diff options
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 22 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 7 | ||||
| -rw-r--r-- | source3/rpc_server/srv_util.c | 208 |
3 files changed, 67 insertions, 170 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 5f85d4db9c..d15175d4ae 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -27,8 +27,6 @@ #include "includes.h" -extern BOOL sam_logon_in_ssb; -extern pstring samlogon_user; extern pstring global_myname; extern DOM_SID global_sam_sid; @@ -642,16 +640,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * int num_gids = 0; pstring my_name; pstring my_workgroup; - pstring domain_groups; /* set up pointer indicating user/password failed to be found */ usr_info->ptr_user_info = 0; - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a change_to_user() call */ - sam_logon_in_ssb = True; - pstrcpy(samlogon_user, nt_username); - pstrcpy(my_workgroup, lp_workgroup()); pstrcpy(my_name, global_myname); strupper(my_name); @@ -664,17 +656,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * * JRA. */ - *domain_groups = 0; - - get_domain_user_groups(domain_groups, nt_username); - - /* - * make_dom_gids allocates the gids array. JRA. - */ - gids = NULL; - num_gids = make_dom_gids(p->mem_ctx, domain_groups, &gids); - - sam_logon_in_ssb = False; + gids = NULL; + get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account); init_net_user_info3(p->mem_ctx, usr_info, server_info->sam_account, 0, /* logon_count */ @@ -687,6 +670,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * my_workgroup, /* char *logon_dom */ &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ + } free_server_info(&server_info); return status; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5e19fd1e7c..853a130859 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1854,11 +1854,13 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S if (ret == False) { samr_clear_sam_passwd(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } - if(!new_get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) { + if(!get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) { samr_clear_sam_passwd(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_GROUP; } @@ -1868,6 +1870,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); samr_clear_sam_passwd(sam_pass); + pdb_free_sam(&sam_pass); return r_u->status; } @@ -2745,7 +2748,7 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, for (i=0; i<q_u->num_sids1; i++) { - r_u->status=new_get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid)); + r_u->status=get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid)); /* * if there is an error, we just continue as diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 80090cf6e0..5c781c20ae 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -76,84 +76,10 @@ rid_name domain_group_rids[] = { 0 , NULL } }; -int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids) -{ - char *ptr; - pstring s2; - int count; - DOM_GID *gids; - - *ppgids = NULL; - - DEBUG(4,("make_dom_gids: %s\n", gids_str)); - - if (gids_str == NULL || *gids_str == 0) - return 0; - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)); - count++) - ; - - gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count ); - if(!gids) - { - DEBUG(0,("make_dom_gids: talloc fail !\n")); - return 0; - } - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)) && - count < LSA_MAX_GROUPS; - count++) - { - /* the entries are of the form GID/ATTR, ATTR being optional.*/ - char *attr; - uint32 rid = 0; - int i; - - attr = strchr_m(s2,'/'); - if (attr) - *attr++ = 0; - - if (!attr || !*attr) - attr = "7"; /* default value for attribute is 7 */ - - /* look up the RID string and see if we can turn it into a rid number */ - for (i = 0; builtin_alias_rids[i].name != NULL; i++) - { - if (strequal(builtin_alias_rids[i].name, s2)) - { - rid = builtin_alias_rids[i].rid; - break; - } - } - - if (rid == 0) - rid = atoi(s2); - - if (rid == 0) - { - DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr)); - count--; - } - else - { - gids[count].g_rid = rid; - gids[count].attr = atoi(attr); - - DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr)); - } - } - - *ppgids = gids; - return count; -} - /******************************************************************* gets a domain user's groups ********************************************************************/ -NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid) +NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid) { SAM_ACCOUNT *sam_pass=NULL; char *sep; @@ -186,7 +112,7 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups sep = lp_winbind_separator(); - DEBUG(10,("new_get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", + DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid))); sid_peek_rid(q_sid, &rid); @@ -195,27 +121,30 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups become_root(); ret = pdb_getsampwrid(sam_pass, rid); unbecome_root(); - if (ret == False) + if (ret == False) { + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; + } fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); gid=pdb_get_gid(sam_pass); grp = glist = getgrent_list(); - if (grp == NULL) + if (grp == NULL) { + pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; - + } for (; grp != NULL; grp = grp->next) { if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) { - DEBUG(10,("new_get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid)); + DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid)); continue; } /* if it's not an alias, continue */ if (map.sid_name_use!=SID_NAME_ALIAS) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); continue; } @@ -224,24 +153,24 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups /* if the sid is not in the correct domain, continue */ if (!sid_equal(&tmp_sid, sid)) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); continue; } /* Don't return winbind groups as they are not local! */ if (strchr_m(map.nt_name, *sep) != NULL) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name)); continue; } /* Don't return user private groups... */ if (Get_Pwnam(map.nt_name) != 0) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name)); continue; } /* the group is fine, we can check if there is the user we're looking for */ - DEBUG(10,("new_get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name)); for(num=0; grp->gr_mem[num]!=NULL; num++) { if(strcmp(grp->gr_mem[num], user_name)==0) { @@ -249,69 +178,70 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1)); if (new_rids==NULL) { - DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n")); + DEBUG(10,("get_alias_user_groups: could not realloc memory\n")); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; } rids=new_rids; sid_peek_rid(&map.sid, &(rids[cur_rid])); - DEBUG(10,("new_get_alias_user_groups: user found in group %s\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name)); cur_rid++; break; } } - } - + grent_free(glist); - + /* now check for the user's gid (the primary group rid) */ for (i=0; i<cur_rid && grid!=rids[i]; i++) ; - + /* the user's gid is already there */ if (i!=cur_rid) { - DEBUG(10,("new_get_alias_user_groups: user is already in the list. good.\n")); + DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n")); goto done; } - - DEBUG(10,("new_get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name)); - + + DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name)); + if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) { - DEBUG(0,("new_get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name)); + DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name)); goto done; } - + /* the primary group isn't an alias */ if (map.sid_name_use!=SID_NAME_ALIAS) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); goto done; } sid_copy(&tmp_sid, &map.sid); sid_split_rid(&tmp_sid, &rid); - + /* if the sid is not in the correct domain, continue */ if (!sid_equal(&tmp_sid, sid)) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); goto done; } /* Don't return winbind groups as they are not local! */ if (strchr_m(map.nt_name, *sep) != NULL) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name )); + DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name )); goto done; } /* Don't return user private groups... */ if (Get_Pwnam(map.nt_name) != 0) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name )); + DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name )); goto done; } new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1)); if (new_rids==NULL) { - DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n")); + DEBUG(10,("get_alias_user_groups: could not realloc memory\n")); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; } rids=new_rids; @@ -322,7 +252,8 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups done: *prids=rids; *numgroups=cur_rid; - + pdb_free_sam(&sam_pass); + return NT_STATUS_OK; } @@ -330,7 +261,7 @@ done: /******************************************************************* gets a domain user's groups ********************************************************************/ -BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass) +BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass) { GROUP_MAP *map=NULL; int i, num, num_entries, cur_gid=0; @@ -345,13 +276,12 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); - DEBUG(10,("new_get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name)); + DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name)); /* first get the list of the domain groups */ if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) return False; - DEBUG(10,("new_get_domain_user_groups: there are %d mapped groups\n", num_entries)); - + DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries)); /* * alloc memory. In the worse case, we alloc memory for nothing. @@ -364,7 +294,7 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids for(i=0; i<num_entries; i++) { if ((grp=getgrgid(map[i].gid)) == NULL) { /* very weird !!! */ - DEBUG(5,("new_get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid)); + DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid)); continue; } @@ -372,8 +302,8 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids if(strcmp(grp->gr_mem[num], user_name)==0) { /* we found the user, add the group to the list */ sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid)); - gids[cur_gid].attr=map[i].sid_name_use; - DEBUG(10,("new_get_domain_user_groups: user found in group %s\n", map[i].nt_name)); + gids[cur_gid].attr=7; + DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name)); cur_gid++; break; } @@ -387,22 +317,36 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids /* the user's gid is already there */ if (i!=cur_gid) { + /* + * the primary group of the user but be the first one in the list + * don't ask ! JFM. + */ + gids[i].g_rid=gids[0].g_rid; + gids[0].g_rid=grid; goto done; } for(i=0; i<num_entries; i++) { sid_peek_rid(&map[i].sid, &tmp_rid); if (tmp_rid==grid) { - gids[cur_gid].g_rid=tmp_rid; - gids[cur_gid].attr=map[i].sid_name_use; - DEBUG(10,("new_get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name)); + /* + * the primary group of the user but be the first one in the list + * don't ask ! JFM. + */ + gids[cur_gid].g_rid=gids[0].g_rid; + gids[0].g_rid=tmp_rid; + gids[cur_gid].attr=7; + DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name)); cur_gid++; goto done; /* leave the loop early */ } } + DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name)); + DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n")); + done: - *pgids=gids; + *pgids=gids; *numgroups=cur_gid; safe_free(map); @@ -410,40 +354,6 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids } /******************************************************************* - gets a domain user's groups - ********************************************************************/ -void get_domain_user_groups(char *domain_groups, const char *user) -{ - pstring tmp; - - if (domain_groups == NULL || user == NULL) return; - - /* can only be a user or a guest. cannot be guest _and_ admin */ - if (user_in_list(user, lp_domain_guest_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain guest group access %s granted\n", tmp)); - } - else - { - slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain group access %s granted\n", tmp)); - - if (user_in_list(user, lp_domain_admin_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain admin group access %s granted\n", tmp)); - } - } -} - -/******************************************************************* Look up a local (domain) rid and return a name and type. ********************************************************************/ NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type) |