summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_samr.c118
1 files changed, 114 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 45095a9c3b..0ba7d0871e 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -695,14 +695,14 @@ static void samr_reply_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO *q_u,
{
if (q_u->switch_level == 3)
{
- status = NT_STATUS_INVALID_INFO_CLASS;
- }
- else
- {
r_e.ptr = 1;
ctr.switch_value = 3;
make_samr_alias_info3(&ctr.alias.info3, "<account description>");
}
+ else
+ {
+ status = NT_STATUS_INVALID_INFO_CLASS;
+ }
}
make_samr_r_query_aliasinfo(&r_e, status == 0 ? &ctr : NULL, status);
@@ -854,6 +854,104 @@ static void api_samr_query_useraliases( uint16 vuid, prs_struct *data, prs_struc
}
/*******************************************************************
+ samr_reply_query_aliasmem
+ ********************************************************************/
+static void samr_reply_query_aliasmem(SAMR_Q_QUERY_ALIASMEM *q_u,
+ prs_struct *rdata)
+{
+ uint32 status = 0;
+
+ LOCAL_GRP_MEMBER *mem_grp = NULL;
+ DOM_SID *sid = NULL;
+ int num_sids = 0;
+ DOM_SID alias_sid;
+ uint32 alias_rid;
+ fstring alias_sid_str;
+
+ SAMR_R_QUERY_ALIASMEM r_u;
+
+ DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
+
+ /* find the policy handle. open a policy on it. */
+ if (status == 0x0 && !get_lsa_policy_samr_sid(&q_u->alias_pol, &alias_sid))
+ {
+ status = 0xC0000000 | NT_STATUS_INVALID_HANDLE;
+ }
+ else
+ {
+ sid_to_string(alias_sid_str, &alias_sid );
+ sid_split_rid(&alias_sid, &alias_rid);
+ }
+
+ if (status == 0x0)
+ {
+ DEBUG(10,("sid is %s\n", alias_sid_str));
+
+ if (sid_equal(&alias_sid, &global_sid_S_1_5_20))
+ {
+ DEBUG(10,("lookup on S-1-5-20\n"));
+
+ become_root(True);
+ status = getbuiltinrid(alias_rid, &mem_grp, &num_sids) ? 0xC0000000 | NT_STATUS_NO_SUCH_GROUP : 0x0;
+ unbecome_root(True);
+ }
+ else if (sid_equal(&alias_sid, &global_sam_sid))
+ {
+ DEBUG(10,("lookup on Domain SID\n"));
+
+ become_root(True);
+ status = getaliasrid(alias_rid, &mem_grp, &num_sids) ? 0xC0000000 | NT_STATUS_NO_SUCH_GROUP : 0x0;
+ unbecome_root(True);
+ }
+ else
+ {
+ status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
+ }
+ }
+
+ if (status == 0x0 && num_sids > 0)
+ {
+ sid = malloc(num_sids * sizeof(DOM_SID));
+ if (mem_grp != NULL && sid != NULL)
+ {
+ int i;
+ for (i = 0; i < num_sids; i++)
+ {
+ sid[i] = mem_grp[i].sid;
+ }
+ free(mem_grp);
+ }
+ }
+
+ make_samr_r_query_aliasmem(&r_u, num_sids, sid, status);
+
+ /* store the response in the SMB stream */
+ samr_io_r_query_aliasmem("", &r_u, rdata, 0);
+
+ if (sid != NULL)
+ {
+ free(sid);
+ }
+
+ DEBUG(5,("samr_query_aliasmem: %d\n", __LINE__));
+
+}
+
+/*******************************************************************
+ api_samr_query_aliasmem
+ ********************************************************************/
+static void api_samr_query_aliasmem( uint16 vuid, prs_struct *data, prs_struct *rdata)
+{
+ SAMR_Q_QUERY_ALIASMEM q_u;
+
+ /* grab the samr 0x21 */
+ samr_io_q_query_aliasmem("", &q_u, data, 0);
+
+ /* construct reply. always indicate success */
+ samr_reply_query_aliasmem(&q_u, rdata);
+}
+
+/*******************************************************************
samr_reply_lookup_names
********************************************************************/
static void samr_reply_lookup_names(SAMR_Q_LOOKUP_NAMES *q_u,
@@ -1669,6 +1767,7 @@ static void samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u,
prs_struct *rdata)
{
SAMR_R_OPEN_ALIAS r_u;
+ DOM_SID sid;
BOOL pol_open = False;
/* set up the SAMR open_alias response */
@@ -1687,6 +1786,16 @@ static void samr_reply_open_alias(SAMR_Q_OPEN_ALIAS *q_u,
r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ sid_copy(&sid, &global_sid_S_1_5_20);
+ sid_append_rid(&sid, q_u->rid_alias);
+
+ /* associate an alias SID with the (unique) handle. */
+ if (r_u.status == 0x0 && !set_lsa_policy_samr_sid(&(r_u.pol), &sid))
+ {
+ /* oh, whoops. don't know what error message to return, here */
+ r_u.status = 0xC0000000 | NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
if (r_u.status != 0 && pol_open)
{
close_lsa_policy_hnd(&(r_u.pol));
@@ -1728,6 +1837,7 @@ static struct api_struct api_samr_cmds [] =
{ "SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups },
{ "SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
{ "SAMR_QUERY_USERALIASES", SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
+ { "SAMR_QUERY_ALIASMEM" , SAMR_QUERY_ALIASMEM , api_samr_query_aliasmem },
{ "SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names },
{ "SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user },
{ "SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo },