username */
+ /* possibly a better way would be to do a become_user() call */
+ sam_logon_in_ssb = True;
+
+ pstrcpy(logon_script, lp_logon_script());
+ pstrcpy(profile_path, lp_logon_path());
+
+ pstrcpy(my_workgroup, lp_workgroup());
+
+ pstrcpy(home_drive, lp_logon_drive());
+ pstrcpy(home_dir, lp_logon_home());
+ pstrcpy(my_name, global_myname);
+ strupper(my_name);
+
+ status = lookup_user_rids(samlogon_user, &r_uid, &r_gid);
+ status = status == 0 ? getusergroupsnam(samlogon_user, &grp_mem, &num_gids) : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
+
+ if (status == 0x0)
+ {
+ gids = NULL;
+ num_gids = make_dom_gids(grp_mem, num_gids, &gids);
+
+ make_net_user_info3(&usr_info,
+ &dummy_time, /* logon_time */
+ &dummy_time, /* logoff_time */
+ &dummy_time, /* kickoff_time */
+ &dummy_time, /* pass_last_set_time */
+ &dummy_time, /* pass_can_change_time */
+ &dummy_time, /* pass_must_change_time */
+
+ samlogon_user , /* user_name */
+ vuser->real_name, /* full_name */
+ logon_script , /* logon_script */
+ profile_path , /* profile_path */
+ home_dir , /* home_dir */
+ home_drive , /* dir_drive */
+
+ 0, /* logon_count */
+ 0, /* bad_pw_count */
+
+ r_uid , /* RID user_id */
+ r_gid , /* RID group_id */
+ num_gids, /* uint32 num_groups */
+ gids , /* DOM_GID *gids */
+ 0x20 , /* uint32 user_flgs (?) */
+
+ NULL, /* char sess_key[16] */
+
+ my_name , /* char *logon_srv */
+ my_workgroup, /* char *logon_dom */
+
+ &global_sam_sid, /* DOM_SID *dom_sid */
+ NULL); /* char *other_sids */
+ }
+ else
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* Free any allocated groups array. */
+ if (gids)
+ {
+ free((char *)gids);
+ }
+ }
+
+ net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);
}
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 323298ef7a..b70a71b5c0 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -30,9 +30,11 @@ extern int DEBUGLEVEL;
extern BOOL sam_logon_in_ssb;
extern pstring samlogon_user;
-extern fstring global_myworkgroup;
+extern fstring global_sam_name;
extern pstring global_myname;
extern DOM_SID global_sam_sid;
+extern DOM_SID global_sid_S_1_1;
+extern DOM_SID global_sid_S_1_5_20;
extern rid_name domain_group_rids[];
extern rid_name domain_alias_rids[];
@@ -79,8 +81,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
user_name_len = strlen(pwd->smb_name);
make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
- make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len,
- user_name_len, 1);
+ make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len-1,
+ user_name_len-1, 1);
pw_buf[(*num_entries)].user_rid = pwd->user_rid;
bzero( pw_buf[(*num_entries)].nt_pwd , 16);
@@ -292,24 +294,21 @@ static void samr_reply_unknown_3(SAMR_Q_UNKNOWN_3 *q_u,
if (status == 0x0)
{
- DOM_SID user_sid;
- DOM_SID everyone_sid;
+ DOM_SID usr_sid;
- user_sid = global_sam_sid;
+ usr_sid = global_sam_sid;
- SMB_ASSERT_ARRAY(user_sid.sub_auths, user_sid.num_auths+1);
+ SMB_ASSERT_ARRAY(usr_sid.sub_auths, usr_sid.num_auths+1);
/*
* Add the user RID.
*/
- user_sid.sub_auths[user_sid.num_auths++] = rid;
+ sid_append_rid(&usr_sid, rid);
- string_to_sid(&everyone_sid, "S-1-1");
-
- /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
- /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
- make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &everyone_sid);
- make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &user_sid);
+ /* maybe need another 1 or 2 (S-1-5-0x20-0x220 and S-1-5-20-0x224) */
+ /* these two are DOMAIN_ADMIN and DOMAIN_ACCT_OP group RIDs */
+ make_dom_sid3(&(sid[0]), 0x035b, 0x0002, &global_sid_S_1_1);
+ make_dom_sid3(&(sid[1]), 0x0044, 0x0002, &usr_sid);
}
make_samr_r_unknown_3(&r_u,
@@ -400,37 +399,92 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
prs_struct *rdata)
{
SAMR_R_ENUM_DOM_GROUPS r_e;
- SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
- int num_entries;
+ DOMAIN_GRP *grps = NULL;
+ int num_entries = 0;
BOOL got_grps;
- char *dummy_group = "Domain Admins";
+ DOM_SID sid;
+ fstring sid_str;
r_e.status = 0x0;
r_e.num_entries = 0;
/* find the policy handle. open a policy on it. */
- if (r_e.status == 0x0 && (find_lsa_policy_by_hnd(&(q_u->pol)) == -1))
+ if (r_e.status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &sid))
{
r_e.status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
}
- DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
+ sid_to_string(sid_str, &sid);
+
+ DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
+
+ /* well-known groups */
+ if (sid_equal(&sid, &global_sid_S_1_5_20))
+ {
+ char *name;
+ got_grps = True;
+
+ while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
+ {
+ DOMAIN_GRP tmp_grp;
+
+ fstrcpy(tmp_grp.name , name);
+ fstrcpy(tmp_grp.comment, "");
+ tmp_grp.rid = domain_group_rids[num_entries].rid;
+ tmp_grp.attr = 0x7;
+
+ if (!add_domain_group(&grps, &num_entries, &tmp_grp))
+ {
+ r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+ break;
+ }
+ }
+ }
+ else if (sid_equal(&sid, &global_sam_sid))
+ {
+ BOOL ret;
+ char *name;
+ got_grps = True;
+
+ while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
+ {
+ DOMAIN_GRP tmp_grp;
+
+ fstrcpy(tmp_grp.name , name);
+ fstrcpy(tmp_grp.comment, "");
+ tmp_grp.rid = domain_group_rids[num_entries].rid;
+ tmp_grp.attr = 0x7;
- got_grps = True;
- num_entries = 1;
- make_unistr2(&(pass[0].uni_user_name), dummy_group, strlen(dummy_group));
- pass[0].user_rid = DOMAIN_GROUP_RID_ADMINS;
+ if (!add_domain_group(&grps, &num_entries, &tmp_grp))
+ {
+ r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+ break;
+ }
+ }
+
+ become_root(True);
+ ret = enumdomgroups(&grps, &num_entries);
+ unbecome_root(True);
+ if (!ret)
+ {
+ r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+ }
+ }
if (r_e.status == 0 && got_grps)
{
- make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, pass, r_e.status);
+ make_samr_r_enum_dom_groups(&r_e, q_u->start_idx, num_entries, grps, r_e.status);
}
/* store the response in the SMB stream */
samr_io_r_enum_dom_groups("", &r_e, rdata, 0);
- DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
+ if (grps != NULL)
+ {
+ free(grps);
+ }
+ DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
}
/*******************************************************************
@@ -455,11 +509,10 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
prs_struct *rdata)
{
SAMR_R_ENUM_DOM_ALIASES r_e;
- SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
+ LOCAL_GRP *alss = NULL;
int num_entries = 0;
DOM_SID sid;
fstring sid_str;
- fstring sam_sid_str;
r_e.status = 0x0;
r_e.num_entries = 0;
@@ -471,34 +524,57 @@ static void samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
}
sid_to_string(sid_str, &sid);
- sid_to_string(sam_sid_str, &global_sam_sid);
DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
/* well-known aliases */
- if (strequal(sid_str, "S-1-5-32"))
+ if (sid_equal(&sid, &global_sid_S_1_5_20))
{
char *name;
- while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
+
+ while ((name = builtin_alias_rids[num_entries].name) != NULL)
{
- make_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name));
- pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
- num_entries++;
+ LOCAL_GRP tmp_als;
+
+ fstrcpy(tmp_als.name , name);
+ fstrcpy(tmp_als.comment, "");
+ tmp_als.rid = builtin_alias_rids[num_entries].rid;
+
+ if (!add_domain_alias(&alss, &num_entries, &tmp_als))
+ {
+ r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+ break;
+ }
}
}
- else if (strequal(sid_str, sam_sid_str))
+ else if (sid_equal(&sid, &global_sam_sid))
{
+ BOOL ret;
/* local aliases */
- /* oops! there's no code to deal with this */
- DEBUG(3,("samr_reply_enum_dom_aliases: enum of aliases in our domain not supported yet\n"));
num_entries = 0;
+
+ become_root(True);
+ ret = enumdomaliases(&alss, &num_entries);
+ unbecome_root(True);
+ if (!ret)
+ {
+ r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
+ }
}
- make_samr_r_enum_dom_aliases(&r_e, num_entries, pass, r_e.status);
+ if (r_e.status == 0x0)
+ {
+ make_samr_r_enum_dom_aliases(&r_e, num_entries, alss, r_e.status);
+ }
/* store the response in the SMB stream */
samr_io_r_enum_dom_aliases("", &r_e, rdata, 0);
+ if (alss != NULL)
+ {
+ free(alss);
+ }
+
DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
}
@@ -669,50 +745,92 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
{
uint32 rid[MAX_SAM_ENTRIES];
uint32 status = 0;
- int num_rids = q_u->num_sids1;
+ int num_rids = 0;
+ int i;
+ struct sam_passwd *sam_pass;
+ DOM_SID usr_sid;
+ DOM_SID dom_sid;
+ uint32 user_rid;
+ fstring sam_sid_str;
+ fstring dom_sid_str;
+ fstring usr_sid_str;
SAMR_R_LOOKUP_IDS r_u;
DEBUG(5,("samr_lookup_ids: %d\n", __LINE__));
+ /* find the policy handle. open a policy on it. */
+ if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->pol, &dom_sid))
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+ else
+ {
+ sid_to_string(dom_sid_str, &dom_sid );
+ sid_to_string(sam_sid_str, &global_sam_sid);
+ }
+
if (num_rids > MAX_SAM_ENTRIES)
{
num_rids = MAX_SAM_ENTRIES;
DEBUG(5,("samr_lookup_ids: truncating entries to %d\n", num_rids));
}
-#if 0
- int i;
- SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids);
-
- for (i = 0; i < num_rids && status == 0; i++)
+ if (status == 0x0)
{
- struct sam_passwd *sam_pass;
- fstring user_name;
-
+ usr_sid = q_u->sid[0].sid;
+ sid_split_rid(&usr_sid, &user_rid);
+ sid_to_string(usr_sid_str, &usr_sid);
- fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer,
- q_u->uni_user_name[i].uni_str_len));
+ }
+ if (status == 0x0)
+ {
/* find the user account */
become_root(True);
- sam_pass = get_smb21pwd_entry(user_name, 0);
+ sam_pass = getsam21pwrid(user_rid);
unbecome_root(True);
if (sam_pass == NULL)
{
status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
- rid[i] = 0;
+ num_rids = 0;
+ }
+ }
+
+ if (status == 0x0)
+ {
+ if (sid_equal(&dom_sid, &global_sid_S_1_5_20))
+ {
+ DEBUG(5,("lookup on S-1-5-20\n"));
+ }
+ else if (sid_equal(&dom_sid, &usr_sid))
+ {
+ DOMAIN_GRP *mem_grp = NULL;
+ BOOL ret;
+
+ DEBUG(5,("lookup on Domain SID\n"));
+
+ become_root(True);
+ ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_rids);
+ unbecome_root(True);
+
+ num_rids = MIN(num_rids, MAX_SAM_ENTRIES);
+
+ if (mem_grp != NULL)
+ {
+ for (i = 0; i < num_rids; i++)
+ {
+ rid[i] = mem_grp[i].rid;
+ }
+ free(mem_grp);
+ }
}
else
{
- rid[i] = sam_pass->user_rid;
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
}
}
-#endif
-
- num_rids = 1;
- rid[0] = BUILTIN_ALIAS_RID_USERS;
make_samr_r_lookup_ids(&r_u, num_rids, rid, status);
@@ -743,7 +861,8 @@ static void api_samr_lookup_ids( uint16 vuid, prs_struct *data, prs_struct *rdat
static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
prs_struct *rdata)
{
- uint32 rid[MAX_SAM_ENTRIES];
+ uint32 rid [MAX_SAM_ENTRIES];
+ uint8 type[MAX_SAM_ENTRIES];
uint32 status = 0;
int i;
int num_rids = q_u->num_rids1;
@@ -763,17 +882,12 @@ static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
for (i = 0; i < num_rids && status == 0; i++)
{
fstring name;
-
- status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
-
fstrcpy(name, unistrn2(q_u->uni_user_name[i].buffer, q_u->uni_user_name[i].uni_str_len));
- status = (status != 0x0) ? lookup_user_rid (name, &(rid[i])) : status;
- status = (status != 0x0) ? lookup_group_rid(name, &(rid[i])) : status;
- status = (status != 0x0) ? lookup_alias_rid(name, &(rid[i])) : status;
+ status = lookup_rid(name, &(rid[i]), &(type[i]));
}
- make_samr_r_lookup_names(&r_u, num_rids, rid, status);
+ make_samr_r_lookup_names(&r_u, num_rids, rid, type, status);
/* store the response in the SMB stream */
samr_io_r_lookup_names("", &r_u, rdata, 0);
@@ -1017,7 +1131,7 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
{
struct smb_passwd *smb_pass;
- if (!pdb_rid_is_user(user_rid))
+ if (!pwdb_rid_is_user(user_rid))
{
DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
return False;
@@ -1050,7 +1164,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
LOGON_HRS hrs;
int i;
- if (!pdb_rid_is_user(user_rid))
+ if (!pwdb_rid_is_user(user_rid))
{
DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
return False;
@@ -1255,10 +1369,20 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
if (status == 0x0)
{
- pstring groups;
- get_domain_user_groups(groups, sam_pass->smb_name);
+ DOMAIN_GRP *mem_grp = NULL;
+ BOOL ret;
+
+ become_root(True);
+ ret = getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups);
+ unbecome_root(True);
+
gids = NULL;
- num_groups = make_dom_gids(groups, &gids);
+ num_groups = make_dom_gids(mem_grp, num_groups, &gids);
+
+ if (mem_grp != NULL)
+ {
+ free(mem_grp);
+ }
}
/* construct the response. lkclXXXX: gids are not copied! */
@@ -1322,7 +1446,7 @@ static void samr_reply_query_dom_info(SAMR_Q_QUERY_DOMAIN_INFO *q_u,
case 0x02:
{
switch_value = 0x2;
- make_unk_info2(&ctr.info.inf2, global_myworkgroup, global_myname);
+ make_unk_info2(&ctr.info.inf2, global_sam_name, global_myname);
break;
}
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index 097ab92d76..25dceb41a0 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -22,325 +22,4 @@
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-/* this module apparently provides an implementation of DCE/RPC over a
- * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC
- * documentation are available (in on-line form) from the X-Open group.
- *
- * this module should provide a level of abstraction between SMB
- * and DCE/RPC, while minimising the amount of mallocs, unnecessary
- * data copies, and network traffic.
- *
- * in this version, which takes a "let's learn what's going on and
- * get something running" approach, there is additional network
- * traffic generated, but the code should be easier to understand...
- *
- * ... if you read the docs. or stare at packets for weeks on end.
- *
- */
-
-#include "includes.h"
-#include "nterr.h"
-
-extern int DEBUGLEVEL;
-
-/*
- * A list of the rids of well known BUILTIN and Domain users
- * and groups.
- */
-
-rid_name builtin_alias_rids[] =
-{
- { BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
- { BUILTIN_ALIAS_RID_USERS , "Users" },
- { BUILTIN_ALIAS_RID_GUESTS , "Guests" },
- { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
-
- { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
- { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
- { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
- { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
- { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
- { 0 , NULL }
-};
-
-/* array lookup of well-known Domain RID users. */
-rid_name domain_user_rids[] =
-{
- { DOMAIN_USER_RID_ADMIN , "Administrator" },
- { DOMAIN_USER_RID_GUEST , "Guest" },
- { 0 , NULL }
-};
-
-/* array lookup of well-known Domain RID groups. */
-rid_name domain_group_rids[] =
-{
- { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
- { DOMAIN_GROUP_RID_USERS , "Domain Users" },
- { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
- { 0 , NULL }
-};
-
-int make_dom_gids(char *gids_str, DOM_GID **ppgids)
-{
- char *ptr;
- pstring s2;
- int count;
- DOM_GID *gids;
-
- *ppgids = NULL;
-
- DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0)
- return 0;
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2));
- count++)
- ;
-
- gids = (DOM_GID *)malloc( sizeof(DOM_GID) * count );
- if(!gids)
- {
- DEBUG(0,("make_dom_gids: malloc fail !\n"));
- return 0;
- }
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2)) &&
- count < LSA_MAX_GROUPS;
- count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr(s2,'/');
- if (attr)
- *attr++ = 0;
-
- if (!attr || !*attr)
- attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; builtin_alias_rids[i].name != NULL; i++)
- {
- if (strequal(builtin_alias_rids[i].name, s2))
- {
- rid = builtin_alias_rids[i].rid;
- break;
- }
- }
-
- if (rid == 0)
- rid = atoi(s2);
-
- if (rid == 0)
- {
- DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
- count--;
- }
- else
- {
- gids[count].g_rid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
- }
- }
-
- *ppgids = gids;
- return count;
-}
-
-
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, char *user)
-{
- pstring tmp;
-
- if (domain_groups == NULL || user == NULL) return;
-
- /* any additional groups this user is in. e.g power users */
- pstrcpy(domain_groups, lp_domain_groups());
-
- /* can only be a user or a guest. cannot be guest _and_ admin */
- if (user_in_list(user, lp_domain_guest_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain guest group access %s granted\n", tmp));
- }
- else
- {
- slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain group access %s granted\n", tmp));
-
- if (user_in_list(user, lp_domain_admin_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain admin group access %s granted\n", tmp));
- }
- }
-}
-
-
-/*******************************************************************
- lookup_group_name
- ********************************************************************/
-uint32 lookup_group_name(uint32 rid, char *group_name, uint32 *type)
-{
- int i = 0;
- (*type) = SID_NAME_DOM_GRP;
-
- DEBUG(5,("lookup_group_name: rid: %d", rid));
-
- while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0)
- {
- i++;
- }
-
- if (domain_group_rids[i].rid != 0)
- {
- fstrcpy(group_name, domain_group_rids[i].name);
- DEBUG(5,(" = %s\n", group_name));
- return 0x0;
- }
-
- DEBUG(5,(" none mapped\n"));
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_alias_name
- ********************************************************************/
-uint32 lookup_alias_name(uint32 rid, char *alias_name, uint32 *type)
-{
- int i = 0;
- (*type) = SID_NAME_WKN_GRP;
-
- DEBUG(5,("lookup_alias_name: rid: %d", rid));
-
- while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0)
- {
- i++;
- }
-
- if (builtin_alias_rids[i].rid != 0)
- {
- fstrcpy(alias_name, builtin_alias_rids[i].name);
- DEBUG(5,(" = %s\n", alias_name));
- return 0x0;
- }
-
- DEBUG(5,(" none mapped\n"));
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_user_name
- ********************************************************************/
-uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
-{
- struct sam_disp_info *disp_info;
- int i = 0;
- (*type) = SID_NAME_USER;
-
- DEBUG(5,("lookup_user_name: rid: %d", rid));
-
- /* look up the well-known domain user rids first */
- while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0)
- {
- i++;
- }
-
- if (domain_user_rids[i].rid != 0)
- {
- fstrcpy(user_name, domain_user_rids[i].name);
- DEBUG(5,(" = %s\n", user_name));
- return 0x0;
- }
-
- /* ok, it's a user. find the user account */
- become_root(True);
- disp_info = getsamdisprid(rid);
- unbecome_root(True);
-
- if (disp_info != NULL)
- {
- fstrcpy(user_name, disp_info->smb_name);
- DEBUG(5,(" = %s\n", user_name));
- return 0x0;
- }
-
- DEBUG(5,(" none mapped\n"));
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_group_rid
- ********************************************************************/
-uint32 lookup_group_rid(char *group_name, uint32 *rid)
-{
- char *grp_name;
- int i = -1; /* start do loop at -1 */
-
- do /* find, if it exists, a group rid for the group name*/
- {
- i++;
- (*rid) = domain_group_rids[i].rid;
- grp_name = domain_group_rids[i].name;
-
- } while (grp_name != NULL && !strequal(grp_name, group_name));
-
- return (grp_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_alias_rid
- ********************************************************************/
-uint32 lookup_alias_rid(char *alias_name, uint32 *rid)
-{
- char *als_name;
- int i = -1; /* start do loop at -1 */
-
- do /* find, if it exists, a alias rid for the alias name*/
- {
- i++;
- (*rid) = builtin_alias_rids[i].rid;
- als_name = builtin_alias_rids[i].name;
-
- } while (als_name != NULL && !strequal(als_name, alias_name));
-
- return (als_name != NULL) ? 0 : 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
-
-/*******************************************************************
- lookup_user_rid
- ********************************************************************/
-uint32 lookup_user_rid(char *user_name, uint32 *rid)
-{
- struct sam_passwd *sam_pass;
- (*rid) = 0;
-
- /* find the user account */
- become_root(True);
- sam_pass = getsam21pwnam(user_name);
- unbecome_root(True);
-
- if (sam_pass != NULL)
- {
- (*rid) = sam_pass->user_rid;
- return 0x0;
- }
-
- return 0xC0000000 | NT_STATUS_NONE_MAPPED;
-}
+/* retired module */
generated by cgit (git 2.34.1) at 2024-07-20 17:27:10 +0000