summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_dssetup_nt.c220
-rw-r--r--source3/rpc_server/srv_eventlog.c88
-rw-r--r--source3/rpc_server/srv_eventlog_lib.c8
-rw-r--r--source3/rpc_server/srv_eventlog_nt.c162
-rw-r--r--source3/rpc_server/srv_lsa.c1069
-rw-r--r--source3/rpc_server/srv_lsa_ds.c85
-rw-r--r--source3/rpc_server/srv_lsa_ds_nt.c130
-rw-r--r--source3/rpc_server/srv_lsa_nt.c1710
-rw-r--r--source3/rpc_server/srv_netlog.c405
-rw-r--r--source3/rpc_server/srv_netlog_nt.c1175
-rw-r--r--source3/rpc_server/srv_ntsvcs.c107
-rw-r--r--source3/rpc_server/srv_ntsvcs_nt.c636
-rw-r--r--source3/rpc_server/srv_pipe.c67
-rw-r--r--source3/rpc_server/srv_samr.c1571
-rw-r--r--source3/rpc_server/srv_samr_nt.c3508
-rw-r--r--source3/rpc_server/srv_samr_util.c759
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c20
-rw-r--r--source3/rpc_server/srv_svcctl.c180
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c502
-rw-r--r--source3/rpc_server/srv_winreg_nt.c303
-rw-r--r--source3/rpc_server/srv_wkssvc_nt.c113
21 files changed, 5186 insertions, 7632 deletions
diff --git a/source3/rpc_server/srv_dssetup_nt.c b/source3/rpc_server/srv_dssetup_nt.c
new file mode 100644
index 0000000000..ea535a3375
--- /dev/null
+++ b/source3/rpc_server/srv_dssetup_nt.c
@@ -0,0 +1,220 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * RPC Pipe client / server routines
+ * Copyright (C) Andrew Tridgell 1992-1997.
+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997.
+ * Copyright (C) Paul Ashton 1997.
+ * Copyright (C) Jeremy Allison 2001.
+ * Copyright (C) Gerald Carter 2002.
+ * Copyright (C) Guenther Deschner 2008.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
+
+/********************************************************************
+ Fill in a dssetup_DsRolePrimaryDomInfoBasic structure
+ ********************************************************************/
+
+static WERROR fill_dsrole_dominfo_basic(TALLOC_CTX *ctx,
+ struct dssetup_DsRolePrimaryDomInfoBasic **info)
+{
+ struct dssetup_DsRolePrimaryDomInfoBasic *basic = NULL;
+ fstring dnsdomain;
+
+ DEBUG(10,("fill_dsrole_dominfo_basic: enter\n"));
+
+ basic = TALLOC_ZERO_P(ctx, struct dssetup_DsRolePrimaryDomInfoBasic);
+ if (!basic) {
+ DEBUG(0,("fill_dsrole_dominfo_basic: out of memory\n"));
+ return WERR_NOMEM;
+ }
+
+ switch (lp_server_role()) {
+ case ROLE_STANDALONE:
+ basic->role = DS_ROLE_STANDALONE_SERVER;
+ basic->domain = get_global_sam_name();
+ break;
+ case ROLE_DOMAIN_MEMBER:
+ basic->role = DS_ROLE_MEMBER_SERVER;
+ basic->domain = lp_workgroup();
+ break;
+ case ROLE_DOMAIN_BDC:
+ basic->role = DS_ROLE_BACKUP_DC;
+ basic->domain = get_global_sam_name();
+ break;
+ case ROLE_DOMAIN_PDC:
+ basic->role = DS_ROLE_PRIMARY_DC;
+ basic->domain = get_global_sam_name();
+ break;
+ }
+
+ if (secrets_fetch_domain_guid(lp_workgroup(), &basic->domain_guid)) {
+ basic->flags |= DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT;
+ }
+
+ /* fill in some additional fields if we are a member of an AD domain */
+
+ if (lp_security() == SEC_ADS) {
+ fstrcpy(dnsdomain, lp_realm());
+ strlower_m(dnsdomain);
+ basic->dns_domain = dnsdomain;
+
+ /* FIXME!! We really should fill in the correct forest
+ name. Should get this information from winbindd. */
+ basic->forest = dnsdomain;
+ } else {
+ /* security = domain should not fill in the dns or
+ forest name */
+ basic->dns_domain = NULL;
+ basic->forest = NULL;
+ }
+
+ *info = basic;
+
+ return WERR_OK;
+}
+
+/********************************************************************
+ Implement the _dssetup_DsRoleGetPrimaryDomainInformation() call
+ ********************************************************************/
+
+WERROR _dssetup_DsRoleGetPrimaryDomainInformation(pipes_struct *p,
+ struct dssetup_DsRoleGetPrimaryDomainInformation *r)
+{
+ WERROR werr = WERR_OK;
+
+ switch (r->in.level) {
+
+ case DS_ROLE_BASIC_INFORMATION: {
+ struct dssetup_DsRolePrimaryDomInfoBasic *basic = NULL;
+ werr = fill_dsrole_dominfo_basic(p->mem_ctx, &basic);
+ if (W_ERROR_IS_OK(werr)) {
+ r->out.info->basic = *basic;
+ }
+ break;
+ }
+ default:
+ DEBUG(0,("_dssetup_DsRoleGetPrimaryDomainInformation: "
+ "Unknown info level [%d]!\n", r->in.level));
+ werr = WERR_UNKNOWN_LEVEL;
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDnsNameToFlatName(pipes_struct *p,
+ struct dssetup_DsRoleDnsNameToFlatName *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDcAsDc(pipes_struct *p,
+ struct dssetup_DsRoleDcAsDc *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDcAsReplica(pipes_struct *p,
+ struct dssetup_DsRoleDcAsReplica *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDemoteDc(pipes_struct *p,
+ struct dssetup_DsRoleDemoteDc *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleGetDcOperationProgress(pipes_struct *p,
+ struct dssetup_DsRoleGetDcOperationProgress *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleGetDcOperationResults(pipes_struct *p,
+ struct dssetup_DsRoleGetDcOperationResults *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleCancel(pipes_struct *p,
+ struct dssetup_DsRoleCancel *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleServerSaveStateForUpgrade(pipes_struct *p,
+ struct dssetup_DsRoleServerSaveStateForUpgrade *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleUpgradeDownlevelServer(pipes_struct *p,
+ struct dssetup_DsRoleUpgradeDownlevelServer *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(pipes_struct *p,
+ struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
diff --git a/source3/rpc_server/srv_eventlog.c b/source3/rpc_server/srv_eventlog.c
index 516ea134f2..5679a6acb6 100644
--- a/source3/rpc_server/srv_eventlog.c
+++ b/source3/rpc_server/srv_eventlog.c
@@ -42,27 +42,7 @@ static bool proxy_eventlog_call(pipes_struct *p, uint8 opnum)
static bool api_eventlog_open_eventlog(pipes_struct *p)
{
- EVENTLOG_Q_OPEN_EVENTLOG q_u;
- EVENTLOG_R_OPEN_EVENTLOG r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!(eventlog_io_q_open_eventlog("", &q_u, data, 0))) {
- DEBUG(0, ("eventlog_io_q_open_eventlog: unable to unmarshall EVENTLOG_Q_OPEN_EVENTLOG.\n"));
- return False;
- }
-
- r_u.status = _eventlog_open_eventlog(p, &q_u, &r_u);
-
- if (!(eventlog_io_r_open_eventlog("", &r_u, rdata, 0))) {
- DEBUG(0, ("eventlog_io_r_open_eventlog: unable to marshall EVENTLOG_R_OPEN_EVENTLOG.\n"));
- return False;
- }
-
- return True;
+ return proxy_eventlog_call(p, NDR_EVENTLOG_OPENEVENTLOGW);
}
static bool api_eventlog_close_eventlog(pipes_struct *p)
@@ -72,52 +52,12 @@ static bool api_eventlog_close_eventlog(pipes_struct *p)
static bool api_eventlog_get_num_records(pipes_struct *p)
{
- EVENTLOG_Q_GET_NUM_RECORDS q_u;
- EVENTLOG_R_GET_NUM_RECORDS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!(eventlog_io_q_get_num_records("", &q_u, data, 0))) {
- DEBUG(0, ("eventlog_io_q_get_num_records: unable to unmarshall EVENTLOG_Q_GET_NUM_RECORDS.\n"));
- return False;
- }
-
- r_u.status = _eventlog_get_num_records(p, &q_u, &r_u);
-
- if (!(eventlog_io_r_get_num_records("", &r_u, rdata, 0))) {
- DEBUG(0, ("eventlog_io_r_get_num_records: unable to marshall EVENTLOG_R_GET_NUM_RECORDS.\n"));
- return False;
- }
-
- return True;
+ return proxy_eventlog_call(p, NDR_EVENTLOG_GETNUMRECORDS);
}
static bool api_eventlog_get_oldest_entry(pipes_struct *p)
{
- EVENTLOG_Q_GET_OLDEST_ENTRY q_u;
- EVENTLOG_R_GET_OLDEST_ENTRY r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!(eventlog_io_q_get_oldest_entry("", &q_u, data, 0))) {
- DEBUG(0, ("eventlog_io_q_get_oldest_entry: unable to unmarshall EVENTLOG_Q_GET_OLDEST_ENTRY.\n"));
- return False;
- }
-
- r_u.status = _eventlog_get_oldest_entry(p, &q_u, &r_u);
-
- if (!(eventlog_io_r_get_oldest_entry("", &r_u, rdata, 0))) {
- DEBUG(0, ("eventlog_io_r_get_oldest_entry: unable to marshall EVENTLOG_R_GET_OLDEST_ENTRY.\n"));
- return False;
- }
-
- return True;
+ return proxy_eventlog_call(p, NDR_EVENTLOG_GETOLDESTRECORD);
}
static bool api_eventlog_read_eventlog(pipes_struct *p)
@@ -147,27 +87,7 @@ static bool api_eventlog_read_eventlog(pipes_struct *p)
static bool api_eventlog_clear_eventlog(pipes_struct *p)
{
- EVENTLOG_Q_CLEAR_EVENTLOG q_u;
- EVENTLOG_R_CLEAR_EVENTLOG r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!(eventlog_io_q_clear_eventlog("", &q_u, data, 0))) {
- DEBUG(0, ("eventlog_io_q_clear_eventlog: unable to unmarshall EVENTLOG_Q_CLEAR_EVENTLOG.\n"));
- return False;
- }
-
- r_u.status = _eventlog_clear_eventlog(p, &q_u, &r_u);
-
- if (!(eventlog_io_r_clear_eventlog("", &r_u, rdata, 0))) {
- DEBUG(0, ("eventlog_io_q_clear_eventlog: unable to marshall EVENTLOG_Q_CLEAR_EVENTLOG.\n"));
- return False;
- }
-
- return True;
+ return proxy_eventlog_call(p, NDR_EVENTLOG_CLEAREVENTLOGW);
}
/*
diff --git a/source3/rpc_server/srv_eventlog_lib.c b/source3/rpc_server/srv_eventlog_lib.c
index 4e996ee19b..269e2f318e 100644
--- a/source3/rpc_server/srv_eventlog_lib.c
+++ b/source3/rpc_server/srv_eventlog_lib.c
@@ -140,15 +140,14 @@ int elog_tdb_size( TDB_CONTEXT * tdb, int *MaxSize, int *Retention )
return True if we made enough room to accommodate needed bytes
********************************************************************/
-bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed,
- bool whack_by_date )
+static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed,
+ bool whack_by_date )
{
int start_record, i, new_start;
int end_record;
int nbytes, reclen, len, Retention, MaxSize;
int tresv1, trecnum, timegen, timewr;
TDB_DATA key, ret;
- TALLOC_CTX *mem_ctx = NULL;
time_t current_time, exp_time;
/* discard some eventlogs */
@@ -156,10 +155,7 @@ bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed,
/* read eventlogs from oldest_entry -- there can't be any discontinuity in recnos,
although records not necessarily guaranteed to have successive times */
/* */
- mem_ctx = talloc_init( "make_way_for_eventlogs" ); /* Homage to BPG */
- if ( mem_ctx == NULL )
- return False; /* can't allocate memory indicates bigger problems */
/* lock */
tdb_lock_bystring_with_timeout( the_tdb, EVT_NEXT_RECORD, 1 );
/* read */
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 3c9c835bad..0e2bcf4126 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -423,12 +423,12 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info )
char *path = NULL;
uint32 uiMaxSize;
uint32 uiRetention;
- REGISTRY_KEY *keyinfo;
- REGISTRY_VALUE *val;
- REGVAL_CTR *values;
+ struct registry_key *key;
+ struct registry_value *value;
WERROR wresult;
char *elogname = info->logname;
TALLOC_CTX *ctx = talloc_tos();
+ bool ret = false;
DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
@@ -451,44 +451,48 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info )
return false;
}
- wresult = regkey_open_internal( NULL, &keyinfo, path,
- get_root_nt_token( ), REG_KEY_READ );
+ wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(),
+ &key);
if ( !W_ERROR_IS_OK( wresult ) ) {
DEBUG( 4,
( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
path, dos_errstr( wresult ) ) );
- return False;
+ return false;
}
- if ( !( values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR ) ) ) {
- TALLOC_FREE( keyinfo );
- DEBUG( 0, ( "control_eventlog_hook: talloc() failed!\n" ) );
-
- return False;
+ wresult = reg_queryvalue(key, key, "Retention", &value);
+ if (!W_ERROR_IS_OK(wresult)) {
+ DEBUG(4, ("Failed to query value \"Retention\": %s\n",
+ dos_errstr(wresult)));
+ ret = false;
+ goto done;
}
- fetch_reg_values( keyinfo, values );
-
- if ( ( val = regval_ctr_getvalue( values, "Retention" ) ) != NULL )
- uiRetention = IVAL( regval_data_p( val ), 0 );
+ uiRetention = value->v.dword;
- if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL )
- uiMaxSize = IVAL( regval_data_p( val ), 0 );
-
- TALLOC_FREE( keyinfo );
+ wresult = reg_queryvalue(key, key, "MaxSize", &value);
+ if (!W_ERROR_IS_OK(wresult)) {
+ DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
+ dos_errstr(wresult)));
+ ret = false;
+ goto done;
+ }
+ uiMaxSize = value->v.dword;
tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
- return True;
+ ret = true;
+
+done:
+ TALLOC_FREE(ctx);
+ return ret;
}
/********************************************************************
********************************************************************/
static Eventlog_entry *read_package_entry( prs_struct * ps,
- EVENTLOG_Q_READ_EVENTLOG * q_u,
- EVENTLOG_R_READ_EVENTLOG * r_u,
Eventlog_entry * entry )
{
uint8 *offset;
@@ -604,28 +608,23 @@ static bool add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u,
}
/********************************************************************
+ _eventlog_OpenEventLogW
********************************************************************/
-NTSTATUS _eventlog_open_eventlog( pipes_struct * p,
- EVENTLOG_Q_OPEN_EVENTLOG * q_u,
- EVENTLOG_R_OPEN_EVENTLOG * r_u )
+NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p,
+ struct eventlog_OpenEventLogW *r)
{
- fstring servername, logname;
+ const char *servername = "";
+ const char *logname = "";
EVENTLOG_INFO *info;
NTSTATUS result;
- fstrcpy( servername, "" );
- if ( q_u->servername.string ) {
- rpcstr_pull( servername, q_u->servername.string->buffer,
- sizeof( servername ),
- q_u->servername.string->uni_str_len * 2, 0 );
+ if (r->in.servername->string) {
+ servername = r->in.servername->string;
}
- fstrcpy( logname, "" );
- if ( q_u->logname.string ) {
- rpcstr_pull( logname, q_u->logname.string->buffer,
- sizeof( logname ),
- q_u->logname.string->uni_str_len * 2, 0 );
+ if (r->in.logname->string) {
+ logname = r->in.logname->string;
}
DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n",
@@ -634,13 +633,13 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p,
/* according to MSDN, if the logfile cannot be found, we should
default to the "Application" log */
- if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, &r_u->handle )) )
+ if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, r->out.handle )) )
return result;
- if ( !(info = find_eventlog_info_by_hnd( p, &r_u->handle )) ) {
+ if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
DEBUG(0,("_eventlog_open_eventlog: eventlog (%s) opened but unable to find handle!\n",
logname ));
- elog_close( p, &r_u->handle );
+ elog_close( p, r->out.handle );
return NT_STATUS_INVALID_HANDLE;
}
@@ -653,28 +652,35 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p,
}
/********************************************************************
+ _eventlog_ClearEventLogW
This call still needs some work
********************************************************************/
-
-NTSTATUS _eventlog_clear_eventlog( pipes_struct * p,
- EVENTLOG_Q_CLEAR_EVENTLOG * q_u,
- EVENTLOG_R_CLEAR_EVENTLOG * r_u )
-{
- EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
- char *backup_file_name = NULL;
+/** The windows client seems to be doing something funny with the file name
+ A call like
+ ClearEventLog(handle, "backup_file")
+ on the client side will result in the backup file name looking like this on the
+ server side:
+ \??\${CWD of client}\backup_file
+ If an absolute path gets specified, such as
+ ClearEventLog(handle, "C:\\temp\\backup_file")
+ then it is still mangled by the client into this:
+ \??\C:\temp\backup_file
+ when it is on the wire.
+ I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
+ would be added in given that the backup file gets written on the server side. */
+
+NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
+ struct eventlog_ClearEventLogW *r)
+{
+ EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
+ const char *backup_file_name = NULL;
if ( !info )
return NT_STATUS_INVALID_HANDLE;
- if (q_u->backupfile.string) {
- size_t len = rpcstr_pull_talloc(p->mem_ctx,
- &backup_file_name,
- q_u->backupfile.string->buffer,
- q_u->backupfile.string->uni_str_len * 2,
- 0 );
- if (len == (size_t)-1 || !backup_file_name) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+ if (r->in.backupfile && r->in.backupfile->string) {
+
+ backup_file_name = r->in.backupfile->string;
DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup "
"file name for log [%s].",
@@ -765,7 +771,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
/* Now see if there is enough room to add */
- if ( !(ee_new = read_package_entry( ps, q_u, r_u, entry )) )
+ if ( !(ee_new = read_package_entry( ps, entry )) )
return NT_STATUS_NO_MEMORY;
if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) {
@@ -805,13 +811,13 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
}
/********************************************************************
+ _eventlog_GetOldestRecord
********************************************************************/
-NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p,
- EVENTLOG_Q_GET_OLDEST_ENTRY * q_u,
- EVENTLOG_R_GET_OLDEST_ENTRY * r_u )
+NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p,
+ struct eventlog_GetOldestRecord *r)
{
- EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
+ EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
if (info == NULL) {
return NT_STATUS_INVALID_HANDLE;
@@ -820,19 +826,19 @@ NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p,
if ( !( get_oldest_entry_hook( info ) ) )
return NT_STATUS_ACCESS_DENIED;
- r_u->oldest_entry = info->oldest_entry;
+ *r->out.oldest_entry = info->oldest_entry;
return NT_STATUS_OK;
}
/********************************************************************
+_eventlog_GetNumRecords
********************************************************************/
-NTSTATUS _eventlog_get_num_records( pipes_struct * p,
- EVENTLOG_Q_GET_NUM_RECORDS * q_u,
- EVENTLOG_R_GET_NUM_RECORDS * r_u )
+NTSTATUS _eventlog_GetNumRecords(pipes_struct *p,
+ struct eventlog_GetNumRecords *r)
{
- EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
+ EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
if (info == NULL) {
return NT_STATUS_INVALID_HANDLE;
@@ -841,17 +847,11 @@ NTSTATUS _eventlog_get_num_records( pipes_struct * p,
if ( !( get_num_records_hook( info ) ) )
return NT_STATUS_ACCESS_DENIED;
- r_u->num_records = info->num_records;
+ *r->out.number = info->num_records;
return NT_STATUS_OK;
}
-NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, struct eventlog_ClearEventLogW *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r)
{
p->rng_fault_state = True;
@@ -864,30 +864,12 @@ NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_Deregi
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, struct eventlog_GetNumRecords *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, struct eventlog_GetOldestRecord *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r)
{
p->rng_fault_state = True;
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, struct eventlog_OpenEventLogW *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r)
{
p->rng_fault_state = True;
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
deleted file mode 100644
index b433ac2c8f..0000000000
--- a/source3/rpc_server/srv_lsa.c
+++ /dev/null
@@ -1,1069 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-1997,
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- * Copyright (C) Paul Ashton 1997,
- * Copyright (C) Jeremy Allison 2001,
- * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003.
- * Copyright (C) Gerald (Jerry) Carter 2005
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* This is the interface to the lsa server code. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-static bool proxy_lsa_call(pipes_struct *p, uint8 opnum)
-{
- struct api_struct *fns;
- int n_fns;
-
- lsarpc_get_pipe_fns(&fns, &n_fns);
-
- if (opnum >= n_fns)
- return False;
-
- if (fns[opnum].opnum != opnum) {
- smb_panic("LSA function table not sorted");
- }
-
- return fns[opnum].fn(p);
-}
-
-/***************************************************************************
- api_lsa_open_policy2
- ***************************************************************************/
-
-static bool api_lsa_open_policy2(pipes_struct *p)
-{
- LSA_Q_OPEN_POL2 q_u;
- LSA_R_OPEN_POL2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the server, object attributes and desired access flag...*/
- if(!lsa_io_q_open_pol2("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
- return False;
- }
-
- r_u.status = _lsa_open_policy2(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_open_pol2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
-api_lsa_open_policy
- ***************************************************************************/
-
-static bool api_lsa_open_policy(pipes_struct *p)
-{
- LSA_Q_OPEN_POL q_u;
- LSA_R_OPEN_POL r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the server, object attributes and desired access flag...*/
- if(!lsa_io_q_open_pol("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
- return False;
- }
-
- r_u.status = _lsa_open_policy(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_open_pol("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_enum_trust_dom
- ***************************************************************************/
-
-static bool api_lsa_enum_trust_dom(pipes_struct *p)
-{
- LSA_Q_ENUM_TRUST_DOM q_u;
- LSA_R_ENUM_TRUST_DOM r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the enum trust domain context etc. */
- if(!lsa_io_q_enum_trust_dom("", &q_u, data, 0))
- return False;
-
- /* get required trusted domains information */
- r_u.status = _lsa_enum_trust_dom(p, &q_u, &r_u);
-
- /* prepare the response */
- if(!lsa_io_r_enum_trust_dom("", &r_u, rdata, 0))
- return False;
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_query_info
- ***************************************************************************/
-
-static bool api_lsa_query_info(pipes_struct *p)
-{
- LSA_Q_QUERY_INFO q_u;
- LSA_R_QUERY_INFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_query("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
- return False;
- }
-
- r_u.status = _lsa_query_info(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_query("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_sids
- ***************************************************************************/
-
-static bool api_lsa_lookup_sids(pipes_struct *p)
-{
- LSA_Q_LOOKUP_SIDS q_u;
- LSA_R_LOOKUP_SIDS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_sids("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_sids(p, &q_u, &r_u);
-
- if(!lsa_io_r_lookup_sids("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names
- ***************************************************************************/
-
-static bool api_lsa_lookup_names(pipes_struct *p)
-{
- LSA_Q_LOOKUP_NAMES q_u;
- LSA_R_LOOKUP_NAMES r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_names("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_names(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_lookup_names("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_close.
- ***************************************************************************/
-
-static bool api_lsa_close(pipes_struct *p)
-{
- return proxy_lsa_call(p, NDR_LSA_CLOSE);
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_open_secret(pipes_struct *p)
-{
- return proxy_lsa_call(p, NDR_LSA_OPENSECRET);
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_enum_privs(pipes_struct *p)
-{
- LSA_Q_ENUM_PRIVS q_u;
- LSA_R_ENUM_PRIVS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_privs("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_privs: failed to unmarshall LSA_Q_ENUM_PRIVS.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_privs(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_privs("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_privs: Failed to marshall LSA_R_ENUM_PRIVS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_priv_get_dispname(pipes_struct *p)
-{
- LSA_Q_PRIV_GET_DISPNAME q_u;
- LSA_R_PRIV_GET_DISPNAME r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_priv_get_dispname("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_priv_get_dispname: failed to unmarshall LSA_Q_PRIV_GET_DISPNAME.\n"));
- return False;
- }
-
- r_u.status = _lsa_priv_get_dispname(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_priv_get_dispname("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_priv_get_dispname: Failed to marshall LSA_R_PRIV_GET_DISPNAME.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_enum_accounts(pipes_struct *p)
-{
- LSA_Q_ENUM_ACCOUNTS q_u;
- LSA_R_ENUM_ACCOUNTS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_accounts("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_accounts: failed to unmarshall LSA_Q_ENUM_ACCOUNTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_accounts(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_accounts("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_accounts: Failed to marshall LSA_R_ENUM_ACCOUNTS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_UNK_GET_CONNUSER
- ***************************************************************************/
-
-static bool api_lsa_unk_get_connuser(pipes_struct *p)
-{
- LSA_Q_UNK_GET_CONNUSER q_u;
- LSA_R_UNK_GET_CONNUSER r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_unk_get_connuser("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_unk_get_connuser: failed to unmarshall LSA_Q_UNK_GET_CONNUSER.\n"));
- return False;
- }
-
- r_u.status = _lsa_unk_get_connuser(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_unk_get_connuser("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_unk_get_connuser: Failed to marshall LSA_R_UNK_GET_CONNUSER.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_create_user
- ***************************************************************************/
-
-static bool api_lsa_create_account(pipes_struct *p)
-{
- LSA_Q_CREATEACCOUNT q_u;
- LSA_R_CREATEACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_create_account("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_create_account: failed to unmarshall LSA_Q_CREATEACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_create_account(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_create_account("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_create_account: Failed to marshall LSA_R_CREATEACCOUNT.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_open_user
- ***************************************************************************/
-
-static bool api_lsa_open_account(pipes_struct *p)
-{
- LSA_Q_OPENACCOUNT q_u;
- LSA_R_OPENACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_open_account("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_open_account: failed to unmarshall LSA_Q_OPENACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_open_account(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_open_account("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_open_account: Failed to marshall LSA_R_OPENACCOUNT.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_get_privs
- ***************************************************************************/
-
-static bool api_lsa_enum_privsaccount(pipes_struct *p)
-{
- LSA_Q_ENUMPRIVSACCOUNT q_u;
- LSA_R_ENUMPRIVSACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_privsaccount("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_privsaccount: failed to unmarshall LSA_Q_ENUMPRIVSACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_privsaccount(p, rdata, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_privsaccount("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_privsaccount: Failed to marshall LSA_R_ENUMPRIVSACCOUNT.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_getsystemaccount
- ***************************************************************************/
-
-static bool api_lsa_getsystemaccount(pipes_struct *p)
-{
- LSA_Q_GETSYSTEMACCOUNT q_u;
- LSA_R_GETSYSTEMACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_getsystemaccount("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_getsystemaccount: failed to unmarshall LSA_Q_GETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_getsystemaccount(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_getsystemaccount("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_getsystemaccount: Failed to marshall LSA_R_GETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/***************************************************************************
- api_lsa_setsystemaccount
- ***************************************************************************/
-
-static bool api_lsa_setsystemaccount(pipes_struct *p)
-{
- LSA_Q_SETSYSTEMACCOUNT q_u;
- LSA_R_SETSYSTEMACCOUNT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_setsystemaccount("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_setsystemaccount: failed to unmarshall LSA_Q_SETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- r_u.status = _lsa_setsystemaccount(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_setsystemaccount("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_setsystemaccount: Failed to marshall LSA_R_SETSYSTEMACCOUNT.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_addprivs
- ***************************************************************************/
-
-static bool api_lsa_addprivs(pipes_struct *p)
-{
- LSA_Q_ADDPRIVS q_u;
- LSA_R_ADDPRIVS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_addprivs("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_addprivs: failed to unmarshall LSA_Q_ADDPRIVS.\n"));
- return False;
- }
-
- r_u.status = _lsa_addprivs(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_addprivs("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_addprivs: Failed to marshall LSA_R_ADDPRIVS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_removeprivs
- ***************************************************************************/
-
-static bool api_lsa_removeprivs(pipes_struct *p)
-{
- LSA_Q_REMOVEPRIVS q_u;
- LSA_R_REMOVEPRIVS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_removeprivs("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_removeprivs: failed to unmarshall LSA_Q_REMOVEPRIVS.\n"));
- return False;
- }
-
- r_u.status = _lsa_removeprivs(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_removeprivs("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_removeprivs: Failed to marshall LSA_R_REMOVEPRIVS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_query_secobj
- ***************************************************************************/
-
-static bool api_lsa_query_secobj(pipes_struct *p)
-{
- LSA_Q_QUERY_SEC_OBJ q_u;
- LSA_R_QUERY_SEC_OBJ r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_query_sec_obj("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_query_secobj: failed to unmarshall LSA_Q_QUERY_SEC_OBJ.\n"));
- return False;
- }
-
- r_u.status = _lsa_query_secobj(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_query_sec_obj("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_query_secobj: Failed to marshall LSA_R_QUERY_SEC_OBJ.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_add_acct_rights
- ***************************************************************************/
-
-static bool api_lsa_add_acct_rights(pipes_struct *p)
-{
- LSA_Q_ADD_ACCT_RIGHTS q_u;
- LSA_R_ADD_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_remove_acct_rights
- ***************************************************************************/
-
-static bool api_lsa_remove_acct_rights(pipes_struct *p)
-{
- LSA_Q_REMOVE_ACCT_RIGHTS q_u;
- LSA_R_REMOVE_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_enum_acct_rights
- ***************************************************************************/
-
-static bool api_lsa_enum_acct_rights(pipes_struct *p)
-{
- LSA_Q_ENUM_ACCT_RIGHTS q_u;
- LSA_R_ENUM_ACCT_RIGHTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_priv_value
- ***************************************************************************/
-
-static bool api_lsa_lookup_priv_value(pipes_struct *p)
-{
- LSA_Q_LOOKUP_PRIV_VALUE q_u;
- LSA_R_LOOKUP_PRIV_VALUE r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_lookup_priv_value("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_priv_value: failed to unmarshall LSA_Q_LOOKUP_PRIV_VALUE .\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_priv_value(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_lookup_priv_value("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_priv_value: Failed to marshall LSA_R_LOOKUP_PRIV_VALUE.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_open_trust_dom(pipes_struct *p)
-{
- return proxy_lsa_call(p, NDR_LSA_OPENTRUSTEDDOMAIN);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_create_trust_dom(pipes_struct *p)
-{
- return proxy_lsa_call(p, NDR_LSA_CREATETRUSTEDDOMAIN);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_create_secret(pipes_struct *p)
-{
- return proxy_lsa_call(p, NDR_LSA_CREATESECRET);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_set_secret(pipes_struct *p)
-{
- return proxy_lsa_call(p, NDR_LSA_SETSECRET);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_delete_object(pipes_struct *p)
-{
- LSA_Q_DELETE_OBJECT q_u;
- LSA_R_DELETE_OBJECT r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_delete_object("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_delete_object: failed to unmarshall LSA_Q_DELETE_OBJECT.\n"));
- return False;
- }
-
- r_u.status = _lsa_delete_object(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_delete_object("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_delete_object: Failed to marshall LSA_R_DELETE_OBJECT.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_sids2
- ***************************************************************************/
-
-static bool api_lsa_lookup_sids2(pipes_struct *p)
-{
- LSA_Q_LOOKUP_SIDS2 q_u;
- LSA_R_LOOKUP_SIDS2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_sids2("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_sids2: failed to unmarshall LSA_Q_LOOKUP_SIDS2.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_sids2(p, &q_u, &r_u);
-
- if(!lsa_io_r_lookup_sids2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_sids2: Failed to marshall LSA_R_LOOKUP_SIDS2.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_sids3
- ***************************************************************************/
-
-static bool api_lsa_lookup_sids3(pipes_struct *p)
-{
- LSA_Q_LOOKUP_SIDS3 q_u;
- LSA_R_LOOKUP_SIDS3 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_sids3("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_sids3: failed to unmarshall LSA_Q_LOOKUP_SIDS3.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_sids3(p, &q_u, &r_u);
-
- if(!lsa_io_r_lookup_sids3("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_sids3: Failed to marshall LSA_R_LOOKUP_SIDS3.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names2
- ***************************************************************************/
-
-static bool api_lsa_lookup_names2(pipes_struct *p)
-{
- LSA_Q_LOOKUP_NAMES2 q_u;
- LSA_R_LOOKUP_NAMES2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_names2("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_names2: failed to unmarshall LSA_Q_LOOKUP_NAMES2.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_names2(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_lookup_names2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_names2: Failed to marshall LSA_R_LOOKUP_NAMES2.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names3
- ***************************************************************************/
-
-static bool api_lsa_lookup_names3(pipes_struct *p)
-{
- LSA_Q_LOOKUP_NAMES3 q_u;
- LSA_R_LOOKUP_NAMES3 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_names3("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_names3: failed to unmarshall LSA_Q_LOOKUP_NAMES3.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_names3(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_lookup_names3("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_names3: Failed to marshall LSA_R_LOOKUP_NAMES3.\n"));
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names4
- ***************************************************************************/
-
-static bool api_lsa_lookup_names4(pipes_struct *p)
-{
- LSA_Q_LOOKUP_NAMES4 q_u;
- LSA_R_LOOKUP_NAMES4 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the info class and policy handle */
- if(!lsa_io_q_lookup_names4("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_lookup_names4: failed to unmarshall LSA_Q_LOOKUP_NAMES4.\n"));
- return False;
- }
-
- r_u.status = _lsa_lookup_names4(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!lsa_io_r_lookup_names4("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_lookup_names4: Failed to marshall LSA_R_LOOKUP_NAMES4.\n"));
- return False;
- }
-
- return True;
-}
-
-#if 0 /* AD DC work in ongoing in Samba 4 */
-
-/***************************************************************************
- api_lsa_query_info2
- ***************************************************************************/
-
-static bool api_lsa_query_info2(pipes_struct *p)
-{
- LSA_Q_QUERY_INFO2 q_u;
- LSA_R_QUERY_INFO2 r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!lsa_io_q_query_info2("", &q_u, data, 0)) {
- DEBUG(0,("api_lsa_query_info2: failed to unmarshall LSA_Q_QUERY_INFO2.\n"));
- return False;
- }
-
- r_u.status = _lsa_query_info2(p, &q_u, &r_u);
-
- if (!lsa_io_r_query_info2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_lsa_query_info2: failed to marshall LSA_R_QUERY_INFO2.\n"));
- return False;
- }
-
- return True;
-}
-#endif /* AD DC work in ongoing in Samba 4 */
-
-/***************************************************************************
- \PIPE\ntlsa commands
- ***************************************************************************/
-
-static struct api_struct api_lsa_cmds[] =
-{
- { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 },
- { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy },
- { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info },
- { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom },
- { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close },
- { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
- { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids },
- { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names },
- { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs },
- { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
- { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts },
- { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
- { "LSA_CREATEACCOUNT" , LSA_CREATEACCOUNT , api_lsa_create_account },
- { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account },
- { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
- { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
- { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
- { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs },
- { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs },
- { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights },
- { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights },
- { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
- { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
- { "LSA_LOOKUPPRIVVALUE" , LSA_LOOKUPPRIVVALUE , api_lsa_lookup_priv_value },
- { "LSA_OPENTRUSTDOM" , LSA_OPENTRUSTDOM , api_lsa_open_trust_dom },
- { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
- { "LSA_CREATETRUSTDOM" , LSA_CREATETRUSTDOM , api_lsa_create_trust_dom },
- { "LSA_CREATSECRET" , LSA_CREATESECRET , api_lsa_create_secret },
- { "LSA_SETSECRET" , LSA_SETSECRET , api_lsa_set_secret },
- { "LSA_DELETEOBJECT" , LSA_DELETEOBJECT , api_lsa_delete_object },
- { "LSA_LOOKUPSIDS2" , LSA_LOOKUPSIDS2 , api_lsa_lookup_sids2 },
- { "LSA_LOOKUPNAMES2" , LSA_LOOKUPNAMES2 , api_lsa_lookup_names2 },
- { "LSA_LOOKUPNAMES3" , LSA_LOOKUPNAMES3 , api_lsa_lookup_names3 },
- { "LSA_LOOKUPSIDS3" , LSA_LOOKUPSIDS3 , api_lsa_lookup_sids3 },
- { "LSA_LOOKUPNAMES4" , LSA_LOOKUPNAMES4 , api_lsa_lookup_names4 }
-#if 0 /* AD DC work in ongoing in Samba 4 */
- /* be careful of the adding of new RPC's. See commentrs below about
- ADS DC capabilities */
- { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }
-#endif /* AD DC work in ongoing in Samba 4 */
-};
-
-static int count_fns(void)
-{
- int funcs = sizeof(api_lsa_cmds) / sizeof(struct api_struct);
-
-#if 0 /* AD DC work is on going in Samba 4 */
- /*
- * NOTE: Certain calls can not be enabled if we aren't an ADS DC. Make sure
- * these calls are always last and that you decrement by the amount of calls
- * to disable.
- */
- if (!(SEC_ADS == lp_security() && ROLE_DOMAIN_PDC == lp_server_role())) {
- funcs -= 1;
- }
-#endif /* AD DC work in ongoing in Samba 4 */
-
- return funcs;
-}
-void lsa_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
- *fns = api_lsa_cmds;
- *n_fns = count_fns();
-}
-
-
-NTSTATUS rpc_lsa_init(void)
-{
- int funcs = count_fns();
-
- return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds,
- funcs);
-}
diff --git a/source3/rpc_server/srv_lsa_ds.c b/source3/rpc_server/srv_lsa_ds.c
deleted file mode 100644
index 55baa40261..0000000000
--- a/source3/rpc_server/srv_lsa_ds.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * RPC Pipe client / server routines
- * Copyright (C) Gerald Carter 2003
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* This is the interface for the registry functions. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/*******************************************************************
- ********************************************************************/
-
-static bool api_dsrole_get_primary_dominfo(pipes_struct *p)
-{
- DS_Q_GETPRIMDOMINFO q_u;
- DS_R_GETPRIMDOMINFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the request */
- if ( !ds_io_q_getprimdominfo("", &q_u, data, 0) )
- return False;
-
- /* construct reply. */
- r_u.status = _dsrole_get_primary_dominfo( p, &q_u, &r_u );
-
- if ( !ds_io_r_getprimdominfo("", &r_u, rdata, 0) )
- return False;
-
- return True;
-}
-
-/*******************************************************************
- stub functions for unimplemented RPC
-*******************************************************************/
-
-static bool api_dsrole_stub( pipes_struct *p )
-{
- DEBUG(0,("api_dsrole_stub: Hmmm....didn't know this RPC existed...\n"));
-
- return False;
-}
-
-
-/*******************************************************************
- array of \PIPE\lsass (new windows 2000 UUID) operations
-********************************************************************/
-static struct api_struct api_lsa_ds_cmds[] = {
- { "DS_NOP", DS_NOP, api_dsrole_stub },
- { "DS_GETPRIMDOMINFO", DS_GETPRIMDOMINFO, api_dsrole_get_primary_dominfo }
-
-};
-
-void lsa_ds_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
- *fns = api_lsa_ds_cmds;
- *n_fns = sizeof(api_lsa_ds_cmds) / sizeof(struct api_struct);
-}
-
-
-NTSTATUS rpc_lsa_ds_init(void)
-{
- return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsa_ds", "lsa_ds", api_lsa_ds_cmds,
- sizeof(api_lsa_ds_cmds) / sizeof(struct api_struct));
-}
diff --git a/source3/rpc_server/srv_lsa_ds_nt.c b/source3/rpc_server/srv_lsa_ds_nt.c
deleted file mode 100644
index 994b3cccca..0000000000
--- a/source3/rpc_server/srv_lsa_ds_nt.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-1997.
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1997.
- * Copyright (C) Paul Ashton 1997.
- * Copyright (C) Jeremy Allison 2001.
- * Copyright (C) Gerald Carter 2002.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* Implementation of registry functions. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/********************************************************************
- Fill in a DS_DOMINFO_CTR structure
- ********************************************************************/
-
-static NTSTATUS fill_dsrole_dominfo_basic(TALLOC_CTX *ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **info)
-{
- DSROLE_PRIMARY_DOMAIN_INFO_BASIC *basic;
- const char *netbios_domain = "";
- fstring dnsdomain;
-
- DEBUG(10,("fill_dsrole_dominfo_basic: enter\n"));
-
- if ( !(basic = TALLOC_ZERO_P(ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC)) ) {
- DEBUG(0,("fill_dsrole_dominfo_basic: FATAL error! talloc_xero() failed\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- switch ( lp_server_role() ) {
- case ROLE_STANDALONE:
- basic->machine_role = DSROLE_STANDALONE_SRV;
- basic->netbios_ptr = 1;
- netbios_domain = get_global_sam_name();
- break;
- case ROLE_DOMAIN_MEMBER:
- basic->netbios_ptr = 1;
- netbios_domain = lp_workgroup();
- basic->machine_role = DSROLE_DOMAIN_MEMBER_SRV;
- break;
- case ROLE_DOMAIN_BDC:
- basic->netbios_ptr = 1;
- netbios_domain = get_global_sam_name();
- basic->machine_role = DSROLE_BDC;
- break;
- case ROLE_DOMAIN_PDC:
- basic->netbios_ptr = 1;
- netbios_domain = get_global_sam_name();
- basic->machine_role = DSROLE_PDC;
- break;
- }
-
- /* always set netbios name */
-
- init_unistr2( &basic->netbios_domain, netbios_domain, UNI_STR_TERMINATE);
-
- if ( secrets_fetch_domain_guid( lp_workgroup(), &basic->domain_guid ) )
- basic->flags |= DSROLE_PRIMARY_DOMAIN_GUID_PRESENT;
-
- /* fill in some additional fields if we are a member of an AD domain */
-
- if ( lp_security() == SEC_ADS ) {
- fstrcpy( dnsdomain, lp_realm() );
- strlower_m( dnsdomain );
-
- basic->dnsname_ptr = 1;
- init_unistr2( &basic->dns_domain, dnsdomain, UNI_STR_TERMINATE);
-
- /* FIXME!! We really should fill in the correct forest
- name. Should get this information from winbindd. */
- basic->forestname_ptr = 1;
- init_unistr2( &basic->forest_domain, dnsdomain, UNI_STR_TERMINATE);
- } else {
- /* security = domain should not fill in the dns or
- forest name */
- basic->dnsname_ptr = 0;
- basic->forestname_ptr = 0;
- }
-
- *info = basic;
-
- return NT_STATUS_OK;
-}
-
-/********************************************************************
- Implement the DsroleGetPrimaryDomainInfo() call
- ********************************************************************/
-
-NTSTATUS _dsrole_get_primary_dominfo(pipes_struct *p, DS_Q_GETPRIMDOMINFO *q_u, DS_R_GETPRIMDOMINFO *r_u)
-{
- NTSTATUS result = NT_STATUS_OK;
- uint32 level = q_u->level;
-
- switch ( level ) {
-
- case DsRolePrimaryDomainInfoBasic:
- r_u->level = DsRolePrimaryDomainInfoBasic;
- r_u->ptr = 1;
- result = fill_dsrole_dominfo_basic( p->mem_ctx, &r_u->info.basic );
- break;
-
- default:
- DEBUG(0,("_dsrole_get_primary_dominfo: Unsupported info level [%d]!\n",
- level));
- result = NT_STATUS_INVALID_LEVEL;
- }
-
- return result;
-}
-
-
-
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 1b78772a79..1333d656d4 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -10,17 +10,18 @@
* Copyright (C) Simo Sorce 2003.
* Copyright (C) Gerald (Jerry) Carter 2005.
* Copyright (C) Volker Lendecke 2005.
+ * Copyright (C) Guenther Deschner 2008.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
@@ -40,82 +41,31 @@ struct lsa_info {
};
const struct generic_mapping lsa_generic_mapping = {
- POLICY_READ,
- POLICY_WRITE,
- POLICY_EXECUTE,
- POLICY_ALL_ACCESS
+ LSA_POLICY_READ,
+ LSA_POLICY_WRITE,
+ LSA_POLICY_EXECUTE,
+ LSA_POLICY_ALL_ACCESS
};
-/*******************************************************************
- Function to free the per handle data.
- ********************************************************************/
-
-static void free_lsa_info(void *ptr)
-{
- struct lsa_info *lsa = (struct lsa_info *)ptr;
-
- SAFE_FREE(lsa);
-}
-
/***************************************************************************
-Init dom_query
- ***************************************************************************/
-
-static void init_dom_query_3(DOM_QUERY_3 *d_q, const char *dom_name, DOM_SID *dom_sid)
-{
- d_q->buffer_dom_name = (dom_name != NULL) ? 1 : 0; /* domain buffer pointer */
- d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0; /* domain sid pointer */
-
- /* this string is supposed to be non-null terminated. */
- /* But the maxlen in this UNISTR2 must include the terminating null. */
- init_unistr2(&d_q->uni_domain_name, dom_name, UNI_BROKEN_NON_NULL);
-
- /*
- * I'm not sure why this really odd combination of length
- * values works, but it does appear to. I need to look at
- * this *much* more closely - but at the moment leave alone
- * until it's understood. This allows a W2k client to join
- * a domain with both odd and even length names... JRA.
- */
-
- /*
- * IMPORTANT NOTE !!!!
- * The two fields below probably are reversed in meaning, ie.
- * the first field is probably the str_len, the second the max
- * len. Both are measured in bytes anyway.
- */
-
- d_q->uni_dom_str_len = d_q->uni_domain_name.uni_max_len * 2;
- d_q->uni_dom_max_len = d_q->uni_domain_name.uni_str_len * 2;
-
- if (dom_sid != NULL)
- init_dom_sid2(&d_q->dom_sid, dom_sid);
-}
-
-/***************************************************************************
-Init dom_query
- ***************************************************************************/
-
-static void init_dom_query_5(DOM_QUERY_5 *d_q, const char *dom_name, DOM_SID *dom_sid)
-{
- init_dom_query_3(d_q, dom_name, dom_sid);
-}
-
-/***************************************************************************
- init_dom_ref - adds a domain if it's not already in, returns the index.
+ init_lsa_ref_domain_list - adds a domain if it's not already in, returns the index.
***************************************************************************/
-static int init_dom_ref(DOM_R_REF *ref, const char *dom_name, DOM_SID *dom_sid)
+static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
+ struct lsa_RefDomainList *ref,
+ const char *dom_name,
+ DOM_SID *dom_sid)
{
int num = 0;
if (dom_name != NULL) {
- for (num = 0; num < ref->num_ref_doms_1; num++) {
- if (sid_equal(dom_sid, &ref->ref_dom[num].ref_dom.sid))
+ for (num = 0; num < ref->count; num++) {
+ if (sid_equal(dom_sid, ref->domains[num].sid)) {
return num;
+ }
}
} else {
- num = ref->num_ref_doms_1;
+ num = ref->count;
}
if (num >= MAX_REF_DOMAINS) {
@@ -123,32 +73,71 @@ static int init_dom_ref(DOM_R_REF *ref, const char *dom_name, DOM_SID *dom_sid)
return -1;
}
- ref->num_ref_doms_1 = num+1;
- ref->ptr_ref_dom = 1;
- ref->max_entries = MAX_REF_DOMAINS;
- ref->num_ref_doms_2 = num+1;
+ ref->count = num + 1;
+ ref->max_size = MAX_REF_DOMAINS;
- ref->hdr_ref_dom[num].ptr_dom_sid = 1; /* dom sid cannot be NULL. */
-
- init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, UNI_FLAGS_NONE);
- init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, &ref->ref_dom[num].uni_dom_name);
+ ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
+ struct lsa_DomainInfo, ref->count);
+ if (!ref->domains) {
+ return -1;
+ }
- init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
+ init_lsa_StringLarge(&ref->domains[num].name, dom_name);
+ ref->domains[num].sid = sid_dup_talloc(mem_ctx, dom_sid);
+ if (!ref->domains[num].sid) {
+ return -1;
+ }
return num;
}
+
+/*******************************************************************
+ Function to free the per handle data.
+ ********************************************************************/
+
+static void free_lsa_info(void *ptr)
+{
+ struct lsa_info *lsa = (struct lsa_info *)ptr;
+
+ SAFE_FREE(lsa);
+}
+
+/***************************************************************************
+ initialize a lsa_DomainInfo structure.
+ ***************************************************************************/
+
+static void init_dom_query_3(struct lsa_DomainInfo *r,
+ const char *name,
+ DOM_SID *sid)
+{
+ init_lsa_StringLarge(&r->name, name);
+ r->sid = sid;
+}
+
+/***************************************************************************
+ initialize a lsa_DomainInfo structure.
+ ***************************************************************************/
+
+static void init_dom_query_5(struct lsa_DomainInfo *r,
+ const char *name,
+ DOM_SID *sid)
+{
+ init_lsa_StringLarge(&r->name, name);
+ r->sid = sid;
+}
+
/***************************************************************************
lookup_lsa_rids. Must be called as root for lookup_name to work.
***************************************************************************/
static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
- DOM_R_REF *ref,
- DOM_RID *prid,
- uint32 num_entries,
- const UNISTR2 *name,
- int flags,
- uint32 *pmapped_count)
+ struct lsa_RefDomainList *ref,
+ struct lsa_TranslatedSid *prid,
+ uint32_t num_entries,
+ struct lsa_String *name,
+ int flags,
+ uint32_t *pmapped_count)
{
uint32 mapped_count, i;
@@ -161,15 +150,14 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
DOM_SID sid;
uint32 rid;
int dom_idx;
- char *full_name;
+ const char *full_name;
const char *domain;
enum lsa_SidType type = SID_NAME_UNKNOWN;
/* Split name into domain and user component */
- full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]);
+ full_name = name[i].string;
if (full_name == NULL) {
- DEBUG(0, ("pull_ucs2_talloc failed\n"));
return NT_STATUS_NO_MEMORY;
}
@@ -202,11 +190,11 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
if (type != SID_NAME_UNKNOWN) {
sid_split_rid(&sid, &rid);
- dom_idx = init_dom_ref(ref, domain, &sid);
+ dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &sid);
mapped_count++;
}
- init_dom_rid(&prid[i], rid, type, dom_idx);
+ init_lsa_translated_sid(&prid[i], type, rid, dom_idx);
}
*pmapped_count = mapped_count;
@@ -218,12 +206,12 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
***************************************************************************/
static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
- DOM_R_REF *ref,
- LSA_TRANSLATED_SID3 *trans_sids,
- uint32 num_entries,
- const UNISTR2 *name,
- int flags,
- uint32 *pmapped_count)
+ struct lsa_RefDomainList *ref,
+ struct lsa_TranslatedSid3 *trans_sids,
+ uint32_t num_entries,
+ struct lsa_String *name,
+ int flags,
+ uint32 *pmapped_count)
{
uint32 mapped_count, i;
@@ -236,15 +224,14 @@ static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
DOM_SID sid;
uint32 rid;
int dom_idx;
- char *full_name;
+ const char *full_name;
const char *domain;
enum lsa_SidType type = SID_NAME_UNKNOWN;
/* Split name into domain and user component */
- full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]);
+ full_name = name[i].string;
if (full_name == NULL) {
- DEBUG(0, ("pull_ucs2_talloc failed\n"));
return NT_STATUS_NO_MEMORY;
}
@@ -279,164 +266,20 @@ static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
DOM_SID domain_sid;
sid_copy(&domain_sid, &sid);
sid_split_rid(&domain_sid, &rid);
- dom_idx = init_dom_ref(ref, domain, &domain_sid);
+ dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &domain_sid);
mapped_count++;
}
- /* Initialize the LSA_TRANSLATED_SID3 return. */
+ /* Initialize the lsa_TranslatedSid3 return. */
trans_sids[i].sid_type = type;
- trans_sids[i].sid2 = TALLOC_P(mem_ctx, DOM_SID2);
- if (trans_sids[i].sid2 == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- init_dom_sid2(trans_sids[i].sid2, &sid);
- trans_sids[i].sid_idx = dom_idx;
+ trans_sids[i].sid = sid_dup_talloc(mem_ctx, &sid);
+ trans_sids[i].sid_index = dom_idx;
}
*pmapped_count = mapped_count;
return NT_STATUS_OK;
}
-/***************************************************************************
- init_reply_lookup_names
- ***************************************************************************/
-
-static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
- DOM_R_REF *ref, uint32 num_entries,
- DOM_RID *rid, uint32 mapped_count)
-{
- r_l->ptr_dom_ref = 1;
- r_l->dom_ref = ref;
-
- r_l->num_entries = num_entries;
- r_l->ptr_entries = 1;
- r_l->num_entries2 = num_entries;
- r_l->dom_rid = rid;
-
- r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- init_reply_lookup_names2
- ***************************************************************************/
-
-static void init_reply_lookup_names2(LSA_R_LOOKUP_NAMES2 *r_l,
- DOM_R_REF *ref, uint32 num_entries,
- DOM_RID2 *rid, uint32 mapped_count)
-{
- r_l->ptr_dom_ref = 1;
- r_l->dom_ref = ref;
-
- r_l->num_entries = num_entries;
- r_l->ptr_entries = 1;
- r_l->num_entries2 = num_entries;
- r_l->dom_rid = rid;
-
- r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- init_reply_lookup_names3
- ***************************************************************************/
-
-static void init_reply_lookup_names3(LSA_R_LOOKUP_NAMES3 *r_l,
- DOM_R_REF *ref, uint32 num_entries,
- LSA_TRANSLATED_SID3 *trans_sids, uint32 mapped_count)
-{
- r_l->ptr_dom_ref = 1;
- r_l->dom_ref = ref;
-
- r_l->num_entries = num_entries;
- r_l->ptr_entries = 1;
- r_l->num_entries2 = num_entries;
- r_l->trans_sids = trans_sids;
-
- r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- init_reply_lookup_names4
- ***************************************************************************/
-
-static void init_reply_lookup_names4(LSA_R_LOOKUP_NAMES4 *r_l,
- DOM_R_REF *ref, uint32 num_entries,
- LSA_TRANSLATED_SID3 *trans_sids, uint32 mapped_count)
-{
- r_l->ptr_dom_ref = 1;
- r_l->dom_ref = ref;
-
- r_l->num_entries = num_entries;
- r_l->ptr_entries = 1;
- r_l->num_entries2 = num_entries;
- r_l->trans_sids = trans_sids;
-
- r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- Init_reply_lookup_sids.
- ***************************************************************************/
-
-static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
- DOM_R_REF *ref,
- uint32 mapped_count)
-{
- r_l->ptr_dom_ref = ref ? 1 : 0;
- r_l->dom_ref = ref;
- r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- Init_reply_lookup_sids.
- ***************************************************************************/
-
-static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l,
- DOM_R_REF *ref,
- uint32 mapped_count)
-{
- r_l->ptr_dom_ref = ref ? 1 : 0;
- r_l->dom_ref = ref;
- r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- Init_reply_lookup_sids.
- ***************************************************************************/
-
-static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
- LSA_R_LOOKUP_SIDS *r_l,
- DOM_R_REF *ref,
- LSA_TRANS_NAME_ENUM2 *names,
- uint32 mapped_count)
-{
- LSA_TRANS_NAME_ENUM *oldnames = &r_l->names;
-
- oldnames->num_entries = names->num_entries;
- oldnames->ptr_trans_names = names->ptr_trans_names;
- oldnames->num_entries2 = names->num_entries2;
- oldnames->uni_name = names->uni_name;
-
- if (names->num_entries) {
- int i;
-
- oldnames->name = TALLOC_ARRAY(mem_ctx, LSA_TRANS_NAME, names->num_entries);
-
- if (!oldnames->name) {
- return NT_STATUS_NO_MEMORY;
- }
- for (i = 0; i < names->num_entries; i++) {
- oldnames->name[i].sid_name_use = names->name[i].sid_name_use;
- oldnames->name[i].hdr_name = names->name[i].hdr_name;
- oldnames->name[i].domain_idx = names->name[i].domain_idx;
- }
- }
-
- r_l->ptr_dom_ref = ref ? 1 : 0;
- r_l->dom_ref = ref;
- r_l->mapped_count = mapped_count;
- return NT_STATUS_OK;
-}
-
static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *sd_size)
{
DOM_SID local_adm_sid;
@@ -447,17 +290,17 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
SEC_ACL *psa = NULL;
- init_sec_access(&mask, POLICY_EXECUTE);
+ init_sec_access(&mask, LSA_POLICY_EXECUTE);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
sid_copy(&adm_sid, get_global_sam_sid());
sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
- init_sec_access(&mask, POLICY_ALL_ACCESS);
+ init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
sid_copy(&local_adm_sid, &global_sid_Builtin);
sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS);
- init_sec_access(&mask, POLICY_ALL_ACCESS);
+ init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
@@ -487,7 +330,7 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
r_l->hdr_nb_dom_name.uni_max_len += 2;
r_l->uni_nb_dom_name.uni_max_len += 1;
}
-
+
if (dns_name && *dns_name) {
init_unistr2(&r_l->uni_dns_dom_name, dns_name, UNI_FLAGS_NONE);
init_uni_hdr(&r_l->hdr_dns_dom_name, &r_l->uni_dns_dom_name);
@@ -506,7 +349,7 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
if (dom_guid) {
memcpy(&r_l->dom_guid, dom_guid, sizeof(struct GUID));
}
-
+
if (dom_sid) {
r_l->ptr_dom_sid = 1;
init_dom_sid2(&r_l->dom_sid, dom_sid);
@@ -516,15 +359,16 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
/***************************************************************************
- _lsa_open_policy2.
+ _lsa_OpenPolicy2
***************************************************************************/
-NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL2 *r_u)
+NTSTATUS _lsa_OpenPolicy2(pipes_struct *p,
+ struct lsa_OpenPolicy2 *r)
{
struct lsa_info *info;
SEC_DESC *psd = NULL;
size_t sd_size;
- uint32 des_access=q_u->des_access;
+ uint32 des_access = r->in.access_mask;
uint32 acc_granted;
NTSTATUS status;
@@ -547,7 +391,7 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL
/* This is needed for lsa_open_account and rpcclient .... :-) */
if (p->pipe_user.ut.uid == sec_initial_uid())
- acc_granted = POLICY_ALL_ACCESS;
+ acc_granted = LSA_POLICY_ALL_ACCESS;
/* associate the domain SID with the (unique) handle. */
if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
@@ -558,22 +402,23 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL
info->access = acc_granted;
/* set up the LSA QUERY INFO response */
- if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.handle, free_lsa_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_OK;
}
/***************************************************************************
- _lsa_open_policy
+ _lsa_OpenPolicy
***************************************************************************/
-NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *r_u)
+NTSTATUS _lsa_OpenPolicy(pipes_struct *p,
+ struct lsa_OpenPolicy *r)
{
struct lsa_info *info;
SEC_DESC *psd = NULL;
size_t sd_size;
- uint32 des_access=q_u->des_access;
+ uint32 des_access= r->in.access_mask;
uint32 acc_granted;
NTSTATUS status;
@@ -603,23 +448,25 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *
info->access = acc_granted;
/* set up the LSA QUERY INFO response */
- if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.handle, free_lsa_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_OK;
}
/***************************************************************************
- _lsa_enum_trust_dom - this needs fixing to do more than return NULL ! JRA.
+ _lsa_EnumTrustDom - this needs fixing to do more than return NULL ! JRA.
ufff, done :) mimir
***************************************************************************/
-NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u,
- LSA_R_ENUM_TRUST_DOM *r_u)
+NTSTATUS _lsa_EnumTrustDom(pipes_struct *p,
+ struct lsa_EnumTrustDom *r)
{
struct lsa_info *info;
uint32 next_idx;
struct trustdom_info **domains;
+ struct lsa_DomainInfo *lsa_domains = NULL;
+ int i;
/*
* preferred length is set to 5 as a "our" preferred length
@@ -628,16 +475,16 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u,
* it needs further investigation how to optimally choose this value
*/
uint32 max_num_domains =
- q_u->preferred_len < 5 ? q_u->preferred_len : 10;
+ r->in.max_size < 5 ? r->in.max_size : 10;
uint32 num_domains;
NTSTATUS nt_status;
uint32 num_thistime;
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
/* check if the user have enough rights */
- if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
nt_status = pdb_enum_trusteddoms(p->mem_ctx, &num_domains, &domains);
@@ -646,81 +493,105 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u,
return nt_status;
}
- if (q_u->enum_context < num_domains) {
+ if (*r->in.resume_handle < num_domains) {
num_thistime = MIN(num_domains, max_num_domains);
- r_u->status = STATUS_MORE_ENTRIES;
+ nt_status = STATUS_MORE_ENTRIES;
- if (q_u->enum_context + num_thistime > num_domains) {
- num_thistime = num_domains - q_u->enum_context;
- r_u->status = NT_STATUS_OK;
+ if (*r->in.resume_handle + num_thistime > num_domains) {
+ num_thistime = num_domains - *r->in.resume_handle;
+ nt_status = NT_STATUS_OK;
}
- next_idx = q_u->enum_context + num_thistime;
+ next_idx = *r->in.resume_handle + num_thistime;
} else {
num_thistime = 0;
next_idx = 0xffffffff;
- r_u->status = NT_STATUS_NO_MORE_ENTRIES;
+ nt_status = NT_STATUS_NO_MORE_ENTRIES;
}
-
+
/* set up the lsa_enum_trust_dom response */
- init_r_enum_trust_dom(p->mem_ctx, r_u, next_idx,
- num_thistime, domains+q_u->enum_context);
+ lsa_domains = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo,
+ num_thistime);
+ if (!lsa_domains) {
+ return NT_STATUS_NO_MEMORY;
+ }
- return r_u->status;
+ for (i=0; i<num_thistime; i++) {
+ init_lsa_StringLarge(&lsa_domains[i].name, domains[i]->name);
+ lsa_domains[i].sid = &domains[i]->sid;
+ }
+
+ *r->out.resume_handle = next_idx;
+ r->out.domains->count = num_thistime;
+ r->out.domains->domains = lsa_domains;
+
+ return nt_status;
}
+#define LSA_AUDIT_NUM_CATEGORIES_NT4 7
+#define LSA_AUDIT_NUM_CATEGORIES_WIN2K 9
+#define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
+
/***************************************************************************
- _lsa_query_info. See the POLICY_INFOMATION_CLASS docs at msdn.
+ _lsa_QueryInfoPolicy
***************************************************************************/
-NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u)
+NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p,
+ struct lsa_QueryInfoPolicy *r)
{
+ NTSTATUS status = NT_STATUS_OK;
struct lsa_info *handle;
- LSA_INFO_CTR *ctr = &r_u->ctr;
DOM_SID domain_sid;
const char *name;
DOM_SID *sid = NULL;
+ union lsa_PolicyInformation *info = NULL;
- r_u->status = NT_STATUS_OK;
-
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
- switch (q_u->info_class) {
+ info = TALLOC_ZERO_P(p->mem_ctx, union lsa_PolicyInformation);
+ if (!info) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ switch (r->in.level) {
case 0x02:
{
uint32 policy_def = LSA_AUDIT_POLICY_ALL;
-
+
/* check if the user have enough rights */
- if (!(handle->access & POLICY_VIEW_AUDIT_INFORMATION)) {
- DEBUG(10,("_lsa_query_info: insufficient access rights\n"));
+ if (!(handle->access & LSA_POLICY_VIEW_AUDIT_INFORMATION)) {
+ DEBUG(10,("_lsa_QueryInfoPolicy: insufficient access rights\n"));
return NT_STATUS_ACCESS_DENIED;
}
/* fake info: We audit everything. ;) */
- ctr->info.id2.ptr = 1;
- ctr->info.id2.auditing_enabled = True;
- ctr->info.id2.count1 = ctr->info.id2.count2 = LSA_AUDIT_NUM_CATEGORIES;
- if ((ctr->info.id2.auditsettings = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, LSA_AUDIT_NUM_CATEGORIES)) == NULL)
+ info->audit_events.auditing_mode = true;
+ info->audit_events.count = LSA_AUDIT_NUM_CATEGORIES;
+ info->audit_events.settings = TALLOC_ZERO_ARRAY(p->mem_ctx,
+ enum lsa_PolicyAuditPolicy,
+ info->audit_events.count);
+ if (!info->audit_events.settings) {
return NT_STATUS_NO_MEMORY;
+ }
- ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT] = policy_def;
- ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS] = policy_def;
- ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_LOGON] = policy_def;
- ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_PROCCESS_TRACKING] = policy_def;
- ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES] = policy_def;
- ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_SYSTEM] = policy_def;
- ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS] = policy_def;
+ info->audit_events.settings[LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT] = policy_def;
+ info->audit_events.settings[LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS] = policy_def;
+ info->audit_events.settings[LSA_AUDIT_CATEGORY_LOGON] = policy_def;
+ info->audit_events.settings[LSA_AUDIT_CATEGORY_PROCCESS_TRACKING] = policy_def;
+ info->audit_events.settings[LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES] = policy_def;
+ info->audit_events.settings[LSA_AUDIT_CATEGORY_SYSTEM] = policy_def;
+ info->audit_events.settings[LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS] = policy_def;
break;
}
case 0x03:
/* check if the user have enough rights */
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
/* Request PolicyPrimaryDomainInformation. */
@@ -745,21 +616,22 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
default:
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- init_dom_query_3(&r_u->ctr.info.id3, name, sid);
+ init_dom_query_3(&info->domain, name, sid);
break;
case 0x05:
/* check if the user have enough rights */
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
/* Request PolicyAccountDomainInformation. */
name = get_global_sam_name();
sid = get_global_sam_sid();
- init_dom_query_5(&r_u->ctr.info.id5, name, sid);
+
+ init_dom_query_5(&info->account_domain, name, sid);
break;
case 0x06:
/* check if the user have enough rights */
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
switch (lp_server_role()) {
@@ -768,29 +640,27 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
* only a BDC is a backup controller
* of the domain, it controls.
*/
- ctr->info.id6.server_role = 2;
+ info->role.role = 2;
break;
default:
/*
* any other role is a primary
* of the domain, it controls.
*/
- ctr->info.id6.server_role = 3;
- break;
+ info->role.role = 3;
+ break;
}
break;
default:
- DEBUG(0,("_lsa_query_info: unknown info level in Lsa Query: %d\n", q_u->info_class));
- r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+ DEBUG(0,("_lsa_QueryInfoPolicy: unknown info level in Lsa Query: %d\n",
+ r->in.level));
+ status = NT_STATUS_INVALID_INFO_CLASS;
break;
}
- if (NT_STATUS_IS_OK(r_u->status)) {
- r_u->dom_ptr = 0x22000000; /* bizarre */
- ctr->info_class = q_u->info_class;
- }
+ *r->out.info = info;
- return r_u->status;
+ return status;
}
/***************************************************************************
@@ -798,38 +668,40 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
***************************************************************************/
static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
- uint16 level, /* input */
- int num_sids, /* input */
- const DOM_SID2 *sid, /* input */
- DOM_R_REF **pp_ref, /* output */
- LSA_TRANS_NAME_ENUM2 *names, /* input/output */
- uint32 *pp_mapped_count)
+ TALLOC_CTX *mem_ctx,
+ uint16_t level, /* input */
+ int num_sids, /* input */
+ struct lsa_SidPtr *sid, /* input */
+ struct lsa_RefDomainList **pp_ref, /* input/output */
+ struct lsa_TranslatedName2 **pp_names,/* input/output */
+ uint32_t *pp_mapped_count) /* input/output */
{
NTSTATUS status;
int i;
const DOM_SID **sids = NULL;
- DOM_R_REF *ref = NULL;
+ struct lsa_RefDomainList *ref = NULL;
uint32 mapped_count = 0;
struct lsa_dom_info *dom_infos = NULL;
struct lsa_name_info *name_infos = NULL;
+ struct lsa_TranslatedName2 *names = NULL;
*pp_mapped_count = 0;
+ *pp_names = NULL;
*pp_ref = NULL;
- ZERO_STRUCTP(names);
if (num_sids == 0) {
return NT_STATUS_OK;
}
sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids);
- ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
+ ref = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
if (sids == NULL || ref == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0; i<num_sids; i++) {
- sids[i] = &sid[i].sid;
+ sids[i] = sid[i].sid;
}
status = lookup_sids(p->mem_ctx, num_sids, sids, level,
@@ -839,9 +711,8 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
return status;
}
- names->name = TALLOC_ARRAY(p->mem_ctx, LSA_TRANS_NAME2, num_sids);
- names->uni_name = TALLOC_ARRAY(p->mem_ctx, UNISTR2, num_sids);
- if ((names->name == NULL) || (names->uni_name == NULL)) {
+ names = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName2, num_sids);
+ if (names == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -851,8 +722,9 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
break;
}
- if (init_dom_ref(ref, dom_infos[i].name,
- &dom_infos[i].sid) != i) {
+ if (init_lsa_ref_domain_list(mem_ctx, ref,
+ dom_infos[i].name,
+ &dom_infos[i].sid) != i) {
DEBUG(0, ("Domain %s mentioned twice??\n",
dom_infos[i].name));
return NT_STATUS_INTERNAL_ERROR;
@@ -871,7 +743,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
* RID as 8 bytes hex, in others it returns the full
* SID. We (Jerry/VL) could not figure out which the
* hard cases are, so leave it with the SID. */
- name->name = talloc_asprintf(p->mem_ctx, "%s",
+ name->name = talloc_asprintf(p->mem_ctx, "%s",
sid_to_fstring(tmp,
sids[i]));
if (name->name == NULL) {
@@ -880,13 +752,10 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
} else {
mapped_count += 1;
}
- init_lsa_trans_name2(&names->name[i], &names->uni_name[i],
- name->type, name->name, name->dom_idx);
- }
- names->num_entries = num_sids;
- names->ptr_trans_names = 1;
- names->num_entries2 = num_sids;
+ init_lsa_translated_name2(&names[i], name->type,
+ name->name, name->dom_idx, 0);
+ }
status = NT_STATUS_NONE_MAPPED;
if (mapped_count > 0) {
@@ -898,147 +767,173 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
num_sids, mapped_count, nt_errstr(status)));
*pp_mapped_count = mapped_count;
+ *pp_names = names;
*pp_ref = ref;
return status;
}
/***************************************************************************
- _lsa_lookup_sids
+ _lsa_LookupSids
***************************************************************************/
-NTSTATUS _lsa_lookup_sids(pipes_struct *p,
- LSA_Q_LOOKUP_SIDS *q_u,
- LSA_R_LOOKUP_SIDS *r_u)
+NTSTATUS _lsa_LookupSids(pipes_struct *p,
+ struct lsa_LookupSids *r)
{
+ NTSTATUS status;
struct lsa_info *handle;
- int num_sids = q_u->sids.num_entries;
+ int num_sids = r->in.sids->num_sids;
uint32 mapped_count = 0;
- DOM_R_REF *ref = NULL;
- LSA_TRANS_NAME_ENUM2 names;
- NTSTATUS status;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TranslatedName *names_out = NULL;
+ struct lsa_TranslatedName2 *names = NULL;
+ int i;
- if ((q_u->level < 1) || (q_u->level > 6)) {
+ if ((r->in.level < 1) || (r->in.level > 6)) {
return NT_STATUS_INVALID_PARAMETER;
}
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
return NT_STATUS_INVALID_HANDLE;
}
/* check if the user has enough rights */
- if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+ if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
return NT_STATUS_ACCESS_DENIED;
}
if (num_sids > MAX_LOOKUP_SIDS) {
- DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, requested %d\n",
+ DEBUG(5,("_lsa_LookupSids: limit of %d exceeded, requested %d\n",
MAX_LOOKUP_SIDS, num_sids));
return NT_STATUS_NONE_MAPPED;
}
- r_u->status = _lsa_lookup_sids_internal(p,
- q_u->level,
- num_sids,
- q_u->sids.sid,
- &ref,
- &names,
- &mapped_count);
+ status = _lsa_lookup_sids_internal(p,
+ p->mem_ctx,
+ r->in.level,
+ num_sids,
+ r->in.sids->sids,
+ &domains,
+ &names,
+ &mapped_count);
- /* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */
+ /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */
+ names_out = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName,
+ num_sids);
+ if (!names_out) {
+ return NT_STATUS_NO_MEMORY;
+ }
- status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, &names, mapped_count);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ for (i=0; i<num_sids; i++) {
+ names_out[i].sid_type = names[i].sid_type;
+ names_out[i].name = names[i].name;
+ names_out[i].sid_index = names[i].sid_index;
}
- return r_u->status;
+
+ *r->out.domains = domains;
+ r->out.names->count = num_sids;
+ r->out.names->names = names_out;
+ *r->out.count = mapped_count;
+
+ return status;
}
/***************************************************************************
- _lsa_lookup_sids2
+ _lsa_LookupSids2
***************************************************************************/
-NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
- LSA_Q_LOOKUP_SIDS2 *q_u,
- LSA_R_LOOKUP_SIDS2 *r_u)
+NTSTATUS _lsa_LookupSids2(pipes_struct *p,
+ struct lsa_LookupSids2 *r)
{
+ NTSTATUS status;
struct lsa_info *handle;
- int num_sids = q_u->sids.num_entries;
+ int num_sids = r->in.sids->num_sids;
uint32 mapped_count = 0;
- DOM_R_REF *ref = NULL;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TranslatedName2 *names = NULL;
+ bool check_policy = true;
- if ((q_u->level < 1) || (q_u->level > 6)) {
- return NT_STATUS_INVALID_PARAMETER;
+ switch (p->hdr_req.opnum) {
+ case NDR_LSA_LOOKUPSIDS3:
+ check_policy = false;
+ break;
+ case NDR_LSA_LOOKUPSIDS2:
+ default:
+ check_policy = true;
}
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
- return NT_STATUS_INVALID_HANDLE;
+ if ((r->in.level < 1) || (r->in.level > 6)) {
+ return NT_STATUS_INVALID_PARAMETER;
}
- /* check if the user have enough rights */
- if (!(handle->access & POLICY_LOOKUP_NAMES)) {
- return NT_STATUS_ACCESS_DENIED;
+ if (check_policy) {
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ /* check if the user have enough rights */
+ if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
}
if (num_sids > MAX_LOOKUP_SIDS) {
- DEBUG(5,("_lsa_lookup_sids2: limit of %d exceeded, requested %d\n",
+ DEBUG(5,("_lsa_LookupSids2: limit of %d exceeded, requested %d\n",
MAX_LOOKUP_SIDS, num_sids));
return NT_STATUS_NONE_MAPPED;
}
- r_u->status = _lsa_lookup_sids_internal(p,
- q_u->level,
- num_sids,
- q_u->sids.sid,
- &ref,
- &r_u->names,
- &mapped_count);
+ status = _lsa_lookup_sids_internal(p,
+ p->mem_ctx,
+ r->in.level,
+ num_sids,
+ r->in.sids->sids,
+ &domains,
+ &names,
+ &mapped_count);
- init_reply_lookup_sids2(r_u, ref, mapped_count);
- return r_u->status;
+ *r->out.domains = domains;
+ r->out.names->count = num_sids;
+ r->out.names->names = names;
+ *r->out.count = mapped_count;
+
+ return status;
}
/***************************************************************************
- _lsa_lookup_sida3
+ _lsa_LookupSids3
***************************************************************************/
-NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
- LSA_Q_LOOKUP_SIDS3 *q_u,
- LSA_R_LOOKUP_SIDS3 *r_u)
+NTSTATUS _lsa_LookupSids3(pipes_struct *p,
+ struct lsa_LookupSids3 *r)
{
- int num_sids = q_u->sids.num_entries;
- uint32 mapped_count = 0;
- DOM_R_REF *ref = NULL;
-
- if ((q_u->level < 1) || (q_u->level > 6)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
+ struct lsa_LookupSids2 q;
/* No policy handle on this call. Restrict to crypto connections. */
if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
- DEBUG(0,("_lsa_lookup_sids3: client %s not using schannel for netlogon\n",
+ DEBUG(0,("_lsa_LookupSids3: client %s not using schannel for netlogon\n",
get_remote_machine_name() ));
return NT_STATUS_INVALID_PARAMETER;
}
- if (num_sids > MAX_LOOKUP_SIDS) {
- DEBUG(5,("_lsa_lookup_sids3: limit of %d exceeded, requested %d\n",
- MAX_LOOKUP_SIDS, num_sids));
- return NT_STATUS_NONE_MAPPED;
- }
+ q.in.handle = NULL;
+ q.in.sids = r->in.sids;
+ q.in.level = r->in.level;
+ q.in.unknown1 = r->in.unknown1;
+ q.in.unknown2 = r->in.unknown2;
+ q.in.names = r->in.names;
+ q.in.count = r->in.count;
- r_u->status = _lsa_lookup_sids_internal(p,
- q_u->level,
- num_sids,
- q_u->sids.sid,
- &ref,
- &r_u->names,
- &mapped_count);
+ q.out.domains = r->out.domains;
+ q.out.names = r->out.names;
+ q.out.count = r->out.count;
- init_reply_lookup_sids3(r_u, ref, mapped_count);
- return r_u->status;
+ return _lsa_LookupSids2(p, &q);
}
+/***************************************************************************
+ ***************************************************************************/
+
static int lsa_lookup_level_to_flags(uint16 level)
{
int flags;
@@ -1065,33 +960,37 @@ static int lsa_lookup_level_to_flags(uint16 level)
}
/***************************************************************************
-lsa_reply_lookup_names
+ _lsa_LookupNames
***************************************************************************/
-NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_NAMES *r_u)
+NTSTATUS _lsa_LookupNames(pipes_struct *p,
+ struct lsa_LookupNames *r)
{
+ NTSTATUS status = NT_STATUS_NONE_MAPPED;
struct lsa_info *handle;
- UNISTR2 *names = q_u->uni_name;
- uint32 num_entries = q_u->num_entries;
- DOM_R_REF *ref;
- DOM_RID *rids;
+ struct lsa_String *names = r->in.names;
+ uint32 num_entries = r->in.num_names;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TranslatedSid *rids = NULL;
uint32 mapped_count = 0;
int flags = 0;
if (num_entries > MAX_LOOKUP_SIDS) {
num_entries = MAX_LOOKUP_SIDS;
- DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
+ DEBUG(5,("_lsa_LookupNames: truncating name lookup list to %d\n",
+ num_entries));
}
-
- flags = lsa_lookup_level_to_flags(q_u->lookup_level);
- ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (!ref) {
+ flags = lsa_lookup_level_to_flags(r->in.level);
+
+ domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
+ if (!domains) {
return NT_STATUS_NO_MEMORY;
}
if (num_entries) {
- rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries);
+ rids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid,
+ num_entries);
if (!rids) {
return NT_STATUS_NO_MEMORY;
}
@@ -1099,146 +998,136 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP
rids = NULL;
}
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
- r_u->status = NT_STATUS_INVALID_HANDLE;
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+ status = NT_STATUS_INVALID_HANDLE;
goto done;
}
/* check if the user have enough rights */
- if (!(handle->access & POLICY_LOOKUP_NAMES)) {
- r_u->status = NT_STATUS_ACCESS_DENIED;
+ if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
+ status = NT_STATUS_ACCESS_DENIED;
goto done;
}
/* set up the LSA Lookup RIDs response */
become_root(); /* lookup_name can require root privs */
- r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
- names, flags, &mapped_count);
+ status = lookup_lsa_rids(p->mem_ctx, domains, rids, num_entries,
+ names, flags, &mapped_count);
unbecome_root();
done:
- if (NT_STATUS_IS_OK(r_u->status) && (num_entries != 0) ) {
- if (mapped_count == 0)
- r_u->status = NT_STATUS_NONE_MAPPED;
- else if (mapped_count != num_entries)
- r_u->status = STATUS_SOME_UNMAPPED;
+ if (NT_STATUS_IS_OK(status) && (num_entries != 0) ) {
+ if (mapped_count == 0) {
+ status = NT_STATUS_NONE_MAPPED;
+ } else if (mapped_count != num_entries) {
+ status = STATUS_SOME_UNMAPPED;
+ }
}
- init_reply_lookup_names(r_u, ref, num_entries, rids, mapped_count);
- return r_u->status;
+ *r->out.count = num_entries;
+ *r->out.domains = domains;
+ r->out.sids->sids = rids;
+ r->out.sids->count = mapped_count;
+
+ return status;
}
/***************************************************************************
-lsa_reply_lookup_names2
+ _lsa_LookupNames2
***************************************************************************/
-NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOOKUP_NAMES2 *r_u)
+NTSTATUS _lsa_LookupNames2(pipes_struct *p,
+ struct lsa_LookupNames2 *r)
{
- struct lsa_info *handle;
- UNISTR2 *names = q_u->uni_name;
- uint32 num_entries = q_u->num_entries;
- DOM_R_REF *ref;
- DOM_RID *rids;
- DOM_RID2 *rids2;
- int i;
- uint32 mapped_count = 0;
- int flags = 0;
-
- if (num_entries > MAX_LOOKUP_SIDS) {
- num_entries = MAX_LOOKUP_SIDS;
- DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries));
- }
-
- flags = lsa_lookup_level_to_flags(q_u->lookup_level);
+ NTSTATUS status;
+ struct lsa_LookupNames q;
+ struct lsa_TransSidArray2 *sid_array2 = r->in.sids;
+ struct lsa_TransSidArray *sid_array = NULL;
+ uint32_t i;
- ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (ref == NULL) {
- r_u->status = NT_STATUS_NO_MEMORY;
+ sid_array = TALLOC_ZERO_P(p->mem_ctx, struct lsa_TransSidArray);
+ if (!sid_array) {
return NT_STATUS_NO_MEMORY;
}
- if (num_entries) {
- rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries);
- rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries);
- if ((rids == NULL) || (rids2 == NULL)) {
- r_u->status = NT_STATUS_NO_MEMORY;
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- rids = NULL;
- rids2 = NULL;
- }
-
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
- r_u->status = NT_STATUS_INVALID_HANDLE;
- goto done;
- }
-
- /* check if the user have enough rights */
- if (!(handle->access & POLICY_LOOKUP_NAMES)) {
- r_u->status = NT_STATUS_ACCESS_DENIED;
- goto done;
- }
+ q.in.handle = r->in.handle;
+ q.in.num_names = r->in.num_names;
+ q.in.names = r->in.names;
+ q.in.level = r->in.level;
+ q.in.sids = sid_array;
+ q.in.count = r->in.count;
+ /* we do not know what this is for */
+ /* = r->in.unknown1; */
+ /* = r->in.unknown2; */
- /* set up the LSA Lookup RIDs response */
- become_root(); /* lookup_name can require root privs */
- r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
- names, flags, &mapped_count);
- unbecome_root();
+ q.out.domains = r->out.domains;
+ q.out.sids = sid_array;
+ q.out.count = r->out.count;
-done:
+ status = _lsa_LookupNames(p, &q);
- if (NT_STATUS_IS_OK(r_u->status)) {
- if (mapped_count == 0) {
- r_u->status = NT_STATUS_NONE_MAPPED;
- } else if (mapped_count != num_entries) {
- r_u->status = STATUS_SOME_UNMAPPED;
- }
+ sid_array2->sids = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedSid2, sid_array->count);
+ if (!sid_array2->sids) {
+ return NT_STATUS_NO_MEMORY;
}
- /* Convert the rids array to rids2. */
- for (i = 0; i < num_entries; i++) {
- rids2[i].type = rids[i].type;
- rids2[i].rid = rids[i].rid;
- rids2[i].rid_idx = rids[i].rid_idx;
- rids2[i].unknown = 0;
+ for (i=0; i<sid_array->count; i++) {
+ sid_array2->sids[i].sid_type = sid_array->sids[i].sid_type;
+ sid_array2->sids[i].rid = sid_array->sids[i].rid;
+ sid_array2->sids[i].sid_index = sid_array->sids[i].sid_index;
+ sid_array2->sids[i].unknown = 0;
}
- init_reply_lookup_names2(r_u, ref, num_entries, rids2, mapped_count);
- return r_u->status;
+ r->out.sids = sid_array2;
+
+ return status;
}
/***************************************************************************
-lsa_reply_lookup_names3.
+ _lsa_LookupNames3
***************************************************************************/
-NTSTATUS _lsa_lookup_names3(pipes_struct *p, LSA_Q_LOOKUP_NAMES3 *q_u, LSA_R_LOOKUP_NAMES3 *r_u)
+NTSTATUS _lsa_LookupNames3(pipes_struct *p,
+ struct lsa_LookupNames3 *r)
{
+ NTSTATUS status;
struct lsa_info *handle;
- UNISTR2 *names = q_u->uni_name;
- uint32 num_entries = q_u->num_entries;
- DOM_R_REF *ref = NULL;
- LSA_TRANSLATED_SID3 *trans_sids = NULL;
+ struct lsa_String *names = r->in.names;
+ uint32 num_entries = r->in.num_names;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TranslatedSid3 *trans_sids = NULL;
uint32 mapped_count = 0;
int flags = 0;
+ bool check_policy = true;
+
+ switch (p->hdr_req.opnum) {
+ case NDR_LSA_LOOKUPNAMES4:
+ check_policy = false;
+ break;
+ case NDR_LSA_LOOKUPNAMES3:
+ default:
+ check_policy = true;
+ }
if (num_entries > MAX_LOOKUP_SIDS) {
num_entries = MAX_LOOKUP_SIDS;
- DEBUG(5,("_lsa_lookup_names3: truncating name lookup list to %d\n", num_entries));
+ DEBUG(5,("_lsa_LookupNames3: truncating name lookup list to %d\n", num_entries));
}
-
+
/* Probably the lookup_level is some sort of bitmask. */
- if (q_u->lookup_level == 1) {
+ if (r->in.level == 1) {
flags = LOOKUP_NAME_ALL;
}
- ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (ref == NULL) {
+ domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
+ if (!domains) {
return NT_STATUS_NO_MEMORY;
}
+
if (num_entries) {
- trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries);
+ trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid3,
+ num_entries);
if (!trans_sids) {
return NT_STATUS_NO_MEMORY;
}
@@ -1246,59 +1135,52 @@ NTSTATUS _lsa_lookup_names3(pipes_struct *p, LSA_Q_LOOKUP_NAMES3 *q_u, LSA_R_LOO
trans_sids = NULL;
}
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
- r_u->status = NT_STATUS_INVALID_HANDLE;
- goto done;
- }
+ if (check_policy) {
- /* check if the user have enough rights */
- if (!(handle->access & POLICY_LOOKUP_NAMES)) {
- r_u->status = NT_STATUS_ACCESS_DENIED;
- goto done;
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+ status = NT_STATUS_INVALID_HANDLE;
+ goto done;
+ }
+
+ /* check if the user have enough rights */
+ if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
}
/* set up the LSA Lookup SIDs response */
become_root(); /* lookup_name can require root privs */
- r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries,
- names, flags, &mapped_count);
+ status = lookup_lsa_sids(p->mem_ctx, domains, trans_sids, num_entries,
+ names, flags, &mapped_count);
unbecome_root();
done:
- if (NT_STATUS_IS_OK(r_u->status)) {
+ if (NT_STATUS_IS_OK(status)) {
if (mapped_count == 0) {
- r_u->status = NT_STATUS_NONE_MAPPED;
+ status = NT_STATUS_NONE_MAPPED;
} else if (mapped_count != num_entries) {
- r_u->status = STATUS_SOME_UNMAPPED;
+ status = STATUS_SOME_UNMAPPED;
}
}
- init_reply_lookup_names3(r_u, ref, num_entries, trans_sids, mapped_count);
- return r_u->status;
+ *r->out.count = num_entries;
+ *r->out.domains = domains;
+ r->out.sids->sids = trans_sids;
+ r->out.sids->count = mapped_count;
+
+ return status;
}
/***************************************************************************
-lsa_reply_lookup_names4.
+ _lsa_LookupNames4
***************************************************************************/
-NTSTATUS _lsa_lookup_names4(pipes_struct *p, LSA_Q_LOOKUP_NAMES4 *q_u, LSA_R_LOOKUP_NAMES4 *r_u)
+NTSTATUS _lsa_LookupNames4(pipes_struct *p,
+ struct lsa_LookupNames4 *r)
{
- UNISTR2 *names = q_u->uni_name;
- uint32 num_entries = q_u->num_entries;
- DOM_R_REF *ref = NULL;
- LSA_TRANSLATED_SID3 *trans_sids = NULL;
- uint32 mapped_count = 0;
- int flags = 0;
-
- if (num_entries > MAX_LOOKUP_SIDS) {
- num_entries = MAX_LOOKUP_SIDS;
- DEBUG(5,("_lsa_lookup_names4: truncating name lookup list to %d\n", num_entries));
- }
-
- /* Probably the lookup_level is some sort of bitmask. */
- if (q_u->lookup_level == 1) {
- flags = LOOKUP_NAME_ALL;
- }
+ struct lsa_LookupNames3 q;
/* No policy handle on this call. Restrict to crypto connections. */
if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
@@ -1307,36 +1189,20 @@ NTSTATUS _lsa_lookup_names4(pipes_struct *p, LSA_Q_LOOKUP_NAMES4 *q_u, LSA_R_LOO
return NT_STATUS_INVALID_PARAMETER;
}
- ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (!ref) {
- return NT_STATUS_NO_MEMORY;
- }
+ q.in.handle = NULL;
+ q.in.num_names = r->in.num_names;
+ q.in.names = r->in.names;
+ q.in.level = r->in.level;
+ q.in.unknown1 = r->in.unknown1;
+ q.in.unknown2 = r->in.unknown2;
+ q.in.sids = r->in.sids;
+ q.in.count = r->in.count;
- if (num_entries) {
- trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries);
- if (!trans_sids) {
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- trans_sids = NULL;
- }
+ q.out.domains = r->out.domains;
+ q.out.sids = r->out.sids;
+ q.out.count = r->out.count;
- /* set up the LSA Lookup SIDs response */
- become_root(); /* lookup_name can require root privs */
- r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries,
- names, flags, &mapped_count);
- unbecome_root();
-
- if (NT_STATUS_IS_OK(r_u->status)) {
- if (mapped_count == 0) {
- r_u->status = NT_STATUS_NONE_MAPPED;
- } else if (mapped_count != num_entries) {
- r_u->status = STATUS_SOME_UNMAPPED;
- }
- }
-
- init_reply_lookup_names4(r_u, ref, num_entries, trans_sids, mapped_count);
- return r_u->status;
+ return _lsa_LookupNames3(p, &q);
}
/***************************************************************************
@@ -1394,86 +1260,94 @@ NTSTATUS _lsa_SetSecret(pipes_struct *p, struct lsa_SetSecret *r)
}
/***************************************************************************
+ _lsa_DeleteObject
***************************************************************************/
-NTSTATUS _lsa_delete_object(pipes_struct *p, LSA_Q_DELETE_OBJECT *q_u, LSA_R_DELETE_OBJECT *r_u)
+NTSTATUS _lsa_DeleteObject(pipes_struct *p,
+ struct lsa_DeleteObject *r)
{
return NT_STATUS_ACCESS_DENIED;
}
/***************************************************************************
-_lsa_enum_privs.
+ _lsa_EnumPrivs
***************************************************************************/
-NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIVS *r_u)
+NTSTATUS _lsa_EnumPrivs(pipes_struct *p,
+ struct lsa_EnumPrivs *r)
{
struct lsa_info *handle;
uint32 i;
- uint32 enum_context = q_u->enum_context;
+ uint32 enum_context = *r->in.resume_handle;
int num_privs = count_all_privileges();
- LSA_PRIV_ENTRY *entries = NULL;
+ struct lsa_PrivEntry *entries = NULL;
LUID_ATTR luid;
/* remember that the enum_context starts at 0 and not 1 */
if ( enum_context >= num_privs )
return NT_STATUS_NO_MORE_ENTRIES;
-
- DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n",
+
+ DEBUG(10,("_lsa_EnumPrivs: enum_context:%d total entries:%d\n",
enum_context, num_privs));
-
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
/* check if the user have enough rights
I don't know if it's the right one. not documented. */
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
if (num_privs) {
- if ( !(entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, num_privs )) )
+ entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_PrivEntry, num_privs);
+ if (!entries) {
return NT_STATUS_NO_MEMORY;
+ }
} else {
entries = NULL;
}
for (i = 0; i < num_privs; i++) {
if( i < enum_context) {
- init_unistr2(&entries[i].name, NULL, UNI_FLAGS_NONE);
- init_uni_hdr(&entries[i].hdr_name, &entries[i].name);
-
- entries[i].luid_low = 0;
- entries[i].luid_high = 0;
+
+ init_lsa_StringLarge(&entries[i].name, NULL);
+
+ entries[i].luid.low = 0;
+ entries[i].luid.high = 0;
} else {
- init_unistr2(&entries[i].name, privs[i].name, UNI_FLAGS_NONE);
- init_uni_hdr(&entries[i].hdr_name, &entries[i].name);
-
+
+ init_lsa_StringLarge(&entries[i].name, privs[i].name);
+
luid = get_privilege_luid( &privs[i].se_priv );
-
- entries[i].luid_low = luid.luid.low;
- entries[i].luid_high = luid.luid.high;
+
+ entries[i].luid.low = luid.luid.low;
+ entries[i].luid.high = luid.luid.high;
}
}
enum_context = num_privs;
-
- init_lsa_r_enum_privs(r_u, enum_context, num_privs, entries);
+
+ *r->out.resume_handle = enum_context;
+ r->out.privs->count = num_privs;
+ r->out.privs->privs = entries;
return NT_STATUS_OK;
}
/***************************************************************************
-_lsa_priv_get_dispname.
+ _lsa_LookupPrivDisplayName
***************************************************************************/
-NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, LSA_R_PRIV_GET_DISPNAME *r_u)
+NTSTATUS _lsa_LookupPrivDisplayName(pipes_struct *p,
+ struct lsa_LookupPrivDisplayName *r)
{
struct lsa_info *handle;
- fstring name_asc;
const char *description;
+ struct lsa_StringLarge *lsa_name;
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
/* check if the user have enough rights */
@@ -1481,50 +1355,49 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
/*
* I don't know if it's the right one. not documented.
*/
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
- unistr2_to_ascii(name_asc, &q_u->name, sizeof(name_asc));
+ DEBUG(10,("_lsa_LookupPrivDisplayName: name = %s\n", r->in.name->string));
- DEBUG(10,("_lsa_priv_get_dispname: name = %s\n", name_asc));
+ description = get_privilege_dispname(r->in.name->string);
+ if (!description) {
+ DEBUG(10,("_lsa_LookupPrivDisplayName: doesn't exist\n"));
+ return NT_STATUS_NO_SUCH_PRIVILEGE;
+ }
- description = get_privilege_dispname( name_asc );
-
- if ( description ) {
- DEBUG(10,("_lsa_priv_get_dispname: display name = %s\n", description));
-
- init_unistr2(&r_u->desc, description, UNI_FLAGS_NONE);
- init_uni_hdr(&r_u->hdr_desc, &r_u->desc);
+ DEBUG(10,("_lsa_LookupPrivDisplayName: display name = %s\n", description));
- r_u->ptr_info = 0xdeadbeef;
- r_u->lang_id = q_u->lang_id;
-
- return NT_STATUS_OK;
- } else {
- DEBUG(10,("_lsa_priv_get_dispname: doesn't exist\n"));
-
- r_u->ptr_info = 0;
-
- return NT_STATUS_NO_SUCH_PRIVILEGE;
+ lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge);
+ if (!lsa_name) {
+ return NT_STATUS_NO_MEMORY;
}
+
+ init_lsa_StringLarge(lsa_name, description);
+
+ *r->out.returned_language_id = r->in.language_id;
+ *r->out.disp_name = lsa_name;
+
+ return NT_STATUS_OK;
}
/***************************************************************************
-_lsa_enum_accounts.
+ _lsa_EnumAccounts
***************************************************************************/
-NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u)
+NTSTATUS _lsa_EnumAccounts(pipes_struct *p,
+ struct lsa_EnumAccounts *r)
{
struct lsa_info *handle;
DOM_SID *sid_list;
int i, j, num_entries;
- LSA_SID_ENUM *sids=&r_u->sids;
- NTSTATUS ret;
+ NTSTATUS status;
+ struct lsa_SidPtr *sids = NULL;
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
sid_list = NULL;
@@ -1533,44 +1406,53 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU
/* The only way we can currently find out all the SIDs that have been
privileged is to scan all privileges */
- if (!NT_STATUS_IS_OK(ret = privilege_enumerate_accounts(&sid_list, &num_entries))) {
- return ret;
+ status = privilege_enumerate_accounts(&sid_list, &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (q_u->enum_context >= num_entries)
+ if (*r->in.resume_handle >= num_entries) {
return NT_STATUS_NO_MORE_ENTRIES;
+ }
- if (num_entries-q_u->enum_context) {
- sids->ptr_sid = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_entries-q_u->enum_context);
- sids->sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_entries-q_u->enum_context);
-
- if (sids->ptr_sid==NULL || sids->sid==NULL) {
+ if (num_entries - *r->in.resume_handle) {
+ sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_SidPtr,
+ num_entries - *r->in.resume_handle);
+ if (!sids) {
SAFE_FREE(sid_list);
return NT_STATUS_NO_MEMORY;
}
- for (i = q_u->enum_context, j = 0; i < num_entries; i++, j++) {
- init_dom_sid2(&(*sids).sid[j], &sid_list[i]);
- (*sids).ptr_sid[j] = 1;
+ for (i = *r->in.resume_handle, j = 0; i < num_entries; i++, j++) {
+ sids[j].sid = sid_dup_talloc(p->mem_ctx, &sid_list[i]);
+ if (!sids[j].sid) {
+ SAFE_FREE(sid_list);
+ return NT_STATUS_NO_MEMORY;
+ }
}
- } else {
- sids->ptr_sid = NULL;
- sids->sid = NULL;
}
talloc_free(sid_list);
- init_lsa_r_enum_accounts(r_u, num_entries);
+ *r->out.resume_handle = num_entries;
+ r->out.sids->num_sids = num_entries;
+ r->out.sids->sids = sids;
return NT_STATUS_OK;
}
+/***************************************************************************
+ _lsa_GetUserName
+ ***************************************************************************/
-NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u)
+NTSTATUS _lsa_GetUserName(pipes_struct *p,
+ struct lsa_GetUserName *r)
{
const char *username, *domname;
user_struct *vuser = get_valid_user_struct(p->vuid);
-
+ struct lsa_String *account_name = NULL;
+ struct lsa_String *authority_name = NULL;
+
if (vuser == NULL)
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
@@ -1588,33 +1470,38 @@ NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA
username = vuser->user.smb_name;
domname = vuser->user.domain;
}
-
- r_u->ptr_user_name = 1;
- init_unistr2(&r_u->uni2_user_name, username, UNI_STR_TERMINATE);
- init_uni_hdr(&r_u->hdr_user_name, &r_u->uni2_user_name);
- r_u->unk1 = 1;
-
- r_u->ptr_dom_name = 1;
- init_unistr2(&r_u->uni2_dom_name, domname, UNI_STR_TERMINATE);
- init_uni_hdr(&r_u->hdr_dom_name, &r_u->uni2_dom_name);
+ account_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_String);
+ if (!account_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
- r_u->status = NT_STATUS_OK;
-
- return r_u->status;
+ authority_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_String);
+ if (!authority_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ init_lsa_String(account_name, username);
+ init_lsa_String(authority_name, domname);
+
+ *r->out.account_name = account_name;
+ *r->out.authority_name = authority_name;
+
+ return NT_STATUS_OK;
}
/***************************************************************************
- Lsa Create Account
+ _lsa_CreateAccount
***************************************************************************/
-NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CREATEACCOUNT *r_u)
+NTSTATUS _lsa_CreateAccount(pipes_struct *p,
+ struct lsa_CreateAccount *r)
{
struct lsa_info *handle;
struct lsa_info *info;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
/* check if the user have enough rights */
@@ -1623,29 +1510,29 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR
* I don't know if it's the right one. not documented.
* but guessed with rpcclient.
*/
- if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+ if (!(handle->access & LSA_POLICY_GET_PRIVATE_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
- /* check to see if the pipe_user is a Domain Admin since
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
-
- if ( is_privileged_sid( &q_u->sid.sid ) )
+
+ if ( is_privileged_sid( r->in.sid ) )
return NT_STATUS_OBJECT_NAME_COLLISION;
/* associate the user/group SID with the (unique) handle. */
-
+
if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
- info->sid = q_u->sid.sid;
- info->access = q_u->access;
+ info->sid = *r->in.sid;
+ info->access = r->in.access_mask;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.acct_handle, free_lsa_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return privilege_create_account( &info->sid );
@@ -1653,16 +1540,17 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR
/***************************************************************************
- Lsa Open Account
+ _lsa_OpenAccount
***************************************************************************/
-NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u)
+NTSTATUS _lsa_OpenAccount(pipes_struct *p,
+ struct lsa_OpenAccount *r)
{
struct lsa_info *handle;
struct lsa_info *info;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
/* check if the user have enough rights */
@@ -1671,7 +1559,7 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC
* I don't know if it's the right one. not documented.
* but guessed with rpcclient.
*/
- if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+ if (!(handle->access & LSA_POLICY_GET_PRIVATE_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
/* TODO: Fis the parsing routine before reenabling this check! */
@@ -1684,62 +1572,94 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC
return NT_STATUS_NO_MEMORY;
ZERO_STRUCTP(info);
- info->sid = q_u->sid.sid;
- info->access = q_u->access;
+ info->sid = *r->in.sid;
+ info->access = r->in.access_mask;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.acct_handle, free_lsa_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_OK;
}
/***************************************************************************
+ _lsa_EnumPrivsAccount
For a given SID, enumerate all the privilege this account has.
***************************************************************************/
-NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u)
+NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p,
+ struct lsa_EnumPrivsAccount *r)
{
+ NTSTATUS status = NT_STATUS_OK;
struct lsa_info *info=NULL;
SE_PRIV mask;
PRIVILEGE_SET privileges;
+ struct lsa_PrivilegeSet *priv_set = NULL;
+ struct lsa_LUIDAttribute *luid_attrs = NULL;
+ int i;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) )
+ if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) )
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
privilege_set_init( &privileges );
if ( se_priv_to_privilege_set( &privileges, &mask ) ) {
- DEBUG(10,("_lsa_enum_privsaccount: %s has %d privileges\n",
+ DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
sid_string_dbg(&info->sid),
privileges.count));
- r_u->status = init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, privileges.set, privileges.count, 0);
+ priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);
+ if (!priv_set) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ luid_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx,
+ struct lsa_LUIDAttribute,
+ privileges.count);
+ if (!luid_attrs) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ for (i=0; i<privileges.count; i++) {
+ luid_attrs[i].luid.low = privileges.set[i].luid.low;
+ luid_attrs[i].luid.high = privileges.set[i].luid.high;
+ luid_attrs[i].attribute = privileges.set[i].attr;
+ }
+
+ priv_set->count = privileges.count;
+ priv_set->unknown = 0;
+ priv_set->set = luid_attrs;
+
+ *r->out.privs = priv_set;
+ } else {
+ status = NT_STATUS_NO_SUCH_PRIVILEGE;
}
- else
- r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
+ done:
privilege_set_free( &privileges );
- return r_u->status;
+ return status;
}
/***************************************************************************
-
+ _lsa_GetSystemAccessAccount
***************************************************************************/
-NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u)
+NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p,
+ struct lsa_GetSystemAccessAccount *r)
{
struct lsa_info *info=NULL;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL))
@@ -1750,11 +1670,11 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
0x02 -> Access this computer from network
0x04 -> Log on as a batch job
0x10 -> Log on as a service
-
+
they can be ORed together
*/
- r_u->access = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
+ *r->out.access_mask = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
return NT_STATUS_OK;
}
@@ -1763,19 +1683,19 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
update the systemaccount information
***************************************************************************/
-NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA_R_SETSYSTEMACCOUNT *r_u)
+NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p,
+ struct lsa_SetSystemAccessAccount *r)
{
struct lsa_info *info=NULL;
GROUP_MAP map;
- r_u->status = NT_STATUS_OK;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- /* check to see if the pipe_user is a Domain Admin since
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
return NT_STATUS_ACCESS_DENIED;
@@ -1786,35 +1706,36 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
}
/***************************************************************************
+ _lsa_AddPrivilegesToAccount
For a given SID, add some privileges.
***************************************************************************/
-NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
+NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p,
+ struct lsa_AddPrivilegesToAccount *r)
{
struct lsa_info *info = NULL;
SE_PRIV mask;
- PRIVILEGE_SET *set = NULL;
+ struct lsa_PrivilegeSet *set = NULL;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- /* check to see if the pipe_user is root or a Domain Admin since
+
+ /* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
- if ( p->pipe_user.ut.uid != sec_initial_uid()
+
+ if ( p->pipe_user.ut.uid != sec_initial_uid()
&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
- set = &q_u->set;
-
+ set = r->in.privs;
if ( !privilege_set_to_se_priv( &mask, set ) )
return NT_STATUS_NO_SUCH_PRIVILEGE;
if ( !grant_privilege( &info->sid, &mask ) ) {
- DEBUG(3,("_lsa_addprivs: grant_privilege(%s) failed!\n",
+ DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege(%s) failed!\n",
sid_string_dbg(&info->sid) ));
DEBUG(3,("Privilege mask:\n"));
dump_se_priv( DBGC_ALL, 3, &mask );
@@ -1825,35 +1746,37 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
}
/***************************************************************************
+ _lsa_RemovePrivilegesFromAccount
For a given SID, remove some privileges.
***************************************************************************/
-NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
+NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p,
+ struct lsa_RemovePrivilegesFromAccount *r)
{
struct lsa_info *info = NULL;
SE_PRIV mask;
- PRIVILEGE_SET *set = NULL;
+ struct lsa_PrivilegeSet *set = NULL;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- /* check to see if the pipe_user is root or a Domain Admin since
+ /* check to see if the pipe_user is root or a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
- set = &q_u->set;
+ set = r->in.privs;
if ( !privilege_set_to_se_priv( &mask, set ) )
return NT_STATUS_NO_SUCH_PRIVILEGE;
if ( !revoke_privilege( &info->sid, &mask ) ) {
- DEBUG(3,("_lsa_removeprivs: revoke_privilege(%s) failed!\n",
+ DEBUG(3,("_lsa_RemovePrivilegesFromAccount: revoke_privilege(%s) failed!\n",
sid_string_dbg(&info->sid) ));
DEBUG(3,("Privilege mask:\n"));
dump_se_priv( DBGC_ALL, 3, &mask );
@@ -1864,28 +1787,27 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
}
/***************************************************************************
- For a given SID, remove some privileges.
+ _lsa_QuerySecurity
***************************************************************************/
-NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUERY_SEC_OBJ *r_u)
+NTSTATUS _lsa_QuerySecurity(pipes_struct *p,
+ struct lsa_QuerySecurity *r)
{
struct lsa_info *handle=NULL;
SEC_DESC *psd = NULL;
size_t sd_size;
NTSTATUS status;
- r_u->status = NT_STATUS_OK;
-
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
return NT_STATUS_INVALID_HANDLE;
/* check if the user have enough rights */
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
- switch (q_u->sec_info) {
+ switch (r->in.sec_info) {
case 1:
/* SD contains only the owner */
@@ -1894,7 +1816,7 @@ NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUER
return NT_STATUS_NO_MEMORY;
- if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+ if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
return NT_STATUS_NO_MEMORY;
break;
case 4:
@@ -1904,16 +1826,14 @@ NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUER
if(!NT_STATUS_IS_OK(status))
return NT_STATUS_NO_MEMORY;
- if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+ if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
return NT_STATUS_NO_MEMORY;
break;
default:
return NT_STATUS_INVALID_LEVEL;
}
- r_u->ptr=1;
-
- return r_u->status;
+ return status;
}
#if 0 /* AD DC work in ongoing in Samba 4 */
@@ -1921,7 +1841,7 @@ NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUER
/***************************************************************************
***************************************************************************/
-NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_INFO2 *r_u)
+ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_INFO2 *r_u)
{
struct lsa_info *handle;
const char *nb_name;
@@ -1940,7 +1860,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
switch (q_u->info_class) {
case 0x0c:
/* check if the user have enough rights */
- if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+ if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
/* Request PolicyPrimaryDomainInformation. */
@@ -1966,7 +1886,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
default:
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
- init_dns_dom_info(&r_u->info.dns_dom_info, nb_name, dns_name,
+ init_dns_dom_info(&r_u->info.dns_dom_info, nb_name, dns_name,
forest_name,&guid,sid);
break;
default:
@@ -1985,54 +1905,46 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
#endif /* AD DC work in ongoing in Samba 4 */
/***************************************************************************
+ _lsa_AddAccountRights
***************************************************************************/
-NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u)
+NTSTATUS _lsa_AddAccountRights(pipes_struct *p,
+ struct lsa_AddAccountRights *r)
{
struct lsa_info *info = NULL;
int i = 0;
DOM_SID sid;
- fstring privname;
- UNISTR4_ARRAY *uni_privnames = q_u->rights;
-
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- /* check to see if the pipe_user is a Domain Admin since
+
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( p->pipe_user.ut.uid != sec_initial_uid()
- && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
+ && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
/* according to an NT4 PDC, you can add privileges to SIDs even without
call_lsa_create_account() first. And you can use any arbitrary SID. */
-
- sid_copy( &sid, &q_u->sid.sid );
-
- /* just a little sanity check */
-
- if ( q_u->count != uni_privnames->count ) {
- DEBUG(0,("_lsa_add_acct_rights: count != number of UNISTR2 elements!\n"));
- return NT_STATUS_INVALID_HANDLE;
- }
-
- for ( i=0; i<q_u->count; i++ ) {
- UNISTR4 *uni4_str = &uni_privnames->strings[i];
+
+ sid_copy( &sid, r->in.sid );
+
+ for ( i=0; i < r->in.rights->count; i++ ) {
+
+ const char *privname = r->in.rights->names[i].string;
/* only try to add non-null strings */
- if ( !uni4_str->string )
+ if ( !privname )
continue;
- rpcstr_pull( privname, uni4_str->string->buffer, sizeof(privname), -1, STR_TERMINATE );
-
if ( !grant_privilege_by_name( &sid, privname ) ) {
- DEBUG(2,("_lsa_add_acct_rights: Failed to add privilege [%s]\n", privname ));
+ DEBUG(2,("_lsa_AddAccountRights: Failed to add privilege [%s]\n",
+ privname ));
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
}
@@ -2041,58 +1953,51 @@ NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R
}
/***************************************************************************
+ _lsa_RemoveAccountRights
***************************************************************************/
-NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u)
+NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p,
+ struct lsa_RemoveAccountRights *r)
{
struct lsa_info *info = NULL;
int i = 0;
DOM_SID sid;
- fstring privname;
- UNISTR4_ARRAY *uni_privnames = q_u->rights;
-
+ const char *privname = NULL;
/* find the connection policy handle. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- /* check to see if the pipe_user is a Domain Admin since
+
+ /* check to see if the pipe_user is a Domain Admin since
account_pol.tdb was already opened as root, this is all we have */
-
+
if ( p->pipe_user.ut.uid != sec_initial_uid()
&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
{
return NT_STATUS_ACCESS_DENIED;
}
- sid_copy( &sid, &q_u->sid.sid );
+ sid_copy( &sid, r->in.sid );
- if ( q_u->removeall ) {
- if ( !revoke_all_privileges( &sid ) )
+ if ( r->in.remove_all ) {
+ if ( !revoke_all_privileges( &sid ) )
return NT_STATUS_ACCESS_DENIED;
-
+
return NT_STATUS_OK;
}
-
- /* just a little sanity check */
-
- if ( q_u->count != uni_privnames->count ) {
- DEBUG(0,("_lsa_add_acct_rights: count != number of UNISTR2 elements!\n"));
- return NT_STATUS_INVALID_HANDLE;
- }
-
- for ( i=0; i<q_u->count; i++ ) {
- UNISTR4 *uni4_str = &uni_privnames->strings[i];
+
+ for ( i=0; i < r->in.rights->count; i++ ) {
+
+ privname = r->in.rights->names[i].string;
/* only try to add non-null strings */
- if ( !uni4_str->string )
+ if ( !privname )
continue;
- rpcstr_pull( privname, uni4_str->string->buffer, sizeof(privname), -1, STR_TERMINATE );
-
if ( !revoke_privilege_by_name( &sid, privname ) ) {
- DEBUG(2,("_lsa_remove_acct_rights: Failed to revoke privilege [%s]\n", privname ));
+ DEBUG(2,("_lsa_RemoveAccountRights: Failed to revoke privilege [%s]\n",
+ privname ));
return NT_STATUS_NO_SUCH_PRIVILEGE;
}
}
@@ -2100,28 +2005,70 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
return NT_STATUS_OK;
}
+/*******************************************************************
+********************************************************************/
+
+static NTSTATUS init_lsa_right_set(TALLOC_CTX *mem_ctx,
+ struct lsa_RightSet *r,
+ PRIVILEGE_SET *privileges)
+{
+ uint32 i;
+ const char *privname;
+ const char **privname_array = NULL;
+ int num_priv = 0;
+
+ for (i=0; i<privileges->count; i++) {
+
+ privname = luid_to_privilege_name(&privileges->set[i].luid);
+ if (privname) {
+ if (!add_string_to_array(mem_ctx, privname,
+ &privname_array, &num_priv)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ }
+
+ if (num_priv) {
+
+ r->names = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_StringLarge,
+ num_priv);
+ if (!r->names) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<num_priv; i++) {
+ init_lsa_StringLarge(&r->names[i], privname_array[i]);
+ }
+
+ r->count = num_priv;
+ }
+
+ return NT_STATUS_OK;
+}
/***************************************************************************
+ _lsa_EnumAccountRights
***************************************************************************/
-NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
+NTSTATUS _lsa_EnumAccountRights(pipes_struct *p,
+ struct lsa_EnumAccountRights *r)
{
+ NTSTATUS status;
struct lsa_info *info = NULL;
DOM_SID sid;
PRIVILEGE_SET privileges;
SE_PRIV mask;
-
/* find the connection policy handle. */
-
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
+
/* according to an NT4 PDC, you can add privileges to SIDs even without
call_lsa_create_account() first. And you can use any arbitrary SID. */
-
- sid_copy( &sid, &q_u->sid.sid );
-
+
+ sid_copy( &sid, r->in.sid );
+
if ( !get_privileges_for_sids( &mask, &sid, 1 ) )
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
@@ -2129,37 +2076,38 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
if ( se_priv_to_privilege_set( &privileges, &mask ) ) {
- DEBUG(10,("_lsa_enum_acct_rights: %s has %d privileges\n",
+ DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n",
sid_string_dbg(&sid), privileges.count));
- r_u->status = init_r_enum_acct_rights( r_u, &privileges );
+ status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges);
+ } else {
+ status = NT_STATUS_NO_SUCH_PRIVILEGE;
}
- else
- r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
privilege_set_free( &privileges );
- return r_u->status;
+ return status;
}
-
/***************************************************************************
+ _lsa_LookupPrivValue
***************************************************************************/
-NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, LSA_R_LOOKUP_PRIV_VALUE *r_u)
+NTSTATUS _lsa_LookupPrivValue(pipes_struct *p,
+ struct lsa_LookupPrivValue *r)
{
struct lsa_info *info = NULL;
- fstring name;
+ const char *name = NULL;
LUID_ATTR priv_luid;
SE_PRIV mask;
-
+
/* find the connection policy handle. */
-
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+
+ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- unistr2_to_ascii(name, &q_u->privname.unistring, sizeof(name));
-
+
+ name = r->in.name->string;
+
DEBUG(10,("_lsa_lookup_priv_value: name = %s\n", name));
if ( !se_priv_from_name( name, &mask ) )
@@ -2167,19 +2115,17 @@ NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, L
priv_luid = get_privilege_luid( &mask );
- r_u->luid.low = priv_luid.luid.low;
- r_u->luid.high = priv_luid.luid.high;
-
+ r->out.luid->low = priv_luid.luid.low;
+ r->out.luid->high = priv_luid.luid.high;
return NT_STATUS_OK;
}
-
/*
* From here on the server routines are just dummy ones to make smbd link with
* librpc/gen_ndr/srv_lsa.c. These routines are actually never called, we are
* pulling the server stubs across one by one.
- */
+ */
NTSTATUS _lsa_Delete(pipes_struct *p, struct lsa_Delete *r)
{
@@ -2187,18 +2133,6 @@ NTSTATUS _lsa_Delete(pipes_struct *p, struct lsa_Delete *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_EnumPrivs(pipes_struct *p, struct lsa_EnumPrivs *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_QuerySecurity(pipes_struct *p, struct lsa_QuerySecurity *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_SetSecObj(pipes_struct *p, struct lsa_SetSecObj *r)
{
p->rng_fault_state = True;
@@ -2211,18 +2145,6 @@ NTSTATUS _lsa_ChangePassword(pipes_struct *p, struct lsa_ChangePassword *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_OpenPolicy(pipes_struct *p, struct lsa_OpenPolicy *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p, struct lsa_QueryInfoPolicy *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_SetInfoPolicy(pipes_struct *p, struct lsa_SetInfoPolicy *r)
{
p->rng_fault_state = True;
@@ -2235,60 +2157,6 @@ NTSTATUS _lsa_ClearAuditLog(pipes_struct *p, struct lsa_ClearAuditLog *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_CreateAccount(pipes_struct *p, struct lsa_CreateAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_EnumAccounts(pipes_struct *p, struct lsa_EnumAccounts *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, struct lsa_EnumTrustDom *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupNames(pipes_struct *p, struct lsa_LookupNames *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupSids(pipes_struct *p, struct lsa_LookupSids *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_OpenAccount(pipes_struct *p, struct lsa_OpenAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, struct lsa_EnumPrivsAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p, struct lsa_AddPrivilegesToAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, struct lsa_RemovePrivilegesFromAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_GetQuotasForAccount(pipes_struct *p, struct lsa_GetQuotasForAccount *r)
{
p->rng_fault_state = True;
@@ -2301,18 +2169,6 @@ NTSTATUS _lsa_SetQuotasForAccount(pipes_struct *p, struct lsa_SetQuotasForAccoun
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p, struct lsa_GetSystemAccessAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, struct lsa_SetSystemAccessAccount *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_QueryTrustedDomainInfo(pipes_struct *p, struct lsa_QueryTrustedDomainInfo *r)
{
p->rng_fault_state = True;
@@ -2331,54 +2187,18 @@ NTSTATUS _lsa_QuerySecret(pipes_struct *p, struct lsa_QuerySecret *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupPrivValue(pipes_struct *p, struct lsa_LookupPrivValue *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_LookupPrivName(pipes_struct *p, struct lsa_LookupPrivName *r)
{
p->rng_fault_state = True;
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupPrivDisplayName(pipes_struct *p, struct lsa_LookupPrivDisplayName *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_DeleteObject(pipes_struct *p, struct lsa_DeleteObject *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, struct lsa_EnumAccountsWithUserRight *r)
{
p->rng_fault_state = True;
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_EnumAccountRights(pipes_struct *p, struct lsa_EnumAccountRights *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_AddAccountRights(pipes_struct *p, struct lsa_AddAccountRights *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, struct lsa_RemoveAccountRights *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_QueryTrustedDomainInfoBySid(pipes_struct *p, struct lsa_QueryTrustedDomainInfoBySid *r)
{
p->rng_fault_state = True;
@@ -2409,18 +2229,6 @@ NTSTATUS _lsa_RetrievePrivateData(pipes_struct *p, struct lsa_RetrievePrivateDat
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, struct lsa_OpenPolicy2 *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_GetUserName(pipes_struct *p, struct lsa_GetUserName *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_QueryInfoPolicy2(pipes_struct *p, struct lsa_QueryInfoPolicy2 *r)
{
p->rng_fault_state = True;
@@ -2487,18 +2295,6 @@ NTSTATUS _lsa_TestCall(pipes_struct *p, struct lsa_TestCall *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupSids2(pipes_struct *p, struct lsa_LookupSids2 *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupNames2(pipes_struct *p, struct lsa_LookupNames2 *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_CreateTrustedDomainEx2(pipes_struct *p, struct lsa_CreateTrustedDomainEx2 *r)
{
p->rng_fault_state = True;
@@ -2553,12 +2349,6 @@ NTSTATUS _lsa_CREDRPROFILELOADED(pipes_struct *p, struct lsa_CREDRPROFILELOADED
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupNames3(pipes_struct *p, struct lsa_LookupNames3 *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_CREDRGETSESSIONTYPES(pipes_struct *p, struct lsa_CREDRGETSESSIONTYPES *r)
{
p->rng_fault_state = True;
@@ -2583,7 +2373,7 @@ NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARUNREGISTE
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LSARQUERYFORESTTRUSTINFORMATION(pipes_struct *p, struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
+NTSTATUS _lsa_lsaRQueryForestTrustInformation(pipes_struct *p, struct lsa_lsaRQueryForestTrustInformation *r)
{
p->rng_fault_state = True;
return NT_STATUS_NOT_IMPLEMENTED;
@@ -2601,18 +2391,6 @@ NTSTATUS _lsa_CREDRRENAME(pipes_struct *p, struct lsa_CREDRRENAME *r)
return NT_STATUS_NOT_IMPLEMENTED;
}
-NTSTATUS _lsa_LookupSids3(pipes_struct *p, struct lsa_LookupSids3 *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupNames4(pipes_struct *p, struct lsa_LookupNames4 *r)
-{
- p->rng_fault_state = True;
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS _lsa_LSAROPENPOLICYSCE(pipes_struct *p, struct lsa_LSAROPENPOLICYSCE *r)
{
p->rng_fault_state = True;
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
deleted file mode 100644
index 6d9859a9ae..0000000000
--- a/source3/rpc_server/srv_netlog.c
+++ /dev/null
@@ -1,405 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-1997,
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- * Copyright (C) Paul Ashton 1997,
- * Copyright (C) Jeremy Allison 1998-2001,
- * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* This is the interface to the netlogon pipe. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/*************************************************************************
- api_net_req_chal:
- *************************************************************************/
-
-static bool api_net_req_chal(pipes_struct *p)
-{
- NET_Q_REQ_CHAL q_u;
- NET_R_REQ_CHAL r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the challenge... */
- if(!net_io_q_req_chal("", &q_u, data, 0)) {
- DEBUG(0,("api_net_req_chal: Failed to unmarshall NET_Q_REQ_CHAL.\n"));
- return False;
- }
-
- r_u.status = _net_req_chal(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_req_chal("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_req_chal: Failed to marshall NET_R_REQ_CHAL.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_auth:
- *************************************************************************/
-
-static bool api_net_auth(pipes_struct *p)
-{
- NET_Q_AUTH q_u;
- NET_R_AUTH r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the challenge... */
- if(!net_io_q_auth("", &q_u, data, 0)) {
- DEBUG(0,("api_net_auth: Failed to unmarshall NET_Q_AUTH.\n"));
- return False;
- }
-
- r_u.status = _net_auth(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_auth("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_auth: Failed to marshall NET_R_AUTH.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_auth_2:
- *************************************************************************/
-
-static bool api_net_auth_2(pipes_struct *p)
-{
- NET_Q_AUTH_2 q_u;
- NET_R_AUTH_2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the challenge... */
- if(!net_io_q_auth_2("", &q_u, data, 0)) {
- DEBUG(0,("api_net_auth_2: Failed to unmarshall NET_Q_AUTH_2.\n"));
- return False;
- }
-
- r_u.status = _net_auth_2(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_auth_2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_auth_2: Failed to marshall NET_R_AUTH_2.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_srv_pwset:
- *************************************************************************/
-
-static bool api_net_srv_pwset(pipes_struct *p)
-{
- NET_Q_SRV_PWSET q_u;
- NET_R_SRV_PWSET r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the challenge and encrypted password ... */
- if(!net_io_q_srv_pwset("", &q_u, data, 0)) {
- DEBUG(0,("api_net_srv_pwset: Failed to unmarshall NET_Q_SRV_PWSET.\n"));
- return False;
- }
-
- r_u.status = _net_srv_pwset(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_srv_pwset("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_srv_pwset: Failed to marshall NET_R_SRV_PWSET.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_sam_logoff:
- *************************************************************************/
-
-static bool api_net_sam_logoff(pipes_struct *p)
-{
- NET_Q_SAM_LOGOFF q_u;
- NET_R_SAM_LOGOFF r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!net_io_q_sam_logoff("", &q_u, data, 0)) {
- DEBUG(0,("api_net_sam_logoff: Failed to unmarshall NET_Q_SAM_LOGOFF.\n"));
- return False;
- }
-
- r_u.status = _net_sam_logoff(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_sam_logoff("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_sam_logoff: Failed to marshall NET_R_SAM_LOGOFF.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_sam_logon:
- *************************************************************************/
-
-static bool api_net_sam_logon(pipes_struct *p)
-{
- NET_Q_SAM_LOGON q_u;
- NET_R_SAM_LOGON r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!net_io_q_sam_logon("", &q_u, data, 0)) {
- DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n"));
- return False;
- }
-
- r_u.status = _net_sam_logon(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_sam_logon("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_trust_dom_list:
- *************************************************************************/
-
-static bool api_net_trust_dom_list(pipes_struct *p)
-{
- NET_Q_TRUST_DOM_LIST q_u;
- NET_R_TRUST_DOM_LIST r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the lsa trusted domain list query... */
- if(!net_io_q_trust_dom("", &q_u, data, 0)) {
- DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n"));
- return False;
- }
-
- /* construct reply. */
- r_u.status = _net_trust_dom_list(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_trust_dom("", &r_u, rdata, 0)) {
- DEBUG(0,("net_reply_trust_dom_list: Failed to marshall NET_R_TRUST_DOM_LIST.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_logon_ctrl2:
- *************************************************************************/
-
-static bool api_net_logon_ctrl2(pipes_struct *p)
-{
- NET_Q_LOGON_CTRL2 q_u;
- NET_R_LOGON_CTRL2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
-
- /* grab the lsa netlogon ctrl2 query... */
- if(!net_io_q_logon_ctrl2("", &q_u, data, 0)) {
- DEBUG(0,("api_net_logon_ctrl2: Failed to unmarshall NET_Q_LOGON_CTRL2.\n"));
- return False;
- }
-
- r_u.status = _net_logon_ctrl2(p, &q_u, &r_u);
-
- if(!net_io_r_logon_ctrl2("", &r_u, rdata, 0)) {
- DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_logon_ctrl:
- *************************************************************************/
-
-static bool api_net_logon_ctrl(pipes_struct *p)
-{
- NET_Q_LOGON_CTRL q_u;
- NET_R_LOGON_CTRL r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the lsa netlogon ctrl query... */
- if(!net_io_q_logon_ctrl("", &q_u, data, 0)) {
- DEBUG(0,("api_net_logon_ctrl: Failed to unmarshall NET_Q_LOGON_CTRL.\n"));
- return False;
- }
-
- r_u.status = _net_logon_ctrl(p, &q_u, &r_u);
-
- if(!net_io_r_logon_ctrl("", &r_u, rdata, 0)) {
- DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL.\n"));
- return False;
- }
-
- return True;
-}
-
-/*************************************************************************
- api_net_sam_logon_ex:
- *************************************************************************/
-
-static bool api_net_sam_logon_ex(pipes_struct *p)
-{
- NET_Q_SAM_LOGON_EX q_u;
- NET_R_SAM_LOGON_EX r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!net_io_q_sam_logon_ex("", &q_u, data, 0)) {
- DEBUG(0, ("api_net_sam_logon_ex: Failed to unmarshall NET_Q_SAM_LOGON_EX.\n"));
- return False;
- }
-
- r_u.status = _net_sam_logon_ex(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!net_io_r_sam_logon_ex("", &r_u, rdata, 0)) {
- DEBUG(0,("api_net_sam_logon_ex: Failed to marshall NET_R_SAM_LOGON_EX.\n"));
- return False;
- }
-
- return True;
-}
-
-
-/*************************************************************************
- api_ds_enum_dom_trusts:
- *************************************************************************/
-
-#if 0 /* JERRY */
-static bool api_ds_enum_dom_trusts(pipes_struct *p)
-{
- DS_Q_ENUM_DOM_TRUSTS q_u;
- DS_R_ENUM_DOM_TRUSTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- DEBUG(6,("api_ds_enum_dom_trusts\n"));
-
- if ( !ds_io_q_enum_domain_trusts("", data, 0, &q_u) ) {
- DEBUG(0,("api_ds_enum_domain_trusts: Failed to unmarshall DS_Q_ENUM_DOM_TRUSTS.\n"));
- return False;
- }
-
- r_u.status = _ds_enum_dom_trusts(p, &q_u, &r_u);
-
- if ( !ds_io_r_enum_domain_trusts("", rdata, 0, &r_u) ) {
- DEBUG(0,("api_ds_enum_domain_trusts: Failed to marshall DS_R_ENUM_DOM_TRUSTS.\n"));
- return False;
- }
-
- DEBUG(6,("api_ds_enum_dom_trusts\n"));
-
- return True;
-}
-#endif /* JERRY */
-
-/*******************************************************************
- array of \PIPE\NETLOGON operations
- ********************************************************************/
-static struct api_struct api_net_cmds [] =
- {
- { "NET_REQCHAL" , NET_REQCHAL , api_net_req_chal },
- { "NET_AUTH" , NET_AUTH , api_net_auth },
- { "NET_AUTH2" , NET_AUTH2 , api_net_auth_2 },
- { "NET_SRVPWSET" , NET_SRVPWSET , api_net_srv_pwset },
- { "NET_SAMLOGON" , NET_SAMLOGON , api_net_sam_logon },
- { "NET_SAMLOGOFF" , NET_SAMLOGOFF , api_net_sam_logoff },
- { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 },
- { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list },
- { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl },
- { "NET_SAMLOGON_EX" , NET_SAMLOGON_EX , api_net_sam_logon_ex },
-#if 0 /* JERRY */
- { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts }
-#endif /* JERRY */
- };
-
-void netlog_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
- *fns = api_net_cmds;
- *n_fns = sizeof(api_net_cmds) / sizeof(struct api_struct);
-}
-
-NTSTATUS rpc_net_init(void)
-{
- return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "NETLOGON", "lsass", api_net_cmds,
- sizeof(api_net_cmds) / sizeof(struct api_struct));
-}
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 218ce73444..5b26f55845 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1,4 +1,4 @@
-/*
+/*
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-1997,
@@ -6,17 +6,18 @@
* Copyright (C) Paul Ashton 1997.
* Copyright (C) Jeremy Allison 1998-2001.
* Copyright (C) Andrew Bartlett 2001.
+ * Copyright (C) Guenther Deschner 2008.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
@@ -34,38 +35,83 @@ extern userdom_struct current_user_info;
init_net_r_req_chal:
*************************************************************************/
-static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
- DOM_CHAL *srv_chal, NTSTATUS status)
+static void init_net_r_req_chal(struct netr_Credential *r,
+ struct netr_Credential *srv_chal)
{
DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
- memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
- r_c->status = status;
+
+ memcpy(r->data, srv_chal->data, sizeof(r->data));
}
-/*************************************************************************
- error messages cropping up when using nltest.exe...
- *************************************************************************/
+/*******************************************************************
+ Inits a netr_NETLOGON_INFO_1 structure.
+********************************************************************/
+
+static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
+ uint32_t flags,
+ uint32_t pdc_connection_status)
+{
+ r->flags = flags;
+ r->pdc_connection_status = pdc_connection_status;
+}
-#define ERROR_NO_SUCH_DOMAIN 0x54b
-#define ERROR_NO_LOGON_SERVERS 0x51f
-#define NO_ERROR 0x0
+/*******************************************************************
+ Inits a netr_NETLOGON_INFO_2 structure.
+********************************************************************/
+
+static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
+ uint32_t flags,
+ uint32_t pdc_connection_status,
+ const char *trusted_dc_name,
+ uint32_t tc_connection_status)
+{
+ r->flags = flags;
+ r->pdc_connection_status = pdc_connection_status;
+ r->trusted_dc_name = trusted_dc_name;
+ r->tc_connection_status = tc_connection_status;
+}
+
+/*******************************************************************
+ Inits a netr_NETLOGON_INFO_3 structure.
+********************************************************************/
+
+static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
+ uint32_t flags,
+ uint32_t logon_attempts)
+{
+ r->flags = flags;
+ r->logon_attempts = logon_attempts;
+}
/*************************************************************************
- net_reply_logon_ctrl:
+ _netr_LogonControl
*************************************************************************/
-NTSTATUS _net_logon_ctrl(pipes_struct *p, NET_Q_LOGON_CTRL *q_u,
- NET_R_LOGON_CTRL *r_u)
+WERROR _netr_LogonControl(pipes_struct *p,
+ struct netr_LogonControl *r)
{
- uint32 flags = 0x0;
- uint32 pdc_connection_status = 0x00; /* Maybe a win32 error code? */
-
+ struct netr_NETLOGON_INFO_1 *info1;
+ uint32_t flags = 0x0;
+ uint32_t pdc_connection_status = W_ERROR_V(WERR_OK);
+
/* Setup the Logon Control response */
- init_net_r_logon_ctrl(r_u, q_u->query_level, flags,
- pdc_connection_status);
+ switch (r->in.level) {
+ case 1:
+ info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
+ if (!info1) {
+ return WERR_NOMEM;
+ }
+ init_netlogon_info1(info1,
+ flags,
+ pdc_connection_status);
+ r->out.info->info1 = info1;
+ break;
+ default:
+ return WERR_UNKNOWN_LEVEL;
+ }
- return r_u->status;
+ return WERR_OK;
}
/****************************************************************************
@@ -80,129 +126,153 @@ static void send_sync_message(void)
}
/*************************************************************************
- net_reply_logon_ctrl2:
+ _netr_LogonControl2
*************************************************************************/
-NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTRL2 *r_u)
+WERROR _netr_LogonControl2(pipes_struct *p,
+ struct netr_LogonControl2 *r)
{
uint32 flags = 0x0;
uint32 pdc_connection_status = 0x0;
uint32 logon_attempts = 0x0;
uint32 tc_status;
- fstring servername, domain, dc_name, dc_name2;
+ fstring dc_name, dc_name2;
struct sockaddr_storage dc_ss;
+ const char *domain = NULL;
+ struct netr_NETLOGON_INFO_1 *info1;
+ struct netr_NETLOGON_INFO_2 *info2;
+ struct netr_NETLOGON_INFO_3 *info3;
- /* this should be \\global_myname() */
- unistr2_to_ascii(servername, &q_u->uni_server_name, sizeof(servername));
-
- r_u->status = NT_STATUS_OK;
-
- tc_status = ERROR_NO_SUCH_DOMAIN;
+ tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
fstrcpy( dc_name, "" );
-
- switch ( q_u->function_code ) {
+
+ switch (r->in.function_code) {
case NETLOGON_CONTROL_TC_QUERY:
- unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
-
+ domain = r->in.data->domain;
+
if ( !is_trusted_domain( domain ) )
break;
-
+
if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
- tc_status = ERROR_NO_LOGON_SERVERS;
+ tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
break;
}
fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
-
- tc_status = NO_ERROR;
-
+
+ tc_status = W_ERROR_V(WERR_OK);
+
break;
-
+
case NETLOGON_CONTROL_REDISCOVER:
- unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
-
+ domain = r->in.data->domain;
+
if ( !is_trusted_domain( domain ) )
break;
-
+
if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
- tc_status = ERROR_NO_LOGON_SERVERS;
+ tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
break;
}
fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
-
- tc_status = NO_ERROR;
-
+
+ tc_status = W_ERROR_V(WERR_OK);
+
break;
-
+
default:
/* no idea what this should be */
- DEBUG(0,("_net_logon_ctrl2: unimplemented function level [%d]\n",
- q_u->function_code));
+ DEBUG(0,("_netr_LogonControl2: unimplemented function level [%d]\n",
+ r->in.function_code));
+ return WERR_UNKNOWN_LEVEL;
}
-
+
/* prepare the response */
-
- init_net_r_logon_ctrl2( r_u, q_u->query_level, flags,
- pdc_connection_status, logon_attempts, tc_status, dc_name );
- if (lp_server_role() == ROLE_DOMAIN_BDC)
+ switch (r->in.level) {
+ case 1:
+ info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
+ W_ERROR_HAVE_NO_MEMORY(info1);
+
+ init_netlogon_info1(info1,
+ flags,
+ pdc_connection_status);
+ r->out.query->info1 = info1;
+ break;
+ case 2:
+ info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
+ W_ERROR_HAVE_NO_MEMORY(info2);
+
+ init_netlogon_info2(info2,
+ flags,
+ pdc_connection_status,
+ dc_name,
+ tc_status);
+ r->out.query->info2 = info2;
+ break;
+ case 3:
+ info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
+ W_ERROR_HAVE_NO_MEMORY(info3);
+
+ init_netlogon_info3(info3,
+ flags,
+ logon_attempts);
+ r->out.query->info3 = info3;
+ break;
+ default:
+ return WERR_UNKNOWN_LEVEL;
+ }
+
+ if (lp_server_role() == ROLE_DOMAIN_BDC) {
send_sync_message();
+ }
- return r_u->status;
+ return WERR_OK;
}
/*************************************************************************
- net_reply_trust_dom_list:
+ _netr_NetrEnumerateTrustedDomains
*************************************************************************/
-NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_TRUST_DOM_LIST *r_u)
+WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
+ struct netr_NetrEnumerateTrustedDomains *r)
{
- const char *trusted_domain = "test_domain";
- uint32 num_trust_domains = 1;
+ struct netr_Blob trusted_domains_blob;
+ DATA_BLOB blob;
- DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
+ DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
/* set up the Trusted Domain List response */
- init_r_trust_dom(r_u, num_trust_domains, trusted_domain);
-
- DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
-
- return r_u->status;
-}
-/***********************************************************************************
- init_net_r_srv_pwset:
- ***********************************************************************************/
+ blob = data_blob_talloc_zero(p->mem_ctx, 2);
+ trusted_domains_blob.data = blob.data;
+ trusted_domains_blob.length = blob.length;
-static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
- DOM_CRED *srv_cred, NTSTATUS status)
-{
- DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
+ DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
- memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred));
- r_s->status = status;
+ *r->out.trusted_domains_blob = trusted_domains_blob;
- DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
+ return WERR_OK;
}
/******************************************************************
gets a machine password entry. checks access rights of the host.
******************************************************************/
-static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
+static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, uint16 sec_chan_type)
{
struct samu *sampass = NULL;
const uint8 *pass;
bool ret;
uint32 acct_ctrl;
-
+
#if 0
char addr[INET6_ADDRSTRLEN];
/*
* Currently this code is redundent as we already have a filter
- * by hostname list. What this code really needs to do is to
+ * by hostname list. What this code really needs to do is to
* get a hosts allowed/hosts denied list from the SAM database
* on a per user basis, and make the access decision there.
* I will leave this code here for now as a reminder to implement
@@ -225,7 +295,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
become_root();
ret = pdb_getsampwnam(sampass, mach_acct);
unbecome_root();
-
+
if (!ret) {
DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
TALLOC_FREE(sampass);
@@ -241,7 +311,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
if (!(acct_ctrl & ACB_SVRTRUST) &&
!(acct_ctrl & ACB_WSTRUST) &&
- !(acct_ctrl & ACB_DOMTRUST))
+ !(acct_ctrl & ACB_DOMTRUST))
{
DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
TALLOC_FREE(sampass);
@@ -287,17 +357,18 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
dump_data(5, (uint8 *)md4pw, 16);
TALLOC_FREE(sampass);
-
+
return NT_STATUS_OK;
-
+
}
/*************************************************************************
- _net_req_chal
+ _netr_ServerReqChallenge
*************************************************************************/
-NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u)
+NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
+ struct netr_ServerReqChallenge *r)
{
if (!p->dc) {
p->dc = TALLOC_ZERO_P(p->pipe_state_mem_ctx, struct dcinfo);
@@ -305,65 +376,53 @@ NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u
return NT_STATUS_NO_MEMORY;
}
} else {
- DEBUG(10,("_net_req_chal: new challenge requested. Clearing old state.\n"));
+ DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
ZERO_STRUCTP(p->dc);
}
- rpcstr_pull(p->dc->remote_machine,
- q_u->uni_logon_clnt.buffer,
- sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
+ fstrcpy(p->dc->remote_machine, r->in.computer_name);
/* Save the client challenge to the server. */
- memcpy(p->dc->clnt_chal.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+ memcpy(p->dc->clnt_chal.data, r->in.credentials->data,
+ sizeof(r->in.credentials->data));
/* Create a server challenge for the client */
/* Set this to a random value. */
generate_random_buffer(p->dc->srv_chal.data, 8);
-
+
/* set up the LSA REQUEST CHALLENGE response */
- init_net_r_req_chal(r_u, &p->dc->srv_chal, NT_STATUS_OK);
-
+ init_net_r_req_chal(r->out.return_credentials, &p->dc->srv_chal);
+
p->dc->challenge_sent = True;
return NT_STATUS_OK;
}
/*************************************************************************
- init_net_r_auth:
+ _netr_ServerAuthenticate
+ Create the initial credentials.
*************************************************************************/
-static void init_net_r_auth(NET_R_AUTH *r_a, DOM_CHAL *resp_cred, NTSTATUS status)
-{
- memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
- r_a->status = status;
-}
-
-/*************************************************************************
- _net_auth. Create the initial credentials.
- *************************************************************************/
-
-NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
+NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
+ struct netr_ServerAuthenticate *r)
{
NTSTATUS status;
- fstring mach_acct;
- fstring remote_machine;
- DOM_CHAL srv_chal_out;
+ struct netr_Credential srv_chal_out;
if (!p->dc || !p->dc->challenge_sent) {
return NT_STATUS_ACCESS_DENIED;
}
- rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
- q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
- rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
- q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
-
- status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
+ status = get_md4pw((char *)p->dc->mach_pw,
+ r->in.account_name,
+ r->in.secure_channel_type);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("_net_auth: creds_server_check failed. Failed to "
+ DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to "
"get password for machine account %s "
"from client %s: %s\n",
- mach_acct, remote_machine, nt_errstr(status) ));
+ r->in.account_name,
+ r->in.computer_name,
+ nt_errstr(status) ));
/* always return NT_STATUS_ACCESS_DENIED */
return NT_STATUS_ACCESS_DENIED;
}
@@ -374,110 +433,101 @@ NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
&p->dc->clnt_chal, /* Stored client chal. */
&p->dc->srv_chal, /* Stored server chal. */
p->dc->mach_pw,
- &srv_chal_out);
+ &srv_chal_out);
/* Check client credentials are valid. */
- if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
- DEBUG(0,("_net_auth: creds_server_check failed. Rejecting auth "
+ if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
+ DEBUG(0,("_netr_ServerAuthenticate: netlogon_creds_server_check failed. Rejecting auth "
"request from client %s machine account %s\n",
- remote_machine, mach_acct ));
+ r->in.computer_name,
+ r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
- fstrcpy(p->dc->mach_acct, mach_acct);
- fstrcpy(p->dc->remote_machine, remote_machine);
+ fstrcpy(p->dc->mach_acct, r->in.account_name);
+ fstrcpy(p->dc->remote_machine, r->in.computer_name);
p->dc->authenticated = True;
/* set up the LSA AUTH response */
/* Return the server credentials. */
- init_net_r_auth(r_u, &srv_chal_out, NT_STATUS_OK);
- return r_u->status;
-}
+ memcpy(r->out.return_credentials->data, &srv_chal_out.data,
+ sizeof(r->out.return_credentials->data));
-/*************************************************************************
- init_net_r_auth_2:
- *************************************************************************/
-
-static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
- DOM_CHAL *resp_cred, NEG_FLAGS *flgs, NTSTATUS status)
-{
- memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
- memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
- r_a->status = status;
+ return NT_STATUS_OK;
}
/*************************************************************************
- _net_auth_2
+ _netr_ServerAuthenticate2
*************************************************************************/
-NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
+NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
+ struct netr_ServerAuthenticate2 *r)
{
NTSTATUS status;
- NEG_FLAGS srv_flgs;
- fstring mach_acct;
- fstring remote_machine;
- DOM_CHAL srv_chal_out;
-
- rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
- q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
+ uint32_t srv_flgs;
+ struct netr_Credential srv_chal_out;
- /* We use this as the key to store the creds. */
- rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
- q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
+ /* We use this as the key to store the creds: */
+ /* r->in.computer_name */
if (!p->dc || !p->dc->challenge_sent) {
- DEBUG(0,("_net_auth2: no challenge sent to client %s\n",
- remote_machine ));
+ DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n",
+ r->in.computer_name));
return NT_STATUS_ACCESS_DENIED;
}
- if ( (lp_server_schannel() == True) &&
- ((q_u->clnt_flgs.neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
+ if ( (lp_server_schannel() == true) &&
+ ((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
/* schannel must be used, but client did not offer it. */
- DEBUG(0,("_net_auth2: schannel required but client failed "
+ DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed "
"to offer it. Client was %s\n",
- mach_acct ));
+ r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
- status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
+ status = get_md4pw((char *)p->dc->mach_pw,
+ r->in.account_name,
+ r->in.secure_channel_type);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("_net_auth2: failed to get machine password for "
+ DEBUG(0,("_netr_ServerAuthenticate2: failed to get machine password for "
"account %s: %s\n",
- mach_acct, nt_errstr(status) ));
+ r->in.account_name, nt_errstr(status) ));
/* always return NT_STATUS_ACCESS_DENIED */
return NT_STATUS_ACCESS_DENIED;
}
/* From the client / server challenges and md4 password, generate sess key */
- creds_server_init(q_u->clnt_flgs.neg_flags,
+ creds_server_init(*r->in.negotiate_flags,
p->dc,
&p->dc->clnt_chal, /* Stored client chal. */
&p->dc->srv_chal, /* Stored server chal. */
p->dc->mach_pw,
- &srv_chal_out);
+ &srv_chal_out);
/* Check client credentials are valid. */
- if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
- DEBUG(0,("_net_auth2: creds_server_check failed. Rejecting auth "
+ if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
+ DEBUG(0,("_netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth "
"request from client %s machine account %s\n",
- remote_machine, mach_acct ));
+ r->in.computer_name,
+ r->in.account_name));
return NT_STATUS_ACCESS_DENIED;
}
- srv_flgs.neg_flags = 0x000001ff;
+ srv_flgs = 0x000001ff;
- if (lp_server_schannel() != False) {
- srv_flgs.neg_flags |= NETLOGON_NEG_SCHANNEL;
+ if (lp_server_schannel() != false) {
+ srv_flgs |= NETLOGON_NEG_SCHANNEL;
}
/* set up the LSA AUTH 2 response */
- init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK);
+ memcpy(r->out.return_credentials->data, &srv_chal_out.data,
+ sizeof(r->out.return_credentials->data));
+ *r->out.negotiate_flags = srv_flgs;
- fstrcpy(p->dc->mach_acct, mach_acct);
- fstrcpy(p->dc->remote_machine, remote_machine);
+ fstrcpy(p->dc->mach_acct, r->in.account_name);
+ fstrcpy(p->dc->remote_machine, r->in.computer_name);
fstrcpy(p->dc->domain, lp_workgroup() );
p->dc->authenticated = True;
@@ -485,39 +535,40 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
/* Store off the state so we can continue after client disconnect. */
become_root();
secrets_store_schannel_session_info(p->mem_ctx,
- remote_machine,
- p->dc);
+ r->in.computer_name,
+ p->dc);
unbecome_root();
- return r_u->status;
+ return NT_STATUS_OK;
}
/*************************************************************************
- _net_srv_pwset
+ _netr_ServerPasswordSet
*************************************************************************/
-NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u)
+NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
+ struct netr_ServerPasswordSet *r)
{
+ NTSTATUS status = NT_STATUS_OK;
fstring remote_machine;
struct samu *sampass=NULL;
bool ret = False;
unsigned char pwd[16];
int i;
uint32 acct_ctrl;
- DOM_CRED cred_out;
+ struct netr_Authenticator cred_out;
const uchar *old_pw;
- DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
+ DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
/* We need the remote machine name for the creds lookup. */
- rpcstr_pull(remote_machine,q_u->clnt_id.login.uni_comp_name.buffer,
- sizeof(remote_machine),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0);
+ fstrcpy(remote_machine, r->in.computer_name);
if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
/* 'server schannel = yes' should enforce use of
schannel, the client did offer it in auth2, but
obviously did not use it. */
- DEBUG(0,("_net_srv_pwset: client %s not using schannel for netlogon\n",
+ DEBUG(0,("_netr_ServerPasswordSet: client %s not using schannel for netlogon\n",
remote_machine ));
return NT_STATUS_ACCESS_DENIED;
}
@@ -538,12 +589,12 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
return NT_STATUS_INVALID_HANDLE;
}
- DEBUG(3,("_net_srv_pwset: Server Password Set by remote machine:[%s] on account [%s]\n",
+ DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
remote_machine, p->dc->mach_acct));
-
+
/* Step the creds chain forward. */
- if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
- DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
+ if (!netlogon_creds_server_step(p->dc, r->in.credential, &cred_out)) {
+ DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
remote_machine, p->dc->mach_acct ));
return NT_STATUS_INVALID_PARAMETER;
@@ -568,7 +619,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
}
/* Ensure the account exists and is a machine account. */
-
+
acct_ctrl = pdb_get_acct_ctrl(sampass);
if (!(acct_ctrl & ACB_WSTRUST ||
@@ -577,16 +628,16 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
TALLOC_FREE(sampass);
return NT_STATUS_NO_SUCH_USER;
}
-
+
if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
TALLOC_FREE(sampass);
return NT_STATUS_ACCOUNT_DISABLED;
}
/* Woah - what does this to to the credential chain ? JRA */
- cred_hash3( pwd, q_u->pwd, p->dc->sess_key, 0);
+ cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
- DEBUG(100,("Server password set : new given value was :\n"));
+ DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
for(i = 0; i < sizeof(pwd); i++)
DEBUG(100,("%02X ", pwd[i]));
DEBUG(100,("\n"));
@@ -594,7 +645,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
old_pw = pdb_get_nt_passwd(sampass);
if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
- /* Avoid backend modificiations and other fun if the
+ /* Avoid backend modificiations and other fun if the
client changed the password to the *same thing* */
ret = True;
@@ -605,43 +656,44 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
TALLOC_FREE(sampass);
return NT_STATUS_NO_MEMORY;
}
-
+
if (!pdb_set_nt_passwd(sampass, pwd, PDB_CHANGED)) {
TALLOC_FREE(sampass);
return NT_STATUS_NO_MEMORY;
}
-
+
if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
TALLOC_FREE(sampass);
/* Not quite sure what this one qualifies as, but this will do */
- return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_UNSUCCESSFUL;
}
-
+
become_root();
- r_u->status = pdb_update_sam_account(sampass);
+ status = pdb_update_sam_account(sampass);
unbecome_root();
}
/* set up the LSA Server Password Set response */
- init_net_r_srv_pwset(r_u, &cred_out, r_u->status);
+
+ memcpy(r->out.return_authenticator, &cred_out,
+ sizeof(r->out.return_authenticator));
TALLOC_FREE(sampass);
- return r_u->status;
+ return status;
}
/*************************************************************************
- _net_sam_logoff:
+ _netr_LogonSamLogoff
*************************************************************************/
-NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u)
+NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
+ struct netr_LogonSamLogoff *r)
{
- fstring remote_machine;
-
if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
/* 'server schannel = yes' should enforce use of
schannel, the client did offer it in auth2, but
obviously did not use it. */
- DEBUG(0,("_net_sam_logoff: client %s not using schannel for netlogon\n",
+ DEBUG(0,("_netr_LogonSamLogoff: client %s not using schannel for netlogon\n",
get_remote_machine_name() ));
return NT_STATUS_ACCESS_DENIED;
}
@@ -650,9 +702,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
if (!get_valid_user_struct(p->vuid))
return NT_STATUS_NO_SUCH_USER;
- /* Get the remote machine name for the creds store. */
- rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
- sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
+ /* Using the remote machine name for the creds store: */
+ /* r->in.computer_name */
if (!p->dc) {
/* Restore the saved state of the netlogon creds. */
@@ -660,8 +711,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
become_root();
ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
- remote_machine,
- &p->dc);
+ r->in.computer_name,
+ &p->dc);
unbecome_root();
if (!ret) {
return NT_STATUS_INVALID_HANDLE;
@@ -672,25 +723,22 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
return NT_STATUS_INVALID_HANDLE;
}
- r_u->buffer_creds = 1; /* yes, we have valid server credentials */
-
/* checks and updates credentials. creates reply credentials */
- if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
- DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
+ if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
+ DEBUG(2,("_netr_LogonSamLogoff: netlogon_creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
- remote_machine, p->dc->mach_acct ));
+ r->in.computer_name, p->dc->mach_acct ));
return NT_STATUS_INVALID_PARAMETER;
}
/* We must store the creds state after an update. */
become_root();
secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
- remote_machine,
- p->dc);
+ r->in.computer_name,
+ p->dc);
unbecome_root();
- r_u->status = NT_STATUS_OK;
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
@@ -701,7 +749,7 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
const DOM_SID *domain_sid,
size_t num_sids,
const DOM_SID *sids,
- int *numgroups, DOM_GID **pgids)
+ int *numgroups, DOM_GID **pgids)
{
int i;
@@ -724,53 +772,54 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
}
/*************************************************************************
- _net_sam_logon
+ _netr_LogonSamLogon
*************************************************************************/
-static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
- NET_Q_SAM_LOGON *q_u,
- NET_R_SAM_LOGON *r_u,
- bool process_creds)
+NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
+ struct netr_LogonSamLogon *r)
{
NTSTATUS status = NT_STATUS_OK;
- NET_USER_INFO_3 *usr_info = NULL;
- NET_ID_INFO_CTR *ctr = q_u->sam_id.ctr;
- UNISTR2 *uni_samlogon_user = NULL;
- UNISTR2 *uni_samlogon_domain = NULL;
- UNISTR2 *uni_samlogon_workstation = NULL;
+ struct netr_SamInfo3 *sam3 = NULL;
+ union netr_LogonLevel *logon = r->in.logon;
fstring nt_username, nt_domain, nt_workstation;
auth_usersupplied_info *user_info = NULL;
auth_serversupplied_info *server_info = NULL;
struct samu *sampw;
struct auth_context *auth_context = NULL;
-
+ bool process_creds = true;
+
+ switch (p->hdr_req.opnum) {
+ case NDR_NETR_LOGONSAMLOGON:
+ process_creds = true;
+ break;
+ case NDR_NETR_LOGONSAMLOGONEX:
+ default:
+ process_creds = false;
+ }
+
if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
/* 'server schannel = yes' should enforce use of
schannel, the client did offer it in auth2, but
obviously did not use it. */
- DEBUG(0,("_net_sam_logon_internal: client %s not using schannel for netlogon\n",
+ DEBUG(0,("_netr_LogonSamLogon: client %s not using schannel for netlogon\n",
get_remote_machine_name() ));
return NT_STATUS_ACCESS_DENIED;
}
- usr_info = TALLOC_P(p->mem_ctx, NET_USER_INFO_3);
- if (!usr_info) {
+ sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
+ if (!sam3) {
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(usr_info);
-
/* store the user information, if there is any. */
- r_u->user = usr_info;
- r_u->auth_resp = 1; /* authoritative response */
- if (q_u->validation_level != 2 && q_u->validation_level != 3) {
- DEBUG(0,("_net_sam_logon: bad validation_level value %d.\n", (int)q_u->validation_level ));
+ r->out.validation->sam3 = sam3;
+ *r->out.authoritative = true; /* authoritative response */
+ if (r->in.validation_level != 2 && r->in.validation_level != 3) {
+ DEBUG(0,("_netr_LogonSamLogon: bad validation_level value %d.\n",
+ (int)r->in.validation_level));
return NT_STATUS_ACCESS_DENIED;
}
- /* We handle the return of USER_INFO_2 instead of 3 in the parse return. Sucks, I know... */
- r_u->switch_value = q_u->validation_level; /* indicates type of validation user info */
- r_u->buffer_creds = 1; /* Ensure we always return server creds. */
-
+
if (!get_valid_user_struct(p->vuid))
return NT_STATUS_NO_SUCH_USER;
@@ -781,8 +830,8 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
/* Note this is the remote machine this request is coming from (member server),
not neccessarily the workstation name the user is logging onto.
*/
- rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
- sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
+
+ fstrcpy(remote_machine, r->in.computer_name);
if (!p->dc) {
/* Restore the saved state of the netlogon creds. */
@@ -803,8 +852,8 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
}
/* checks and updates credentials. creates reply credentials */
- if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
- DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth "
+ if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
+ DEBUG(2,("_netr_LogonSamLogon: creds_server_step failed. Rejecting auth "
"request from client %s machine account %s\n",
remote_machine, p->dc->mach_acct ));
return NT_STATUS_INVALID_PARAMETER;
@@ -818,20 +867,25 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
unbecome_root();
}
- switch (q_u->sam_id.logon_level) {
+ switch (r->in.logon_level) {
case INTERACTIVE_LOGON_TYPE:
- uni_samlogon_user = &ctr->auth.id1.uni_user_name;
- uni_samlogon_domain = &ctr->auth.id1.uni_domain_name;
+ fstrcpy(nt_username,
+ logon->password->identity_info.account_name.string);
+ fstrcpy(nt_domain,
+ logon->password->identity_info.domain_name.string);
+ fstrcpy(nt_workstation,
+ logon->password->identity_info.workstation.string);
- uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name;
-
DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup()));
break;
case NET_LOGON_TYPE:
- uni_samlogon_user = &ctr->auth.id2.uni_user_name;
- uni_samlogon_domain = &ctr->auth.id2.uni_domain_name;
- uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name;
-
+ fstrcpy(nt_username,
+ logon->network->identity_info.account_name.string);
+ fstrcpy(nt_domain,
+ logon->network->identity_info.domain_name.string);
+ fstrcpy(nt_workstation,
+ logon->network->identity_info.workstation.string);
+
DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup()));
break;
default:
@@ -839,24 +893,23 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
return NT_STATUS_INVALID_INFO_CLASS;
} /* end switch */
- rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0);
- rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0);
- rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0);
-
DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
fstrcpy(current_user_info.smb_name, nt_username);
sub_set_smb_name(nt_username);
-
- DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username));
+
+ DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
+ r->in.validation_level, nt_username));
status = NT_STATUS_OK;
-
- switch (ctr->switch_value) {
+
+ switch (r->in.logon_level) {
case NET_LOGON_TYPE:
{
const char *wksname = nt_workstation;
-
- if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) {
+
+ status = make_auth_context_fixed(&auth_context,
+ logon->network->challenge);
+ if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -867,16 +920,16 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
if (*wksname == '\\') wksname++;
/* Standard challenge/response authenticaion */
- if (!make_user_info_netlogon_network(&user_info,
- nt_username, nt_domain,
+ if (!make_user_info_netlogon_network(&user_info,
+ nt_username, nt_domain,
wksname,
- ctr->auth.id2.param_ctrl,
- ctr->auth.id2.lm_chal_resp.buffer,
- ctr->auth.id2.lm_chal_resp.str_str_len,
- ctr->auth.id2.nt_chal_resp.buffer,
- ctr->auth.id2.nt_chal_resp.str_str_len)) {
+ logon->network->identity_info.parameter_control,
+ logon->network->lm.data,
+ logon->network->lm.length,
+ logon->network->nt.data,
+ logon->network->nt.length)) {
status = NT_STATUS_NO_MEMORY;
- }
+ }
break;
}
case INTERACTIVE_LOGON_TYPE:
@@ -886,20 +939,20 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
on */
{
const uint8 *chal;
-
+
if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
return status;
}
-
+
chal = auth_context->get_ntlm_challenge(auth_context);
- if (!make_user_info_netlogon_interactive(&user_info,
- nt_username, nt_domain,
- nt_workstation,
- ctr->auth.id1.param_ctrl,
+ if (!make_user_info_netlogon_interactive(&user_info,
+ nt_username, nt_domain,
+ nt_workstation,
+ logon->password->identity_info.parameter_control,
chal,
- ctr->auth.id1.lm_owf.data,
- ctr->auth.id1.nt_owf.data,
+ logon->password->lmpassword.hash,
+ logon->password->ntpassword.hash,
p->dc->sess_key)) {
status = NT_STATUS_NO_MEMORY;
}
@@ -909,29 +962,29 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
DEBUG(2,("SAM Logon: unsupported switch value\n"));
return NT_STATUS_INVALID_INFO_CLASS;
} /* end switch */
-
+
if ( NT_STATUS_IS_OK(status) ) {
- status = auth_context->check_ntlm_password(auth_context,
+ status = auth_context->check_ntlm_password(auth_context,
user_info, &server_info);
}
- (auth_context->free)(&auth_context);
+ (auth_context->free)(&auth_context);
free_user_info(&user_info);
-
- DEBUG(5, ("_net_sam_logon: check_password returned status %s\n",
+
+ DEBUG(5,("_netr_LogonSamLogon: check_password returned status %s\n",
nt_errstr(status)));
/* Check account and password */
-
+
if (!NT_STATUS_IS_OK(status)) {
- /* If we don't know what this domain is, we need to
- indicate that we are not authoritative. This
- allows the client to decide if it needs to try
+ /* If we don't know what this domain is, we need to
+ indicate that we are not authoritative. This
+ allows the client to decide if it needs to try
a local user. Fix by jpjanosi@us.ibm.com, #2976 */
- if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
+ if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
&& !strequal(nt_domain, get_global_sam_name())
&& !is_trusted_domain(nt_domain) )
- r_u->auth_resp = 0; /* We are not authoritative */
+ *r->out.authoritative = false; /* We are not authoritative */
TALLOC_FREE(server_info);
return status;
@@ -939,7 +992,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
if (server_info->guest) {
/* We don't like guest domain logons... */
- DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST "
+ DEBUG(5,("_netr_LogonSamLogon: Attempted domain logon as GUEST "
"denied.\n"));
TALLOC_FREE(server_info);
return NT_STATUS_LOGON_FAILURE;
@@ -958,29 +1011,40 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
int num_gids = 0;
const char *my_name;
- unsigned char user_session_key[16];
- unsigned char lm_session_key[16];
+
+ struct netr_UserSessionKey user_session_key;
+ struct netr_LMSessionKey lm_session_key;
unsigned char pipe_session_key[16];
- sampw = server_info->sam_account;
+ NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
+ NTTIME allow_password_change, force_password_change;
+ struct samr_RidWithAttributeArray groups;
+ int i;
+ struct dom_sid2 *sid = NULL;
+
+ ZERO_STRUCT(user_session_key);
+ ZERO_STRUCT(lm_session_key);
- /* set up pointer indicating user/password failed to be
- * found */
- usr_info->ptr_user_info = 0;
+ sampw = server_info->sam_account;
user_sid = pdb_get_user_sid(sampw);
group_sid = pdb_get_group_sid(sampw);
if ((user_sid == NULL) || (group_sid == NULL)) {
- DEBUG(1, ("_net_sam_logon: User without group or user SID\n"));
+ DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
return NT_STATUS_UNSUCCESSFUL;
}
sid_copy(&domain_sid, user_sid);
sid_split_rid(&domain_sid, &user_rid);
+ sid = sid_dup_talloc(p->mem_ctx, &domain_sid);
+ if (!sid) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
- DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid "
+ DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
"%s\n but group sid %s.\n"
"The conflicting domain portions are not "
"supported for NETLOGON calls\n",
@@ -1007,9 +1071,9 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
}
if (server_info->user_session_key.length) {
- memcpy(user_session_key,
+ memcpy(user_session_key.key,
server_info->user_session_key.data,
- MIN(sizeof(user_session_key),
+ MIN(sizeof(user_session_key.key),
server_info->user_session_key.length));
if (process_creds) {
/* Get the pipe session key from the creds. */
@@ -1021,13 +1085,13 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
}
memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
}
- SamOEMhash(user_session_key, pipe_session_key, 16);
+ SamOEMhash(user_session_key.key, pipe_session_key, 16);
memset(pipe_session_key, '\0', 16);
}
if (server_info->lm_session_key.length) {
- memcpy(lm_session_key,
+ memcpy(lm_session_key.key,
server_info->lm_session_key.data,
- MIN(sizeof(lm_session_key),
+ MIN(sizeof(lm_session_key.key),
server_info->lm_session_key.length));
if (process_creds) {
/* Get the pipe session key from the creds. */
@@ -1039,36 +1103,56 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
}
memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
}
- SamOEMhash(lm_session_key, pipe_session_key, 16);
+ SamOEMhash(lm_session_key.key, pipe_session_key, 16);
memset(pipe_session_key, '\0', 16);
}
- init_net_user_info3(p->mem_ctx, usr_info,
- user_rid,
- group_rid,
- pdb_get_username(sampw),
- pdb_get_fullname(sampw),
- pdb_get_homedir(sampw),
- pdb_get_dir_drive(sampw),
- pdb_get_logon_script(sampw),
- pdb_get_profile_path(sampw),
- pdb_get_logon_time(sampw),
- get_time_t_max(),
- get_time_t_max(),
- pdb_get_pass_last_set_time(sampw),
- pdb_get_pass_can_change_time(sampw),
- pdb_get_pass_must_change_time(sampw),
- 0, /* logon_count */
- 0, /* bad_pw_count */
- num_gids, /* uint32 num_groups */
- gids , /* DOM_GID *gids */
- LOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
- pdb_get_acct_ctrl(sampw),
- server_info->user_session_key.length ? user_session_key : NULL,
- server_info->lm_session_key.length ? lm_session_key : NULL,
- my_name , /* char *logon_srv */
- pdb_get_domain(sampw),
- &domain_sid); /* DOM_SID *dom_sid */
+ groups.count = num_gids;
+ groups.rids = TALLOC_ARRAY(p->mem_ctx, struct samr_RidWithAttribute,
+ groups.count);
+ if (!groups.rids) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i < groups.count; i++) {
+ groups.rids[i].rid = gids[i].g_rid;
+ groups.rids[i].attributes = gids[i].attr;
+ }
+
+ unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
+ unix_to_nt_time(&last_logoff, get_time_t_max());
+ unix_to_nt_time(&acct_expiry, get_time_t_max());
+ unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
+ unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
+ unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
+
+ init_netr_SamInfo3(sam3,
+ last_logon,
+ last_logoff,
+ acct_expiry,
+ last_password_change,
+ allow_password_change,
+ force_password_change,
+ talloc_strdup(p->mem_ctx, pdb_get_username(sampw)),
+ talloc_strdup(p->mem_ctx, pdb_get_fullname(sampw)),
+ talloc_strdup(p->mem_ctx, pdb_get_logon_script(sampw)),
+ talloc_strdup(p->mem_ctx, pdb_get_profile_path(sampw)),
+ talloc_strdup(p->mem_ctx, pdb_get_homedir(sampw)),
+ talloc_strdup(p->mem_ctx, pdb_get_dir_drive(sampw)),
+ 0, /* logon_count */
+ 0, /* bad_password_count */
+ user_rid,
+ group_rid,
+ groups,
+ NETLOGON_EXTRA_SIDS,
+ user_session_key,
+ my_name,
+ talloc_strdup(p->mem_ctx, pdb_get_domain(sampw)),
+ sid,
+ lm_session_key,
+ pdb_get_acct_ctrl(sampw),
+ 0, /* sidcount */
+ NULL); /* struct netr_SidAttr *sids */
ZERO_STRUCT(user_session_key);
ZERO_STRUCT(lm_session_key);
}
@@ -1077,25 +1161,14 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
}
/*************************************************************************
- _net_sam_logon
+ _netr_LogonSamLogonEx
+ - no credential chaining. Map into net sam logon.
*************************************************************************/
-NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u)
+NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
+ struct netr_LogonSamLogonEx *r)
{
- return _net_sam_logon_internal(p, q_u, r_u, True);
-}
-
-/*************************************************************************
- _net_sam_logon_ex - no credential chaining. Map into net sam logon.
- *************************************************************************/
-
-NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u)
-{
- NET_Q_SAM_LOGON q;
- NET_R_SAM_LOGON r;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
+ struct netr_LogonSamLogon q;
/* Only allow this if the pipe is protected. */
if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
@@ -1104,43 +1177,409 @@ NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_L
return NT_STATUS_INVALID_PARAMETER;
}
- /* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */
- q.validation_level = q_u->validation_level;
-
- /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */
- q.sam_id.client.login = q_u->sam_id.client;
- q.sam_id.logon_level = q_u->sam_id.logon_level;
- q.sam_id.ctr = q_u->sam_id.ctr;
+ q.in.server_name = r->in.server_name;
+ q.in.computer_name = r->in.computer_name;
+ q.in.logon_level = r->in.logon_level;
+ q.in.logon = r->in.logon;
+ q.in.validation_level = r->in.validation_level;
+ /* we do not handle the flags */
+ /* = r->in.flags; */
- r_u->status = _net_sam_logon_internal(p, &q, &r, False);
-
- if (!NT_STATUS_IS_OK(r_u->status)) {
- return r_u->status;
- }
+ q.out.validation = r->out.validation;
+ q.out.authoritative = r->out.authoritative;
+ /* we do not handle the flags */
+ /* = r->out.flags; */
- /* Map the NET_R_SAM_LOGON to NET_R_SAM_LOGON_EX. */
- r_u->switch_value = r.switch_value;
- r_u->user = r.user;
- r_u->auth_resp = r.auth_resp;
- r_u->flags = 0; /* FIXME ! */
- return r_u->status;
+ return _netr_LogonSamLogon(p, &q);
}
/*************************************************************************
_ds_enum_dom_trusts
*************************************************************************/
#if 0 /* JERRY -- not correct */
-NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
+ NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
DS_R_ENUM_DOM_TRUSTS *r_u)
{
NTSTATUS status = NT_STATUS_OK;
- /* TODO: According to MSDN, the can only be executed against a
+ /* TODO: According to MSDN, the can only be executed against a
DC or domain member running Windows 2000 or later. Need
- to test against a standalone 2k server and see what it
- does. A windows 2000 DC includes its own domain in the
+ to test against a standalone 2k server and see what it
+ does. A windows 2000 DC includes its own domain in the
list. --jerry */
return status;
}
#endif /* JERRY */
+
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonUasLogon(pipes_struct *p,
+ struct netr_LogonUasLogon *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonUasLogoff(pipes_struct *p,
+ struct netr_LogonUasLogoff *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
+ struct netr_DatabaseDeltas *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseSync(pipes_struct *p,
+ struct netr_DatabaseSync *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_AccountDeltas(pipes_struct *p,
+ struct netr_AccountDeltas *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_AccountSync(pipes_struct *p,
+ struct netr_AccountSync *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_GetDcName(pipes_struct *p,
+ struct netr_GetDcName *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_GetAnyDCName(pipes_struct *p,
+ struct netr_GetAnyDCName *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
+ struct netr_DatabaseSync2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
+ struct netr_DatabaseRedo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonControl2Ex(pipes_struct *p,
+ struct netr_LogonControl2Ex *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetDCName(pipes_struct *p,
+ struct netr_DsRGetDCName *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p,
+ struct netr_NETRLOGONDUMMYROUTINE1 *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
+ struct netr_NETRLOGONSETSERVICEBITS *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonGetTrustRid(pipes_struct *p,
+ struct netr_LogonGetTrustRid *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
+ struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
+ struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
+ struct netr_ServerAuthenticate3 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
+ struct netr_DsRGetDCNameEx *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetSiteName(pipes_struct *p,
+ struct netr_DsRGetSiteName *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
+ struct netr_LogonGetDomainInfo *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
+ struct netr_ServerPasswordSet2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_ServerPasswordGet(pipes_struct *p,
+ struct netr_ServerPasswordGet *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
+ struct netr_NETRLOGONSENDTOSAM *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
+ struct netr_DsRAddressToSitenamesW *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
+ struct netr_DsRGetDCNameEx2 *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
+ struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
+ struct netr_NetrEnumerateTrustedDomainsEx *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
+ struct netr_DsRAddressToSitenamesExW *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
+ struct netr_DsrGetDcSiteCoverageW *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
+ struct netr_DsrEnumerateDomainTrusts *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
+ struct netr_DsrDeregisterDNSHostRecords *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
+ struct netr_ServerTrustPasswordsGet *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
+ struct netr_DsRGetForestTrustInformation *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_GetForestTrustInformation(pipes_struct *p,
+ struct netr_GetForestTrustInformation *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
+ struct netr_LogonSamLogonWithFlags *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p,
+ struct netr_NETRSERVERGETTRUSTINFO *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
diff --git a/source3/rpc_server/srv_ntsvcs.c b/source3/rpc_server/srv_ntsvcs.c
index b3e93ac459..12fffc3e96 100644
--- a/source3/rpc_server/srv_ntsvcs.c
+++ b/source3/rpc_server/srv_ntsvcs.c
@@ -25,49 +25,38 @@
/*******************************************************************
********************************************************************/
-static bool api_ntsvcs_get_version(pipes_struct *p)
+static bool proxy_ntsvcs_call(pipes_struct *p, uint8_t opnum)
{
- NTSVCS_Q_GET_VERSION q_u;
- NTSVCS_R_GET_VERSION r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
+ struct api_struct *fns;
+ int n_fns;
- if(!ntsvcs_io_q_get_version("", &q_u, data, 0))
- return False;
+ ntsvcs_get_pipe_fns(&fns, &n_fns);
- r_u.status = _ntsvcs_get_version(p, &q_u, &r_u);
+ if (opnum >= n_fns) {
+ return false;
+ }
- if(!ntsvcs_io_r_get_version("", &r_u, rdata, 0))
- return False;
+ if (fns[opnum].opnum != opnum) {
+ smb_panic("NTSVCS function table not sorted");
+ }
- return True;
+ return fns[opnum].fn(p);
}
/*******************************************************************
********************************************************************/
-static bool api_ntsvcs_get_device_list_size(pipes_struct *p)
+static bool api_ntsvcs_get_version(pipes_struct *p)
{
- NTSVCS_Q_GET_DEVICE_LIST_SIZE q_u;
- NTSVCS_R_GET_DEVICE_LIST_SIZE r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!ntsvcs_io_q_get_device_list_size("", &q_u, data, 0))
- return False;
-
- r_u.status = _ntsvcs_get_device_list_size(p, &q_u, &r_u);
+ return proxy_ntsvcs_call(p, NDR_PNP_GETVERSION);
+}
- if(!ntsvcs_io_r_get_device_list_size("", &r_u, rdata, 0))
- return False;
+/*******************************************************************
+ ********************************************************************/
- return True;
+static bool api_ntsvcs_get_device_list_size(pipes_struct *p)
+{
+ return proxy_ntsvcs_call(p, NDR_PNP_GETDEVICELISTSIZE);
}
/*******************************************************************
@@ -99,23 +88,7 @@ static bool api_ntsvcs_get_device_list(pipes_struct *p)
static bool api_ntsvcs_validate_device_instance(pipes_struct *p)
{
- NTSVCS_Q_VALIDATE_DEVICE_INSTANCE q_u;
- NTSVCS_R_VALIDATE_DEVICE_INSTANCE r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!ntsvcs_io_q_validate_device_instance("", &q_u, data, 0))
- return False;
-
- r_u.status = _ntsvcs_validate_device_instance(p, &q_u, &r_u);
-
- if(!ntsvcs_io_r_validate_device_instance("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_ntsvcs_call(p, NDR_PNP_VALIDATEDEVICEINSTANCE);
}
/*******************************************************************
@@ -147,23 +120,7 @@ static bool api_ntsvcs_get_device_reg_property(pipes_struct *p)
static bool api_ntsvcs_get_hw_profile_info(pipes_struct *p)
{
- NTSVCS_Q_GET_HW_PROFILE_INFO q_u;
- NTSVCS_R_GET_HW_PROFILE_INFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!ntsvcs_io_q_get_hw_profile_info("", &q_u, data, 0))
- return False;
-
- r_u.status = _ntsvcs_get_hw_profile_info(p, &q_u, &r_u);
-
- if(!ntsvcs_io_r_get_hw_profile_info("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_ntsvcs_call(p, NDR_PNP_GETHWPROFINFO);
}
/*******************************************************************
@@ -171,23 +128,7 @@ static bool api_ntsvcs_get_hw_profile_info(pipes_struct *p)
static bool api_ntsvcs_hw_profile_flags(pipes_struct *p)
{
- NTSVCS_Q_HW_PROFILE_FLAGS q_u;
- NTSVCS_R_HW_PROFILE_FLAGS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!ntsvcs_io_q_hw_profile_flags("", &q_u, data, 0))
- return False;
-
- r_u.status = _ntsvcs_hw_profile_flags(p, &q_u, &r_u);
-
- if(!ntsvcs_io_r_hw_profile_flags("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_ntsvcs_call(p, NDR_PNP_HWPROFFLAGS);
}
/*******************************************************************
@@ -206,13 +147,13 @@ static struct api_struct api_ntsvcs_cmds[] =
};
-void ntsvcs_get_pipe_fns( struct api_struct **fns, int *n_fns )
+void ntsvcs2_get_pipe_fns( struct api_struct **fns, int *n_fns )
{
*fns = api_ntsvcs_cmds;
*n_fns = sizeof(api_ntsvcs_cmds) / sizeof(struct api_struct);
}
-NTSTATUS rpc_ntsvcs_init(void)
+NTSTATUS rpc_ntsvcs2_init(void)
{
return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "ntsvcs", "ntsvcs", api_ntsvcs_cmds,
sizeof(api_ntsvcs_cmds) / sizeof(struct api_struct));
diff --git a/source3/rpc_server/srv_ntsvcs_nt.c b/source3/rpc_server/srv_ntsvcs_nt.c
index 16c74c5d6d..11ea5d0cd1 100644
--- a/source3/rpc_server/srv_ntsvcs_nt.c
+++ b/source3/rpc_server/srv_ntsvcs_nt.c
@@ -34,31 +34,31 @@ static char* get_device_path(TALLOC_CTX *mem_ctx, const char *device )
/********************************************************************
********************************************************************/
-WERROR _ntsvcs_get_version( pipes_struct *p, NTSVCS_Q_GET_VERSION *q_u, NTSVCS_R_GET_VERSION *r_u )
+WERROR _PNP_GetVersion(pipes_struct *p,
+ struct PNP_GetVersion *r)
{
- r_u->version = 0x00000400; /* no idea what this means */
-
+ *r->out.version = 0x0400; /* no idea what this means */
+
return WERR_OK;
}
/********************************************************************
********************************************************************/
-WERROR _ntsvcs_get_device_list_size( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST_SIZE *q_u, NTSVCS_R_GET_DEVICE_LIST_SIZE *r_u )
+WERROR _PNP_GetDeviceListSize(pipes_struct *p,
+ struct PNP_GetDeviceListSize *r)
{
- fstring device;
char *devicepath;
- if ( !q_u->devicename )
+ if (!r->in.devicename) {
return WERR_ACCESS_DENIED;
+ }
- rpcstr_pull(device, q_u->devicename->buffer, sizeof(device), q_u->devicename->uni_str_len*2, 0);
-
- if (!(devicepath = get_device_path(p->mem_ctx, device))) {
+ if (!(devicepath = get_device_path(p->mem_ctx, r->in.devicename))) {
return WERR_NOMEM;
}
- r_u->size = strlen(devicepath) + 2;
+ *r->out.size = strlen(devicepath) + 2;
TALLOC_FREE(devicepath);
@@ -143,7 +143,8 @@ WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG
/********************************************************************
********************************************************************/
-WERROR _ntsvcs_validate_device_instance( pipes_struct *p, NTSVCS_Q_VALIDATE_DEVICE_INSTANCE *q_u, NTSVCS_R_VALIDATE_DEVICE_INSTANCE *r_u )
+WERROR _PNP_ValidateDeviceInstance(pipes_struct *p,
+ struct PNP_ValidateDeviceInstance *r)
{
/* whatever dude */
return WERR_OK;
@@ -152,12 +153,12 @@ WERROR _ntsvcs_validate_device_instance( pipes_struct *p, NTSVCS_Q_VALIDATE_DEVI
/********************************************************************
********************************************************************/
-WERROR _ntsvcs_get_hw_profile_info( pipes_struct *p, NTSVCS_Q_GET_HW_PROFILE_INFO *q_u, NTSVCS_R_GET_HW_PROFILE_INFO *r_u )
+WERROR _PNP_GetHwProfInfo(pipes_struct *p,
+ struct PNP_GetHwProfInfo *r)
{
/* steal the incoming buffer */
- r_u->buffer_size = q_u->buffer_size;
- r_u->buffer = q_u->buffer;
+ r->out.info = r->in.info;
/* Take the 5th Ammentment */
@@ -167,10 +168,611 @@ WERROR _ntsvcs_get_hw_profile_info( pipes_struct *p, NTSVCS_Q_GET_HW_PROFILE_INF
/********************************************************************
********************************************************************/
-WERROR _ntsvcs_hw_profile_flags( pipes_struct *p, NTSVCS_Q_HW_PROFILE_FLAGS *q_u, NTSVCS_R_HW_PROFILE_FLAGS *r_u )
-{
+WERROR _PNP_HwProfFlags(pipes_struct *p,
+ struct PNP_HwProfFlags *r)
+{
/* just nod your head */
-
+
return WERR_OK;
}
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_Disconnect(pipes_struct *p,
+ struct PNP_Disconnect *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_Connect(pipes_struct *p,
+ struct PNP_Connect *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetGlobalState(pipes_struct *p,
+ struct PNP_GetGlobalState *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_InitDetection(pipes_struct *p,
+ struct PNP_InitDetection *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_ReportLogOn(pipes_struct *p,
+ struct PNP_ReportLogOn *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetRootDeviceInstance(pipes_struct *p,
+ struct PNP_GetRootDeviceInstance *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetRelatedDeviceInstance(pipes_struct *p,
+ struct PNP_GetRelatedDeviceInstance *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_EnumerateSubKeys(pipes_struct *p,
+ struct PNP_EnumerateSubKeys *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDeviceList(pipes_struct *p,
+ struct PNP_GetDeviceList *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDepth(pipes_struct *p,
+ struct PNP_GetDepth *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDeviceRegProp(pipes_struct *p,
+ struct PNP_GetDeviceRegProp *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetDeviceRegProp(pipes_struct *p,
+ struct PNP_SetDeviceRegProp *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassInstance(pipes_struct *p,
+ struct PNP_GetClassInstance *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_CreateKey(pipes_struct *p,
+ struct PNP_CreateKey *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DeleteRegistryKey(pipes_struct *p,
+ struct PNP_DeleteRegistryKey *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassCount(pipes_struct *p,
+ struct PNP_GetClassCount *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassName(pipes_struct *p,
+ struct PNP_GetClassName *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DeleteClassKey(pipes_struct *p,
+ struct PNP_DeleteClassKey *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetInterfaceDeviceAlias(pipes_struct *p,
+ struct PNP_GetInterfaceDeviceAlias *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetInterfaceDeviceList(pipes_struct *p,
+ struct PNP_GetInterfaceDeviceList *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetInterfaceDeviceListSize(pipes_struct *p,
+ struct PNP_GetInterfaceDeviceListSize *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RegisterDeviceClassAssociation(pipes_struct *p,
+ struct PNP_RegisterDeviceClassAssociation *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_UnregisterDeviceClassAssociation(pipes_struct *p,
+ struct PNP_UnregisterDeviceClassAssociation *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassRegProp(pipes_struct *p,
+ struct PNP_GetClassRegProp *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetClassRegProp(pipes_struct *p,
+ struct PNP_SetClassRegProp *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_CreateDevInst(pipes_struct *p,
+ struct PNP_CreateDevInst *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DeviceInstanceAction(pipes_struct *p,
+ struct PNP_DeviceInstanceAction *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDeviceStatus(pipes_struct *p,
+ struct PNP_GetDeviceStatus *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetDeviceProblem(pipes_struct *p,
+ struct PNP_SetDeviceProblem *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DisableDevInst(pipes_struct *p,
+ struct PNP_DisableDevInst *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_UninstallDevInst(pipes_struct *p,
+ struct PNP_UninstallDevInst *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_AddID(pipes_struct *p,
+ struct PNP_AddID *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RegisterDriver(pipes_struct *p,
+ struct PNP_RegisterDriver *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryRemove(pipes_struct *p,
+ struct PNP_QueryRemove *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RequestDeviceEject(pipes_struct *p,
+ struct PNP_RequestDeviceEject *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_IsDockStationPresent(pipes_struct *p,
+ struct PNP_IsDockStationPresent *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RequestEjectPC(pipes_struct *p,
+ struct PNP_RequestEjectPC *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_AddEmptyLogConf(pipes_struct *p,
+ struct PNP_AddEmptyLogConf *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_FreeLogConf(pipes_struct *p,
+ struct PNP_FreeLogConf *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetFirstLogConf(pipes_struct *p,
+ struct PNP_GetFirstLogConf *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetNextLogConf(pipes_struct *p,
+ struct PNP_GetNextLogConf *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetLogConfPriority(pipes_struct *p,
+ struct PNP_GetLogConfPriority *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_AddResDes(pipes_struct *p,
+ struct PNP_AddResDes *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_FreeResDes(pipes_struct *p,
+ struct PNP_FreeResDes *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetNextResDes(pipes_struct *p,
+ struct PNP_GetNextResDes *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetResDesData(pipes_struct *p,
+ struct PNP_GetResDesData *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetResDesDataSize(pipes_struct *p,
+ struct PNP_GetResDesDataSize *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_ModifyResDes(pipes_struct *p,
+ struct PNP_ModifyResDes *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DetectResourceLimit(pipes_struct *p,
+ struct PNP_DetectResourceLimit *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryResConfList(pipes_struct *p,
+ struct PNP_QueryResConfList *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetHwProf(pipes_struct *p,
+ struct PNP_SetHwProf *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryArbitratorFreeData(pipes_struct *p,
+ struct PNP_QueryArbitratorFreeData *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryArbitratorFreeSize(pipes_struct *p,
+ struct PNP_QueryArbitratorFreeSize *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RunDetection(pipes_struct *p,
+ struct PNP_RunDetection *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RegisterNotification(pipes_struct *p,
+ struct PNP_RegisterNotification *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_UnregisterNotification(pipes_struct *p,
+ struct PNP_UnregisterNotification *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetCustomDevProp(pipes_struct *p,
+ struct PNP_GetCustomDevProp *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetVersionInternal(pipes_struct *p,
+ struct PNP_GetVersionInternal *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetBlockedDriverInfo(pipes_struct *p,
+ struct PNP_GetBlockedDriverInfo *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetServerSideDeviceInstallFlags(pipes_struct *p,
+ struct PNP_GetServerSideDeviceInstallFlags *r)
+{
+ p->rng_fault_state = true;
+ return WERR_NOT_SUPPORTED;
+}
+
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 5ede0c93f4..19c8db0533 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -993,7 +993,7 @@ bool check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
/* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
for ( i=0; pipe_names[i].client_pipe; i++ ) {
- DEBUG(10,("checking %s\n", pipe_names[i].client_pipe));
+ DEBUGADD(10,("checking %s\n", pipe_names[i].client_pipe));
if ( strequal(pipe_names[i].client_pipe, pname)
&& (abstract->version == pipe_names[i].abstr_syntax.version)
&& (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct GUID)) == 0)
@@ -1105,7 +1105,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
char *OIDs[ASN1_MAX_OIDS];
int i;
NTSTATUS status;
- bool got_kerberos_mechanism = False;
+ bool got_kerberos_mechanism = false;
AUTH_NTLMSSP_STATE *a = NULL;
RPC_HDR_AUTH auth_info;
@@ -1133,7 +1133,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
}
if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 || strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) {
- got_kerberos_mechanism = True;
+ got_kerberos_mechanism = true;
}
for (i=0;OIDs[i];i++) {
@@ -1154,27 +1154,38 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
free_pipe_ntlmssp_auth_data(&p->auth);
}
- /* Initialize the NTLM engine. */
- status = auth_ntlmssp_start(&a);
- if (!NT_STATUS_IS_OK(status)) {
- goto err;
- }
+ if (!got_kerberos_mechanism) {
+ /* Initialize the NTLM engine. */
+ status = auth_ntlmssp_start(&a);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err;
+ }
- /*
- * Pass the first security blob of data to it.
- * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
- * which means we need another packet to complete the bind.
- */
+ /*
+ * Pass the first security blob of data to it.
+ * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
+ * which means we need another packet to complete the bind.
+ */
- status = auth_ntlmssp_update(a, secblob, &chal);
+ status = auth_ntlmssp_update(a, secblob, &chal);
- if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(3,("pipe_spnego_auth_bind_negotiate: auth_ntlmssp_update failed.\n"));
- goto err;
- }
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DEBUG(3,("pipe_spnego_auth_bind_negotiate: auth_ntlmssp_update failed.\n"));
+ goto err;
+ }
- /* Generate the response blob we need for step 2 of the bind. */
- response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP);
+ /* Generate the response blob we need for step 2 of the bind. */
+ response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP);
+ } else {
+ /*
+ * SPNEGO negotiate down to NTLMSSP. The subsequent
+ * code to process follow-up packets is not complete
+ * yet. JRA.
+ */
+ response = spnego_gen_auth_response(NULL,
+ NT_STATUS_MORE_PROCESSING_REQUIRED,
+ OID_NTLMSSP);
+ }
/* Copy the blob into the pout_auth parse struct */
init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
@@ -1231,6 +1242,10 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
ZERO_STRUCT(auth_reply);
ZERO_STRUCT(response);
+ /*
+ * NB. If we've negotiated down from krb5 to NTLMSSP we'll currently
+ * fail here as 'a' == NULL.
+ */
if (p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP || !a) {
DEBUG(0,("pipe_spnego_auth_bind_continue: not in NTLMSSP auth state.\n"));
goto err;
@@ -1259,7 +1274,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
* The following call actually checks the challenge/response data.
* for correctness against the given DOMAIN\user name.
*/
-
+
if (!pipe_ntlmssp_verify_final(p, &auth_blob)) {
goto err;
}
@@ -2361,16 +2376,16 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
switch ( idx ) {
case PI_LSARPC:
- lsa_get_pipe_fns( &cmds, &n_cmds );
+ lsarpc_get_pipe_fns( &cmds, &n_cmds );
break;
- case PI_LSARPC_DS:
- lsa_ds_get_pipe_fns( &cmds, &n_cmds );
+ case PI_DSSETUP:
+ dssetup_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_SAMR:
samr_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_NETLOGON:
- netlog_get_pipe_fns( &cmds, &n_cmds );
+ netlogon_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_SRVSVC:
srvsvc2_get_pipe_fns( &cmds, &n_cmds );
@@ -2394,7 +2409,7 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
eventlog2_get_pipe_fns( &cmds, &n_cmds );
break;
case PI_NTSVCS:
- ntsvcs_get_pipe_fns( &cmds, &n_cmds );
+ ntsvcs2_get_pipe_fns( &cmds, &n_cmds );
break;
#ifdef DEVELOPER
case PI_RPCECHO:
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
deleted file mode 100644
index a1deac083d..0000000000
--- a/source3/rpc_server/srv_samr.c
+++ /dev/null
@@ -1,1571 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-1997,
- * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- * Copyright (C) Paul Ashton 1997,
- * Copyright (C) Marc Jacobsen 1999,
- * Copyright (C) Jean François Micouleau 1998-2001,
- * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003.
- *
- * Split into interface and implementation modules by,
- *
- * Copyright (C) Jeremy Allison 2001.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * This is the interface to the SAMR code.
- */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/*******************************************************************
- api_samr_close_hnd
- ********************************************************************/
-
-static bool api_samr_close_hnd(pipes_struct *p)
-{
- SAMR_Q_CLOSE_HND q_u;
- SAMR_R_CLOSE_HND r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_close_hnd("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_close_hnd: unable to unmarshall SAMR_Q_CLOSE_HND.\n"));
- return False;
- }
-
- r_u.status = _samr_close_hnd(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_close_hnd("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_close_hnd: unable to marshall SAMR_R_CLOSE_HND.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_open_domain
- ********************************************************************/
-
-static bool api_samr_open_domain(pipes_struct *p)
-{
- SAMR_Q_OPEN_DOMAIN q_u;
- SAMR_R_OPEN_DOMAIN r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_open_domain("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_open_domain: unable to unmarshall SAMR_Q_OPEN_DOMAIN.\n"));
- return False;
- }
-
- r_u.status = _samr_open_domain(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_open_domain("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_open_domain: unable to marshall SAMR_R_OPEN_DOMAIN.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_get_usrdom_pwinfo
- ********************************************************************/
-
-static bool api_samr_get_usrdom_pwinfo(pipes_struct *p)
-{
- SAMR_Q_GET_USRDOM_PWINFO q_u;
- SAMR_R_GET_USRDOM_PWINFO r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to unmarshall SAMR_Q_GET_USRDOM_PWINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_get_usrdom_pwinfo(p, &q_u, &r_u);
-
- if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to marshall SAMR_R_GET_USRDOM_PWINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_set_sec_obj
- ********************************************************************/
-
-static bool api_samr_set_sec_obj(pipes_struct *p)
-{
- SAMR_Q_SET_SEC_OBJ q_u;
- SAMR_R_SET_SEC_OBJ r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_set_sec_obj("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_set_sec_obj: unable to unmarshall SAMR_Q_SET_SEC_OBJ.\n"));
- return False;
- }
-
- r_u.status = _samr_set_sec_obj(p, &q_u, &r_u);
-
- if(!samr_io_r_set_sec_obj("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_set_sec_obj: unable to marshall SAMR_R_SET_SEC_OBJ.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_sec_obj
- ********************************************************************/
-
-static bool api_samr_query_sec_obj(pipes_struct *p)
-{
- SAMR_Q_QUERY_SEC_OBJ q_u;
- SAMR_R_QUERY_SEC_OBJ r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_sec_obj: unable to unmarshall SAMR_Q_QUERY_SEC_OBJ.\n"));
- return False;
- }
-
- r_u.status = _samr_query_sec_obj(p, &q_u, &r_u);
-
- if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_sec_obj: unable to marshall SAMR_R_QUERY_SEC_OBJ.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_enum_dom_users
- ********************************************************************/
-
-static bool api_samr_enum_dom_users(pipes_struct *p)
-{
- SAMR_Q_ENUM_DOM_USERS q_u;
- SAMR_R_ENUM_DOM_USERS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open */
- if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_enum_dom_users: unable to unmarshall SAMR_Q_ENUM_DOM_USERS.\n"));
- return False;
- }
-
- r_u.status = _samr_enum_dom_users(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_enum_dom_users: unable to marshall SAMR_R_ENUM_DOM_USERS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_enum_dom_groups
- ********************************************************************/
-
-static bool api_samr_enum_dom_groups(pipes_struct *p)
-{
- SAMR_Q_ENUM_DOM_GROUPS q_u;
- SAMR_R_ENUM_DOM_GROUPS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open */
- if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_enum_dom_groups: unable to unmarshall SAMR_Q_ENUM_DOM_GROUPS.\n"));
- return False;
- }
-
- r_u.status = _samr_enum_dom_groups(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_enum_dom_groups: unable to marshall SAMR_R_ENUM_DOM_GROUPS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_enum_dom_aliases
- ********************************************************************/
-
-static bool api_samr_enum_dom_aliases(pipes_struct *p)
-{
- SAMR_Q_ENUM_DOM_ALIASES q_u;
- SAMR_R_ENUM_DOM_ALIASES r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open */
- if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_enum_dom_aliases: unable to unmarshall SAMR_Q_ENUM_DOM_ALIASES.\n"));
- return False;
- }
-
- r_u.status = _samr_enum_dom_aliases(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_enum_dom_aliases: unable to marshall SAMR_R_ENUM_DOM_ALIASES.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_dispinfo
- ********************************************************************/
-
-static bool api_samr_query_dispinfo(pipes_struct *p)
-{
- SAMR_Q_QUERY_DISPINFO q_u;
- SAMR_R_QUERY_DISPINFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_dispinfo: unable to unmarshall SAMR_Q_QUERY_DISPINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_query_dispinfo(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_dispinfo: unable to marshall SAMR_R_QUERY_DISPINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_aliasinfo
- ********************************************************************/
-
-static bool api_samr_query_aliasinfo(pipes_struct *p)
-{
- SAMR_Q_QUERY_ALIASINFO q_u;
- SAMR_R_QUERY_ALIASINFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open */
- if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_aliasinfo: unable to unmarshall SAMR_Q_QUERY_ALIASINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_query_aliasinfo(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_aliasinfo: unable to marshall SAMR_R_QUERY_ALIASINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_lookup_names
- ********************************************************************/
-
-static bool api_samr_lookup_names(pipes_struct *p)
-{
- SAMR_Q_LOOKUP_NAMES q_u;
- SAMR_R_LOOKUP_NAMES r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr lookup names */
- if(!samr_io_q_lookup_names("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_lookup_names: unable to unmarshall SAMR_Q_LOOKUP_NAMES.\n"));
- return False;
- }
-
- r_u.status = _samr_lookup_names(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_lookup_names: unable to marshall SAMR_R_LOOKUP_NAMES.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_chgpasswd_user
- ********************************************************************/
-
-static bool api_samr_chgpasswd_user(pipes_struct *p)
-{
- SAMR_Q_CHGPASSWD_USER q_u;
- SAMR_R_CHGPASSWD_USER r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* change password request */
- if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n"));
- return False;
- }
-
- r_u.status = _samr_chgpasswd_user(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_chgpasswd_user("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER.\n" ));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_lookup_rids
- ********************************************************************/
-
-static bool api_samr_lookup_rids(pipes_struct *p)
-{
- SAMR_Q_LOOKUP_RIDS q_u;
- SAMR_R_LOOKUP_RIDS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr lookup names */
- if(!samr_io_q_lookup_rids("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_lookup_rids: unable to unmarshall SAMR_Q_LOOKUP_RIDS.\n"));
- return False;
- }
-
- r_u.status = _samr_lookup_rids(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_lookup_rids: unable to marshall SAMR_R_LOOKUP_RIDS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_open_user
- ********************************************************************/
-
-static bool api_samr_open_user(pipes_struct *p)
-{
- SAMR_Q_OPEN_USER q_u;
- SAMR_R_OPEN_USER r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_open_user("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n"));
- return False;
- }
-
- r_u.status = _samr_open_user(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_open_user("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_open_user: unable to marshall SAMR_R_OPEN_USER.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_userinfo
- ********************************************************************/
-
-static bool api_samr_query_userinfo(pipes_struct *p)
-{
- SAMR_Q_QUERY_USERINFO q_u;
- SAMR_R_QUERY_USERINFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_query_userinfo("", &q_u, data, 0)){
- DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_query_userinfo(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_usergroups
- ********************************************************************/
-
-static bool api_samr_query_usergroups(pipes_struct *p)
-{
- SAMR_Q_QUERY_USERGROUPS q_u;
- SAMR_R_QUERY_USERGROUPS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_query_usergroups("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n"));
- return False;
- }
-
- r_u.status = _samr_query_usergroups(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_domain_info
- ********************************************************************/
-
-static bool api_samr_query_domain_info(pipes_struct *p)
-{
- SAMR_Q_QUERY_DOMAIN_INFO q_u;
- SAMR_R_QUERY_DOMAIN_INFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_query_domain_info("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_domain_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n"));
- return False;
- }
-
- r_u.status = _samr_query_domain_info(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_query_domain_info("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_domain_info: unable to marshall SAMR_R_QUERY_DOMAIN_INFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_create_user
- ********************************************************************/
-
-static bool api_samr_create_user(pipes_struct *p)
-{
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- SAMR_Q_CREATE_USER q_u;
- SAMR_R_CREATE_USER r_u;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr create user */
- if (!samr_io_q_create_user("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER.\n"));
- return False;
- }
-
- r_u.status=_samr_create_user(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_create_user("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_create_user: Unable to marshall SAMR_R_CREATE_USER.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_connect_anon
- ********************************************************************/
-
-static bool api_samr_connect_anon(pipes_struct *p)
-{
- SAMR_Q_CONNECT_ANON q_u;
- SAMR_R_CONNECT_ANON r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open policy */
- if(!samr_io_q_connect_anon("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_connect_anon: unable to unmarshall SAMR_Q_CONNECT_ANON.\n"));
- return False;
- }
-
- r_u.status = _samr_connect_anon(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_connect_anon: unable to marshall SAMR_R_CONNECT_ANON.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_connect
- ********************************************************************/
-
-static bool api_samr_connect(pipes_struct *p)
-{
- SAMR_Q_CONNECT q_u;
- SAMR_R_CONNECT r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open policy */
- if(!samr_io_q_connect("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_connect: unable to unmarshall SAMR_Q_CONNECT.\n"));
- return False;
- }
-
- r_u.status = _samr_connect(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_connect("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_connect: unable to marshall SAMR_R_CONNECT.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_connect4
- ********************************************************************/
-
-static bool api_samr_connect4(pipes_struct *p)
-{
- SAMR_Q_CONNECT4 q_u;
- SAMR_R_CONNECT4 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open policy */
- if(!samr_io_q_connect4("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_connect4: unable to unmarshall SAMR_Q_CONNECT4.\n"));
- return False;
- }
-
- r_u.status = _samr_connect4(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_connect4("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_connect4: unable to marshall SAMR_R_CONNECT4.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_chgpasswd_user3
- ********************************************************************/
-
-static bool api_samr_chgpasswd_user3(pipes_struct *p)
-{
- SAMR_Q_CHGPASSWD_USER3 q_u;
- SAMR_R_CHGPASSWD_USER3 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* change password request */
- if (!samr_io_q_chgpasswd_user3("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_chgpasswd_user3: Failed to unmarshall SAMR_Q_CHGPASSWD_USER3.\n"));
- return False;
- }
-
- r_u.status = _samr_chgpasswd_user3(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_chgpasswd_user3("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_chgpasswd_user3: Failed to marshall SAMR_R_CHGPASSWD_USER3.\n" ));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_connect5
- ********************************************************************/
-
-static bool api_samr_connect5(pipes_struct *p)
-{
- SAMR_Q_CONNECT5 q_u;
- SAMR_R_CONNECT5 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open policy */
- if(!samr_io_q_connect5("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_connect5: unable to unmarshall SAMR_Q_CONNECT5.\n"));
- return False;
- }
-
- r_u.status = _samr_connect5(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_connect5("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_connect5: unable to marshall SAMR_R_CONNECT5.\n"));
- return False;
- }
-
- return True;
-}
-
-/**********************************************************************
- api_samr_lookup_domain
- **********************************************************************/
-
-static bool api_samr_lookup_domain(pipes_struct *p)
-{
- SAMR_Q_LOOKUP_DOMAIN q_u;
- SAMR_R_LOOKUP_DOMAIN r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_lookup_domain("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN.\n"));
- return False;
- }
-
- r_u.status = _samr_lookup_domain(p, &q_u, &r_u);
-
- if(!samr_io_r_lookup_domain("", &r_u, rdata, 0)){
- DEBUG(0,("api_samr_lookup_domain: Unable to marshall SAMR_R_LOOKUP_DOMAIN.\n"));
- return False;
- }
-
- return True;
-}
-
-/**********************************************************************
- api_samr_enum_domains
- **********************************************************************/
-
-static bool api_samr_enum_domains(pipes_struct *p)
-{
- SAMR_Q_ENUM_DOMAINS q_u;
- SAMR_R_ENUM_DOMAINS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_enum_domains("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_enum_domains: Unable to unmarshall SAMR_Q_ENUM_DOMAINS.\n"));
- return False;
- }
-
- r_u.status = _samr_enum_domains(p, &q_u, &r_u);
-
- if(!samr_io_r_enum_domains("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_open_alias
- ********************************************************************/
-
-static bool api_samr_open_alias(pipes_struct *p)
-{
- SAMR_Q_OPEN_ALIAS q_u;
- SAMR_R_OPEN_ALIAS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- /* grab the samr open policy */
- if(!samr_io_q_open_alias("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_open_alias: Unable to unmarshall SAMR_Q_OPEN_ALIAS.\n"));
- return False;
- }
-
- r_u.status=_samr_open_alias(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_open_alias("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_open_alias: Unable to marshall SAMR_R_OPEN_ALIAS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_set_userinfo
- ********************************************************************/
-
-static bool api_samr_set_userinfo(pipes_struct *p)
-{
- SAMR_Q_SET_USERINFO q_u;
- SAMR_R_SET_USERINFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_set_userinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n"));
- /* Fix for W2K SP2 */
- /* what is that status-code ? - gd */
- if (q_u.switch_value == 0x1a) {
- setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_INVALID_TAG));
- return True;
- }
- return False;
- }
-
- r_u.status = _samr_set_userinfo(p, &q_u, &r_u);
-
- if(!samr_io_r_set_userinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_set_userinfo: Unable to marshall SAMR_R_SET_USERINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_set_userinfo2
- ********************************************************************/
-
-static bool api_samr_set_userinfo2(pipes_struct *p)
-{
- SAMR_Q_SET_USERINFO2 q_u;
- SAMR_R_SET_USERINFO2 r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_set_userinfo2("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_set_userinfo2: Unable to unmarshall SAMR_Q_SET_USERINFO2.\n"));
- return False;
- }
-
- r_u.status = _samr_set_userinfo2(p, &q_u, &r_u);
-
- if(!samr_io_r_set_userinfo2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_set_userinfo2: Unable to marshall SAMR_R_SET_USERINFO2.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_useraliases
- ********************************************************************/
-
-static bool api_samr_query_useraliases(pipes_struct *p)
-{
- SAMR_Q_QUERY_USERALIASES q_u;
- SAMR_R_QUERY_USERALIASES r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_query_useraliases("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_useraliases: Unable to unmarshall SAMR_Q_QUERY_USERALIASES.\n"));
- return False;
- }
-
- r_u.status = _samr_query_useraliases(p, &q_u, &r_u);
-
- if (! samr_io_r_query_useraliases("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_useraliases: Unable to nmarshall SAMR_R_QUERY_USERALIASES.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_aliasmem
- ********************************************************************/
-
-static bool api_samr_query_aliasmem(pipes_struct *p)
-{
- SAMR_Q_QUERY_ALIASMEM q_u;
- SAMR_R_QUERY_ALIASMEM r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_query_aliasmem("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_aliasmem: unable to unmarshall SAMR_Q_QUERY_ALIASMEM.\n"));
- return False;
- }
-
- r_u.status = _samr_query_aliasmem(p, &q_u, &r_u);
-
- if (!samr_io_r_query_aliasmem("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_aliasmem: unable to marshall SAMR_R_QUERY_ALIASMEM.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_groupmem
- ********************************************************************/
-
-static bool api_samr_query_groupmem(pipes_struct *p)
-{
- SAMR_Q_QUERY_GROUPMEM q_u;
- SAMR_R_QUERY_GROUPMEM r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_query_groupmem("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_groupmem: unable to unmarshall SAMR_Q_QUERY_GROUPMEM.\n"));
- return False;
- }
-
- r_u.status = _samr_query_groupmem(p, &q_u, &r_u);
-
- if (!samr_io_r_query_groupmem("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_groupmem: unable to marshall SAMR_R_QUERY_GROUPMEM.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_add_aliasmem
- ********************************************************************/
-
-static bool api_samr_add_aliasmem(pipes_struct *p)
-{
- SAMR_Q_ADD_ALIASMEM q_u;
- SAMR_R_ADD_ALIASMEM r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_add_aliasmem("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_add_aliasmem: unable to unmarshall SAMR_Q_ADD_ALIASMEM.\n"));
- return False;
- }
-
- r_u.status = _samr_add_aliasmem(p, &q_u, &r_u);
-
- if (!samr_io_r_add_aliasmem("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_add_aliasmem: unable to marshall SAMR_R_ADD_ALIASMEM.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_del_aliasmem
- ********************************************************************/
-
-static bool api_samr_del_aliasmem(pipes_struct *p)
-{
- SAMR_Q_DEL_ALIASMEM q_u;
- SAMR_R_DEL_ALIASMEM r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_del_aliasmem("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_del_aliasmem: unable to unmarshall SAMR_Q_DEL_ALIASMEM.\n"));
- return False;
- }
-
- r_u.status = _samr_del_aliasmem(p, &q_u, &r_u);
-
- if (!samr_io_r_del_aliasmem("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_del_aliasmem: unable to marshall SAMR_R_DEL_ALIASMEM.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_add_groupmem
- ********************************************************************/
-
-static bool api_samr_add_groupmem(pipes_struct *p)
-{
- SAMR_Q_ADD_GROUPMEM q_u;
- SAMR_R_ADD_GROUPMEM r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_add_groupmem("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_add_groupmem: unable to unmarshall SAMR_Q_ADD_GROUPMEM.\n"));
- return False;
- }
-
- r_u.status = _samr_add_groupmem(p, &q_u, &r_u);
-
- if (!samr_io_r_add_groupmem("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_add_groupmem: unable to marshall SAMR_R_ADD_GROUPMEM.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_del_groupmem
- ********************************************************************/
-
-static bool api_samr_del_groupmem(pipes_struct *p)
-{
- SAMR_Q_DEL_GROUPMEM q_u;
- SAMR_R_DEL_GROUPMEM r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_del_groupmem("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_del_groupmem: unable to unmarshall SAMR_Q_DEL_GROUPMEM.\n"));
- return False;
- }
-
- r_u.status = _samr_del_groupmem(p, &q_u, &r_u);
-
- if (!samr_io_r_del_groupmem("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_del_groupmem: unable to marshall SAMR_R_DEL_GROUPMEM.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_delete_dom_user
- ********************************************************************/
-
-static bool api_samr_delete_dom_user(pipes_struct *p)
-{
- SAMR_Q_DELETE_DOM_USER q_u;
- SAMR_R_DELETE_DOM_USER r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_delete_dom_user("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_delete_dom_user: unable to unmarshall SAMR_Q_DELETE_DOM_USER.\n"));
- return False;
- }
-
- r_u.status = _samr_delete_dom_user(p, &q_u, &r_u);
-
- if (!samr_io_r_delete_dom_user("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_delete_dom_user: unable to marshall SAMR_R_DELETE_DOM_USER.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_delete_dom_group
- ********************************************************************/
-
-static bool api_samr_delete_dom_group(pipes_struct *p)
-{
- SAMR_Q_DELETE_DOM_GROUP q_u;
- SAMR_R_DELETE_DOM_GROUP r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_delete_dom_group("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_delete_dom_group: unable to unmarshall SAMR_Q_DELETE_DOM_GROUP.\n"));
- return False;
- }
-
- r_u.status = _samr_delete_dom_group(p, &q_u, &r_u);
-
- if (!samr_io_r_delete_dom_group("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_delete_dom_group: unable to marshall SAMR_R_DELETE_DOM_GROUP.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_delete_dom_alias
- ********************************************************************/
-
-static bool api_samr_delete_dom_alias(pipes_struct *p)
-{
- SAMR_Q_DELETE_DOM_ALIAS q_u;
- SAMR_R_DELETE_DOM_ALIAS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_delete_dom_alias("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_delete_dom_alias: unable to unmarshall SAMR_Q_DELETE_DOM_ALIAS.\n"));
- return False;
- }
-
- r_u.status = _samr_delete_dom_alias(p, &q_u, &r_u);
-
- if (!samr_io_r_delete_dom_alias("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_delete_dom_alias: unable to marshall SAMR_R_DELETE_DOM_ALIAS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_create_dom_group
- ********************************************************************/
-
-static bool api_samr_create_dom_group(pipes_struct *p)
-{
- SAMR_Q_CREATE_DOM_GROUP q_u;
- SAMR_R_CREATE_DOM_GROUP r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_create_dom_group("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_create_dom_group: unable to unmarshall SAMR_Q_CREATE_DOM_GROUP.\n"));
- return False;
- }
-
- r_u.status = _samr_create_dom_group(p, &q_u, &r_u);
-
- if (!samr_io_r_create_dom_group("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_create_dom_group: unable to marshall SAMR_R_CREATE_DOM_GROUP.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_create_dom_alias
- ********************************************************************/
-
-static bool api_samr_create_dom_alias(pipes_struct *p)
-{
- SAMR_Q_CREATE_DOM_ALIAS q_u;
- SAMR_R_CREATE_DOM_ALIAS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_create_dom_alias("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_create_dom_alias: unable to unmarshall SAMR_Q_CREATE_DOM_ALIAS.\n"));
- return False;
- }
-
- r_u.status = _samr_create_dom_alias(p, &q_u, &r_u);
-
- if (!samr_io_r_create_dom_alias("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_create_dom_alias: unable to marshall SAMR_R_CREATE_DOM_ALIAS.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_groupinfo
- ********************************************************************/
-
-static bool api_samr_query_groupinfo(pipes_struct *p)
-{
- SAMR_Q_QUERY_GROUPINFO q_u;
- SAMR_R_QUERY_GROUPINFO r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_query_groupinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_groupinfo: unable to unmarshall SAMR_Q_QUERY_GROUPINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_query_groupinfo(p, &q_u, &r_u);
-
- if (!samr_io_r_query_groupinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_groupinfo: unable to marshall SAMR_R_QUERY_GROUPINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_set_groupinfo
- ********************************************************************/
-
-static bool api_samr_set_groupinfo(pipes_struct *p)
-{
- SAMR_Q_SET_GROUPINFO q_u;
- SAMR_R_SET_GROUPINFO r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_set_groupinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_set_groupinfo: unable to unmarshall SAMR_Q_SET_GROUPINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_set_groupinfo(p, &q_u, &r_u);
-
- if (!samr_io_r_set_groupinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_set_groupinfo: unable to marshall SAMR_R_SET_GROUPINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_set_aliasinfo
- ********************************************************************/
-
-static bool api_samr_set_aliasinfo(pipes_struct *p)
-{
- SAMR_Q_SET_ALIASINFO q_u;
- SAMR_R_SET_ALIASINFO r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_set_aliasinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_set_aliasinfo: unable to unmarshall SAMR_Q_SET_ALIASINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_set_aliasinfo(p, &q_u, &r_u);
-
- if (!samr_io_r_set_aliasinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_set_aliasinfo: unable to marshall SAMR_R_SET_ALIASINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_get_dom_pwinfo
- ********************************************************************/
-
-static bool api_samr_get_dom_pwinfo(pipes_struct *p)
-{
- SAMR_Q_GET_DOM_PWINFO q_u;
- SAMR_R_GET_DOM_PWINFO r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_get_dom_pwinfo("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_get_dom_pwinfo: unable to unmarshall SAMR_Q_GET_DOM_PWINFO.\n"));
- return False;
- }
-
- r_u.status = _samr_get_dom_pwinfo(p, &q_u, &r_u);
-
- if (!samr_io_r_get_dom_pwinfo("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_get_dom_pwinfo: unable to marshall SAMR_R_GET_DOM_PWINFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_open_group
- ********************************************************************/
-
-static bool api_samr_open_group(pipes_struct *p)
-{
- SAMR_Q_OPEN_GROUP q_u;
- SAMR_R_OPEN_GROUP r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_open_group("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_open_group: unable to unmarshall SAMR_Q_OPEN_GROUP.\n"));
- return False;
- }
-
- r_u.status = _samr_open_group(p, &q_u, &r_u);
-
- if (!samr_io_r_open_group("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_open_group: unable to marshall SAMR_R_OPEN_GROUP.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_remove_sid_foreign_domain
- ********************************************************************/
-
-static bool api_samr_remove_sid_foreign_domain(pipes_struct *p)
-{
- SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN q_u;
- SAMR_R_REMOVE_SID_FOREIGN_DOMAIN r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if (!samr_io_q_remove_sid_foreign_domain("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_remove_sid_foreign_domain: unable to unmarshall SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN.\n"));
- return False;
- }
-
- r_u.status = _samr_remove_sid_foreign_domain(p, &q_u, &r_u);
-
- if (!samr_io_r_remove_sid_foreign_domain("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_remove_sid_foreign_domain: unable to marshall SAMR_R_REMOVE_SID_FOREIGN_DOMAIN.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_query_dom_info2
- ********************************************************************/
-
-static bool api_samr_query_domain_info2(pipes_struct *p)
-{
- SAMR_Q_QUERY_DOMAIN_INFO2 q_u;
- SAMR_R_QUERY_DOMAIN_INFO2 r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_query_domain_info2("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_query_domain_info2: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO2.\n"));
- return False;
- }
-
- r_u.status = _samr_query_domain_info2(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_query_domain_info2("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_query_domain_info2: unable to marshall SAMR_R_QUERY_DOMAIN_INFO2.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- api_samr_set_dom_info
- ********************************************************************/
-
-static bool api_samr_set_dom_info(pipes_struct *p)
-{
- SAMR_Q_SET_DOMAIN_INFO q_u;
- SAMR_R_SET_DOMAIN_INFO r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!samr_io_q_set_domain_info("", &q_u, data, 0)) {
- DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n"));
- return False;
- }
-
- r_u.status = _samr_set_dom_info(p, &q_u, &r_u);
-
- /* store the response in the SMB stream */
- if(!samr_io_r_set_domain_info("", &r_u, rdata, 0)) {
- DEBUG(0,("api_samr_set_dom_info: unable to marshall SAMR_R_SET_DOMAIN_INFO.\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- array of \PIPE\samr operations
- ********************************************************************/
-
-static struct api_struct api_samr_cmds [] =
-{
- {"SAMR_CLOSE_HND" , SAMR_CLOSE_HND , api_samr_close_hnd },
- {"SAMR_CONNECT" , SAMR_CONNECT , api_samr_connect },
- {"SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon },
- {"SAMR_ENUM_DOMAINS" , SAMR_ENUM_DOMAINS , api_samr_enum_domains },
- {"SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users },
-
- {"SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups },
- {"SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
- {"SAMR_QUERY_USERALIASES" , SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
- {"SAMR_QUERY_ALIASMEM" , SAMR_QUERY_ALIASMEM , api_samr_query_aliasmem },
- {"SAMR_QUERY_GROUPMEM" , SAMR_QUERY_GROUPMEM , api_samr_query_groupmem },
- {"SAMR_ADD_ALIASMEM" , SAMR_ADD_ALIASMEM , api_samr_add_aliasmem },
- {"SAMR_DEL_ALIASMEM" , SAMR_DEL_ALIASMEM , api_samr_del_aliasmem },
- {"SAMR_ADD_GROUPMEM" , SAMR_ADD_GROUPMEM , api_samr_add_groupmem },
- {"SAMR_DEL_GROUPMEM" , SAMR_DEL_GROUPMEM , api_samr_del_groupmem },
-
- {"SAMR_DELETE_DOM_USER" , SAMR_DELETE_DOM_USER , api_samr_delete_dom_user },
- {"SAMR_DELETE_DOM_GROUP" , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group },
- {"SAMR_DELETE_DOM_ALIAS" , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias },
- {"SAMR_CREATE_DOM_GROUP" , SAMR_CREATE_DOM_GROUP , api_samr_create_dom_group },
- {"SAMR_CREATE_DOM_ALIAS" , SAMR_CREATE_DOM_ALIAS , api_samr_create_dom_alias },
- {"SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names },
- {"SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user },
- {"SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo },
- {"SAMR_SET_USERINFO" , SAMR_SET_USERINFO , api_samr_set_userinfo },
- {"SAMR_SET_USERINFO2" , SAMR_SET_USERINFO2 , api_samr_set_userinfo2 },
-
- {"SAMR_QUERY_DOMAIN_INFO" , SAMR_QUERY_DOMAIN_INFO, api_samr_query_domain_info},
- {"SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
- {"SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo },
- {"SAMR_QUERY_DISPINFO3" , SAMR_QUERY_DISPINFO3 , api_samr_query_dispinfo },
- {"SAMR_QUERY_DISPINFO4" , SAMR_QUERY_DISPINFO4 , api_samr_query_dispinfo },
-
- {"SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo },
- {"SAMR_QUERY_GROUPINFO" , SAMR_QUERY_GROUPINFO , api_samr_query_groupinfo },
- {"SAMR_SET_GROUPINFO" , SAMR_SET_GROUPINFO , api_samr_set_groupinfo },
- {"SAMR_SET_ALIASINFO" , SAMR_SET_ALIASINFO , api_samr_set_aliasinfo },
- {"SAMR_CREATE_USER" , SAMR_CREATE_USER , api_samr_create_user },
- {"SAMR_LOOKUP_RIDS" , SAMR_LOOKUP_RIDS , api_samr_lookup_rids },
- {"SAMR_GET_DOM_PWINFO" , SAMR_GET_DOM_PWINFO , api_samr_get_dom_pwinfo },
- {"SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user },
- {"SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias },
- {"SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group },
- {"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
- {"SAMR_REMOVE_SID_FOREIGN_DOMAIN" , SAMR_REMOVE_SID_FOREIGN_DOMAIN , api_samr_remove_sid_foreign_domain },
- {"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain },
-
- {"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj },
- {"SAMR_SET_SEC_OBJECT" , SAMR_SET_SEC_OBJECT , api_samr_set_sec_obj },
- {"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo},
- {"SAMR_QUERY_DOMAIN_INFO2", SAMR_QUERY_DOMAIN_INFO2, api_samr_query_domain_info2},
- {"SAMR_SET_DOMAIN_INFO" , SAMR_SET_DOMAIN_INFO , api_samr_set_dom_info },
- {"SAMR_CONNECT4" , SAMR_CONNECT4 , api_samr_connect4 },
- {"SAMR_CHGPASSWD_USER3" , SAMR_CHGPASSWD_USER3 , api_samr_chgpasswd_user3 },
- {"SAMR_CONNECT5" , SAMR_CONNECT5 , api_samr_connect5 }
-};
-
-void samr_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
- *fns = api_samr_cmds;
- *n_fns = sizeof(api_samr_cmds) / sizeof(struct api_struct);
-}
-
-
-NTSTATUS rpc_samr_init(void)
-{
- return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "samr", "lsass", api_samr_cmds,
- sizeof(api_samr_cmds) / sizeof(struct api_struct));
-}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 01ce932afa..f38a8fcfc0 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -11,6 +11,7 @@
* Copyright (C) Gerald (Jerry) Carter 2003-2004,
* Copyright (C) Simo Sorce 2003.
* Copyright (C) Volker Lendecke 2005.
+ * Copyright (C) Guenther Deschner 2008.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -125,12 +126,12 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
/* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
init_sec_access(&mask, map->generic_all);
-
+
init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/* Add Full Access for Domain Admins if we are a DC */
-
+
if ( IS_DC ) {
sid_copy( &domadmin_sid, get_global_sam_sid() );
sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
@@ -162,57 +163,57 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
level of access for further checks.
********************************************************************/
-static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
+static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
SE_PRIV *rights, uint32 rights_mask,
- uint32 des_access, uint32 *acc_granted,
+ uint32 des_access, uint32 *acc_granted,
const char *debug )
{
NTSTATUS status = NT_STATUS_ACCESS_DENIED;
uint32 saved_mask = 0;
- /* check privileges; certain SAM access bits should be overridden
- by privileges (mostly having to do with creating/modifying/deleting
+ /* check privileges; certain SAM access bits should be overridden
+ by privileges (mostly having to do with creating/modifying/deleting
users and groups) */
-
+
if ( rights && user_has_any_privilege( token, rights ) ) {
-
+
saved_mask = (des_access & rights_mask);
des_access &= ~saved_mask;
-
+
DEBUG(4,("access_check_samr_object: user rights access mask [0x%x]\n",
rights_mask));
}
-
-
+
+
/* check the security descriptor first */
-
+
if ( se_access_check(psd, token, des_access, acc_granted, &status) )
goto done;
-
+
/* give root a free pass */
-
+
if ( geteuid() == sec_initial_uid() ) {
-
+
DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access));
DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n"));
-
+
*acc_granted = des_access;
-
+
status = NT_STATUS_OK;
goto done;
}
-
-
+
+
done:
- /* add in any bits saved during the privilege check (only
+ /* add in any bits saved during the privilege check (only
matters is status is ok) */
-
+
*acc_granted |= rights_mask;
- DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
- debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
+ DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
+ debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
des_access, *acc_granted));
-
+
return status;
}
@@ -222,28 +223,28 @@ done:
static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
{
- DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n",
+ DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
/* check the security descriptor first */
-
+
if ( (acc_granted&acc_required) == acc_required )
return NT_STATUS_OK;
-
+
/* give root a free pass */
if (geteuid() == sec_initial_uid()) {
-
+
DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
DEBUGADD(4,("but overwritten by euid == 0\n"));
-
+
return NT_STATUS_OK;
}
-
- DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n",
+
+ DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
-
+
return NT_STATUS_ACCESS_DENIED;
}
@@ -278,7 +279,7 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
/* There are two cases to consider here:
1) The SID is a domain SID and we look for an equality match, or
- 2) This is an account SID and so we return the DISP_INFO* for our
+ 2) This is an account SID and so we return the DISP_INFO* for our
domain */
if (psid == NULL) {
@@ -293,7 +294,7 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
return &builtin_dispinfo;
}
-
+
if (sid_check_is_domain(psid) || sid_check_is_in_our_domain(psid)) {
/*
* Necessary only once, but it does not really hurt.
@@ -315,7 +316,7 @@ static struct samr_info *get_samr_info_by_sid(DOM_SID *psid)
struct samr_info *info;
fstring sid_str;
TALLOC_CTX *mem_ctx;
-
+
if (psid) {
sid_to_fstring(sid_str, psid);
} else {
@@ -465,7 +466,7 @@ static void force_flush_samr_cache(DISP_INFO *disp_info)
static void samr_clear_sam_passwd(struct samu *sam_pass)
{
-
+
if (!sam_pass)
return;
@@ -543,116 +544,113 @@ static uint32 count_sam_aliases(struct disp_info *info)
}
/*******************************************************************
- _samr_close_hnd
+ _samr_Close
********************************************************************/
-NTSTATUS _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HND *r_u)
+NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r)
{
- r_u->status = NT_STATUS_OK;
-
- /* close the policy handle */
- if (!close_policy_hnd(p, &q_u->pol))
- return NT_STATUS_OBJECT_NAME_INVALID;
+ if (!close_policy_hnd(p, r->in.handle)) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
- DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
+ ZERO_STRUCTP(r->out.handle);
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
- samr_reply_open_domain
+ _samr_OpenDomain
********************************************************************/
-NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN_DOMAIN *r_u)
+NTSTATUS _samr_OpenDomain(pipes_struct *p,
+ struct samr_OpenDomain *r)
{
struct samr_info *info;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->flags;
+ uint32 des_access = r->in.access_mask;
NTSTATUS status;
size_t sd_size;
SE_PRIV se_rights;
- r_u->status = NT_STATUS_OK;
-
/* find the connection policy handle. */
-
- if ( !find_policy_by_hnd(p, &q_u->pol, (void**)(void *)&info) )
+
+ if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function( info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_open_domain" );
-
+ status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_SAM_OPEN_DOMAIN,
+ "_samr_OpenDomain" );
+
if ( !NT_STATUS_IS_OK(status) )
return status;
/*check if access can be granted as requested by client. */
-
+
make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
se_map_generic( &des_access, &dom_generic_mapping );
-
+
se_priv_copy( &se_rights, &se_machine_account );
se_priv_add( &se_rights, &se_add_users );
- status = access_check_samr_object( psd, p->pipe_user.nt_user_token,
- &se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
- &acc_granted, "_samr_open_domain" );
-
+ status = access_check_samr_object( psd, p->pipe_user.nt_user_token,
+ &se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
+ &acc_granted, "_samr_OpenDomain" );
+
if ( !NT_STATUS_IS_OK(status) )
return status;
- if (!sid_check_is_domain(&q_u->dom_sid.sid) &&
- !sid_check_is_builtin(&q_u->dom_sid.sid)) {
+ if (!sid_check_is_domain(r->in.sid) &&
+ !sid_check_is_builtin(r->in.sid)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
/* associate the domain SID with the (unique) handle. */
- if ((info = get_samr_info_by_sid(&q_u->dom_sid.sid))==NULL)
+ if ((info = get_samr_info_by_sid(r->in.sid))==NULL)
return NT_STATUS_NO_MEMORY;
info->acc_granted = acc_granted;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->domain_pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.domain_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- DEBUG(5,("samr_open_domain: %d\n", __LINE__));
+ DEBUG(5,("_samr_OpenDomain: %d\n", __LINE__));
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
- _samr_get_usrdom_pwinfo
+ _samr_GetUserPwInfo
********************************************************************/
-NTSTATUS _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, SAMR_R_GET_USRDOM_PWINFO *r_u)
+NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
+ struct samr_GetUserPwInfo *r)
{
struct samr_info *info = NULL;
- r_u->status = NT_STATUS_OK;
-
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->user_pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
if (!sid_check_is_in_our_domain(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- init_samr_r_get_usrdom_pwinfo(r_u, NT_STATUS_OK);
+ ZERO_STRUCTP(r->out.info);
- DEBUG(5,("_samr_get_usrdom_pwinfo: %d\n", __LINE__));
+ DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
- /*
+ /*
* NT sometimes return NT_STATUS_ACCESS_DENIED
* I don't know yet why.
*/
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
********************************************************************/
-static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
+static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
DOM_SID *sid, uint32 *acc_granted,
DISP_INFO **ppdisp_info)
{
@@ -675,10 +673,11 @@ static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
}
/*******************************************************************
- _samr_set_sec_obj
+ _samr_SetSecurity
********************************************************************/
-NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_SEC_OBJ *r_u)
+NTSTATUS _samr_SetSecurity(pipes_struct *p,
+ struct samr_SetSecurity *r)
{
DOM_SID pol_sid;
uint32 acc_granted, i;
@@ -687,9 +686,7 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
struct samu *sampass=NULL;
NTSTATUS status;
- r_u->status = NT_STATUS_OK;
-
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
if (!(sampass = samu_new( p->mem_ctx))) {
@@ -708,12 +705,12 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
return NT_STATUS_INVALID_HANDLE;
}
- dacl = q_u->buf->sd->dacl;
+ dacl = r->in.sdbuf->sd->dacl;
for (i=0; i < dacl->num_aces; i++) {
if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
- ret = pdb_set_pass_can_change(sampass,
- (dacl->aces[i].access_mask &
- SA_RIGHT_USER_CHANGE_PASSWORD) ?
+ ret = pdb_set_pass_can_change(sampass,
+ (dacl->aces[i].access_mask &
+ SA_RIGHT_USER_CHANGE_PASSWORD) ?
True: False);
break;
}
@@ -724,7 +721,9 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
return NT_STATUS_ACCESS_DENIED;
}
- status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_USER_SET_ATTRIBUTES,
+ "_samr_SetSecurity");
if (NT_STATUS_IS_OK(status)) {
become_root();
status = pdb_update_sam_account(sampass);
@@ -771,98 +770,92 @@ static bool check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
/*******************************************************************
- _samr_query_sec_obj
+ _samr_QuerySecurity
********************************************************************/
-NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_QUERY_SEC_OBJ *r_u)
+NTSTATUS _samr_QuerySecurity(pipes_struct *p,
+ struct samr_QuerySecurity *r)
{
+ NTSTATUS status;
DOM_SID pol_sid;
SEC_DESC * psd = NULL;
uint32 acc_granted;
size_t sd_size;
- r_u->status = NT_STATUS_OK;
-
/* Get the SID. */
- if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
- DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n",
+ DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
sid_string_dbg(&pol_sid)));
/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
/* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */
if (pol_sid.sid_rev_num == 0) {
- DEBUG(5,("_samr_query_sec_obj: querying security on SAM\n"));
- r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
- } else if (sid_equal(&pol_sid,get_global_sam_sid())) {
+ DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
+ status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
+ } else if (sid_equal(&pol_sid,get_global_sam_sid())) {
/* check if it is our domain SID */
- DEBUG(5,("_samr_query_sec_obj: querying security on Domain "
+ DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
"with SID: %s\n", sid_string_dbg(&pol_sid)));
- r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
+ status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_equal(&pol_sid,&global_sid_Builtin)) {
/* check if it is the Builtin Domain */
/* TODO: Builtin probably needs a different SD with restricted write access*/
- DEBUG(5,("_samr_query_sec_obj: querying security on Builtin "
+ DEBUG(5,("_samr_QuerySecurity: querying security on Builtin "
"Domain with SID: %s\n", sid_string_dbg(&pol_sid)));
- r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
+ status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
} else if (sid_check_is_in_our_domain(&pol_sid) ||
sid_check_is_in_builtin(&pol_sid)) {
/* TODO: different SDs have to be generated for aliases groups and users.
Currently all three get a default user SD */
- DEBUG(10,("_samr_query_sec_obj: querying security on Object "
+ DEBUG(10,("_samr_QuerySecurity: querying security on Object "
"with SID: %s\n", sid_string_dbg(&pol_sid)));
if (check_change_pw_access(p->mem_ctx, &pol_sid)) {
- r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
+ status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
&pol_sid, SAMR_USR_RIGHTS_WRITE_PW);
} else {
- r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping,
+ status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping,
&pol_sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
}
} else {
return NT_STATUS_OBJECT_TYPE_MISMATCH;
}
- if ((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+ if ((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
return NT_STATUS_NO_MEMORY;
- if (NT_STATUS_IS_OK(r_u->status))
- r_u->ptr = 1;
-
- return r_u->status;
+ return status;
}
/*******************************************************************
makes a SAM_ENTRY / UNISTR2* structure from a user list.
********************************************************************/
-static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
- UNISTR2 **uni_name_pp,
- uint32 num_entries, uint32 start_idx,
+static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx,
+ struct samr_SamEntry **sam_pp,
+ uint32_t num_entries,
+ uint32_t start_idx,
struct samr_displayentry *entries)
{
- uint32 i;
- SAM_ENTRY *sam;
- UNISTR2 *uni_name;
-
+ uint32_t i;
+ struct samr_SamEntry *sam;
+
*sam_pp = NULL;
- *uni_name_pp = NULL;
- if (num_entries == 0)
+ if (num_entries == 0) {
return NT_STATUS_OK;
+ }
- sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_entries);
-
- uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_entries);
-
- if (sam == NULL || uni_name == NULL) {
+ sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_entries);
+ if (sam == NULL) {
DEBUG(0, ("make_user_sam_entry_list: TALLOC_ZERO failed!\n"));
return NT_STATUS_NO_MEMORY;
}
for (i = 0; i < num_entries; i++) {
- UNISTR2 uni_temp_name;
+#if 0
/*
* usrmgr expects a non-NULL terminated string with
* trust relationships
@@ -874,50 +867,59 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
init_unistr2(&uni_temp_name, entries[i].account_name,
UNI_STR_TERMINATE);
}
-
- init_sam_entry(&sam[i], &uni_temp_name, entries[i].rid);
- copy_unistr2(&uni_name[i], &uni_temp_name);
+#endif
+ init_lsa_String(&sam[i].name, entries[i].account_name);
+ sam[i].idx = entries[i].rid;
}
*sam_pp = sam;
- *uni_name_pp = uni_name;
+
return NT_STATUS_OK;
}
+#define MAX_SAM_ENTRIES MAX_SAM_ENTRIES_W2K
+
/*******************************************************************
- samr_reply_enum_dom_users
+ _samr_EnumDomainUsers
********************************************************************/
-NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
- SAMR_R_ENUM_DOM_USERS *r_u)
+NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
+ struct samr_EnumDomainUsers *r)
{
+ NTSTATUS status;
struct samr_info *info = NULL;
int num_account;
- uint32 enum_context=q_u->start_idx;
+ uint32 enum_context = *r->in.resume_handle;
enum remote_arch_types ra_type = get_remote_arch();
int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
uint32 max_entries = max_sam_entries;
struct samr_displayentry *entries = NULL;
-
- r_u->status = NT_STATUS_OK;
+ struct samr_SamArray *samr_array = NULL;
+ struct samr_SamEntry *samr_entries = NULL;
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
- "_samr_enum_dom_users"))) {
- return r_u->status;
+ status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ "_samr_EnumDomainUsers");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
- DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+
+ DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
if (info->builtin_domain) {
/* No users in builtin. */
- init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
- DEBUG(5,("_samr_enum_dom_users: No users in BUILTIN\n"));
- return r_u->status;
+ *r->out.resume_handle = *r->in.resume_handle;
+ DEBUG(5,("_samr_EnumDomainUsers: No users in BUILTIN\n"));
+ return status;
+ }
+
+ samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+ if (!samr_array) {
+ return NT_STATUS_NO_MEMORY;
}
become_root();
@@ -925,14 +927,14 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
/* AS ROOT !!!! */
if ((info->disp_info->enum_users != NULL) &&
- (info->disp_info->enum_acb_mask != q_u->acb_mask)) {
+ (info->disp_info->enum_acb_mask != r->in.acct_flags)) {
pdb_search_destroy(info->disp_info->enum_users);
info->disp_info->enum_users = NULL;
}
if (info->disp_info->enum_users == NULL) {
- info->disp_info->enum_users = pdb_search_users(q_u->acb_mask);
- info->disp_info->enum_acb_mask = q_u->acb_mask;
+ info->disp_info->enum_users = pdb_search_users(r->in.acct_flags);
+ info->disp_info->enum_acb_mask = r->in.acct_flags;
}
if (info->disp_info->enum_users == NULL) {
@@ -950,63 +952,62 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
unbecome_root();
if (num_account == 0) {
- DEBUG(5, ("_samr_enum_dom_users: enumeration handle over "
+ DEBUG(5, ("_samr_EnumDomainUsers: enumeration handle over "
"total entries\n"));
- init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
+ *r->out.resume_handle = *r->in.resume_handle;
return NT_STATUS_OK;
}
- r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam,
- &r_u->uni_acct_name,
- num_account, enum_context,
- entries);
-
- if (!NT_STATUS_IS_OK(r_u->status))
- return r_u->status;
+ status = make_user_sam_entry_list(p->mem_ctx, &samr_entries,
+ num_account, enum_context,
+ entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
if (max_entries <= num_account) {
- r_u->status = STATUS_MORE_ENTRIES;
+ status = STATUS_MORE_ENTRIES;
} else {
- r_u->status = NT_STATUS_OK;
+ status = NT_STATUS_OK;
}
/* Ensure we cache this enumeration. */
set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
- DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__));
+ DEBUG(5, ("_samr_EnumDomainUsers: %d\n", __LINE__));
- init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_account,
- num_account);
+ samr_array->count = num_account;
+ samr_array->entries = samr_entries;
- DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+ *r->out.resume_handle = *r->in.resume_handle + num_account;
+ *r->out.sam = samr_array;
+ *r->out.num_entries = num_account;
- return r_u->status;
+ DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
+
+ return status;
}
/*******************************************************************
makes a SAM_ENTRY / UNISTR2* structure from a group list.
********************************************************************/
-static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
- UNISTR2 **uni_name_pp,
- uint32 num_sam_entries,
+static void make_group_sam_entry_list(TALLOC_CTX *ctx,
+ struct samr_SamEntry **sam_pp,
+ uint32_t num_sam_entries,
struct samr_displayentry *entries)
{
- uint32 i;
- SAM_ENTRY *sam;
- UNISTR2 *uni_name;
+ struct samr_SamEntry *sam;
+ uint32_t i;
*sam_pp = NULL;
- *uni_name_pp = NULL;
- if (num_sam_entries == 0)
+ if (num_sam_entries == 0) {
return;
+ }
- sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
- uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
-
- if (sam == NULL || uni_name == NULL) {
- DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+ sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_sam_entries);
+ if (sam == NULL) {
return;
}
@@ -1014,44 +1015,50 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
/*
* JRA. I think this should include the null. TNG does not.
*/
- init_unistr2(&uni_name[i], entries[i].account_name,
- UNI_STR_TERMINATE);
- init_sam_entry(&sam[i], &uni_name[i], entries[i].rid);
+ init_lsa_String(&sam[i].name, entries[i].account_name);
+ sam[i].idx = entries[i].rid;
}
*sam_pp = sam;
- *uni_name_pp = uni_name;
}
/*******************************************************************
- samr_reply_enum_dom_groups
+ _samr_EnumDomainGroups
********************************************************************/
-NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS *r_u)
+NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
+ struct samr_EnumDomainGroups *r)
{
+ NTSTATUS status;
struct samr_info *info = NULL;
struct samr_displayentry *groups;
uint32 num_groups;
-
- r_u->status = NT_STATUS_OK;
+ struct samr_SamArray *samr_array = NULL;
+ struct samr_SamEntry *samr_entries = NULL;
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- r_u->status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
- "_samr_enum_dom_groups");
- if (!NT_STATUS_IS_OK(r_u->status))
- return r_u->status;
+ status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ "_samr_EnumDomainGroups");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
+ DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
if (info->builtin_domain) {
/* No groups in builtin. */
- init_samr_r_enum_dom_groups(r_u, q_u->start_idx, 0);
- DEBUG(5,("_samr_enum_dom_users: No groups in BUILTIN\n"));
- return r_u->status;
+ *r->out.resume_handle = *r->in.resume_handle;
+ DEBUG(5,("_samr_EnumDomainGroups: No groups in BUILTIN\n"));
+ return status;
+ }
+
+ samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+ if (!samr_array) {
+ return NT_STATUS_NO_MEMORY;
}
/* the domain group array is being allocated in the function below */
@@ -1067,46 +1074,64 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM
}
}
- num_groups = pdb_search_entries(info->disp_info->groups, q_u->start_idx,
+ num_groups = pdb_search_entries(info->disp_info->groups,
+ *r->in.resume_handle,
MAX_SAM_ENTRIES, &groups);
unbecome_root();
-
+
/* Ensure we cache this enumeration. */
set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
- make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name,
+ make_group_sam_entry_list(p->mem_ctx, &samr_entries,
num_groups, groups);
- init_samr_r_enum_dom_groups(r_u, q_u->start_idx, num_groups);
+ samr_array->count = num_groups;
+ samr_array->entries = samr_entries;
+
+ *r->out.sam = samr_array;
+ *r->out.num_entries = num_groups;
+ /* this was missing, IMHO:
+ *r->out.resume_handle = num_groups + *r->in.resume_handle;
+ */
- DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
+ DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
- return r_u->status;
+ return status;
}
/*******************************************************************
- samr_reply_enum_dom_aliases
+ _samr_EnumDomainAliases
********************************************************************/
-NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES *r_u)
+NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
+ struct samr_EnumDomainAliases *r)
{
+ NTSTATUS status;
struct samr_info *info;
struct samr_displayentry *aliases;
uint32 num_aliases = 0;
+ struct samr_SamArray *samr_array = NULL;
+ struct samr_SamEntry *samr_entries = NULL;
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- r_u->status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
- "_samr_enum_dom_aliases");
- if (!NT_STATUS_IS_OK(r_u->status))
- return r_u->status;
+ status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ "_samr_EnumDomainAliases");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n",
+ DEBUG(5,("_samr_EnumDomainAliases: sid %s\n",
sid_string_dbg(&info->sid)));
+ samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+ if (!samr_array) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
become_root();
if (info->disp_info->aliases == NULL) {
@@ -1117,39 +1142,244 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
}
}
- num_aliases = pdb_search_entries(info->disp_info->aliases, q_u->start_idx,
+ num_aliases = pdb_search_entries(info->disp_info->aliases,
+ *r->in.resume_handle,
MAX_SAM_ENTRIES, &aliases);
unbecome_root();
-
+
/* Ensure we cache this enumeration. */
set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
- make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name,
+ make_group_sam_entry_list(p->mem_ctx, &samr_entries,
num_aliases, aliases);
- init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_aliases,
- num_aliases);
+ DEBUG(5,("_samr_EnumDomainAliases: %d\n", __LINE__));
+
+ samr_array->count = num_aliases;
+ samr_array->entries = samr_entries;
+
+ *r->out.sam = samr_array;
+ *r->out.num_entries = num_aliases;
+ *r->out.resume_handle = num_aliases + *r->in.resume_handle;
+
+ return status;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoGeneral structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_1(TALLOC_CTX *ctx,
+ struct samr_DispInfoGeneral *r,
+ uint32_t num_entries,
+ uint32_t start_idx,
+ struct samr_displayentry *entries)
+{
+ uint32 i;
+
+ DEBUG(10, ("init_samr_dispinfo_1: num_entries: %d\n", num_entries));
+
+ if (num_entries == 0) {
+ return NT_STATUS_OK;
+ }
+
+ r->count = num_entries;
+
+ r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryGeneral, num_entries);
+ if (!r->entries) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i = 0; i < num_entries ; i++) {
- DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
+ init_lsa_String(&r->entries[i].account_name,
+ entries[i].account_name);
- return r_u->status;
+ init_lsa_String(&r->entries[i].description,
+ entries[i].description);
+
+ init_lsa_String(&r->entries[i].full_name,
+ entries[i].fullname);
+
+ r->entries[i].rid = entries[i].rid;
+ r->entries[i].acct_flags = entries[i].acct_flags;
+ r->entries[i].idx = start_idx+i+1;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoFull structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_2(TALLOC_CTX *ctx,
+ struct samr_DispInfoFull *r,
+ uint32_t num_entries,
+ uint32_t start_idx,
+ struct samr_displayentry *entries)
+{
+ uint32_t i;
+
+ DEBUG(10, ("init_samr_dispinfo_2: num_entries: %d\n", num_entries));
+
+ if (num_entries == 0) {
+ return NT_STATUS_OK;
+ }
+
+ r->count = num_entries;
+
+ r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFull, num_entries);
+ if (!r->entries) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i = 0; i < num_entries ; i++) {
+
+ init_lsa_String(&r->entries[i].account_name,
+ entries[i].account_name);
+
+ init_lsa_String(&r->entries[i].description,
+ entries[i].description);
+
+ r->entries[i].rid = entries[i].rid;
+ r->entries[i].acct_flags = entries[i].acct_flags;
+ r->entries[i].idx = start_idx+i+1;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoFullGroups structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_3(TALLOC_CTX *ctx,
+ struct samr_DispInfoFullGroups *r,
+ uint32_t num_entries,
+ uint32_t start_idx,
+ struct samr_displayentry *entries)
+{
+ uint32_t i;
+
+ DEBUG(5, ("init_samr_dispinfo_3: num_entries: %d\n", num_entries));
+
+ if (num_entries == 0) {
+ return NT_STATUS_OK;
+ }
+
+ r->count = num_entries;
+
+ r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFullGroup, num_entries);
+ if (!r->entries) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i = 0; i < num_entries ; i++) {
+
+ init_lsa_String(&r->entries[i].account_name,
+ entries[i].account_name);
+
+ init_lsa_String(&r->entries[i].description,
+ entries[i].description);
+
+ r->entries[i].rid = entries[i].rid;
+ r->entries[i].acct_flags = entries[i].acct_flags;
+ r->entries[i].idx = start_idx+i+1;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoAscii structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_4(TALLOC_CTX *ctx,
+ struct samr_DispInfoAscii *r,
+ uint32_t num_entries,
+ uint32_t start_idx,
+ struct samr_displayentry *entries)
+{
+ uint32_t i;
+
+ DEBUG(5, ("init_samr_dispinfo_4: num_entries: %d\n", num_entries));
+
+ if (num_entries == 0) {
+ return NT_STATUS_OK;
+ }
+
+ r->count = num_entries;
+
+ r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
+ if (!r->entries) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i = 0; i < num_entries ; i++) {
+
+ init_lsa_AsciiStringLarge(&r->entries[i].account_name,
+ entries[i].account_name);
+
+ r->entries[i].idx = start_idx+i+1;
+ }
+
+ return NT_STATUS_OK;
}
/*******************************************************************
- samr_reply_query_dispinfo
+ inits a samr_DispInfoAscii structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_5(TALLOC_CTX *ctx,
+ struct samr_DispInfoAscii *r,
+ uint32_t num_entries,
+ uint32_t start_idx,
+ struct samr_displayentry *entries)
+{
+ uint32_t i;
+
+ DEBUG(5, ("init_samr_dispinfo_5: num_entries: %d\n", num_entries));
+
+ if (num_entries == 0) {
+ return NT_STATUS_OK;
+ }
+
+ r->count = num_entries;
+
+ r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
+ if (!r->entries) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i = 0; i < num_entries ; i++) {
+
+ init_lsa_AsciiStringLarge(&r->entries[i].account_name,
+ entries[i].account_name);
+
+ r->entries[i].idx = start_idx+i+1;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ _samr_QueryDisplayInfo
********************************************************************/
-NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
- SAMR_R_QUERY_DISPINFO *r_u)
+NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
+ struct samr_QueryDisplayInfo *r)
{
+ NTSTATUS status;
struct samr_info *info = NULL;
uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
-
- uint32 max_entries=q_u->max_entries;
- uint32 enum_context=q_u->start_idx;
- uint32 max_size=q_u->max_size;
- SAM_DISPINFO_CTR *ctr;
+ uint32 max_entries = r->in.max_entries;
+ uint32 enum_context = r->in.start_idx;
+ uint32 max_size = r->in.buf_size;
+
+ union samr_DispInfo *disp_info = r->out.info;
+
uint32 temp_size=0, total_data_size=0;
NTSTATUS disp_ret = NT_STATUS_UNSUCCESSFUL;
uint32 num_account = 0;
@@ -1157,16 +1387,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
struct samr_displayentry *entries = NULL;
- DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__));
- r_u->status = NT_STATUS_UNSUCCESSFUL;
+ DEBUG(5,("_samr_QueryDisplayInfo: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
/*
* calculate how many entries we will return.
- * based on
+ * based on
* - the number of entries the client asked
* - our limit on that
* - the starting point (enumeration context)
@@ -1192,15 +1421,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
* JFM, 12/20/2001
*/
- if ((q_u->switch_level < 1) || (q_u->switch_level > 5)) {
- DEBUG(0,("_samr_query_dispinfo: Unknown info level (%u)\n",
- (unsigned int)q_u->switch_level ));
+ if ((r->in.level < 1) || (r->in.level > 5)) {
+ DEBUG(0,("_samr_QueryDisplayInfo: Unknown info level (%u)\n",
+ (unsigned int)r->in.level ));
return NT_STATUS_INVALID_INFO_CLASS;
}
/* first limit the number of entries we will return */
if(max_entries > max_sam_entries) {
- DEBUG(5, ("samr_reply_query_dispinfo: client requested %d "
+ DEBUG(5, ("_samr_QueryDisplayInfo: client requested %d "
"entries, limiting to %d\n", max_entries,
max_sam_entries));
max_entries = max_sam_entries;
@@ -1210,23 +1439,18 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
* return */
temp_size=max_entries*struct_size;
-
+
if (temp_size>max_size) {
max_entries=MIN((max_size/struct_size),max_entries);;
- DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to "
+ DEBUG(5, ("_samr_QueryDisplayInfo: buffer size limits to "
"only %d entries\n", max_entries));
}
- if (!(ctr = TALLOC_ZERO_P(p->mem_ctx,SAM_DISPINFO_CTR)))
- return NT_STATUS_NO_MEMORY;
-
- ZERO_STRUCTP(ctr);
-
become_root();
/* THe following done as ROOT. Don't return without unbecome_root(). */
- switch (q_u->switch_level) {
+ switch (r->in.level) {
case 0x1:
case 0x4:
if (info->disp_info->users == NULL) {
@@ -1235,10 +1459,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
unbecome_root();
return NT_STATUS_ACCESS_DENIED;
}
- DEBUG(10,("samr_reply_query_dispinfo: starting user enumeration at index %u\n",
+ DEBUG(10,("_samr_QueryDisplayInfo: starting user enumeration at index %u\n",
(unsigned int)enum_context ));
} else {
- DEBUG(10,("samr_reply_query_dispinfo: using cached user enumeration at index %u\n",
+ DEBUG(10,("_samr_QueryDisplayInfo: using cached user enumeration at index %u\n",
(unsigned int)enum_context ));
}
@@ -1254,10 +1478,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
unbecome_root();
return NT_STATUS_ACCESS_DENIED;
}
- DEBUG(10,("samr_reply_query_dispinfo: starting machine enumeration at index %u\n",
+ DEBUG(10,("_samr_QueryDisplayInfo: starting machine enumeration at index %u\n",
(unsigned int)enum_context ));
} else {
- DEBUG(10,("samr_reply_query_dispinfo: using cached machine enumeration at index %u\n",
+ DEBUG(10,("_samr_QueryDisplayInfo: using cached machine enumeration at index %u\n",
(unsigned int)enum_context ));
}
@@ -1273,10 +1497,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
unbecome_root();
return NT_STATUS_ACCESS_DENIED;
}
- DEBUG(10,("samr_reply_query_dispinfo: starting group enumeration at index %u\n",
+ DEBUG(10,("_samr_QueryDisplayInfo: starting group enumeration at index %u\n",
(unsigned int)enum_context ));
} else {
- DEBUG(10,("samr_reply_query_dispinfo: using cached group enumeration at index %u\n",
+ DEBUG(10,("_samr_QueryDisplayInfo: using cached group enumeration at index %u\n",
(unsigned int)enum_context ));
}
@@ -1291,32 +1515,33 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
}
unbecome_root();
+
/* Now create reply structure */
- switch (q_u->switch_level) {
+ switch (r->in.level) {
case 0x1:
- disp_ret = init_sam_dispinfo_1(p->mem_ctx, &ctr->sam.info1,
- num_account, enum_context,
- entries);
+ disp_ret = init_samr_dispinfo_1(p->mem_ctx, &disp_info->info1,
+ num_account, enum_context,
+ entries);
break;
case 0x2:
- disp_ret = init_sam_dispinfo_2(p->mem_ctx, &ctr->sam.info2,
- num_account, enum_context,
- entries);
+ disp_ret = init_samr_dispinfo_2(p->mem_ctx, &disp_info->info2,
+ num_account, enum_context,
+ entries);
break;
case 0x3:
- disp_ret = init_sam_dispinfo_3(p->mem_ctx, &ctr->sam.info3,
- num_account, enum_context,
- entries);
+ disp_ret = init_samr_dispinfo_3(p->mem_ctx, &disp_info->info3,
+ num_account, enum_context,
+ entries);
break;
case 0x4:
- disp_ret = init_sam_dispinfo_4(p->mem_ctx, &ctr->sam.info4,
- num_account, enum_context,
- entries);
+ disp_ret = init_samr_dispinfo_4(p->mem_ctx, &disp_info->info4,
+ num_account, enum_context,
+ entries);
break;
case 0x5:
- disp_ret = init_sam_dispinfo_5(p->mem_ctx, &ctr->sam.info5,
- num_account, enum_context,
- entries);
+ disp_ret = init_samr_dispinfo_5(p->mem_ctx, &disp_info->info5,
+ num_account, enum_context,
+ entries);
break;
default:
smb_panic("info class changed");
@@ -1330,73 +1555,130 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
total_data_size=num_account*struct_size;
if (num_account) {
- r_u->status = STATUS_MORE_ENTRIES;
+ status = STATUS_MORE_ENTRIES;
} else {
- r_u->status = NT_STATUS_OK;
+ status = NT_STATUS_OK;
}
/* Ensure we cache this enumeration. */
set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
- DEBUG(5, ("_samr_query_dispinfo: %d\n", __LINE__));
+ DEBUG(5, ("_samr_QueryDisplayInfo: %d\n", __LINE__));
+
+ *r->out.total_size = total_data_size;
+ *r->out.returned_size = temp_size;
+
+ return status;
+}
+
+/****************************************************************
+ _samr_QueryDisplayInfo2
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p,
+ struct samr_QueryDisplayInfo2 *r)
+{
+ struct samr_QueryDisplayInfo q;
+
+ q.in.domain_handle = r->in.domain_handle;
+ q.in.level = r->in.level;
+ q.in.start_idx = r->in.start_idx;
+ q.in.max_entries = r->in.max_entries;
+ q.in.buf_size = r->in.buf_size;
+
+ q.out.total_size = r->out.total_size;
+ q.out.returned_size = r->out.returned_size;
+ q.out.info = r->out.info;
+
+ return _samr_QueryDisplayInfo(p, &q);
+}
+
+/****************************************************************
+ _samr_QueryDisplayInfo3
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p,
+ struct samr_QueryDisplayInfo3 *r)
+{
+ struct samr_QueryDisplayInfo q;
- init_samr_r_query_dispinfo(r_u, num_account, total_data_size,
- temp_size, q_u->switch_level, ctr,
- r_u->status);
+ q.in.domain_handle = r->in.domain_handle;
+ q.in.level = r->in.level;
+ q.in.start_idx = r->in.start_idx;
+ q.in.max_entries = r->in.max_entries;
+ q.in.buf_size = r->in.buf_size;
- return r_u->status;
+ q.out.total_size = r->out.total_size;
+ q.out.returned_size = r->out.returned_size;
+ q.out.info = r->out.info;
+ return _samr_QueryDisplayInfo(p, &q);
}
/*******************************************************************
- samr_reply_query_aliasinfo
+ _samr_QueryAliasInfo
********************************************************************/
-NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u)
+NTSTATUS _samr_QueryAliasInfo(pipes_struct *p,
+ struct samr_QueryAliasInfo *r)
{
DOM_SID sid;
struct acct_info info;
uint32 acc_granted;
NTSTATUS status;
+ union samr_AliasInfo *alias_info = NULL;
+ const char *alias_name = NULL;
+ const char *alias_description = NULL;
- r_u->status = NT_STATUS_OK;
+ DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
- DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+ alias_info = TALLOC_ZERO_P(p->mem_ctx, union samr_AliasInfo);
+ if (!alias_info) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* find the policy handle. open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_LOOKUP_INFO,
+ "_samr_QueryAliasInfo");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
become_root();
status = pdb_get_aliasinfo(&sid, &info);
unbecome_root();
-
+
if ( !NT_STATUS_IS_OK(status))
return status;
- if ( !(r_u->ctr = TALLOC_ZERO_P( p->mem_ctx, ALIAS_INFO_CTR )) )
- return NT_STATUS_NO_MEMORY;
-
+ /* FIXME: info contains fstrings */
+ alias_name = talloc_strdup(r, info.acct_name);
+ alias_description = talloc_strdup(r, info.acct_desc);
- switch (q_u->level ) {
- case 1:
- r_u->ctr->level = 1;
- init_samr_alias_info1(&r_u->ctr->alias.info1, info.acct_name, 1, info.acct_desc);
+ switch (r->in.level) {
+ case ALIASINFOALL:
+ init_samr_alias_info1(&alias_info->all,
+ alias_name,
+ 1,
+ alias_description);
break;
- case 3:
- r_u->ctr->level = 3;
- init_samr_alias_info3(&r_u->ctr->alias.info3, info.acct_desc);
+ case ALIASINFODESCRIPTION:
+ init_samr_alias_info3(&alias_info->description,
+ alias_description);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
- DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+ *r->out.info = alias_info;
- return r_u->status;
+ DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
+
+ return NT_STATUS_OK;
}
#if 0
@@ -1460,170 +1742,184 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
#endif
/*******************************************************************
- _samr_lookup_names
+ _samr_LookupNames
********************************************************************/
-NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOKUP_NAMES *r_u)
+NTSTATUS _samr_LookupNames(pipes_struct *p,
+ struct samr_LookupNames *r)
{
+ NTSTATUS status;
uint32 rid[MAX_SAM_ENTRIES];
enum lsa_SidType type[MAX_SAM_ENTRIES];
int i;
- int num_rids = q_u->num_names2;
+ int num_rids = r->in.num_names;
DOM_SID pol_sid;
uint32 acc_granted;
+ struct samr_Ids rids, types;
- r_u->status = NT_STATUS_OK;
-
- DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+ DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
ZERO_ARRAY(rid);
ZERO_ARRAY(type);
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL)) {
- init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH);
- return r_u->status;
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL)) {
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
}
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ 0, /* Don't know the acc_bits yet */
+ "_samr_LookupNames");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
if (num_rids > MAX_SAM_ENTRIES) {
num_rids = MAX_SAM_ENTRIES;
- DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids));
+ DEBUG(5,("_samr_LookupNames: truncating entries to %d\n", num_rids));
}
- DEBUG(5,("_samr_lookup_names: looking name on SID %s\n",
+ DEBUG(5,("_samr_LookupNames: looking name on SID %s\n",
sid_string_dbg(&pol_sid)));
-
+
for (i = 0; i < num_rids; i++) {
- fstring name;
- int ret;
- r_u->status = NT_STATUS_NONE_MAPPED;
+ status = NT_STATUS_NONE_MAPPED;
type[i] = SID_NAME_UNKNOWN;
- rid [i] = 0xffffffff;
-
- ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
-
- if (ret <= 0) {
- continue;
- }
+ rid[i] = 0xffffffff;
if (sid_check_is_builtin(&pol_sid)) {
- if (lookup_builtin_name(name, &rid[i])) {
+ if (lookup_builtin_name(r->in.names[i].string,
+ &rid[i]))
+ {
type[i] = SID_NAME_ALIAS;
}
} else {
- lookup_global_sam_name(name, 0, &rid[i], &type[i]);
+ lookup_global_sam_name(r->in.names[i].string, 0,
+ &rid[i], &type[i]);
}
if (type[i] != SID_NAME_UNKNOWN) {
- r_u->status = NT_STATUS_OK;
+ status = NT_STATUS_OK;
}
}
- init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, type, r_u->status);
+ rids.count = num_rids;
+ rids.ids = rid;
+
+ types.count = num_rids;
+ types.ids = type;
- DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+ *r->out.rids = rids;
+ *r->out.types = types;
- return r_u->status;
+ DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
+
+ return status;
}
/*******************************************************************
- _samr_chgpasswd_user
+ _samr_ChangePasswordUser2
********************************************************************/
-NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_R_CHGPASSWD_USER *r_u)
+NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
+ struct samr_ChangePasswordUser2 *r)
{
+ NTSTATUS status;
fstring user_name;
fstring wks;
- DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+ DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
- r_u->status = NT_STATUS_OK;
+ fstrcpy(user_name, r->in.account->string);
+ fstrcpy(wks, r->in.server->string);
- rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
- rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
-
- DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
+ DEBUG(5,("_samr_ChangePasswordUser2: user: %s wks: %s\n", user_name, wks));
/*
* Pass the user through the NT -> unix user mapping
* function.
*/
-
+
(void)map_username(user_name);
-
+
/*
- * UNIX username case mangling not required, pass_oem_change
+ * UNIX username case mangling not required, pass_oem_change
* is case insensitive.
*/
- r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
- q_u->nt_newpass.pass, q_u->nt_oldhash.hash, NULL);
-
- init_samr_r_chgpasswd_user(r_u, r_u->status);
+ status = pass_oem_change(user_name,
+ r->in.lm_password->data,
+ r->in.lm_verifier->hash,
+ r->in.nt_password->data,
+ r->in.nt_verifier->hash,
+ NULL);
- DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+ DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
- return r_u->status;
+ return status;
}
/*******************************************************************
- _samr_chgpasswd_user3
+ _samr_ChangePasswordUser3
********************************************************************/
-NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAMR_R_CHGPASSWD_USER3 *r_u)
+NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
+ struct samr_ChangePasswordUser3 *r)
{
+ NTSTATUS status;
fstring user_name;
- fstring wks;
+ const char *wks = NULL;
uint32 reject_reason;
- SAM_UNK_INFO_1 *info = NULL;
- SAMR_CHANGE_REJECT *reject = NULL;
+ struct samr_DomInfo1 *dominfo = NULL;
+ struct samr_ChangeReject *reject = NULL;
- DEBUG(5,("_samr_chgpasswd_user3: %d\n", __LINE__));
+ DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
- rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
- rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
+ fstrcpy(user_name, r->in.account->string);
+ if (r->in.server && r->in.server->string) {
+ wks = r->in.server->string;
+ }
- DEBUG(5,("_samr_chgpasswd_user3: user: %s wks: %s\n", user_name, wks));
+ DEBUG(5,("_samr_ChangePasswordUser3: user: %s wks: %s\n", user_name, wks));
/*
* Pass the user through the NT -> unix user mapping
* function.
*/
-
+
(void)map_username(user_name);
-
+
/*
- * UNIX username case mangling not required, pass_oem_change
+ * UNIX username case mangling not required, pass_oem_change
* is case insensitive.
*/
- r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
- q_u->nt_newpass.pass, q_u->nt_oldhash.hash, &reject_reason);
+ status = pass_oem_change(user_name,
+ r->in.lm_password->data,
+ r->in.lm_verifier->hash,
+ r->in.nt_password->data,
+ r->in.nt_verifier->hash,
+ &reject_reason);
- if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION) ||
- NT_STATUS_EQUAL(r_u->status, NT_STATUS_ACCOUNT_RESTRICTION)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_RESTRICTION)) {
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
NTTIME nt_expire, nt_min_age;
uint32 account_policy_temp;
- if ((info = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+ dominfo = TALLOC_ZERO_P(p->mem_ctx, struct samr_DomInfo1);
+ if (!dominfo) {
return NT_STATUS_NO_MEMORY;
}
- if ((reject = TALLOC_ZERO_P(p->mem_ctx, SAMR_CHANGE_REJECT)) == NULL) {
+ reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject);
+ if (!reject) {
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(info);
- ZERO_STRUCTP(reject);
-
become_root();
/* AS ROOT !!! */
@@ -1644,23 +1940,32 @@ NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAM
u_min_age = account_policy_temp;
/* !AS ROOT */
-
+
unbecome_root();
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
- init_unk_info1(info, (uint16)min_pass_len, (uint16)pass_hist,
- password_properties, nt_expire, nt_min_age);
+ if (lp_check_password_script() && *lp_check_password_script()) {
+ password_properties |= DOMAIN_PASSWORD_COMPLEX;
+ }
+
+ init_samr_DomInfo1(dominfo,
+ min_pass_len,
+ pass_hist,
+ password_properties,
+ u_expire,
+ u_min_age);
- reject->reject_reason = reject_reason;
+ reject->reason = reject_reason;
+
+ *r->out.dominfo = dominfo;
+ *r->out.reject = reject;
}
-
- init_samr_r_chgpasswd_user3(r_u, r_u->status, reject, info);
- DEBUG(5,("_samr_chgpasswd_user3: %d\n", __LINE__));
+ DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
- return r_u->status;
+ return status;
}
/*******************************************************************
@@ -1668,60 +1973,54 @@ makes a SAMR_R_LOOKUP_RIDS structure.
********************************************************************/
static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
- const char **names, UNIHDR **pp_hdr_name,
- UNISTR2 **pp_uni_name)
+ const char **names,
+ struct lsa_String **lsa_name_array_p)
{
- uint32 i;
- UNIHDR *hdr_name=NULL;
- UNISTR2 *uni_name=NULL;
+ struct lsa_String *lsa_name_array = NULL;
+ uint32_t i;
- *pp_uni_name = NULL;
- *pp_hdr_name = NULL;
+ *lsa_name_array_p = NULL;
if (num_names != 0) {
- hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names);
- if (hdr_name == NULL)
- return False;
-
- uni_name = TALLOC_ZERO_ARRAY(ctx,UNISTR2, num_names);
- if (uni_name == NULL)
- return False;
+ lsa_name_array = TALLOC_ZERO_ARRAY(ctx, struct lsa_String, num_names);
+ if (!lsa_name_array) {
+ return false;
+ }
}
for (i = 0; i < num_names; i++) {
DEBUG(10, ("names[%d]:%s\n", i, names[i] && *names[i] ? names[i] : ""));
- init_unistr2(&uni_name[i], names[i], UNI_FLAGS_NONE);
- init_uni_hdr(&hdr_name[i], &uni_name[i]);
+ init_lsa_String(&lsa_name_array[i], names[i]);
}
- *pp_uni_name = uni_name;
- *pp_hdr_name = hdr_name;
+ *lsa_name_array_p = lsa_name_array;
- return True;
+ return true;
}
/*******************************************************************
- _samr_lookup_rids
+ _samr_LookupRids
********************************************************************/
-NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP_RIDS *r_u)
+NTSTATUS _samr_LookupRids(pipes_struct *p,
+ struct samr_LookupRids *r)
{
+ NTSTATUS status;
const char **names;
enum lsa_SidType *attrs = NULL;
uint32 *wire_attrs = NULL;
- UNIHDR *hdr_name = NULL;
- UNISTR2 *uni_name = NULL;
DOM_SID pol_sid;
- int num_rids = (int)q_u->num_rids1;
+ int num_rids = (int)r->in.num_rids;
uint32 acc_granted;
int i;
+ struct lsa_Strings names_array;
+ struct samr_Ids types_array;
+ struct lsa_String *lsa_names = NULL;
- r_u->status = NT_STATUS_OK;
-
- DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+ DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
if (num_rids > 1000) {
@@ -1744,59 +2043,67 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
}
become_root(); /* lookup_sid can require root privs */
- r_u->status = pdb_lookup_rids(&pol_sid, num_rids, q_u->rid,
- names, attrs);
+ status = pdb_lookup_rids(&pol_sid, num_rids, r->in.rids,
+ names, attrs);
unbecome_root();
- if ( NT_STATUS_EQUAL(r_u->status, NT_STATUS_NONE_MAPPED) && (num_rids == 0) ) {
- r_u->status = NT_STATUS_OK;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) && (num_rids == 0)) {
+ status = NT_STATUS_OK;
}
- if(!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
- &hdr_name, &uni_name))
+ if (!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
+ &lsa_names)) {
return NT_STATUS_NO_MEMORY;
+ }
/* Convert from enum lsa_SidType to uint32 for wire format. */
for (i = 0; i < num_rids; i++) {
wire_attrs[i] = (uint32)attrs[i];
}
- init_samr_r_lookup_rids(r_u, num_rids, hdr_name, uni_name, wire_attrs);
+ names_array.count = num_rids;
+ names_array.names = lsa_names;
+
+ types_array.count = num_rids;
+ types_array.ids = wire_attrs;
- DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+ *r->out.names = names_array;
+ *r->out.types = types_array;
- return r_u->status;
+ DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
+
+ return status;
}
/*******************************************************************
- _samr_open_user. Safe - gives out no passwd info.
- ********************************************************************/
+ _samr_OpenUser
+********************************************************************/
-NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USER *r_u)
+NTSTATUS _samr_OpenUser(pipes_struct *p,
+ struct samr_OpenUser *r)
{
struct samu *sampass=NULL;
DOM_SID sid;
- POLICY_HND domain_pol = q_u->domain_pol;
- POLICY_HND *user_pol = &r_u->user_pol;
+ POLICY_HND domain_pol = *r->in.domain_handle;
+ POLICY_HND *user_pol = r->out.user_handle;
struct samr_info *info = NULL;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
size_t sd_size;
bool ret;
NTSTATUS nt_status;
SE_PRIV se_rights;
- r_u->status = NT_STATUS_OK;
-
/* find the domain policy handle and get domain SID / access bits in the domain policy. */
-
+
if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
return NT_STATUS_INVALID_HANDLE;
-
- nt_status = access_check_samr_function( acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user" );
-
+
+ nt_status = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_OpenUser" );
+
if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
@@ -1805,22 +2112,22 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE
}
/* append the user's RID to it */
-
- if (!sid_append_rid(&sid, q_u->user_rid))
+
+ if (!sid_append_rid(&sid, r->in.rid))
return NT_STATUS_NO_SUCH_USER;
-
+
/* check if access can be granted as requested by client. */
-
+
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW);
se_map_generic(&des_access, &usr_generic_mapping);
-
+
se_priv_copy( &se_rights, &se_machine_account );
se_priv_add( &se_rights, &se_add_users );
-
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
- &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
- &acc_granted, "_samr_open_user");
-
+
+ nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
+ &acc_granted, "_samr_OpenUser");
+
if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
@@ -1844,22 +2151,27 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE
if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- return r_u->status;
+ return NT_STATUS_OK;
}
/*************************************************************************
get_user_info_7. Safe. Only gives out account_name.
*************************************************************************/
-static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_SID *user_sid)
+static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo7 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ const char *account_name = NULL;
+
+ ZERO_STRUCTP(r);
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
}
-
+
become_root();
ret = pdb_getsampwsid(smbpass, user_sid);
unbecome_root();
@@ -1869,12 +2181,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
return NT_STATUS_NO_SUCH_USER;
}
- DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
+ account_name = talloc_strdup(mem_ctx, pdb_get_username(smbpass));
+ if (!account_name) {
+ TALLOC_FREE(smbpass);
+ return NT_STATUS_NO_MEMORY;
+ }
+ TALLOC_FREE(smbpass);
- ZERO_STRUCTP(id7);
- init_sam_user_info7(id7, pdb_get_username(smbpass) );
+ DEBUG(3,("User:[%s]\n", account_name));
- TALLOC_FREE(smbpass);
+ init_samr_user_info7(r, account_name);
return NT_STATUS_OK;
}
@@ -1882,11 +2198,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
/*************************************************************************
get_user_info_9. Only gives out primary group SID.
*************************************************************************/
-static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_SID *user_sid)
+
+static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo9 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ ZERO_STRUCTP(r);
+
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
}
@@ -1897,13 +2218,13 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
if (ret==False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(smbpass);
return NT_STATUS_NO_SUCH_USER;
}
DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
- ZERO_STRUCTP(id9);
- init_sam_user_info9(id9, pdb_get_group_rid(smbpass) );
+ init_samr_user_info9(r, pdb_get_group_rid(smbpass));
TALLOC_FREE(smbpass);
@@ -1914,11 +2235,15 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
get_user_info_16. Safe. Only gives out acb bits.
*************************************************************************/
-static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DOM_SID *user_sid)
+static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo16 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ ZERO_STRUCTP(r);
+
if ( !(smbpass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
}
@@ -1929,13 +2254,13 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
if (ret==False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(smbpass);
return NT_STATUS_NO_SUCH_USER;
}
DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
- ZERO_STRUCTP(id16);
- init_sam_user_info16(id16, pdb_get_acct_ctrl(smbpass) );
+ init_samr_user_info16(r, pdb_get_acct_ctrl(smbpass));
TALLOC_FREE(smbpass);
@@ -1945,14 +2270,19 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
/*************************************************************************
get_user_info_18. OK - this is the killer as it gives out password info.
Ensure that this is only allowed on an encrypted connection with a root
- user. JRA.
+ user. JRA.
*************************************************************************/
-static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_18 * id18, DOM_SID *user_sid)
+static NTSTATUS get_user_info_18(pipes_struct *p,
+ TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo18 *r,
+ DOM_SID *user_sid)
{
struct samu *smbpass=NULL;
bool ret;
+ ZERO_STRUCTP(r);
+
if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -1984,9 +2314,9 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
return NT_STATUS_ACCOUNT_DISABLED;
}
- ZERO_STRUCTP(id18);
- init_sam_user_info18(id18, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass));
-
+ init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass),
+ pdb_get_nt_passwd(smbpass));
+
TALLOC_FREE(smbpass);
return NT_STATUS_OK;
@@ -1996,10 +2326,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
get_user_info_20
*************************************************************************/
-static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid)
+static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo20 *r,
+ DOM_SID *user_sid)
{
struct samu *sampass=NULL;
bool ret;
+ const char *munged_dial = NULL;
+ const char *munged_dial_decoded = NULL;
+ DATA_BLOB blob;
+
+ ZERO_STRUCTP(r);
if ( !(sampass = samu_new( mem_ctx )) ) {
return NT_STATUS_NO_MEMORY;
@@ -2011,72 +2348,221 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DO
if (ret == False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(sampass);
return NT_STATUS_NO_SUCH_USER;
}
+ munged_dial = pdb_get_munged_dial(sampass);
+
samr_clear_sam_passwd(sampass);
DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) ));
- ZERO_STRUCTP(id20);
- init_sam_user_info20A(id20, sampass);
-
+ if (munged_dial) {
+ blob = base64_decode_data_blob(munged_dial);
+ munged_dial_decoded = talloc_strndup(mem_ctx,
+ (const char *)blob.data,
+ blob.length);
+ data_blob_free(&blob);
+ if (!munged_dial_decoded) {
+ TALLOC_FREE(sampass);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+#if 0
+ init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
+ init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ data_blob_free(&blob);
+#endif
+ init_samr_user_info20(r, munged_dial_decoded);
+
TALLOC_FREE(sampass);
return NT_STATUS_OK;
}
+
/*************************************************************************
get_user_info_21
*************************************************************************/
-static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
- DOM_SID *user_sid, DOM_SID *domain_sid)
+static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo21 *r,
+ DOM_SID *user_sid,
+ DOM_SID *domain_sid)
{
- struct samu *sampass=NULL;
+ struct samu *pw = NULL;
bool ret;
- NTSTATUS nt_status;
-
- if ( !(sampass = samu_new( mem_ctx )) ) {
+ const DOM_SID *sid_user, *sid_group;
+ uint32_t rid, primary_gid;
+ NTTIME last_logon, last_logoff, last_password_change,
+ acct_expiry, allow_password_change, force_password_change;
+ time_t must_change_time;
+ uint8_t password_expired;
+ const char *account_name, *full_name, *home_directory, *home_drive,
+ *logon_script, *profile_path, *description,
+ *workstations, *comment, *parameters;
+ struct samr_LogonHours logon_hours;
+ const char *munged_dial = NULL;
+ DATA_BLOB blob;
+
+ ZERO_STRUCTP(r);
+
+ if (!(pw = samu_new(mem_ctx))) {
return NT_STATUS_NO_MEMORY;
}
become_root();
- ret = pdb_getsampwsid(sampass, user_sid);
+ ret = pdb_getsampwsid(pw, user_sid);
unbecome_root();
if (ret == False) {
DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+ TALLOC_FREE(pw);
return NT_STATUS_NO_SUCH_USER;
}
- samr_clear_sam_passwd(sampass);
+ samr_clear_sam_passwd(pw);
- DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) ));
+ DEBUG(3,("User:[%s]\n", pdb_get_username(pw)));
- ZERO_STRUCTP(id21);
- nt_status = init_sam_user_info21A(id21, sampass, domain_sid);
-
- TALLOC_FREE(sampass);
+ sid_user = pdb_get_user_sid(pw);
- return nt_status;
+ if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
+ DEBUG(0, ("get_user_info_21: User %s has SID %s, \nwhich conflicts with "
+ "the domain sid %s. Failing operation.\n",
+ pdb_get_username(pw), sid_string_dbg(sid_user),
+ sid_string_dbg(domain_sid)));
+ TALLOC_FREE(pw);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ become_root();
+ sid_group = pdb_get_group_sid(pw);
+ unbecome_root();
+
+ if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
+ DEBUG(0, ("get_user_info_21: User %s has Primary Group SID %s, \n"
+ "which conflicts with the domain sid %s. Failing operation.\n",
+ pdb_get_username(pw), sid_string_dbg(sid_group),
+ sid_string_dbg(domain_sid)));
+ TALLOC_FREE(pw);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ unix_to_nt_time(&last_logon, pdb_get_logon_time(pw));
+ unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw));
+ unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw));
+ unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw));
+ unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(pw));
+
+ must_change_time = pdb_get_pass_must_change_time(pw);
+ if (must_change_time == get_time_t_max()) {
+ unix_to_nt_time_abs(&force_password_change, must_change_time);
+ } else {
+ unix_to_nt_time(&force_password_change, must_change_time);
+ }
+
+ if (pdb_get_pass_must_change_time(pw) == 0) {
+ password_expired = PASS_MUST_CHANGE_AT_NEXT_LOGON;
+ } else {
+ password_expired = 0;
+ }
+
+ munged_dial = pdb_get_munged_dial(pw);
+ if (munged_dial) {
+ blob = base64_decode_data_blob(munged_dial);
+ parameters = talloc_strndup(mem_ctx, (const char *)blob.data, blob.length);
+ data_blob_free(&blob);
+ if (!parameters) {
+ TALLOC_FREE(pw);
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ parameters = NULL;
+ }
+
+
+ account_name = talloc_strdup(mem_ctx, pdb_get_username(pw));
+ full_name = talloc_strdup(mem_ctx, pdb_get_fullname(pw));
+ home_directory = talloc_strdup(mem_ctx, pdb_get_homedir(pw));
+ home_drive = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw));
+ logon_script = talloc_strdup(mem_ctx, pdb_get_logon_script(pw));
+ profile_path = talloc_strdup(mem_ctx, pdb_get_profile_path(pw));
+ description = talloc_strdup(mem_ctx, pdb_get_acct_desc(pw));
+ workstations = talloc_strdup(mem_ctx, pdb_get_workstations(pw));
+ comment = talloc_strdup(mem_ctx, pdb_get_comment(pw));
+
+ logon_hours = get_logon_hours_from_pdb(mem_ctx, pw);
+#if 0
+
+ /*
+ Look at a user on a real NT4 PDC with usrmgr, press
+ 'ok'. Then you will see that fields_present is set to
+ 0x08f827fa. Look at the user immediately after that again,
+ and you will see that 0x00fffff is returned. This solves
+ the problem that you get access denied after having looked
+ at the user.
+ -- Volker
+ */
+
+#if 0
+ init_unistr2_from_datablob(&usr->uni_munged_dial, &munged_dial_blob);
+ init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ data_blob_free(&munged_dial_blob);
+#endif
+#endif
+
+ init_samr_user_info21(r,
+ last_logon,
+ last_logoff,
+ last_password_change,
+ acct_expiry,
+ allow_password_change,
+ force_password_change,
+ account_name,
+ full_name,
+ home_directory,
+ home_drive,
+ logon_script,
+ profile_path,
+ description,
+ workstations,
+ comment,
+ parameters,
+ rid,
+ primary_gid,
+ pdb_get_acct_ctrl(pw),
+ pdb_build_fields_present(pw),
+ logon_hours,
+ pdb_get_bad_password_count(pw),
+ pdb_get_logon_count(pw),
+ 0, /* country_code */
+ 0, /* code_page */
+ 0, /* nt_password_set */
+ 0, /* lm_password_set */
+ password_expired);
+ TALLOC_FREE(pw);
+
+ return NT_STATUS_OK;
}
/*******************************************************************
- _samr_query_userinfo
+ _samr_QueryUserInfo
********************************************************************/
-NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u)
+NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
+ struct samr_QueryUserInfo *r)
{
- SAM_USERINFO_CTR *ctr;
+ NTSTATUS status;
+ union samr_UserInfo *user_info = NULL;
struct samr_info *info = NULL;
DOM_SID domain_sid;
uint32 rid;
-
- r_u->status=NT_STATUS_OK;
/* search for the handle */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
domain_sid = info->sid;
@@ -2086,94 +2572,81 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
if (!sid_check_is_in_our_domain(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- DEBUG(5,("_samr_query_userinfo: sid:%s\n",
+ DEBUG(5,("_samr_QueryUserInfo: sid:%s\n",
sid_string_dbg(&info->sid)));
- ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_USERINFO_CTR);
- if (!ctr)
+ user_info = TALLOC_ZERO_P(p->mem_ctx, union samr_UserInfo);
+ if (!user_info) {
return NT_STATUS_NO_MEMORY;
+ }
- ZERO_STRUCTP(ctr);
-
- /* ok! user info levels (lots: see MSDEV help), off we go... */
- ctr->switch_value = q_u->switch_value;
-
- DEBUG(5,("_samr_query_userinfo: user info level: %d\n", q_u->switch_value));
+ DEBUG(5,("_samr_QueryUserInfo: user info level: %d\n", r->in.level));
- switch (q_u->switch_value) {
+ switch (r->in.level) {
case 7:
- ctr->info.id7 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_7);
- if (ctr->info.id7 == NULL)
- return NT_STATUS_NO_MEMORY;
-
- if (!NT_STATUS_IS_OK(r_u->status = get_user_info_7(p->mem_ctx, ctr->info.id7, &info->sid)))
- return r_u->status;
+ status = get_user_info_7(p->mem_ctx, &user_info->info7, &info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
case 9:
- ctr->info.id9 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_9);
- if (ctr->info.id9 == NULL)
- return NT_STATUS_NO_MEMORY;
-
- if (!NT_STATUS_IS_OK(r_u->status = get_user_info_9(p->mem_ctx, ctr->info.id9, &info->sid)))
- return r_u->status;
+ status = get_user_info_9(p->mem_ctx, &user_info->info9, &info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
case 16:
- ctr->info.id16 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_16);
- if (ctr->info.id16 == NULL)
- return NT_STATUS_NO_MEMORY;
-
- if (!NT_STATUS_IS_OK(r_u->status = get_user_info_16(p->mem_ctx, ctr->info.id16, &info->sid)))
- return r_u->status;
+ status = get_user_info_16(p->mem_ctx, &user_info->info16, &info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
case 18:
- ctr->info.id18 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_18);
- if (ctr->info.id18 == NULL)
- return NT_STATUS_NO_MEMORY;
-
- if (!NT_STATUS_IS_OK(r_u->status = get_user_info_18(p, p->mem_ctx, ctr->info.id18, &info->sid)))
- return r_u->status;
+ status = get_user_info_18(p, p->mem_ctx, &user_info->info18, &info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
-
+
case 20:
- ctr->info.id20 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_20);
- if (ctr->info.id20 == NULL)
- return NT_STATUS_NO_MEMORY;
- if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid)))
- return r_u->status;
+ status = get_user_info_20(p->mem_ctx, &user_info->info20, &info->sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
case 21:
- ctr->info.id21 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_21);
- if (ctr->info.id21 == NULL)
- return NT_STATUS_NO_MEMORY;
- if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21,
- &info->sid, &domain_sid)))
- return r_u->status;
+ status = get_user_info_21(p->mem_ctx, &user_info->info21,
+ &info->sid, &domain_sid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
- init_samr_r_query_userinfo(r_u, ctr, r_u->status);
+ *r->out.info = user_info;
+
+ DEBUG(5,("_samr_QueryUserInfo: %d\n", __LINE__));
- DEBUG(5,("_samr_query_userinfo: %d\n", __LINE__));
-
- return r_u->status;
+ return status;
}
/*******************************************************************
- samr_reply_query_usergroups
+ _samr_GetGroupsForUser
********************************************************************/
-NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u)
+NTSTATUS _samr_GetGroupsForUser(pipes_struct *p,
+ struct samr_GetGroupsForUser *r)
{
struct samu *sam_pass=NULL;
DOM_SID sid;
DOM_SID *sids;
- DOM_GID dom_gid;
- DOM_GID *gids = NULL;
+ struct samr_RidWithAttribute dom_gid;
+ struct samr_RidWithAttribute *gids = NULL;
uint32 primary_group_rid;
size_t num_groups = 0;
gid_t *unix_gids;
@@ -2183,6 +2656,8 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
NTSTATUS result;
bool success = False;
+ struct samr_RidWithAttributeArray *rids = NULL;
+
/*
* from the SID in the request:
* we should send back the list of DOMAIN GROUPS
@@ -2195,16 +2670,22 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
* JFM, 12/2/2001
*/
- r_u->status = NT_STATUS_OK;
+ DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
- DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+ rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidWithAttributeArray);
+ if (!rids) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* find the policy handle. open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) {
- return r_u->status;
+
+ result = access_check_samr_function(acc_granted,
+ SA_RIGHT_USER_GET_GROUPS,
+ "_samr_GetGroupsForUser");
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
}
if (!sid_check_is_in_our_domain(&sid))
@@ -2231,7 +2712,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
&sids, &unix_gids, &num_groups);
if ( NT_STATUS_IS_OK(result) ) {
- success = sid_peek_check_rid(get_global_sam_sid(),
+ success = sid_peek_check_rid(get_global_sam_sid(),
pdb_get_group_sid(sam_pass),
&primary_group_rid);
}
@@ -2254,48 +2735,53 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
gids = NULL;
num_gids = 0;
- dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
- SE_GROUP_ENABLED);
- dom_gid.g_rid = primary_group_rid;
- ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
+ dom_gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+ SE_GROUP_ENABLED);
+ dom_gid.rid = primary_group_rid;
+ ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
for (i=0; i<num_groups; i++) {
if (!sid_peek_check_rid(get_global_sam_sid(),
- &(sids[i]), &dom_gid.g_rid)) {
+ &(sids[i]), &dom_gid.rid)) {
DEBUG(10, ("Found sid %s not in our domain\n",
sid_string_dbg(&sids[i])));
continue;
}
- if (dom_gid.g_rid == primary_group_rid) {
+ if (dom_gid.rid == primary_group_rid) {
/* We added the primary group directly from the
* sam_account. The other SIDs are unique from
* enum_group_memberships */
continue;
}
- ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
+ ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
}
-
- /* construct the response. lkclXXXX: gids are not copied! */
- init_samr_r_query_usergroups(r_u, num_gids, gids, r_u->status);
-
- DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
-
- return r_u->status;
+
+ rids->count = num_gids;
+ rids->rids = gids;
+
+ *r->out.rids = rids;
+
+ DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
+
+ return result;
}
/*******************************************************************
- _samr_query_domain_info
+ samr_QueryDomainInfo_internal
********************************************************************/
-NTSTATUS _samr_query_domain_info(pipes_struct *p,
- SAMR_Q_QUERY_DOMAIN_INFO *q_u,
- SAMR_R_QUERY_DOMAIN_INFO *r_u)
+static NTSTATUS samr_QueryDomainInfo_internal(const char *fn_name,
+ pipes_struct *p,
+ struct policy_handle *handle,
+ uint32_t level,
+ union samr_DomainInfo **dom_info_ptr)
{
+ NTSTATUS status = NT_STATUS_OK;
struct samr_info *info = NULL;
- SAM_UNK_CTR *ctr;
+ union samr_DomainInfo *dom_info;
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
NTTIME nt_expire, nt_min_age;
@@ -2313,24 +2799,23 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
uint32 num_users=0, num_groups=0, num_aliases=0;
- if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL) {
+ DEBUG(5,("%s: %d\n", fn_name, __LINE__));
+
+ dom_info = TALLOC_ZERO_P(p->mem_ctx, union samr_DomainInfo);
+ if (!dom_info) {
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(ctr);
+ *dom_info_ptr = dom_info;
- r_u->status = NT_STATUS_OK;
-
- DEBUG(5,("_samr_query_domain_info: %d\n", __LINE__));
-
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)(void *)&info)) {
+ if (!find_policy_by_hnd(p, handle, (void **)(void *)&info)) {
return NT_STATUS_INVALID_HANDLE;
}
-
- switch (q_u->switch_value) {
+
+ switch (level) {
case 0x01:
-
+
become_root();
/* AS ROOT !!! */
@@ -2351,14 +2836,18 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
u_min_age = account_policy_temp;
/* !AS ROOT */
-
+
unbecome_root();
unix_to_nt_time_abs(&nt_expire, u_expire);
unix_to_nt_time_abs(&nt_min_age, u_min_age);
- init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist,
- password_properties, nt_expire, nt_min_age);
+ init_samr_DomInfo1(&dom_info->info1,
+ (uint16)min_pass_len,
+ (uint16)pass_hist,
+ password_properties,
+ nt_expire,
+ nt_min_age);
break;
case 0x02:
@@ -2379,15 +2868,25 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
seq_num = time(NULL);
/* !AS ROOT */
-
+
unbecome_root();
server_role = ROLE_DOMAIN_PDC;
if (lp_server_role() == ROLE_DOMAIN_BDC)
server_role = ROLE_DOMAIN_BDC;
- init_unk_info2(&ctr->info.inf2, lp_serverstring(), lp_workgroup(), global_myname(), seq_num,
- num_users, num_groups, num_aliases, nt_logout, server_role);
+ init_samr_DomInfo2(&dom_info->info2,
+ nt_logout,
+ lp_serverstring(),
+ lp_workgroup(),
+ global_myname(),
+ seq_num,
+ 1,
+ server_role,
+ 1,
+ num_users,
+ num_groups,
+ num_aliases);
break;
case 0x03:
@@ -2402,31 +2901,37 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
}
/* !AS ROOT */
-
+
unbecome_root();
unix_to_nt_time_abs(&nt_logout, u_logout);
-
- init_unk_info3(&ctr->info.inf3, nt_logout);
+
+ init_samr_DomInfo3(&dom_info->info3,
+ nt_logout);
+
break;
case 0x04:
- init_unk_info4(&ctr->info.inf4, lp_serverstring());
+ init_samr_DomInfo4(&dom_info->info4,
+ lp_serverstring());
break;
case 0x05:
- init_unk_info5(&ctr->info.inf5, get_global_sam_name());
+ init_samr_DomInfo5(&dom_info->info5,
+ get_global_sam_name());
break;
case 0x06:
/* NT returns its own name when a PDC. win2k and later
* only the name of the PDC if itself is a BDC (samba4
* idl) */
- init_unk_info6(&ctr->info.inf6, global_myname());
+ init_samr_DomInfo6(&dom_info->info6,
+ global_myname());
break;
case 0x07:
server_role = ROLE_DOMAIN_PDC;
if (lp_server_role() == ROLE_DOMAIN_BDC)
server_role = ROLE_DOMAIN_BDC;
- init_unk_info7(&ctr->info.inf7, server_role);
+ init_samr_DomInfo7(&dom_info->info7,
+ server_role);
break;
case 0x08:
@@ -2439,10 +2944,12 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
}
/* !AS ROOT */
-
+
unbecome_root();
- init_unk_info8(&ctr->info.inf8, (uint32) seq_num);
+ init_samr_DomInfo8(&dom_info->info8,
+ seq_num,
+ 0);
break;
case 0x0c:
@@ -2463,24 +2970,38 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
lockout = account_policy_temp;
/* !AS ROOT */
-
+
unbecome_root();
unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
-
- init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
+
+ init_samr_DomInfo12(&dom_info->info12,
+ nt_lock_duration,
+ nt_reset_time,
+ (uint16)lockout);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
- }
-
+ }
+
+ DEBUG(5,("%s: %d\n", fn_name, __LINE__));
+
+ return status;
+}
- init_samr_r_query_domain_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
-
- DEBUG(5,("_samr_query_domain_info: %d\n", __LINE__));
-
- return r_u->status;
+/*******************************************************************
+ _samr_QueryDomainInfo
+ ********************************************************************/
+
+NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
+ struct samr_QueryDomainInfo *r)
+{
+ return samr_QueryDomainInfo_internal("_samr_QueryDomainInfo",
+ p,
+ r->in.domain_handle,
+ r->in.level,
+ r->out.info);
}
/* W2k3 seems to use the same check for all 3 objects that can be created via
@@ -2522,19 +3043,17 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
}
/*******************************************************************
- _samr_create_user
- Create an account, can be either a normal user or a machine.
- This funcion will need to be updated for bdc/domain trusts.
+ _samr_CreateUser2
********************************************************************/
-NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
- SAMR_R_CREATE_USER *r_u)
+NTSTATUS _samr_CreateUser2(pipes_struct *p,
+ struct samr_CreateUser2 *r)
{
- char *account;
+ const char *account = NULL;
DOM_SID sid;
- POLICY_HND dom_pol = q_u->domain_pol;
- uint16 acb_info = q_u->acb_info;
- POLICY_HND *user_pol = &r_u->user_pol;
+ POLICY_HND dom_pol = *r->in.domain_handle;
+ uint32_t acb_info = r->in.acct_flags;
+ POLICY_HND *user_pol = r->out.user_handle;
struct samr_info *info = NULL;
NTSTATUS nt_status;
uint32 acc_granted;
@@ -2553,19 +3072,19 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
nt_status = access_check_samr_function(acc_granted,
SA_RIGHT_DOMAIN_CREATE_USER,
- "_samr_create_user");
+ "_samr_CreateUser2");
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
if (!(acb_info == ACB_NORMAL || acb_info == ACB_DOMTRUST ||
- acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) {
- /* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if
+ acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) {
+ /* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if
this parameter is not an account type */
return NT_STATUS_INVALID_PARAMETER;
}
- account = rpcstr_pull_unistr2_talloc(p->mem_ctx, &q_u->uni_name);
+ account = r->in.account_name->string;
if (account == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -2576,14 +3095,14 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
}
/* determine which user right we need to check based on the acb_info */
-
+
if ( acb_info & ACB_WSTRUST )
{
se_priv_copy( &se_rights, &se_machine_account );
can_add_account = user_has_privileges(
p->pipe_user.nt_user_token, &se_rights );
- }
- /* usrmgr.exe (and net rpc trustdom grant) creates a normal user
+ }
+ /* usrmgr.exe (and net rpc trustdom grant) creates a normal user
account for domain trusts and changes the ACB flags later */
else if ( acb_info & ACB_NORMAL &&
(account[strlen(account)-1] != '$') )
@@ -2591,7 +3110,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
se_priv_copy( &se_rights, &se_add_users );
can_add_account = user_has_privileges(
p->pipe_user.nt_user_token, &se_rights );
- }
+ }
else /* implicit assumption of a BDC or domain trust account here
* (we already check the flags earlier) */
{
@@ -2603,41 +3122,41 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
DOMAIN_GROUP_RID_ADMINS );
}
}
-
- DEBUG(5, ("_samr_create_user: %s can add this account : %s\n",
+
+ DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
uidtoname(p->pipe_user.ut.uid),
can_add_account ? "True":"False" ));
-
+
/********** BEGIN Admin BLOCK **********/
if ( can_add_account )
become_root();
nt_status = pdb_create_user(p->mem_ctx, account, acb_info,
- &r_u->user_rid);
+ r->out.rid);
if ( can_add_account )
unbecome_root();
/********** END Admin BLOCK **********/
-
+
/* now check for failure */
-
+
if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
-
+
/* Get the user's SID */
- sid_compose(&sid, get_global_sam_sid(), r_u->user_rid);
-
+ sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
+
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
&sid, SAMR_USR_RIGHTS_WRITE_PW);
se_map_generic(&des_access, &usr_generic_mapping);
-
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
- &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
- &acc_granted, "_samr_create_user");
-
+
+ nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
+ &acc_granted, "_samr_CreateUser2");
+
if ( !NT_STATUS_IS_OK(nt_status) ) {
return nt_status;
}
@@ -2659,40 +3178,38 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
/* After a "set" ensure we have no cached display info. */
force_flush_samr_cache(info->disp_info);
- r_u->access_granted = acc_granted;
+ *r->out.access_granted = acc_granted;
return NT_STATUS_OK;
}
/*******************************************************************
- samr_reply_connect_anon
+ _samr_Connect
********************************************************************/
-NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CONNECT_ANON *r_u)
+NTSTATUS _samr_Connect(pipes_struct *p,
+ struct samr_Connect *r)
{
struct samr_info *info = NULL;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
/* Access check */
if (!pipe_access_check(p)) {
- DEBUG(3, ("access denied to samr_connect_anon\n"));
- r_u->status = NT_STATUS_ACCESS_DENIED;
- return r_u->status;
+ DEBUG(3, ("access denied to _samr_Connect\n"));
+ return NT_STATUS_ACCESS_DENIED;
}
/* set up the SAMR connect_anon response */
- r_u->status = NT_STATUS_OK;
-
/* associate the user's SID with the new handle. */
if ((info = get_samr_info_by_sid(NULL)) == NULL)
return NT_STATUS_NO_MEMORY;
/* don't give away the farm but this is probably ok. The SA_RIGHT_SAM_ENUM_DOMAINS
- was observed from a win98 client trying to enumerate users (when configured
+ was observed from a win98 client trying to enumerate users (when configured
user level access control on shares) --jerry */
-
+
if (des_access == MAXIMUM_ALLOWED_ACCESS) {
/* Map to max possible knowing we're filtered below. */
des_access = GENERIC_ALL_ACCESS;
@@ -2700,152 +3217,143 @@ NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CO
se_map_generic( &des_access, &sam_generic_mapping );
info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_OPEN_DOMAIN);
-
- info->status = q_u->unknown_0;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
- samr_reply_connect
+ _samr_Connect2
********************************************************************/
-NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u)
+NTSTATUS _samr_Connect2(pipes_struct *p,
+ struct samr_Connect2 *r)
{
struct samr_info *info = NULL;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
NTSTATUS nt_status;
size_t sd_size;
- DEBUG(5,("_samr_connect: %d\n", __LINE__));
+ DEBUG(5,("_samr_Connect2: %d\n", __LINE__));
/* Access check */
if (!pipe_access_check(p)) {
- DEBUG(3, ("access denied to samr_connect\n"));
- r_u->status = NT_STATUS_ACCESS_DENIED;
- return r_u->status;
+ DEBUG(3, ("access denied to _samr_Connect2\n"));
+ return NT_STATUS_ACCESS_DENIED;
}
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
-
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
- NULL, 0, des_access, &acc_granted, "_samr_connect");
-
- if ( !NT_STATUS_IS_OK(nt_status) )
- return nt_status;
- r_u->status = NT_STATUS_OK;
+ nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ NULL, 0, des_access, &acc_granted, "_samr_Connect2");
+
+ if ( !NT_STATUS_IS_OK(nt_status) )
+ return nt_status;
/* associate the user's SID and access granted with the new handle. */
if ((info = get_samr_info_by_sid(NULL)) == NULL)
return NT_STATUS_NO_MEMORY;
info->acc_granted = acc_granted;
- info->status = q_u->access_mask;
+ info->status = r->in.access_mask; /* this looks so wrong... - gd */
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- DEBUG(5,("_samr_connect: %d\n", __LINE__));
+ DEBUG(5,("_samr_Connect2: %d\n", __LINE__));
- return r_u->status;
+ return nt_status;
}
/*******************************************************************
- samr_connect4
+ _samr_Connect4
********************************************************************/
-NTSTATUS _samr_connect4(pipes_struct *p, SAMR_Q_CONNECT4 *q_u, SAMR_R_CONNECT4 *r_u)
+NTSTATUS _samr_Connect4(pipes_struct *p,
+ struct samr_Connect4 *r)
{
struct samr_info *info = NULL;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
NTSTATUS nt_status;
size_t sd_size;
- DEBUG(5,("_samr_connect4: %d\n", __LINE__));
+ DEBUG(5,("_samr_Connect4: %d\n", __LINE__));
/* Access check */
if (!pipe_access_check(p)) {
- DEBUG(3, ("access denied to samr_connect4\n"));
- r_u->status = NT_STATUS_ACCESS_DENIED;
- return r_u->status;
+ DEBUG(3, ("access denied to samr_Connect4\n"));
+ return NT_STATUS_ACCESS_DENIED;
}
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
-
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
- NULL, 0, des_access, &acc_granted, "_samr_connect4");
-
- if ( !NT_STATUS_IS_OK(nt_status) )
- return nt_status;
- r_u->status = NT_STATUS_OK;
+ nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ NULL, 0, des_access, &acc_granted, "_samr_Connect4");
+
+ if ( !NT_STATUS_IS_OK(nt_status) )
+ return nt_status;
/* associate the user's SID and access granted with the new handle. */
if ((info = get_samr_info_by_sid(NULL)) == NULL)
return NT_STATUS_NO_MEMORY;
info->acc_granted = acc_granted;
- info->status = q_u->access_mask;
+ info->status = r->in.access_mask; /* ??? */
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- DEBUG(5,("_samr_connect: %d\n", __LINE__));
+ DEBUG(5,("_samr_Connect4: %d\n", __LINE__));
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
- samr_connect5
+ _samr_Connect5
********************************************************************/
-NTSTATUS _samr_connect5(pipes_struct *p, SAMR_Q_CONNECT5 *q_u, SAMR_R_CONNECT5 *r_u)
+NTSTATUS _samr_Connect5(pipes_struct *p,
+ struct samr_Connect5 *r)
{
struct samr_info *info = NULL;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
NTSTATUS nt_status;
- POLICY_HND pol;
size_t sd_size;
+ struct samr_ConnectInfo1 info1;
-
- DEBUG(5,("_samr_connect5: %d\n", __LINE__));
-
- ZERO_STRUCTP(r_u);
+ DEBUG(5,("_samr_Connect5: %d\n", __LINE__));
/* Access check */
if (!pipe_access_check(p)) {
- DEBUG(3, ("access denied to samr_connect5\n"));
- r_u->status = NT_STATUS_ACCESS_DENIED;
- return r_u->status;
+ DEBUG(3, ("access denied to samr_Connect5\n"));
+ return NT_STATUS_ACCESS_DENIED;
}
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
se_map_generic(&des_access, &sam_generic_mapping);
-
- nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
- NULL, 0, des_access, &acc_granted, "_samr_connect5");
-
- if ( !NT_STATUS_IS_OK(nt_status) )
+
+ nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ NULL, 0, des_access, &acc_granted, "_samr_Connect5");
+
+ if ( !NT_STATUS_IS_OK(nt_status) )
return nt_status;
/* associate the user's SID and access granted with the new handle. */
@@ -2853,181 +3361,169 @@ NTSTATUS _samr_connect5(pipes_struct *p, SAMR_Q_CONNECT5 *q_u, SAMR_R_CONNECT5 *
return NT_STATUS_NO_MEMORY;
info->acc_granted = acc_granted;
- info->status = q_u->access_mask;
+ info->status = r->in.access_mask; /* ??? */
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- DEBUG(5,("_samr_connect: %d\n", __LINE__));
+ DEBUG(5,("_samr_Connect5: %d\n", __LINE__));
- init_samr_r_connect5(r_u, &pol, NT_STATUS_OK);
+ info1.client_version = SAMR_CONNECT_AFTER_W2K;
+ info1.unknown2 = 0;
- return r_u->status;
+ *r->out.level_out = 1;
+ r->out.info_out->info1 = info1;
+
+ return NT_STATUS_OK;
}
/**********************************************************************
- api_samr_lookup_domain
+ _samr_LookupDomain
**********************************************************************/
-NTSTATUS _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_LOOKUP_DOMAIN *r_u)
+NTSTATUS _samr_LookupDomain(pipes_struct *p,
+ struct samr_LookupDomain *r)
{
+ NTSTATUS status = NT_STATUS_OK;
struct samr_info *info;
- fstring domain_name;
- DOM_SID sid;
-
- r_u->status = NT_STATUS_OK;
+ const char *domain_name;
+ DOM_SID *sid = NULL;
- if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- /* win9x user manager likes to use SA_RIGHT_SAM_ENUM_DOMAINS here.
+ /* win9x user manager likes to use SA_RIGHT_SAM_ENUM_DOMAINS here.
Reverted that change so we will work with RAS servers again */
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_lookup_domain")))
- {
- return r_u->status;
+ status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_SAM_OPEN_DOMAIN,
+ "_samr_LookupDomain");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- rpcstr_pull(domain_name, q_u->uni_domain.buffer, sizeof(domain_name), q_u->uni_domain.uni_str_len*2, 0);
+ domain_name = r->in.domain_name->string;
- ZERO_STRUCT(sid);
+ sid = TALLOC_ZERO_P(p->mem_ctx, struct dom_sid2);
+ if (!sid) {
+ return NT_STATUS_NO_MEMORY;
+ }
if (strequal(domain_name, builtin_domain_name())) {
- sid_copy(&sid, &global_sid_Builtin);
+ sid_copy(sid, &global_sid_Builtin);
} else {
- if (!secrets_fetch_domain_sid(domain_name, &sid)) {
- r_u->status = NT_STATUS_NO_SUCH_DOMAIN;
+ if (!secrets_fetch_domain_sid(domain_name, sid)) {
+ status = NT_STATUS_NO_SUCH_DOMAIN;
}
}
DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name,
- sid_string_dbg(&sid)));
-
- init_samr_r_lookup_domain(r_u, &sid, r_u->status);
+ sid_string_dbg(sid)));
- return r_u->status;
-}
+ *r->out.sid = sid;
-/******************************************************************
-makes a SAMR_R_ENUM_DOMAINS structure.
-********************************************************************/
-
-static bool make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
- UNISTR2 **pp_uni_name, uint32 num_sam_entries, fstring doms[])
-{
- uint32 i;
- SAM_ENTRY *sam;
- UNISTR2 *uni_name;
-
- DEBUG(5, ("make_enum_domains\n"));
-
- *pp_sam = NULL;
- *pp_uni_name = NULL;
-
- if (num_sam_entries == 0)
- return True;
-
- sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
- uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
-
- if (sam == NULL || uni_name == NULL)
- return False;
-
- for (i = 0; i < num_sam_entries; i++) {
- init_unistr2(&uni_name[i], doms[i], UNI_FLAGS_NONE);
- init_sam_entry(&sam[i], &uni_name[i], 0);
- }
-
- *pp_sam = sam;
- *pp_uni_name = uni_name;
-
- return True;
+ return status;
}
/**********************************************************************
- api_samr_enum_domains
+ _samr_EnumDomains
**********************************************************************/
-NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_ENUM_DOMAINS *r_u)
+NTSTATUS _samr_EnumDomains(pipes_struct *p,
+ struct samr_EnumDomains *r)
{
+ NTSTATUS status;
struct samr_info *info;
- uint32 num_entries = 2;
- fstring dom[2];
- const char *name;
+ uint32_t num_entries = 2;
+ struct samr_SamEntry *entry_array = NULL;
+ struct samr_SamArray *sam;
- r_u->status = NT_STATUS_OK;
-
- if (!find_policy_by_hnd(p, &q_u->pol, (void**)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) {
- return r_u->status;
- }
- name = get_global_sam_name();
+ status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_SAM_ENUM_DOMAINS,
+ "_samr_EnumDomains");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- fstrcpy(dom[0],name);
- strupper_m(dom[0]);
- fstrcpy(dom[1],"Builtin");
+ sam = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+ if (!sam) {
+ return NT_STATUS_NO_MEMORY;
+ }
- if (!make_enum_domains(p->mem_ctx, &r_u->sam, &r_u->uni_dom_name, num_entries, dom))
+ entry_array = TALLOC_ZERO_ARRAY(p->mem_ctx,
+ struct samr_SamEntry,
+ num_entries);
+ if (!entry_array) {
return NT_STATUS_NO_MEMORY;
+ }
+
+ entry_array[0].idx = 0;
+ init_lsa_String(&entry_array[0].name, get_global_sam_name());
- init_samr_r_enum_domains(r_u, q_u->start_idx + num_entries, num_entries);
+ entry_array[1].idx = 1;
+ init_lsa_String(&entry_array[1].name, "Builtin");
- return r_u->status;
+ sam->count = num_entries;
+ sam->entries = entry_array;
+
+ *r->out.sam = sam;
+ *r->out.num_entries = num_entries;
+
+ return status;
}
/*******************************************************************
- api_samr_open_alias
+ _samr_OpenAlias
********************************************************************/
-NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_ALIAS *r_u)
+NTSTATUS _samr_OpenAlias(pipes_struct *p,
+ struct samr_OpenAlias *r)
{
DOM_SID sid;
- POLICY_HND domain_pol = q_u->dom_pol;
- uint32 alias_rid = q_u->rid_alias;
- POLICY_HND *alias_pol = &r_u->pol;
+ POLICY_HND domain_pol = *r->in.domain_handle;
+ uint32 alias_rid = r->in.rid;
+ POLICY_HND *alias_pol = r->out.alias_handle;
struct samr_info *info = NULL;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
size_t sd_size;
NTSTATUS status;
SE_PRIV se_rights;
- r_u->status = NT_STATUS_OK;
-
/* find the domain policy and get the SID / access bits stored in the domain policy */
-
+
if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
return NT_STATUS_INVALID_HANDLE;
-
- status = access_check_samr_function(acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias");
-
- if ( !NT_STATUS_IS_OK(status) )
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_OpenAlias");
+
+ if ( !NT_STATUS_IS_OK(status) )
return status;
/* append the alias' RID to it */
-
+
if (!sid_append_rid(&sid, alias_rid))
return NT_STATUS_NO_SUCH_ALIAS;
-
+
/*check if access can be granted as requested by client. */
-
+
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
se_map_generic(&des_access,&ali_generic_mapping);
-
+
se_priv_copy( &se_rights, &se_add_users );
-
-
- status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
- &se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access,
- &acc_granted, "_samr_open_alias");
-
+
+
+ status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ &se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access,
+ &acc_granted, "_samr_OpenAlias");
+
if ( !NT_STATUS_IS_OK(status) )
return status;
@@ -3046,7 +3542,7 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A
}
/* make sure there is a mapping */
-
+
if ( !sid_to_gid( &sid, &gid ) ) {
return NT_STATUS_NO_SUCH_ALIAS;
}
@@ -3056,23 +3552,24 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A
/* associate the alias SID with the new handle. */
if ((info = get_samr_info_by_sid(&sid)) == NULL)
return NT_STATUS_NO_MEMORY;
-
+
info->acc_granted = acc_granted;
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, alias_pol, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
- return r_u->status;
+ return NT_STATUS_OK;
}
/*******************************************************************
set_user_info_7
********************************************************************/
+
static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
- const SAM_USER_INFO_7 *id7, struct samu *pwd)
+ struct samr_UserInfo7 *id7,
+ struct samu *pwd)
{
- fstring new_name;
NTSTATUS rc;
if (id7 == NULL) {
@@ -3081,14 +3578,14 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCESS_DENIED;
}
- if(!rpcstr_pull(new_name, id7->uni_name.buffer, sizeof(new_name), id7->uni_name.uni_str_len*2, 0)) {
+ if (!id7->account_name.string) {
DEBUG(5, ("set_user_info_7: failed to get new username\n"));
TALLOC_FREE(pwd);
return NT_STATUS_ACCESS_DENIED;
}
/* check to see if the new username already exists. Note: we can't
- reliably lock all backends, so there is potentially the
+ reliably lock all backends, so there is potentially the
possibility that a user can be created in between this check and
the rename. The rename should fail, but may not get the
exact same failure status code. I think this is small enough
@@ -3096,12 +3593,12 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
simply that the rename fails with a slightly different status
code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
- rc = can_create(mem_ctx, new_name);
+ rc = can_create(mem_ctx, id7->account_name.string);
if (!NT_STATUS_IS_OK(rc)) {
return rc;
}
- rc = pdb_rename_sam_account(pwd, new_name);
+ rc = pdb_rename_sam_account(pwd, id7->account_name.string);
TALLOC_FREE(pwd);
return rc;
@@ -3111,16 +3608,17 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
set_user_info_16
********************************************************************/
-static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
+static bool set_user_info_16(struct samr_UserInfo16 *id16,
+ struct samu *pwd)
{
if (id16 == NULL) {
DEBUG(5, ("set_user_info_16: NULL id16\n"));
TALLOC_FREE(pwd);
return False;
}
-
+
/* FIX ME: check if the value is really changed --metze */
- if (!pdb_set_acct_ctrl(pwd, id16->acb_info, PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl(pwd, id16->acct_flags, PDB_CHANGED)) {
TALLOC_FREE(pwd);
return False;
}
@@ -3139,28 +3637,28 @@ static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
set_user_info_18
********************************************************************/
-static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
+static bool set_user_info_18(struct samr_UserInfo18 *id18,
+ struct samu *pwd)
{
-
if (id18 == NULL) {
DEBUG(2, ("set_user_info_18: id18 is NULL\n"));
TALLOC_FREE(pwd);
return False;
}
-
- if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd, PDB_CHANGED)) {
+
+ if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) {
TALLOC_FREE(pwd);
return False;
}
- if (!pdb_set_nt_passwd (pwd, id18->nt_pwd, PDB_CHANGED)) {
+ if (!pdb_set_nt_passwd (pwd, id18->nt_pwd.hash, PDB_CHANGED)) {
TALLOC_FREE(pwd);
return False;
}
if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) {
TALLOC_FREE(pwd);
- return False;
+ return False;
}
-
+
if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
TALLOC_FREE(pwd);
return False;
@@ -3174,13 +3672,14 @@ static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
set_user_info_20
********************************************************************/
-static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
+static bool set_user_info_20(struct samr_UserInfo20 *id20,
+ struct samu *pwd)
{
if (id20 == NULL) {
DEBUG(5, ("set_user_info_20: NULL id20\n"));
return False;
}
-
+
copy_id20_to_sam_passwd(pwd, id20);
/* write the change out */
@@ -3193,30 +3692,30 @@ static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
return True;
}
+
/*******************************************************************
set_user_info_21
********************************************************************/
-static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
+static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo21 *id21,
struct samu *pwd)
{
- fstring new_name;
NTSTATUS status;
-
+
if (id21 == NULL) {
DEBUG(5, ("set_user_info_21: NULL id21\n"));
return NT_STATUS_INVALID_PARAMETER;
}
/* we need to separately check for an account rename first */
-
- if (rpcstr_pull(new_name, id21->uni_user_name.buffer,
- sizeof(new_name), id21->uni_user_name.uni_str_len*2, 0)
- && (!strequal(new_name, pdb_get_username(pwd))))
+
+ if (id21->account_name.string &&
+ (!strequal(id21->account_name.string, pdb_get_username(pwd))))
{
/* check to see if the new username already exists. Note: we can't
- reliably lock all backends, so there is potentially the
+ reliably lock all backends, so there is potentially the
possibility that a user can be created in between this check and
the rename. The rename should fail, but may not get the
exact same failure status code. I think this is small enough
@@ -3224,43 +3723,43 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
simply that the rename fails with a slightly different status
code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
- status = can_create(mem_ctx, new_name);
+ status = can_create(mem_ctx, id21->account_name.string);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = pdb_rename_sam_account(pwd, new_name);
+ status = pdb_rename_sam_account(pwd, id21->account_name.string);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(0,("set_user_info_21: failed to rename account: %s\n",
+ DEBUG(0,("set_user_info_21: failed to rename account: %s\n",
nt_errstr(status)));
TALLOC_FREE(pwd);
return status;
}
- /* set the new username so that later
+ /* set the new username so that later
functions can work on the new account */
- pdb_set_username(pwd, new_name, PDB_SET);
+ pdb_set_username(pwd, id21->account_name.string, PDB_SET);
}
- copy_id21_to_sam_passwd(pwd, id21);
-
+ copy_id21_to_sam_passwd("INFO_21", pwd, id21);
+
/*
* The funny part about the previous two calls is
* that pwd still has the password hashes from the
* passdb entry. These have not been updated from
* id21. I don't know if they need to be set. --jerry
*/
-
+
if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) {
status = pdb_set_unix_primary_group(mem_ctx, pwd);
if ( !NT_STATUS_IS_OK(status) ) {
return status;
}
}
-
+
/* Don't worry about writing out the user account since the
- primary group SID is generated solely from the user's Unix
+ primary group SID is generated solely from the user's Unix
primary group. */
/* write the change out */
@@ -3278,7 +3777,8 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
set_user_info_23
********************************************************************/
-static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
+static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo23 *id23,
struct samu *pwd)
{
char *plaintext_buf = NULL;
@@ -3297,7 +3797,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
acct_ctrl = pdb_get_acct_ctrl(pwd);
if (!decode_pw_buffer(mem_ctx,
- id23->pass,
+ id23->password.data,
&plaintext_buf,
&len,
STR_UNICODE)) {
@@ -3445,18 +3945,19 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
set_user_info_25
********************************************************************/
-static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
+static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
+ struct samr_UserInfo25 *id25,
struct samu *pwd)
{
NTSTATUS status;
-
+
if (id25 == NULL) {
DEBUG(5, ("set_user_info_25: NULL id25\n"));
return NT_STATUS_INVALID_PARAMETER;
}
copy_id25_to_sam_passwd(pwd, id25);
-
+
/* write the change out */
if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) {
TALLOC_FREE(pwd);
@@ -3477,7 +3978,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
return status;
}
}
-
+
/* WARNING: No TALLOC_FREE(pwd), we are about to set the password
* hereafter! */
@@ -3485,38 +3986,41 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
}
/*******************************************************************
- samr_reply_set_userinfo
+ samr_SetUserInfo_internal
********************************************************************/
-NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u)
+static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
+ pipes_struct *p,
+ struct policy_handle *user_handle,
+ uint16_t level,
+ union samr_UserInfo *info)
{
+ NTSTATUS status;
struct samu *pwd = NULL;
DOM_SID sid;
- POLICY_HND *pol = &q_u->pol;
- uint16 switch_value = q_u->switch_value;
- SAM_USERINFO_CTR *ctr = q_u->ctr;
- uint32 acc_granted;
- uint32 acc_required;
+ POLICY_HND *pol = user_handle;
+ uint16_t switch_value = level;
+ uint32_t acc_granted;
+ uint32_t acc_required;
bool ret;
bool has_enough_rights = False;
- uint32 acb_info;
+ uint32_t acb_info;
DISP_INFO *disp_info = NULL;
- DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__));
-
- r_u->status = NT_STATUS_OK;
+ DEBUG(5,("%s: %d\n", fn_name, __LINE__));
/* find the policy handle. open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info)) {
return NT_STATUS_INVALID_HANDLE;
+ }
- /* This is tricky. A WinXP domain join sets
+ /* This is tricky. A WinXP domain join sets
(SA_RIGHT_USER_SET_PASSWORD|SA_RIGHT_USER_SET_ATTRIBUTES|SA_RIGHT_USER_ACCT_FLAGS_EXPIRY)
- The MMC lusrmgr plugin includes these perms and more in the SamrOpenUser(). But the
- standard Win32 API calls just ask for SA_RIGHT_USER_SET_PASSWORD in the SamrOpenUser().
- This should be enough for levels 18, 24, 25,& 26. Info level 23 can set more so
+ The MMC lusrmgr plugin includes these perms and more in the SamrOpenUser(). But the
+ standard Win32 API calls just ask for SA_RIGHT_USER_SET_PASSWORD in the SamrOpenUser().
+ This should be enough for levels 18, 24, 25,& 26. Info level 23 can set more so
we'll use the set from the WinXP join as the basis. */
-
+
switch (switch_value) {
case 18:
case 24:
@@ -3525,319 +4029,252 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
acc_required = SA_RIGHT_USER_SET_PASSWORD;
break;
default:
- acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
+ acc_required = SA_RIGHT_USER_SET_PASSWORD |
+ SA_RIGHT_USER_SET_ATTRIBUTES |
+ SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
break;
}
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ acc_required,
+ fn_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n",
- sid_string_dbg(&sid), switch_value));
+ DEBUG(5, ("%s: sid:%s, level:%d\n",
+ fn_name, sid_string_dbg(&sid), switch_value));
- if (ctr == NULL) {
- DEBUG(5, ("_samr_set_userinfo: NULL info level\n"));
+ if (info == NULL) {
+ DEBUG(5, ("%s: NULL info level\n", fn_name));
return NT_STATUS_INVALID_INFO_CLASS;
}
-
- if ( !(pwd = samu_new( NULL )) ) {
+
+ if (!(pwd = samu_new(NULL))) {
return NT_STATUS_NO_MEMORY;
}
-
+
become_root();
ret = pdb_getsampwsid(pwd, &sid);
unbecome_root();
-
- if ( !ret ) {
+
+ if (!ret) {
TALLOC_FREE(pwd);
return NT_STATUS_NO_SUCH_USER;
}
-
+
/* deal with machine password changes differently from userinfo changes */
/* check to see if we have the sufficient rights */
-
+
acb_info = pdb_get_acct_ctrl(pwd);
- if ( acb_info & ACB_WSTRUST )
- has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account);
- else if ( acb_info & ACB_NORMAL )
- has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
- else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) {
- if ( lp_enable_privileges() )
- has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
- }
-
- DEBUG(5, ("_samr_set_userinfo: %s does%s possess sufficient rights\n",
+ if (acb_info & ACB_WSTRUST)
+ has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+ &se_machine_account);
+ else if (acb_info & ACB_NORMAL)
+ has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+ &se_add_users);
+ else if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
+ if (lp_enable_privileges()) {
+ has_enough_rights = nt_token_check_domain_rid(p->pipe_user.nt_user_token,
+ DOMAIN_GROUP_RID_ADMINS);
+ }
+ }
+
+ DEBUG(5, ("%s: %s does%s possess sufficient rights\n",
+ fn_name,
uidtoname(p->pipe_user.ut.uid),
has_enough_rights ? "" : " not"));
/* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
-
- if ( has_enough_rights )
- become_root();
-
+
+ if (has_enough_rights) {
+ become_root();
+ }
+
/* ok! user info levels (lots: see MSDEV help), off we go... */
switch (switch_value) {
+
+ case 7:
+ status = set_user_info_7(p->mem_ctx,
+ &info->info7, pwd);
+ break;
+
+ case 16:
+ if (!set_user_info_16(&info->info16, pwd)) {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
+ break;
+
case 18:
- if (!set_user_info_18(ctr->info.id18, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
+ /* Used by AS/U JRA. */
+ if (!set_user_info_18(&info->info18, pwd)) {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
break;
- case 24:
+ case 20:
+ if (!set_user_info_20(&info->info20, pwd)) {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
+ break;
+
+ case 21:
+ status = set_user_info_21(p->mem_ctx,
+ &info->info21, pwd);
+ break;
+
+ case 23:
if (!p->session_key.length) {
- r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+ status = NT_STATUS_NO_USER_SESSION_KEY;
}
- SamOEMhashBlob(ctr->info.id24->pass, 516, &p->session_key);
+ SamOEMhashBlob(info->info23.password.data, 516,
+ &p->session_key);
- dump_data(100, ctr->info.id24->pass, 516);
+ dump_data(100, info->info23.password.data, 516);
- if (!set_user_info_pw(ctr->info.id24->pass, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
+ status = set_user_info_23(p->mem_ctx,
+ &info->info23, pwd);
break;
- case 25:
+ case 24:
if (!p->session_key.length) {
- r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+ status = NT_STATUS_NO_USER_SESSION_KEY;
}
- encode_or_decode_arc4_passwd_buffer(ctr->info.id25->pass, &p->session_key);
+ SamOEMhashBlob(info->info24.password.data,
+ 516,
+ &p->session_key);
- dump_data(100, ctr->info.id25->pass, 532);
+ dump_data(100, info->info24.password.data, 516);
- r_u->status = set_user_info_25(p->mem_ctx,
- ctr->info.id25, pwd);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- goto done;
+ if (!set_user_info_pw(info->info24.password.data, pwd)) {
+ status = NT_STATUS_ACCESS_DENIED;
}
- if (!set_user_info_pw(ctr->info.id25->pass, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
break;
- case 26:
+ case 25:
if (!p->session_key.length) {
- r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+ status = NT_STATUS_NO_USER_SESSION_KEY;
}
- encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
+ encode_or_decode_arc4_passwd_buffer(info->info25.password.data,
+ &p->session_key);
- dump_data(100, ctr->info.id26->pass, 516);
+ dump_data(100, info->info25.password.data, 532);
- if (!set_user_info_pw(ctr->info.id26->pass, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
+ status = set_user_info_25(p->mem_ctx,
+ &info->info25, pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!set_user_info_pw(info->info25.password.data, pwd)) {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
break;
- case 23:
+ case 26:
if (!p->session_key.length) {
- r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+ status = NT_STATUS_NO_USER_SESSION_KEY;
}
- SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
+ encode_or_decode_arc4_passwd_buffer(info->info26.password.data,
+ &p->session_key);
- dump_data(100, ctr->info.id23->pass, 516);
+ dump_data(100, info->info26.password.data, 516);
- r_u->status = set_user_info_23(p->mem_ctx,
- ctr->info.id23, pwd);
+ if (!set_user_info_pw(info->info26.password.data, pwd)) {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
break;
default:
- r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+ status = NT_STATUS_INVALID_INFO_CLASS;
}
done:
-
- if ( has_enough_rights )
+
+ if (has_enough_rights) {
unbecome_root();
-
+ }
+
/* ================ END SeMachineAccountPrivilege BLOCK ================ */
- if (NT_STATUS_IS_OK(r_u->status)) {
+ if (NT_STATUS_IS_OK(status)) {
force_flush_samr_cache(disp_info);
}
- return r_u->status;
+ return status;
}
/*******************************************************************
- samr_reply_set_userinfo2
+ _samr_SetUserInfo
********************************************************************/
-NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u)
+NTSTATUS _samr_SetUserInfo(pipes_struct *p,
+ struct samr_SetUserInfo *r)
{
- struct samu *pwd = NULL;
- DOM_SID sid;
- SAM_USERINFO_CTR *ctr = q_u->ctr;
- POLICY_HND *pol = &q_u->pol;
- uint16 switch_value = q_u->switch_value;
- uint32 acc_granted;
- uint32 acc_required;
- bool ret;
- bool has_enough_rights = False;
- uint32 acb_info;
- DISP_INFO *disp_info = NULL;
-
- DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__));
-
- r_u->status = NT_STATUS_OK;
-
- /* find the policy handle. open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info))
- return NT_STATUS_INVALID_HANDLE;
-
-
-#if 0 /* this really should be applied on a per info level basis --jerry */
-
- /* observed when joining XP client to Samba domain */
- acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
-#else
- acc_required = SA_RIGHT_USER_SET_ATTRIBUTES;
-#endif
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) {
- return r_u->status;
- }
-
- DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n",
- sid_string_dbg(&sid)));
-
- if (ctr == NULL) {
- DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
- return NT_STATUS_INVALID_INFO_CLASS;
- }
-
- switch_value=ctr->switch_value;
-
- if ( !(pwd = samu_new( NULL )) ) {
- return NT_STATUS_NO_MEMORY;
- }
-
- become_root();
- ret = pdb_getsampwsid(pwd, &sid);
- unbecome_root();
-
- if ( !ret ) {
- TALLOC_FREE(pwd);
- return NT_STATUS_NO_SUCH_USER;
- }
-
- acb_info = pdb_get_acct_ctrl(pwd);
- if ( acb_info & ACB_WSTRUST )
- has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account);
- else if ( acb_info & ACB_NORMAL )
- has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
- else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) {
- if ( lp_enable_privileges() )
- has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
- }
-
- DEBUG(5, ("_samr_set_userinfo2: %s does%s possess sufficient rights\n",
- uidtoname(p->pipe_user.ut.uid),
- has_enough_rights ? "" : " not"));
-
- /* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
-
- if ( has_enough_rights )
- become_root();
-
- /* ok! user info levels (lots: see MSDEV help), off we go... */
-
- switch (switch_value) {
- case 7:
- r_u->status = set_user_info_7(p->mem_ctx,
- ctr->info.id7, pwd);
- break;
- case 16:
- if (!set_user_info_16(ctr->info.id16, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
- break;
- case 18:
- /* Used by AS/U JRA. */
- if (!set_user_info_18(ctr->info.id18, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
- break;
- case 20:
- if (!set_user_info_20(ctr->info.id20, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
- break;
- case 21:
- r_u->status = set_user_info_21(p->mem_ctx,
- ctr->info.id21, pwd);
- break;
- case 23:
- if (!p->session_key.length) {
- r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
- }
- SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
-
- dump_data(100, ctr->info.id23->pass, 516);
-
- r_u->status = set_user_info_23(p->mem_ctx,
- ctr->info.id23, pwd);
- break;
- case 26:
- if (!p->session_key.length) {
- r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
- }
- encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
-
- dump_data(100, ctr->info.id26->pass, 516);
-
- if (!set_user_info_pw(ctr->info.id26->pass, pwd))
- r_u->status = NT_STATUS_ACCESS_DENIED;
- break;
- default:
- r_u->status = NT_STATUS_INVALID_INFO_CLASS;
- }
-
- if ( has_enough_rights )
- unbecome_root();
-
- /* ================ END SeMachineAccountPrivilege BLOCK ================ */
+ return samr_SetUserInfo_internal("_samr_SetUserInfo",
+ p,
+ r->in.user_handle,
+ r->in.level,
+ r->in.info);
+}
- if (NT_STATUS_IS_OK(r_u->status)) {
- force_flush_samr_cache(disp_info);
- }
+/*******************************************************************
+ _samr_SetUserInfo2
+ ********************************************************************/
- return r_u->status;
+NTSTATUS _samr_SetUserInfo2(pipes_struct *p,
+ struct samr_SetUserInfo2 *r)
+{
+ return samr_SetUserInfo_internal("_samr_SetUserInfo2",
+ p,
+ r->in.user_handle,
+ r->in.level,
+ r->in.info);
}
/*********************************************************************
- _samr_query_aliasmem
+ _samr_GetAliasMembership
*********************************************************************/
-NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u)
+NTSTATUS _samr_GetAliasMembership(pipes_struct *p,
+ struct samr_GetAliasMembership *r)
{
size_t num_alias_rids;
uint32 *alias_rids;
struct samr_info *info = NULL;
size_t i;
-
+
NTSTATUS ntstatus1;
NTSTATUS ntstatus2;
DOM_SID *members;
- r_u->status = NT_STATUS_OK;
-
- DEBUG(5,("_samr_query_useraliases: %d\n", __LINE__));
+ DEBUG(5,("_samr_GetAliasMembership: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+ if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
-
- ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases");
- ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_query_useraliases");
-
+
+ ntstatus1 = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM,
+ "_samr_GetAliasMembership");
+ ntstatus2 = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_GetAliasMembership");
+
if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) {
if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) &&
!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus1))) {
return (NT_STATUS_IS_OK(ntstatus1)) ? ntstatus2 : ntstatus1;
}
- }
+ }
if (!sid_check_is_domain(&info->sid) &&
!sid_check_is_builtin(&info->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (q_u->num_sids1) {
- members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, q_u->num_sids1);
+ if (r->in.sids->num_sids) {
+ members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, r->in.sids->num_sids);
if (members == NULL)
return NT_STATUS_NO_MEMORY;
@@ -3845,15 +4282,15 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
members = NULL;
}
- for (i=0; i<q_u->num_sids1; i++)
- sid_copy(&members[i], &q_u->sid[i].sid);
+ for (i=0; i<r->in.sids->num_sids; i++)
+ sid_copy(&members[i], r->in.sids->sids[i].sid);
alias_rids = NULL;
num_alias_rids = 0;
become_root();
ntstatus1 = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members,
- q_u->num_sids1,
+ r->in.sids->num_sids,
&alias_rids, &num_alias_rids);
unbecome_root();
@@ -3861,40 +4298,44 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
return ntstatus1;
}
- init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids,
- NT_STATUS_OK);
+ r->out.rids->count = num_alias_rids;
+ r->out.rids->ids = alias_rids;
+
return NT_STATUS_OK;
}
/*********************************************************************
- _samr_query_aliasmem
+ _samr_GetMembersInAlias
*********************************************************************/
-NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_QUERY_ALIASMEM *r_u)
+NTSTATUS _samr_GetMembersInAlias(pipes_struct *p,
+ struct samr_GetMembersInAlias *r)
{
NTSTATUS status;
size_t i;
size_t num_sids = 0;
- DOM_SID2 *sid;
- DOM_SID *sids=NULL;
+ struct lsa_SidPtr *sids = NULL;
+ DOM_SID *pdb_sids = NULL;
DOM_SID alias_sid;
uint32 acc_granted;
/* find the policy handle. open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status =
- access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_GET_MEMBERS,
+ "_samr_GetMembersInAlias");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
become_root();
- status = pdb_enum_aliasmem(&alias_sid, &sids, &num_sids);
+ status = pdb_enum_aliasmem(&alias_sid, &pdb_sids, &num_sids);
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
@@ -3902,31 +4343,35 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
}
if (num_sids) {
- sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids);
- if (sid == NULL) {
- SAFE_FREE(sids);
+ sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_SidPtr, num_sids);
+ if (sids == NULL) {
+ TALLOC_FREE(pdb_sids);
return NT_STATUS_NO_MEMORY;
}
- } else {
- sid = NULL;
}
for (i = 0; i < num_sids; i++) {
- init_dom_sid2(&sid[i], &sids[i]);
+ sids[i].sid = sid_dup_talloc(p->mem_ctx, &pdb_sids[i]);
+ if (!sids[i].sid) {
+ TALLOC_FREE(pdb_sids);
+ return NT_STATUS_NO_MEMORY;
+ }
}
- init_samr_r_query_aliasmem(r_u, num_sids, sid, NT_STATUS_OK);
+ r->out.sids->num_sids = num_sids;
+ r->out.sids->sids = sids;
- TALLOC_FREE(sids);
+ TALLOC_FREE(pdb_sids);
return NT_STATUS_OK;
}
/*********************************************************************
- _samr_query_groupmem
+ _samr_QueryGroupMember
*********************************************************************/
-NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u)
+NTSTATUS _samr_QueryGroupMember(pipes_struct *p,
+ struct samr_QueryGroupMember *r)
{
DOM_SID group_sid;
size_t i, num_members;
@@ -3936,16 +4381,25 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
uint32 acc_granted;
- NTSTATUS result;
+ NTSTATUS status;
+ struct samr_RidTypeArray *rids = NULL;
+
+ rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidTypeArray);
+ if (!rids) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* find the policy handle. open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_query_groupmem"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_GET_MEMBERS,
+ "_samr_QueryGroupMember");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
+
DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
if (!sid_check_is_in_our_domain(&group_sid)) {
@@ -3957,12 +4411,12 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
DEBUG(10, ("lookup on Domain SID\n"));
become_root();
- result = pdb_enum_group_members(p->mem_ctx, &group_sid,
+ status = pdb_enum_group_members(p->mem_ctx, &group_sid,
&rid, &num_members);
unbecome_root();
- if (!NT_STATUS_IS_OK(result))
- return result;
+ if (!NT_STATUS_IS_OK(status))
+ return status;
if (num_members) {
attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members);
@@ -3972,81 +4426,93 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
} else {
attr = NULL;
}
-
+
for (i=0; i<num_members; i++)
attr[i] = SID_NAME_USER;
- init_samr_r_query_groupmem(r_u, num_members, rid, attr, NT_STATUS_OK);
+ rids->count = num_members;
+ rids->types = attr;
+ rids->rids = rid;
+
+ *r->out.rids = rids;
return NT_STATUS_OK;
}
/*********************************************************************
- _samr_add_aliasmem
+ _samr_AddAliasMember
*********************************************************************/
-NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u)
+NTSTATUS _samr_AddAliasMember(pipes_struct *p,
+ struct samr_AddAliasMember *r)
{
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
bool can_add_accounts;
- NTSTATUS ret;
+ NTSTATUS status;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_add_aliasmem"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_ADD_MEMBER,
+ "_samr_AddAliasMember");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
+
DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
-
+
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
-
- ret = pdb_add_aliasmem(&alias_sid, &q_u->sid.sid);
-
+
+ status = pdb_add_aliasmem(&alias_sid, r->in.sid);
+
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
-
- if (NT_STATUS_IS_OK(ret)) {
+
+ if (NT_STATUS_IS_OK(status)) {
force_flush_samr_cache(disp_info);
}
- return ret;
+ return status;
}
/*********************************************************************
- _samr_del_aliasmem
+ _samr_DeleteAliasMember
*********************************************************************/
-NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u)
+NTSTATUS _samr_DeleteAliasMember(pipes_struct *p,
+ struct samr_DeleteAliasMember *r)
{
DOM_SID alias_sid;
uint32 acc_granted;
SE_PRIV se_rights;
bool can_add_accounts;
- NTSTATUS ret;
+ NTSTATUS status;
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_del_aliasmem"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_REMOVE_MEMBER,
+ "_samr_DeleteAliasMember");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
+
DEBUG(10, ("_samr_del_aliasmem:sid is %s\n",
sid_string_dbg(&alias_sid)));
@@ -4054,30 +4520,32 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
- ret = pdb_del_aliasmem(&alias_sid, &q_u->sid.sid);
-
+ status = pdb_del_aliasmem(&alias_sid, r->in.sid);
+
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
-
- if (NT_STATUS_IS_OK(ret)) {
+
+ if (NT_STATUS_IS_OK(status)) {
force_flush_samr_cache(disp_info);
}
- return ret;
+ return status;
}
/*********************************************************************
- _samr_add_groupmem
+ _samr_AddGroupMember
*********************************************************************/
-NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u)
+NTSTATUS _samr_AddGroupMember(pipes_struct *p,
+ struct samr_AddGroupMember *r)
{
+ NTSTATUS status;
DOM_SID group_sid;
uint32 group_rid;
uint32 acc_granted;
@@ -4086,11 +4554,14 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_add_groupmem"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_ADD_MEMBER,
+ "_samr_AddGroupMember");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
@@ -4104,28 +4575,31 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
- r_u->status = pdb_add_groupmem(p->mem_ctx, group_rid, q_u->rid);
-
+ status = pdb_add_groupmem(p->mem_ctx, group_rid, r->in.rid);
+
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
-
+
force_flush_samr_cache(disp_info);
- return r_u->status;
+ return status;
}
/*********************************************************************
- _samr_del_groupmem
+ _samr_DeleteGroupMember
*********************************************************************/
-NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DEL_GROUPMEM *r_u)
+NTSTATUS _samr_DeleteGroupMember(pipes_struct *p,
+ struct samr_DeleteGroupMember *r)
+
{
+ NTSTATUS status;
DOM_SID group_sid;
uint32 group_rid;
uint32 acc_granted;
@@ -4134,17 +4608,20 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
DISP_INFO *disp_info = NULL;
/*
- * delete the group member named q_u->rid
+ * delete the group member named r->in.rid
* who is a member of the sid associated with the handle
* the rid is a user's rid as the group is a domain group.
*/
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_del_groupmem"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_REMOVE_MEMBER,
+ "_samr_DeleteGroupMember");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
if (!sid_peek_check_rid(get_global_sam_sid(), &group_sid,
@@ -4156,28 +4633,30 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
-
- r_u->status = pdb_del_groupmem(p->mem_ctx, group_rid, q_u->rid);
+
+ status = pdb_del_groupmem(p->mem_ctx, group_rid, r->in.rid);
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
-
+
force_flush_samr_cache(disp_info);
- return r_u->status;
+ return status;
}
/*********************************************************************
- _samr_delete_dom_user
+ _samr_DeleteUser
*********************************************************************/
-NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAMR_R_DELETE_DOM_USER *r_u )
+NTSTATUS _samr_DeleteUser(pipes_struct *p,
+ struct samr_DeleteUser *r)
{
+ NTSTATUS status;
DOM_SID user_sid;
struct samu *sam_pass=NULL;
uint32 acc_granted;
@@ -4186,16 +4665,19 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
DISP_INFO *disp_info = NULL;
bool ret;
- DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
+ DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__));
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &user_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_DeleteUser");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
+
if (!sid_check_is_in_our_domain(&user_sid))
return NT_STATUS_CANNOT_DELETE;
@@ -4209,12 +4691,12 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
unbecome_root();
if( !ret ) {
- DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n",
+ DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n",
sid_string_dbg(&user_sid)));
TALLOC_FREE(sam_pass);
return NT_STATUS_NO_SUCH_USER;
}
-
+
acb_info = pdb_get_acct_ctrl(sam_pass);
/* For machine accounts it's the SeMachineAccountPrivilege that counts. */
@@ -4222,32 +4704,32 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account );
} else {
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
- }
+ }
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
- r_u->status = pdb_delete_user(p->mem_ctx, sam_pass);
+ status = pdb_delete_user(p->mem_ctx, sam_pass);
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
-
- if ( !NT_STATUS_IS_OK(r_u->status) ) {
- DEBUG(5,("_samr_delete_dom_user: Failed to delete entry for "
+
+ if ( !NT_STATUS_IS_OK(status) ) {
+ DEBUG(5,("_samr_DeleteUser: Failed to delete entry for "
"user %s: %s.\n", pdb_get_username(sam_pass),
- nt_errstr(r_u->status)));
+ nt_errstr(status)));
TALLOC_FREE(sam_pass);
- return r_u->status;
+ return status;
}
TALLOC_FREE(sam_pass);
- if (!close_policy_hnd(p, &q_u->user_pol))
+ if (!close_policy_hnd(p, r->in.user_handle))
return NT_STATUS_OBJECT_NAME_INVALID;
force_flush_samr_cache(disp_info);
@@ -4256,11 +4738,13 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
}
/*********************************************************************
- _samr_delete_dom_group
+ _samr_DeleteDomainGroup
*********************************************************************/
-NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, SAMR_R_DELETE_DOM_GROUP *r_u)
+NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p,
+ struct samr_DeleteDomainGroup *r)
{
+ NTSTATUS status;
DOM_SID group_sid;
uint32 group_rid;
uint32 acc_granted;
@@ -4268,14 +4752,17 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
bool can_add_accounts;
DISP_INFO *disp_info = NULL;
- DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__));
+ DEBUG(5, ("samr_DeleteDomainGroup: %d\n", __LINE__));
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_DeleteDomainGroup");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
@@ -4289,26 +4776,26 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
- r_u->status = pdb_delete_dom_group(p->mem_ctx, group_rid);
+ status = pdb_delete_dom_group(p->mem_ctx, group_rid);
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
-
- if ( !NT_STATUS_IS_OK(r_u->status) ) {
- DEBUG(5,("_samr_delete_dom_group: Failed to delete mapping "
+
+ if ( !NT_STATUS_IS_OK(status) ) {
+ DEBUG(5,("_samr_DeleteDomainGroup: Failed to delete mapping "
"entry for group %s: %s\n",
sid_string_dbg(&group_sid),
- nt_errstr(r_u->status)));
- return r_u->status;
+ nt_errstr(status)));
+ return status;
}
-
- if (!close_policy_hnd(p, &q_u->group_pol))
+
+ if (!close_policy_hnd(p, r->in.group_handle))
return NT_STATUS_OBJECT_NAME_INVALID;
force_flush_samr_cache(disp_info);
@@ -4317,10 +4804,11 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
}
/*********************************************************************
- _samr_delete_dom_alias
+ _samr_DeleteDomAlias
*********************************************************************/
-NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u)
+NTSTATUS _samr_DeleteDomAlias(pipes_struct *p,
+ struct samr_DeleteDomAlias *r)
{
DOM_SID alias_sid;
uint32 acc_granted;
@@ -4329,18 +4817,21 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
NTSTATUS status;
DISP_INFO *disp_info = NULL;
- DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__));
+ DEBUG(5, ("_samr_DeleteDomAlias: %d\n", __LINE__));
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
+
/* copy the handle to the outgoing reply */
- memcpy( &r_u->pol, &q_u->alias_pol, sizeof(r_u->pol) );
+ memcpy(r->out.alias_handle, r->in.alias_handle, sizeof(r->out.alias_handle));
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) {
- return r_u->status;
+ status = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_DeleteDomAlias");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
@@ -4353,29 +4844,29 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
if (!sid_check_is_in_our_domain(&alias_sid))
return NT_STATUS_NO_SUCH_ALIAS;
-
+
DEBUG(10, ("lookup on Local SID\n"));
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
/* Have passdb delete the alias */
status = pdb_delete_alias(&alias_sid);
-
+
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
if ( !NT_STATUS_IS_OK(status))
return status;
- if (!close_policy_hnd(p, &q_u->alias_pol))
+ if (!close_policy_hnd(p, r->in.alias_handle))
return NT_STATUS_OBJECT_NAME_INVALID;
force_flush_samr_cache(disp_info);
@@ -4384,11 +4875,14 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
}
/*********************************************************************
- _samr_create_dom_group
+ _samr_CreateDomainGroup
*********************************************************************/
-NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAMR_R_CREATE_DOM_GROUP *r_u)
+NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
+ struct samr_CreateDomainGroup *r)
+
{
+ NTSTATUS status;
DOM_SID dom_sid;
DOM_SID info_sid;
const char *name;
@@ -4399,50 +4893,53 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_CREATE_GROUP,
+ "_samr_CreateDomainGroup");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
+
if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- name = rpcstr_pull_unistr2_talloc(p->mem_ctx, &q_u->uni_acct_desc);
+ name = r->in.name->string;
if (name == NULL) {
return NT_STATUS_NO_MEMORY;
}
- r_u->status = can_create(p->mem_ctx, name);
- if (!NT_STATUS_IS_OK(r_u->status)) {
- return r_u->status;
+ status = can_create(p->mem_ctx, name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
-
+
/* check that we successfully create the UNIX group */
-
- r_u->status = pdb_create_dom_group(p->mem_ctx, name, &r_u->rid);
+
+ status = pdb_create_dom_group(p->mem_ctx, name, r->out.rid);
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
-
+
/* check if we should bail out here */
-
- if ( !NT_STATUS_IS_OK(r_u->status) )
- return r_u->status;
- sid_compose(&info_sid, get_global_sam_sid(), r_u->rid);
-
+ if ( !NT_STATUS_IS_OK(status) )
+ return status;
+
+ sid_compose(&info_sid, get_global_sam_sid(), *r->out.rid);
+
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
return NT_STATUS_NO_MEMORY;
@@ -4451,7 +4948,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
info->acc_granted = GENERIC_RIGHTS_GROUP_ALL_ACCESS;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.group_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
force_flush_samr_cache(disp_info);
@@ -4460,14 +4957,15 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
}
/*********************************************************************
- _samr_create_dom_alias
+ _samr_CreateDomAlias
*********************************************************************/
-NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u)
+NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
+ struct samr_CreateDomAlias *r)
{
DOM_SID dom_sid;
DOM_SID info_sid;
- fstring name;
+ const char *name = NULL;
struct samr_info *info;
uint32 acc_granted;
gid_t gid;
@@ -4477,17 +4975,20 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
DISP_INFO *disp_info = NULL;
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) {
- return r_u->status;
+
+ result = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_CREATE_ALIAS,
+ "_samr_CreateDomAlias");
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
}
-
+
if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
- unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name));
+ name = r->in.alias_name->string;
se_priv_copy( &se_rights, &se_add_users );
can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
@@ -4498,16 +4999,16 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
}
/******** BEGIN SeAddUsers BLOCK *********/
-
+
if ( can_add_accounts )
become_root();
/* Have passdb create the alias */
- result = pdb_create_alias(name, &r_u->rid);
+ result = pdb_create_alias(name, r->out.rid);
if ( can_add_accounts )
unbecome_root();
-
+
/******** END SeAddUsers BLOCK *********/
if (!NT_STATUS_IS_OK(result)) {
@@ -4517,7 +5018,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
}
sid_copy(&info_sid, get_global_sam_sid());
- sid_append_rid(&info_sid, r_u->rid);
+ sid_append_rid(&info_sid, *r->out.rid);
if (!sid_to_gid(&info_sid, &gid)) {
DEBUG(10, ("Could not find alias just created\n"));
@@ -4539,7 +5040,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
info->acc_granted = GENERIC_RIGHTS_ALIAS_ALL_ACCESS;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.alias_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
force_flush_samr_cache(disp_info);
@@ -4548,68 +5049,81 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
}
/*********************************************************************
- _samr_query_groupinfo
-
-sends the name/comment pair of a domain group
-level 1 send also the number of users of that group
+ _samr_QueryGroupInfo
*********************************************************************/
-NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u)
+NTSTATUS _samr_QueryGroupInfo(pipes_struct *p,
+ struct samr_QueryGroupInfo *r)
{
+ NTSTATUS status;
DOM_SID group_sid;
GROUP_MAP map;
- GROUP_INFO_CTR *ctr;
+ union samr_GroupInfo *info = NULL;
uint32 acc_granted;
bool ret;
+ uint32_t attributes = SE_GROUP_MANDATORY |
+ SE_GROUP_ENABLED_BY_DEFAULT |
+ SE_GROUP_ENABLED;
+ const char *group_name = NULL;
+ const char *group_description = NULL;
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_LOOKUP_INFO,
+ "_samr_QueryGroupInfo");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
+
become_root();
ret = get_domain_group_from_sid(group_sid, &map);
unbecome_root();
if (!ret)
return NT_STATUS_INVALID_HANDLE;
- ctr=TALLOC_ZERO_P(p->mem_ctx, GROUP_INFO_CTR);
- if (ctr==NULL)
+ /* FIXME: map contains fstrings */
+ group_name = talloc_strdup(r, map.nt_name);
+ group_description = talloc_strdup(r, map.comment);
+
+ info = TALLOC_ZERO_P(p->mem_ctx, union samr_GroupInfo);
+ if (!info) {
return NT_STATUS_NO_MEMORY;
+ }
- switch (q_u->switch_level) {
+ switch (r->in.level) {
case 1: {
uint32 *members;
size_t num_members;
- ctr->switch_value1 = 1;
-
become_root();
- r_u->status = pdb_enum_group_members(
+ status = pdb_enum_group_members(
p->mem_ctx, &group_sid, &members, &num_members);
unbecome_root();
-
- if (!NT_STATUS_IS_OK(r_u->status)) {
- return r_u->status;
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- init_samr_group_info1(&ctr->group.info1, map.nt_name,
- map.comment, num_members);
+ init_samr_group_info1(&info->all,
+ group_name,
+ attributes,
+ num_members,
+ group_description);
break;
}
case 2:
- ctr->switch_value1 = 2;
- init_samr_group_info2(&ctr->group.info2, map.nt_name);
+ init_samr_group_info2(&info->name,
+ group_name);
break;
case 3:
- ctr->switch_value1 = 3;
- init_samr_group_info3(&ctr->group.info3);
+ init_samr_group_info3(&info->attributes,
+ attributes);
break;
case 4:
- ctr->switch_value1 = 4;
- init_samr_group_info4(&ctr->group.info4, map.comment);
+ init_samr_group_info4(&info->description,
+ group_description);
break;
case 5: {
/*
@@ -4617,69 +5131,70 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM
size_t num_members;
*/
- ctr->switch_value1 = 5;
-
/*
become_root();
- r_u->status = pdb_enum_group_members(
+ status = pdb_enum_group_members(
p->mem_ctx, &group_sid, &members, &num_members);
unbecome_root();
-
- if (!NT_STATUS_IS_OK(r_u->status)) {
- return r_u->status;
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
*/
- init_samr_group_info5(&ctr->group.info5, map.nt_name,
- map.comment, 0 /* num_members */); /* in w2k3 this is always 0 */
+ init_samr_group_info5(&info->all2,
+ group_name,
+ attributes,
+ 0, /* num_members - in w2k3 this is always 0 */
+ group_description);
+
break;
}
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
- init_samr_r_query_groupinfo(r_u, ctr, NT_STATUS_OK);
+ *r->out.info = info;
return NT_STATUS_OK;
}
/*********************************************************************
- _samr_set_groupinfo
-
- update a domain group's comment.
+ _samr_SetGroupInfo
*********************************************************************/
-NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u)
+NTSTATUS _samr_SetGroupInfo(pipes_struct *p,
+ struct samr_SetGroupInfo *r)
{
DOM_SID group_sid;
GROUP_MAP map;
- GROUP_INFO_CTR *ctr;
uint32 acc_granted;
- NTSTATUS ret;
- bool result;
+ NTSTATUS status;
+ bool ret;
bool can_mod_accounts;
DISP_INFO *disp_info = NULL;
- if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_GROUP_SET_INFO,
+ "_samr_SetGroupInfo");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
become_root();
- result = get_domain_group_from_sid(group_sid, &map);
+ ret = get_domain_group_from_sid(group_sid, &map);
unbecome_root();
- if (!result)
+ if (!ret)
return NT_STATUS_NO_SUCH_GROUP;
-
- ctr=q_u->ctr;
- switch (ctr->switch_value1) {
+ switch (r->in.level) {
case 1:
- unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment));
+ fstrcpy(map.comment, r->in.info->all.description.string);
break;
case 4:
- unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment));
+ fstrcpy(map.comment, r->in.info->description.string);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
@@ -4691,45 +5206,44 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
if ( can_mod_accounts )
become_root();
-
- ret = pdb_update_group_mapping_entry(&map);
+
+ status = pdb_update_group_mapping_entry(&map);
if ( can_mod_accounts )
unbecome_root();
/******** End SeAddUsers BLOCK *********/
- if (NT_STATUS_IS_OK(ret)) {
+ if (NT_STATUS_IS_OK(status)) {
force_flush_samr_cache(disp_info);
}
- return ret;
+ return status;
}
/*********************************************************************
- _samr_set_aliasinfo
-
- update an alias's comment.
+ _samr_SetAliasInfo
*********************************************************************/
-NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u)
+NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
+ struct samr_SetAliasInfo *r)
{
DOM_SID group_sid;
struct acct_info info;
- ALIAS_INFO_CTR *ctr;
uint32 acc_granted;
bool can_mod_accounts;
NTSTATUS status;
DISP_INFO *disp_info = NULL;
- if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &group_sid, &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) {
- return r_u->status;
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_ALIAS_SET_INFO,
+ "_samr_SetAliasInfo");
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
-
- ctr=&q_u->ctr;
/* get the current group information */
@@ -4740,13 +5254,13 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
if ( !NT_STATUS_IS_OK(status))
return status;
- switch (ctr->level) {
- case 2:
+ switch (r->in.level) {
+ case ALIASINFONAME:
{
- fstring group_name, acct_name;
+ fstring group_name;
/* We currently do not support renaming groups in the
- the BUILTIN domain. Refer to util_builtin.c to understand
+ the BUILTIN domain. Refer to util_builtin.c to understand
why. The eventually needs to be fixed to be like Windows
where you can rename builtin groups, just not delete them */
@@ -4756,37 +5270,33 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
/* There has to be a valid name (and it has to be different) */
- if ( !ctr->alias.info2.name.string )
+ if ( !r->in.info->name.string )
return NT_STATUS_INVALID_PARAMETER;
- unistr2_to_ascii( acct_name, ctr->alias.info2.name.string,
- sizeof(acct_name));
-
/* If the name is the same just reply "ok". Yes this
doesn't allow you to change the case of a group name. */
- if ( strequal( acct_name, info.acct_name ) )
+ if ( strequal( r->in.info->name.string, info.acct_name ) )
return NT_STATUS_OK;
- fstrcpy( info.acct_name, acct_name );
+ fstrcpy( info.acct_name, r->in.info->name.string);
- /* make sure the name doesn't already exist as a user
+ /* make sure the name doesn't already exist as a user
or local group */
fstr_sprintf( group_name, "%s\\%s", global_myname(), info.acct_name );
status = can_create( p->mem_ctx, group_name );
- if ( !NT_STATUS_IS_OK( status ) )
+ if ( !NT_STATUS_IS_OK( status ) )
return status;
break;
}
- case 3:
- if ( ctr->alias.info3.description.string ) {
- unistr2_to_ascii( info.acct_desc,
- ctr->alias.info3.description.string,
- sizeof(info.acct_desc));
- }
- else
+ case ALIASINFODESCRIPTION:
+ if (r->in.info->description.string) {
+ fstrcpy(info.acct_desc,
+ r->in.info->description.string);
+ } else {
fstrcpy( info.acct_desc, "" );
+ }
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
@@ -4812,32 +5322,35 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
return status;
}
-/*********************************************************************
- _samr_get_dom_pwinfo
-*********************************************************************/
+/****************************************************************
+ _samr_GetDomPwInfo
+****************************************************************/
-NTSTATUS _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u)
+NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
+ struct samr_GetDomPwInfo *r)
{
/* Perform access check. Since this rpc does not require a
policy handle it will not be caught by the access checks on
SAMR_CONNECT or SAMR_CONNECT_ANON. */
if (!pipe_access_check(p)) {
- DEBUG(3, ("access denied to samr_get_dom_pwinfo\n"));
- r_u->status = NT_STATUS_ACCESS_DENIED;
- return r_u->status;
+ DEBUG(3, ("access denied to _samr_GetDomPwInfo\n"));
+ return NT_STATUS_ACCESS_DENIED;
}
/* Actually, returning zeros here works quite well :-). */
+ ZERO_STRUCTP(r->out.info);
return NT_STATUS_OK;
}
/*********************************************************************
- _samr_open_group
+ _samr_OpenGroup
*********************************************************************/
-NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u)
+NTSTATUS _samr_OpenGroup(pipes_struct *p,
+ struct samr_OpenGroup *r)
+
{
DOM_SID sid;
DOM_SID info_sid;
@@ -4845,50 +5358,51 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
struct samr_info *info;
SEC_DESC *psd = NULL;
uint32 acc_granted;
- uint32 des_access = q_u->access_mask;
+ uint32 des_access = r->in.access_mask;
size_t sd_size;
NTSTATUS status;
fstring sid_string;
bool ret;
SE_PRIV se_rights;
- if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted, NULL))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &sid, &acc_granted, NULL))
return NT_STATUS_INVALID_HANDLE;
-
- status = access_check_samr_function(acc_granted,
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group");
-
+
+ status = access_check_samr_function(acc_granted,
+ SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+ "_samr_OpenGroup");
+
if ( !NT_STATUS_IS_OK(status) )
return status;
-
+
/*check if access can be granted as requested by client. */
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
se_map_generic(&des_access,&grp_generic_mapping);
se_priv_copy( &se_rights, &se_add_users );
- status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
- &se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access,
- &acc_granted, "_samr_open_group");
-
- if ( !NT_STATUS_IS_OK(status) )
+ status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+ &se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access,
+ &acc_granted, "_samr_OpenGroup");
+
+ if ( !NT_STATUS_IS_OK(status) )
return status;
/* this should not be hard-coded like this */
-
+
if (!sid_equal(&sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
sid_copy(&info_sid, get_global_sam_sid());
- sid_append_rid(&info_sid, q_u->rid_group);
+ sid_append_rid(&info_sid, r->in.rid);
sid_to_fstring(sid_string, &info_sid);
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
return NT_STATUS_NO_MEMORY;
-
+
info->acc_granted = acc_granted;
- DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string));
+ DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n", sid_string));
/* check if that group really exists */
become_root();
@@ -4898,46 +5412,46 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
return NT_STATUS_NO_SUCH_GROUP;
/* get a (unique) handle. open a policy on it. */
- if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+ if (!create_policy_hnd(p, r->out.group_handle, free_samr_info, (void *)info))
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
return NT_STATUS_OK;
}
/*********************************************************************
- _samr_remove_sid_foreign_domain
+ _samr_RemoveMemberFromForeignDomain
*********************************************************************/
-NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p,
- SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN *q_u,
- SAMR_R_REMOVE_SID_FOREIGN_DOMAIN *r_u)
+NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p,
+ struct samr_RemoveMemberFromForeignDomain *r)
{
DOM_SID delete_sid, domain_sid;
uint32 acc_granted;
NTSTATUS result;
DISP_INFO *disp_info = NULL;
- sid_copy( &delete_sid, &q_u->sid.sid );
+ sid_copy( &delete_sid, r->in.sid );
- DEBUG(5,("_samr_remove_sid_foreign_domain: removing SID [%s]\n",
+ DEBUG(5,("_samr_RemoveMemberFromForeignDomain: removing SID [%s]\n",
sid_string_dbg(&delete_sid)));
/* Find the policy handle. Open a policy on it. */
- if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &domain_sid,
- &acc_granted, &disp_info))
+ if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &domain_sid,
+ &acc_granted, &disp_info))
return NT_STATUS_INVALID_HANDLE;
-
- result = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS,
- "_samr_remove_sid_foreign_domain");
-
- if (!NT_STATUS_IS_OK(result))
+
+ result = access_check_samr_function(acc_granted,
+ STD_RIGHT_DELETE_ACCESS,
+ "_samr_RemoveMemberFromForeignDomain");
+
+ if (!NT_STATUS_IS_OK(result))
return result;
-
- DEBUG(8, ("_samr_remove_sid_foreign_domain:sid is %s\n",
+
+ DEBUG(8, ("_samr_RemoveMemberFromForeignDomain: sid is %s\n",
sid_string_dbg(&domain_sid)));
- /* we can only delete a user from a group since we don't have
+ /* we can only delete a user from a group since we don't have
nested groups anyways. So in the latter case, just say OK */
/* TODO: The above comment nowadays is bogus. Since we have nested
@@ -4952,7 +5466,7 @@ NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p,
* other cases. */
if (!sid_check_is_builtin(&domain_sid)) {
- DEBUG(1,("_samr_remove_sid_foreign_domain: domain_sid = %s, "
+ DEBUG(1,("_samr_RemoveMemberFromForeignDomain: domain_sid = %s, "
"global_sam_sid() = %s\n",
sid_string_dbg(&domain_sid),
sid_string_dbg(get_global_sam_sid())));
@@ -4968,68 +5482,52 @@ NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p,
}
/*******************************************************************
- _samr_query_domain_info2
+ _samr_QueryDomainInfo2
********************************************************************/
-NTSTATUS _samr_query_domain_info2(pipes_struct *p,
- SAMR_Q_QUERY_DOMAIN_INFO2 *q_u,
- SAMR_R_QUERY_DOMAIN_INFO2 *r_u)
+NTSTATUS _samr_QueryDomainInfo2(pipes_struct *p,
+ struct samr_QueryDomainInfo2 *r)
{
- SAMR_Q_QUERY_DOMAIN_INFO q;
- SAMR_R_QUERY_DOMAIN_INFO r;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- DEBUG(5,("_samr_query_domain_info2: %d\n", __LINE__));
-
- q.domain_pol = q_u->domain_pol;
- q.switch_value = q_u->switch_value;
-
- r_u->status = _samr_query_domain_info(p, &q, &r);
-
- r_u->ptr_0 = r.ptr_0;
- r_u->switch_value = r.switch_value;
- r_u->ctr = r.ctr;
-
- return r_u->status;
+ return samr_QueryDomainInfo_internal("_samr_QueryDomainInfo2",
+ p,
+ r->in.domain_handle,
+ r->in.level,
+ r->out.info);
}
/*******************************************************************
- _samr_set_dom_info
+ _samr_SetDomainInfo
********************************************************************/
-NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R_SET_DOMAIN_INFO *r_u)
+NTSTATUS _samr_SetDomainInfo(pipes_struct *p,
+ struct samr_SetDomainInfo *r)
{
time_t u_expire, u_min_age;
time_t u_logout;
time_t u_lock_duration, u_reset_time;
- r_u->status = NT_STATUS_OK;
-
- DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
+ DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
/* find the policy handle. open a policy on it. */
- if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
+ if (!find_policy_by_hnd(p, r->in.domain_handle, NULL))
return NT_STATUS_INVALID_HANDLE;
- DEBUG(5,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
+ DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level));
- switch (q_u->switch_value) {
+ switch (r->in.level) {
case 0x01:
- u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire);
- u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage);
-
- pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
- pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
- pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.password_properties);
+ u_expire=nt_time_to_unix_abs((NTTIME *)&r->in.info->info1.max_password_age);
+ u_min_age=nt_time_to_unix_abs((NTTIME *)&r->in.info->info1.min_password_age);
+ pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)r->in.info->info1.min_password_length);
+ pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)r->in.info->info1.password_history_length);
+ pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)r->in.info->info1.password_properties);
pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
break;
case 0x02:
break;
case 0x03:
- u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout);
+ u_logout=nt_time_to_unix_abs((NTTIME *)&r->in.info->info3.force_logoff_time);
pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout);
break;
case 0x05:
@@ -5039,23 +5537,201 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
case 0x07:
break;
case 0x0c:
- u_lock_duration=nt_time_to_unix_abs(&q_u->ctr->info.inf12.duration);
+ u_lock_duration=nt_time_to_unix_abs((NTTIME *)&r->in.info->info12.lockout_duration);
if (u_lock_duration != -1)
u_lock_duration /= 60;
- u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count)/60;
-
+ u_reset_time=nt_time_to_unix_abs((NTTIME *)&r->in.info->info12.lockout_window)/60;
+
pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time);
- pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
+ pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, (uint32)r->in.info->info12.lockout_threshold);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
- init_samr_r_set_domain_info(r_u, NT_STATUS_OK);
+ DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Shutdown(pipes_struct *p,
+ struct samr_Shutdown *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_CreateUser(pipes_struct *p,
+ struct samr_CreateUser *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p,
+ struct samr_SetMemberAttributesOfGroup *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_ChangePasswordUser(pipes_struct *p,
+ struct samr_ChangePasswordUser *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p,
+ struct samr_GetDisplayEnumerationIndex *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
- DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_TestPrivateFunctionsDomain(pipes_struct *p,
+ struct samr_TestPrivateFunctionsDomain *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p,
+ struct samr_TestPrivateFunctionsUser *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
- return r_u->status;
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryUserInfo2(pipes_struct *p,
+ struct samr_QueryUserInfo2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p,
+ struct samr_GetDisplayEnumerationIndex2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p,
+ struct samr_AddMultipleMembersToAlias *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_RemoveMultipleMembersFromAlias(pipes_struct *p,
+ struct samr_RemoveMultipleMembersFromAlias *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p,
+ struct samr_OemChangePasswordUser2 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetBootKeyInformation(pipes_struct *p,
+ struct samr_SetBootKeyInformation *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetBootKeyInformation(pipes_struct *p,
+ struct samr_GetBootKeyInformation *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Connect3(pipes_struct *p,
+ struct samr_Connect3 *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_RidToSid(pipes_struct *p,
+ struct samr_RidToSid *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetDsrmPassword(pipes_struct *p,
+ struct samr_SetDsrmPassword *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_ValidatePassword(pipes_struct *p,
+ struct samr_ValidatePassword *r)
+{
+ p->rng_fault_state = true;
+ return NT_STATUS_NOT_IMPLEMENTED;
}
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index bde7936343..688d72064f 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -1,22 +1,23 @@
-/*
+/*
Unix SMB/CIFS implementation.
SAMR Pipe utility functions.
-
+
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
Copyright (C) Gerald (Jerry) Carter 2000-2001
Copyright (C) Andrew Bartlett 2001-2002
Copyright (C) Stefan (metze) Metzmacher 2002
-
+ Copyright (C) Guenther Deschner 2008
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -35,682 +36,340 @@
((s1) && (s2) && (strcmp((s1), (s2)) != 0))
/*************************************************************
- Copies a SAM_USER_INFO_20 to a struct samu
+ Copies a struct samr_UserInfo20 to a struct samu
**************************************************************/
-void copy_id20_to_sam_passwd(struct samu *to, SAM_USER_INFO_20 *from)
+void copy_id20_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo20 *from)
{
const char *old_string;
char *new_string;
DATA_BLOB mung;
- if (from == NULL || to == NULL)
+ if (from == NULL || to == NULL) {
return;
-
- if (from->hdr_munged_dial.buffer) {
+ }
+
+ if (from->parameters.string) {
old_string = pdb_get_munged_dial(to);
- mung.length = from->hdr_munged_dial.uni_str_len;
- mung.data = (uint8 *) from->uni_munged_dial.buffer;
+ mung.length = from->parameters.length;
+ mung.data = (uint8_t *)from->parameters.string;
mung.free = NULL;
new_string = (mung.length == 0) ?
- NULL : base64_encode_data_blob(mung);
- DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED_NC(old_string,new_string))
- pdb_set_munged_dial(to , new_string, PDB_CHANGED);
+ NULL : base64_encode_data_blob(talloc_tos(), mung);
+ DEBUG(10,("INFO_20 PARAMETERS: %s -> %s\n",
+ old_string, new_string));
+ if (STRING_CHANGED_NC(old_string,new_string)) {
+ pdb_set_munged_dial(to, new_string, PDB_CHANGED);
+ }
TALLOC_FREE(new_string);
}
}
/*************************************************************
- Copies a SAM_USER_INFO_21 to a struct samu
+ Copies a struct samr_UserInfo21 to a struct samu
**************************************************************/
-void copy_id21_to_sam_passwd(struct samu *to, SAM_USER_INFO_21 *from)
+void copy_id21_to_sam_passwd(const char *log_prefix,
+ struct samu *to,
+ struct samr_UserInfo21 *from)
{
time_t unix_time, stored_time;
const char *old_string, *new_string;
DATA_BLOB mung;
+ const char *l;
- if (from == NULL || to == NULL)
+ if (from == NULL || to == NULL) {
return;
+ }
+
+ if (log_prefix) {
+ l = log_prefix;
+ } else {
+ l = "INFO_21";
+ }
- if (from->fields_present & ACCT_LAST_LOGON) {
- unix_time=nt_time_to_unix(from->logon_time);
+ if (from->fields_present & SAMR_FIELD_LAST_LOGON) {
+ unix_time = nt_time_to_unix(from->last_logon);
stored_time = pdb_get_logon_time(to);
- DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
+ DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l,
+ (long unsigned int)stored_time,
+ (long unsigned int)unix_time));
+ if (stored_time != unix_time) {
pdb_set_logon_time(to, unix_time, PDB_CHANGED);
+ }
}
- if (from->fields_present & ACCT_LAST_LOGOFF) {
- unix_time=nt_time_to_unix(from->logoff_time);
+ if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) {
+ unix_time = nt_time_to_unix(from->last_logoff);
stored_time = pdb_get_logoff_time(to);
- DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
+ DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l,
+ (long unsigned int)stored_time,
+ (long unsigned int)unix_time));
+ if (stored_time != unix_time) {
pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
+ }
}
- if (from->fields_present & ACCT_EXPIRY) {
- unix_time=nt_time_to_unix(from->kickoff_time);
+ if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) {
+ unix_time = nt_time_to_unix(from->acct_expiry);
stored_time = pdb_get_kickoff_time(to);
- DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
+ DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l,
+ (long unsigned int)stored_time,
+ (long unsigned int)unix_time));
+ if (stored_time != unix_time) {
pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
- }
+ }
+ }
- if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
- unix_time=nt_time_to_unix(from->pass_last_set_time);
+ if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+ unix_time = nt_time_to_unix(from->last_password_change);
stored_time = pdb_get_pass_last_set_time(to);
- DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
+ DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l,
+ (long unsigned int)stored_time,
+ (long unsigned int)unix_time));
+ if (stored_time != unix_time) {
pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
+ }
}
- if ((from->fields_present & ACCT_USERNAME) &&
- (from->hdr_user_name.buffer)) {
+ if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) &&
+ (from->account_name.string)) {
old_string = pdb_get_username(to);
- new_string = unistr2_static(&from->uni_user_name);
- DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_username(to , new_string, PDB_CHANGED);
+ new_string = from->account_name.string;
+ DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
+ pdb_set_username(to, new_string, PDB_CHANGED);
+ }
}
- if ((from->fields_present & ACCT_FULL_NAME) &&
- (from->hdr_full_name.buffer)) {
+ if ((from->fields_present & SAMR_FIELD_FULL_NAME) &&
+ (from->full_name.string)) {
old_string = pdb_get_fullname(to);
- new_string = unistr2_static(&from->uni_full_name);
- DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_fullname(to , new_string, PDB_CHANGED);
+ new_string = from->full_name.string;
+ DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
+ pdb_set_fullname(to, new_string, PDB_CHANGED);
+ }
}
-
- if ((from->fields_present & ACCT_HOME_DIR) &&
- (from->hdr_home_dir.buffer)) {
+
+ if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) &&
+ (from->home_directory.string)) {
old_string = pdb_get_homedir(to);
- new_string = unistr2_static(&from->uni_home_dir);
- DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_homedir(to , new_string, PDB_CHANGED);
+ new_string = from->home_directory.string;
+ DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
+ pdb_set_homedir(to, new_string, PDB_CHANGED);
+ }
}
- if ((from->fields_present & ACCT_HOME_DRIVE) &&
- (from->hdr_dir_drive.buffer)) {
+ if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) &&
+ (from->home_drive.string)) {
old_string = pdb_get_dir_drive(to);
- new_string = unistr2_static(&from->uni_dir_drive);
- DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_dir_drive(to , new_string, PDB_CHANGED);
+ new_string = from->home_drive.string;
+ DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
+ pdb_set_dir_drive(to, new_string, PDB_CHANGED);
+ }
}
- if ((from->fields_present & ACCT_LOGON_SCRIPT) &&
- (from->hdr_logon_script.buffer)) {
+ if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) &&
+ (from->logon_script.string)) {
old_string = pdb_get_logon_script(to);
- new_string = unistr2_static(&from->uni_logon_script);
- DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
+ new_string = from->logon_script.string;
+ DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
pdb_set_logon_script(to , new_string, PDB_CHANGED);
+ }
}
- if ((from->fields_present & ACCT_PROFILE) &&
- (from->hdr_profile_path.buffer)) {
+ if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) &&
+ (from->profile_path.string)) {
old_string = pdb_get_profile_path(to);
- new_string = unistr2_static(&from->uni_profile_path);
- DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
+ new_string = from->profile_path.string;
+ DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
pdb_set_profile_path(to , new_string, PDB_CHANGED);
+ }
}
-
- if ((from->fields_present & ACCT_DESCRIPTION) &&
- (from->hdr_acct_desc.buffer)) {
+
+ if ((from->fields_present & SAMR_FIELD_DESCRIPTION) &&
+ (from->description.string)) {
old_string = pdb_get_acct_desc(to);
- new_string = unistr2_static(&from->uni_acct_desc);
- DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_acct_desc(to , new_string, PDB_CHANGED);
+ new_string = from->description.string;
+ DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
+ pdb_set_acct_desc(to, new_string, PDB_CHANGED);
+ }
}
-
- if ((from->fields_present & ACCT_WORKSTATIONS) &&
- (from->hdr_workstations.buffer)) {
+
+ if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) &&
+ (from->workstations.string)) {
old_string = pdb_get_workstations(to);
- new_string = unistr2_static(&from->uni_workstations);
- DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
+ new_string = from->workstations.string;
+ DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
pdb_set_workstations(to , new_string, PDB_CHANGED);
+ }
}
- if ((from->fields_present & ACCT_COMMENT) &&
- (from->hdr_comment.buffer)) {
+ if ((from->fields_present & SAMR_FIELD_COMMENT) &&
+ (from->comment.string)) {
old_string = pdb_get_comment(to);
- new_string = unistr2_static(&from->uni_comment);
- DEBUG(10,("INFO_21 UNI_COMMENT: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
+ new_string = from->comment.string;
+ DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l,
+ old_string, new_string));
+ if (STRING_CHANGED) {
pdb_set_comment(to, new_string, PDB_CHANGED);
+ }
}
-
- if ((from->fields_present & ACCT_CALLBACK) &&
- (from->hdr_munged_dial.buffer)) {
+
+ if ((from->fields_present & SAMR_FIELD_PARAMETERS) &&
+ (from->parameters.string)) {
char *newstr;
old_string = pdb_get_munged_dial(to);
- mung.length = from->hdr_munged_dial.uni_str_len;
- mung.data = (uint8 *) from->uni_munged_dial.buffer;
+ mung.length = from->parameters.length;
+ mung.data = (uint8_t *)from->parameters.string;
mung.free = NULL;
newstr = (mung.length == 0) ?
- NULL : base64_encode_data_blob(mung);
- DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
- if (STRING_CHANGED_NC(old_string,newstr))
- pdb_set_munged_dial(to , newstr, PDB_CHANGED);
+ NULL : base64_encode_data_blob(talloc_tos(), mung);
+ DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l,
+ old_string, newstr));
+ if (STRING_CHANGED_NC(old_string,newstr)) {
+ pdb_set_munged_dial(to, newstr, PDB_CHANGED);
+ }
TALLOC_FREE(newstr);
}
-
- if (from->fields_present & ACCT_RID) {
- if (from->user_rid == 0) {
- DEBUG(10, ("INFO_21: Asked to set User RID to 0 !? Skipping change!\n"));
- } else if (from->user_rid != pdb_get_user_rid(to)) {
- DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
+
+ if (from->fields_present & SAMR_FIELD_RID) {
+ if (from->rid == 0) {
+ DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l));
+ } else if (from->rid != pdb_get_user_rid(to)) {
+ DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l,
+ pdb_get_user_rid(to), from->rid));
}
}
-
- if (from->fields_present & ACCT_PRIMARY_GID) {
- if (from->group_rid == 0) {
- DEBUG(10, ("INFO_21: Asked to set Group RID to 0 !? Skipping change!\n"));
- } else if (from->group_rid != pdb_get_group_rid(to)) {
- DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
- pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
+
+ if (from->fields_present & SAMR_FIELD_PRIMARY_GID) {
+ if (from->primary_gid == 0) {
+ DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l));
+ } else if (from->primary_gid != pdb_get_group_rid(to)) {
+ DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l,
+ pdb_get_group_rid(to), from->primary_gid));
+ pdb_set_group_sid_from_rid(to,
+ from->primary_gid, PDB_CHANGED);
}
}
-
- if (from->fields_present & ACCT_FLAGS) {
- DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
- if (from->acb_info != pdb_get_acct_ctrl(to)) {
- if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
+
+ if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) {
+ DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l,
+ pdb_get_acct_ctrl(to), from->acct_flags));
+ if (from->acct_flags != pdb_get_acct_ctrl(to)) {
+ if (!(from->acct_flags & ACB_AUTOLOCK) &&
+ (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
/* We're unlocking a previously locked user. Reset bad password counts.
Patch from Jianliang Lu. <Jianliang.Lu@getronics.com> */
pdb_set_bad_password_count(to, 0, PDB_CHANGED);
pdb_set_bad_password_time(to, 0, PDB_CHANGED);
}
- pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+ pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED);
}
}
- if (from->fields_present & ACCT_LOGON_HOURS) {
+ if (from->fields_present & SAMR_FIELD_LOGON_HOURS) {
char oldstr[44]; /* hours strings are 42 bytes. */
char newstr[44];
- DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
- if (from->logon_divs != pdb_get_logon_divs(to)) {
- pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+ DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l,
+ pdb_get_logon_divs(to), from->logon_hours.units_per_week));
+ if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) {
+ pdb_set_logon_divs(to,
+ from->logon_hours.units_per_week, PDB_CHANGED);
}
- DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
- if (from->logon_hrs.len != pdb_get_hours_len(to)) {
- pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+ DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l,
+ pdb_get_hours_len(to),
+ from->logon_hours.units_per_week/8));
+ if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) {
+ pdb_set_hours_len(to,
+ from->logon_hours.units_per_week/8, PDB_CHANGED);
}
- DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
+ DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l,
+ pdb_get_hours(to), from->logon_hours.bits));
pdb_sethexhours(oldstr, pdb_get_hours(to));
- pdb_sethexhours(newstr, from->logon_hrs.hours);
+ pdb_sethexhours(newstr, from->logon_hours.bits);
if (!strequal(oldstr, newstr)) {
- pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
+ pdb_set_hours(to, from->logon_hours.bits, PDB_CHANGED);
}
}
- if (from->fields_present & ACCT_BAD_PWD_COUNT) {
- DEBUG(10,("INFO_21 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
+ if (from->fields_present & SAMR_FIELD_BAD_PWD_COUNT) {
+ DEBUG(10,("%s SAMR_FIELD_BAD_PWD_COUNT: %08X -> %08X\n", l,
+ pdb_get_bad_password_count(to), from->bad_password_count));
if (from->bad_password_count != pdb_get_bad_password_count(to)) {
- pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
+ pdb_set_bad_password_count(to,
+ from->bad_password_count, PDB_CHANGED);
}
}
- if (from->fields_present & ACCT_NUM_LOGONS) {
- DEBUG(10,("INFO_21 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
+ if (from->fields_present & SAMR_FIELD_NUM_LOGONS) {
+ DEBUG(10,("%s SAMR_FIELD_NUM_LOGONS: %08X -> %08X\n", l,
+ pdb_get_logon_count(to), from->logon_count));
if (from->logon_count != pdb_get_logon_count(to)) {
pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
}
}
/* If the must change flag is set, the last set time goes to zero.
- the must change and can change fields also do, but they are
+ the must change and can change fields also do, but they are
calculated from policy, not set from the wire */
- if (from->fields_present & ACCT_EXPIRED_FLAG) {
- DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
- if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
+ if (from->fields_present & SAMR_FIELD_EXPIRED_FLAG) {
+ DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l,
+ from->password_expired));
+ if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+ pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
} else {
pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
}
}
-
- DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
}
/*************************************************************
- Copies a SAM_USER_INFO_23 to a struct samu
+ Copies a struct samr_UserInfo23 to a struct samu
**************************************************************/
-void copy_id23_to_sam_passwd(struct samu *to, SAM_USER_INFO_23 *from)
+void copy_id23_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo23 *from)
{
- time_t unix_time, stored_time;
- const char *old_string, *new_string;
- DATA_BLOB mung;
-
- if (from == NULL || to == NULL)
+ if (from == NULL || to == NULL) {
return;
-
- if (from->fields_present & ACCT_LAST_LOGON) {
- unix_time=nt_time_to_unix(from->logon_time);
- stored_time = pdb_get_logon_time(to);
- DEBUG(10,("INFO_23 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_logon_time(to, unix_time, PDB_CHANGED);
- }
-
- if (from->fields_present & ACCT_LAST_LOGOFF) {
- unix_time=nt_time_to_unix(from->logoff_time);
- stored_time = pdb_get_logoff_time(to);
- DEBUG(10,("INFO_23 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
- }
-
- if (from->fields_present & ACCT_EXPIRY) {
- unix_time=nt_time_to_unix(from->kickoff_time);
- stored_time = pdb_get_kickoff_time(to);
- DEBUG(10,("INFO_23 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
- }
-
- if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
- unix_time=nt_time_to_unix(from->pass_last_set_time);
- stored_time = pdb_get_pass_last_set_time(to);
- DEBUG(10,("INFO_23 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
}
- /* Backend should check this for sanity */
- if ((from->fields_present & ACCT_USERNAME) &&
- (from->hdr_user_name.buffer)) {
- old_string = pdb_get_username(to);
- new_string = unistr2_static(&from->uni_user_name);
- DEBUG(10,("INFO_23 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_username(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_FULL_NAME) &&
- (from->hdr_full_name.buffer)) {
- old_string = pdb_get_fullname(to);
- new_string = unistr2_static(&from->uni_full_name);
- DEBUG(10,("INFO_23 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_fullname(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_HOME_DIR) &&
- (from->hdr_home_dir.buffer)) {
- old_string = pdb_get_homedir(to);
- new_string = unistr2_static(&from->uni_home_dir);
- DEBUG(10,("INFO_23 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_homedir(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_HOME_DRIVE) &&
- (from->hdr_dir_drive.buffer)) {
- old_string = pdb_get_dir_drive(to);
- new_string = unistr2_static(&from->uni_dir_drive);
- DEBUG(10,("INFO_23 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_dir_drive(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_LOGON_SCRIPT) &&
- (from->hdr_logon_script.buffer)) {
- old_string = pdb_get_logon_script(to);
- new_string = unistr2_static(&from->uni_logon_script);
- DEBUG(10,("INFO_23 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_logon_script(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_PROFILE) &&
- (from->hdr_profile_path.buffer)) {
- old_string = pdb_get_profile_path(to);
- new_string = unistr2_static(&from->uni_profile_path);
- DEBUG(10,("INFO_23 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_profile_path(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_DESCRIPTION) &&
- (from->hdr_acct_desc.buffer)) {
- old_string = pdb_get_acct_desc(to);
- new_string = unistr2_static(&from->uni_acct_desc);
- DEBUG(10,("INFO_23 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_acct_desc(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_WORKSTATIONS) &&
- (from->hdr_workstations.buffer)) {
- old_string = pdb_get_workstations(to);
- new_string = unistr2_static(&from->uni_workstations);
- DEBUG(10,("INFO_23 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_workstations(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_COMMENT) &&
- (from->hdr_comment.buffer)) {
- old_string = pdb_get_comment(to);
- new_string = unistr2_static(&from->uni_comment);
- DEBUG(10,("INFO_23 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_comment(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_CALLBACK) &&
- (from->hdr_munged_dial.buffer)) {
- char *newstr;
- old_string = pdb_get_munged_dial(to);
- mung.length = from->hdr_munged_dial.uni_str_len;
- mung.data = (uint8 *) from->uni_munged_dial.buffer;
- mung.free = NULL;
- newstr = (mung.length == 0) ?
- NULL : base64_encode_data_blob(mung);
- DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
- if (STRING_CHANGED_NC(old_string, newstr))
- pdb_set_munged_dial(to , newstr, PDB_CHANGED);
-
- TALLOC_FREE(newstr);
- }
-
- if (from->fields_present & ACCT_RID) {
- if (from->user_rid == 0) {
- DEBUG(10, ("INFO_23: Asked to set User RID to 0 !? Skipping change!\n"));
- } else if (from->user_rid != pdb_get_user_rid(to)) {
- DEBUG(10,("INFO_23 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
- }
- }
-
- if (from->fields_present & ACCT_PRIMARY_GID) {
- if (from->group_rid == 0) {
- DEBUG(10, ("INFO_23: Asked to set Group RID to 0 !? Skipping change!\n"));
- } else if (from->group_rid != pdb_get_group_rid(to)) {
- DEBUG(10,("INFO_23 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
- pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
- }
- }
-
- if (from->fields_present & ACCT_FLAGS) {
- DEBUG(10,("INFO_23 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
- if (from->acb_info != pdb_get_acct_ctrl(to)) {
- pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
- }
- }
-
- if (from->fields_present & ACCT_LOGON_HOURS) {
- DEBUG(15,("INFO_23 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
- if (from->logon_divs != pdb_get_logon_divs(to)) {
- pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
- }
-
- DEBUG(15,("INFO_23 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
- if (from->logon_hrs.len != pdb_get_hours_len(to)) {
- pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
- }
-
- DEBUG(15,("INFO_23 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
- /* Fix me: only update if it changes --metze */
- pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
- }
-
- if (from->fields_present & ACCT_BAD_PWD_COUNT) {
- DEBUG(10,("INFO_23 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
- if (from->bad_password_count != pdb_get_bad_password_count(to)) {
- pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
- }
- }
-
- if (from->fields_present & ACCT_NUM_LOGONS) {
- DEBUG(10,("INFO_23 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
- if (from->logon_count != pdb_get_logon_count(to)) {
- pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
- }
- }
-
- /* If the must change flag is set, the last set time goes to zero.
- the must change and can change fields also do, but they are
- calculated from policy, not set from the wire */
-
- if (from->fields_present & ACCT_EXPIRED_FLAG) {
- DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
- if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
- } else {
- pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
- }
- }
-
- DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2));
+ copy_id21_to_sam_passwd("INFO 23", to, &from->info);
}
/*************************************************************
- Copies a SAM_USER_INFO_25 to a struct samu
+ Copies a struct samr_UserInfo25 to a struct samu
**************************************************************/
-void copy_id25_to_sam_passwd(struct samu *to, SAM_USER_INFO_25 *from)
+void copy_id25_to_sam_passwd(struct samu *to,
+ struct samr_UserInfo25 *from)
{
- time_t unix_time, stored_time;
- const char *old_string, *new_string;
- DATA_BLOB mung;
-
- if (from == NULL || to == NULL)
+ if (from == NULL || to == NULL) {
return;
-
- if (from->fields_present & ACCT_LAST_LOGON) {
- unix_time=nt_time_to_unix(from->logon_time);
- stored_time = pdb_get_logon_time(to);
- DEBUG(10,("INFO_25 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_logon_time(to, unix_time, PDB_CHANGED);
- }
-
- if (from->fields_present & ACCT_LAST_LOGOFF) {
- unix_time=nt_time_to_unix(from->logoff_time);
- stored_time = pdb_get_logoff_time(to);
- DEBUG(10,("INFO_25 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
}
- if (from->fields_present & ACCT_EXPIRY) {
- unix_time=nt_time_to_unix(from->kickoff_time);
- stored_time = pdb_get_kickoff_time(to);
- DEBUG(10,("INFO_25 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
- }
-
- if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
- unix_time=nt_time_to_unix(from->pass_last_set_time);
- stored_time = pdb_get_pass_last_set_time(to);
- DEBUG(10,("INFO_25 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
- if (stored_time != unix_time)
- pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_USERNAME) &&
- (from->hdr_user_name.buffer)) {
- old_string = pdb_get_username(to);
- new_string = unistr2_static(&from->uni_user_name);
- DEBUG(10,("INFO_25 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_username(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_FULL_NAME) &&
- (from->hdr_full_name.buffer)) {
- old_string = pdb_get_fullname(to);
- new_string = unistr2_static(&from->uni_full_name);
- DEBUG(10,("INFO_25 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_fullname(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_HOME_DIR) &&
- (from->hdr_home_dir.buffer)) {
- old_string = pdb_get_homedir(to);
- new_string = unistr2_static(&from->uni_home_dir);
- DEBUG(10,("INFO_25 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_homedir(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_HOME_DRIVE) &&
- (from->hdr_dir_drive.buffer)) {
- old_string = pdb_get_dir_drive(to);
- new_string = unistr2_static(&from->uni_dir_drive);
- DEBUG(10,("INFO_25 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_dir_drive(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_LOGON_SCRIPT) &&
- (from->hdr_logon_script.buffer)) {
- old_string = pdb_get_logon_script(to);
- new_string = unistr2_static(&from->uni_logon_script);
- DEBUG(10,("INFO_25 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_logon_script(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_PROFILE) &&
- (from->hdr_profile_path.buffer)) {
- old_string = pdb_get_profile_path(to);
- new_string = unistr2_static(&from->uni_profile_path);
- DEBUG(10,("INFO_25 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_profile_path(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_DESCRIPTION) &&
- (from->hdr_acct_desc.buffer)) {
- old_string = pdb_get_acct_desc(to);
- new_string = unistr2_static(&from->uni_acct_desc);
- DEBUG(10,("INFO_25 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
- if (STRING_CHANGED)
- pdb_set_acct_desc(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_WORKSTATIONS) &&
- (from->hdr_workstations.buffer)) {
- old_string = pdb_get_workstations(to);
- new_string = unistr2_static(&from->uni_workstations);
- DEBUG(10,("INFO_25 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_workstations(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_COMMENT) &&
- (from->hdr_comment.buffer)) {
- old_string = pdb_get_comment(to);
- new_string = unistr2_static(&from->uni_comment);
- DEBUG(10,("INFO_25 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_comment(to , new_string, PDB_CHANGED);
- }
-
- if ((from->fields_present & ACCT_CALLBACK) &&
- (from->hdr_munged_dial.buffer)) {
- char *newstr;
- old_string = pdb_get_munged_dial(to);
- mung.length = from->hdr_munged_dial.uni_str_len;
- mung.data = (uint8 *) from->uni_munged_dial.buffer;
- mung.free = NULL;
- newstr = (mung.length == 0) ?
- NULL : base64_encode_data_blob(mung);
- DEBUG(10,("INFO_25 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
- if (STRING_CHANGED_NC(old_string,newstr))
- pdb_set_munged_dial(to , newstr, PDB_CHANGED);
-
- TALLOC_FREE(newstr);
- }
-
- if (from->fields_present & ACCT_RID) {
- if (from->user_rid == 0) {
- DEBUG(10, ("INFO_25: Asked to set User RID to 0 !? Skipping change!\n"));
- } else if (from->user_rid != pdb_get_user_rid(to)) {
- DEBUG(10,("INFO_25 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
- }
- }
-
- if (from->fields_present & ACCT_PRIMARY_GID) {
- if (from->group_rid == 0) {
- DEBUG(10, ("INFO_25: Asked to set Group RID to 0 !? Skipping change!\n"));
- } else if (from->group_rid != pdb_get_group_rid(to)) {
- DEBUG(10,("INFO_25 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
- pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
- }
- }
-
- if (from->fields_present & ACCT_FLAGS) {
- DEBUG(10,("INFO_25 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
- if (from->acb_info != pdb_get_acct_ctrl(to)) {
- if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
- /* We're unlocking a previously locked user. Reset bad password counts.
- Patch from Jianliang Lu. <Jianliang.Lu@getronics.com> */
- pdb_set_bad_password_count(to, 0, PDB_CHANGED);
- pdb_set_bad_password_time(to, 0, PDB_CHANGED);
- }
- pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
- }
- }
-
- if (from->fields_present & ACCT_LOGON_HOURS) {
- DEBUG(15,("INFO_25 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
- if (from->logon_divs != pdb_get_logon_divs(to)) {
- pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
- }
-
- DEBUG(15,("INFO_25 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
- if (from->logon_hrs.len != pdb_get_hours_len(to)) {
- pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
- }
-
- DEBUG(15,("INFO_25 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
- /* Fix me: only update if it changes --metze */
- pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
- }
-
- if (from->fields_present & ACCT_BAD_PWD_COUNT) {
- DEBUG(10,("INFO_25 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
- if (from->bad_password_count != pdb_get_bad_password_count(to)) {
- pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
- }
- }
-
- if (from->fields_present & ACCT_NUM_LOGONS) {
- DEBUG(10,("INFO_25 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
- if (from->logon_count != pdb_get_logon_count(to)) {
- pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
- }
- }
-
- /* If the must change flag is set, the last set time goes to zero.
- the must change and can change fields also do, but they are
- calculated from policy, not set from the wire */
-
- if (from->fields_present & ACCT_EXPIRED_FLAG) {
- DEBUG(10,("INFO_25 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
- if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
- } else {
- pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
- }
- }
+ copy_id21_to_sam_passwd("INFO_25", to, &from->info);
}
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 1b877ee5b4..37bd204f75 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -225,9 +225,6 @@ static WERROR net_enum_files( TALLOC_CTX *ctx, const char *username,
********************************************************************/
static uint32 get_share_type(int snum)
{
- char *net_name = lp_servicename(snum);
- int len_net_name = strlen(net_name);
-
/* work out the share type */
uint32 type = STYPE_DISKTREE;
@@ -235,7 +232,7 @@ static uint32 get_share_type(int snum)
type = STYPE_PRINTQ;
if (strequal(lp_fstype(snum), "IPC"))
type = STYPE_IPC;
- if (net_name[len_net_name-1] == '$')
+ if (lp_hidden(snum))
type |= STYPE_HIDDEN;
return type;
@@ -1219,17 +1216,20 @@ done:
WERROR _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u)
{
+ const char *username = NULL;
+
switch ( q_u->level ) {
- case 3: {
- char *username;
- if (!(username = rpcstr_pull_unistr2_talloc(
- p->mem_ctx, q_u->username))) {
- return WERR_NOMEM;
+ case 3:
+ if (q_u->username) {
+ username = rpcstr_pull_unistr2_talloc(
+ p->mem_ctx, q_u->username);
+ if (!username) {
+ return WERR_NOMEM;
+ }
}
return net_file_enum_3(username, r_u,
get_enum_hnd(&q_u->enum_hnd));
- }
default:
return WERR_UNKNOWN_LEVEL;
}
diff --git a/source3/rpc_server/srv_svcctl.c b/source3/rpc_server/srv_svcctl.c
index ce81a24202..5e125145d6 100644
--- a/source3/rpc_server/srv_svcctl.c
+++ b/source3/rpc_server/srv_svcctl.c
@@ -53,23 +53,7 @@ static bool api_svcctl_close_service(pipes_struct *p)
static bool api_svcctl_open_scmanager(pipes_struct *p)
{
- SVCCTL_Q_OPEN_SCMANAGER q_u;
- SVCCTL_R_OPEN_SCMANAGER r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_open_scmanager("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_open_scmanager(p, &q_u, &r_u);
-
- if(!svcctl_io_r_open_scmanager("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_OPENSCMANAGERW);
}
/*******************************************************************
@@ -77,23 +61,7 @@ static bool api_svcctl_open_scmanager(pipes_struct *p)
static bool api_svcctl_open_service(pipes_struct *p)
{
- SVCCTL_Q_OPEN_SERVICE q_u;
- SVCCTL_R_OPEN_SERVICE r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_open_service("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_open_service(p, &q_u, &r_u);
-
- if(!svcctl_io_r_open_service("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_OPENSERVICEW);
}
/*******************************************************************
@@ -101,23 +69,7 @@ static bool api_svcctl_open_service(pipes_struct *p)
static bool api_svcctl_get_display_name(pipes_struct *p)
{
- SVCCTL_Q_GET_DISPLAY_NAME q_u;
- SVCCTL_R_GET_DISPLAY_NAME r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_get_display_name("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_get_display_name(p, &q_u, &r_u);
-
- if(!svcctl_io_r_get_display_name("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_GETSERVICEDISPLAYNAMEW);
}
/*******************************************************************
@@ -125,23 +77,7 @@ static bool api_svcctl_get_display_name(pipes_struct *p)
static bool api_svcctl_query_status(pipes_struct *p)
{
- SVCCTL_Q_QUERY_STATUS q_u;
- SVCCTL_R_QUERY_STATUS r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_query_status("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_query_status(p, &q_u, &r_u);
-
- if(!svcctl_io_r_query_status("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_QUERYSERVICESTATUS);
}
/*******************************************************************
@@ -219,23 +155,7 @@ static bool api_svcctl_enum_dependent_services(pipes_struct *p)
static bool api_svcctl_start_service(pipes_struct *p)
{
- SVCCTL_Q_START_SERVICE q_u;
- SVCCTL_R_START_SERVICE r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_start_service("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_start_service(p, &q_u, &r_u);
-
- if(!svcctl_io_r_start_service("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_STARTSERVICEW);
}
/*******************************************************************
@@ -243,23 +163,7 @@ static bool api_svcctl_start_service(pipes_struct *p)
static bool api_svcctl_control_service(pipes_struct *p)
{
- SVCCTL_Q_CONTROL_SERVICE q_u;
- SVCCTL_R_CONTROL_SERVICE r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_control_service("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_control_service(p, &q_u, &r_u);
-
- if(!svcctl_io_r_control_service("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_CONTROLSERVICE);
}
/*******************************************************************
@@ -315,23 +219,7 @@ static bool api_svcctl_query_service_config2(pipes_struct *p)
static bool api_svcctl_lock_service_db(pipes_struct *p)
{
- SVCCTL_Q_LOCK_SERVICE_DB q_u;
- SVCCTL_R_LOCK_SERVICE_DB r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_lock_service_db("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_lock_service_db(p, &q_u, &r_u);
-
- if(!svcctl_io_r_lock_service_db("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_LOCKSERVICEDATABASE);
}
@@ -340,23 +228,7 @@ static bool api_svcctl_lock_service_db(pipes_struct *p)
static bool api_svcctl_unlock_service_db(pipes_struct *p)
{
- SVCCTL_Q_UNLOCK_SERVICE_DB q_u;
- SVCCTL_R_UNLOCK_SERVICE_DB r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_unlock_service_db("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_unlock_service_db(p, &q_u, &r_u);
-
- if(!svcctl_io_r_unlock_service_db("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_UNLOCKSERVICEDATABASE);
}
/*******************************************************************
@@ -364,23 +236,7 @@ static bool api_svcctl_unlock_service_db(pipes_struct *p)
static bool api_svcctl_query_security_sec(pipes_struct *p)
{
- SVCCTL_Q_QUERY_SERVICE_SEC q_u;
- SVCCTL_R_QUERY_SERVICE_SEC r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_query_service_sec("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_query_service_sec(p, &q_u, &r_u);
-
- if(!svcctl_io_r_query_service_sec("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_QUERYSERVICEOBJECTSECURITY);
}
/*******************************************************************
@@ -388,23 +244,7 @@ static bool api_svcctl_query_security_sec(pipes_struct *p)
static bool api_svcctl_set_security_sec(pipes_struct *p)
{
- SVCCTL_Q_SET_SERVICE_SEC q_u;
- SVCCTL_R_SET_SERVICE_SEC r_u;
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- if(!svcctl_io_q_set_service_sec("", &q_u, data, 0))
- return False;
-
- r_u.status = _svcctl_set_service_sec(p, &q_u, &r_u);
-
- if(!svcctl_io_r_set_service_sec("", &r_u, rdata, 0))
- return False;
-
- return True;
+ return proxy_svcctl_call(p, NDR_SVCCTL_SETSERVICEOBJECTSECURITY);
}
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index ac45d8bf75..73d09b1bbb 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -1,22 +1,22 @@
-/*
+/*
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
*
* Copyright (C) Marcin Krzysztof Porwit 2005.
- *
+ *
* Largely Rewritten (Again) by:
* Copyright (C) Gerald (Jerry) Carter 2005.
- *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
@@ -63,42 +63,42 @@ bool init_service_op_table( void )
const char **service_list = lp_svcctl_list();
int num_services = SVCCTL_NUM_INTERNAL_SERVICES + str_list_count( service_list );
int i;
-
+
if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {
DEBUG(0,("init_service_op_table: talloc() failed!\n"));
return False;
}
/* services listed in smb.conf get the rc.init interface */
-
+
for ( i=0; service_list && service_list[i]; i++ ) {
svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
svcctl_ops[i].ops = &rcinit_svc_ops;
}
-
+
/* add builtin services */
-
+
svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
svcctl_ops[i].ops = &spoolss_svc_ops;
i++;
-
+
svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
svcctl_ops[i].ops = &netlogon_svc_ops;
i++;
-
+
svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
svcctl_ops[i].ops = &winreg_svc_ops;
i++;
-
+
svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
svcctl_ops[i].ops = &wins_svc_ops;
i++;
-
+
/* NULL terminate the array */
-
+
svcctl_ops[i].name = NULL;
svcctl_ops[i].ops = NULL;
-
+
return True;
}
@@ -119,7 +119,7 @@ static struct service_control_op* find_service_by_name( const char *name )
/********************************************************************
********************************************************************/
-static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
+static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
uint32 access_desired, uint32 *access_granted )
{
NTSTATUS result;
@@ -128,7 +128,7 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
DEBUG(5,("svcctl_access_check: using root's token\n"));
token = get_root_nt_token();
}
-
+
se_access_check( sec_desc, token, access_desired, access_granted, &result );
return result;
@@ -139,7 +139,7 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
{
- SEC_ACE ace[2];
+ SEC_ACE ace[2];
SEC_ACCESS mask;
size_t i = 0;
SEC_DESC *sd;
@@ -147,18 +147,18 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
size_t sd_size;
/* basic access for Everyone */
-
+
init_sec_access(&mask, SC_MANAGER_READ_ACCESS );
init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
+
/* Full Access 'BUILTIN\Administrators' */
-
+
init_sec_access(&mask,SC_MANAGER_ALL_ACCESS );
init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
-
+
+
/* create the security descriptor */
-
+
if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
return NULL;
@@ -173,7 +173,7 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
/******************************************************************
free() function for REGISTRY_KEY
*****************************************************************/
-
+
static void free_service_handle_info(void *ptr)
{
TALLOC_FREE( ptr );
@@ -197,21 +197,21 @@ static SERVICE_INFO *find_service_info_by_hnd(pipes_struct *p, POLICY_HND *hnd)
/******************************************************************
*****************************************************************/
-
+
static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, uint32 type,
const char *service, uint32 access_granted )
{
SERVICE_INFO *info = NULL;
WERROR result = WERR_OK;
struct service_control_op *s_op;
-
+
if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )
return WERR_NOMEM;
/* the Service Manager has a NULL name */
-
+
info->type = SVC_HANDLE_IS_SCM;
-
+
switch ( type ) {
case SVC_HANDLE_IS_SCM:
info->type = SVC_HANDLE_IS_SCM;
@@ -220,17 +220,17 @@ static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, u
case SVC_HANDLE_IS_DBLOCK:
info->type = SVC_HANDLE_IS_DBLOCK;
break;
-
+
case SVC_HANDLE_IS_SERVICE:
info->type = SVC_HANDLE_IS_SERVICE;
-
+
/* lookup the SERVICE_CONTROL_OPS */
if ( !(s_op = find_service_by_name( service )) ) {
result = WERR_NO_SUCH_SERVICE;
goto done;
}
-
+
info->ops = s_op->ops;
if ( !(info->name = talloc_strdup( info, s_op->name )) ) {
@@ -244,15 +244,15 @@ static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, u
goto done;
}
- info->access_granted = access_granted;
-
+ info->access_granted = access_granted;
+
/* store the SERVICE_INFO and create an open handle */
-
+
if ( !create_policy_hnd( p, handle, free_service_handle_info, info ) ) {
result = WERR_ACCESS_DENIED;
goto done;
}
-
+
done:
if ( !W_ERROR_IS_OK(result) )
free_service_handle_info( info );
@@ -263,62 +263,61 @@ done:
/********************************************************************
********************************************************************/
-WERROR _svcctl_open_scmanager(pipes_struct *p, SVCCTL_Q_OPEN_SCMANAGER *q_u, SVCCTL_R_OPEN_SCMANAGER *r_u)
+WERROR _svcctl_OpenSCManagerW(pipes_struct *p,
+ struct svcctl_OpenSCManagerW *r)
{
SEC_DESC *sec_desc;
uint32 access_granted = 0;
NTSTATUS status;
-
+
/* perform access checks */
-
+
if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
return WERR_NOMEM;
-
- se_map_generic( &q_u->access, &scm_generic_map );
- status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
+
+ se_map_generic( &r->in.access_mask, &scm_generic_map );
+ status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
-
- return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
+
+ return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
}
/********************************************************************
+ _svcctl_OpenServiceW
********************************************************************/
-WERROR _svcctl_open_service(pipes_struct *p, SVCCTL_Q_OPEN_SERVICE *q_u, SVCCTL_R_OPEN_SERVICE *r_u)
+WERROR _svcctl_OpenServiceW(pipes_struct *p,
+ struct svcctl_OpenServiceW *r)
{
SEC_DESC *sec_desc;
uint32 access_granted = 0;
NTSTATUS status;
- char *service = NULL;
- size_t ret = rpcstr_pull_talloc(p->mem_ctx,
- &service,
- q_u->servicename.buffer,
- q_u->servicename.uni_str_len*2,
- 0);
-
- if (ret == (size_t)-1 || !service) {
+ const char *service = NULL;
+
+ service = r->in.ServiceName;
+ if (!service) {
return WERR_NOMEM;
}
- DEBUG(5, ("_svcctl_open_service: Attempting to open Service [%s], \n", service));
+ DEBUG(5, ("_svcctl_OpenServiceW: Attempting to open Service [%s], \n", service));
/* based on my tests you can open a service if you have a valid scm handle */
- if ( !find_service_info_by_hnd( p, &q_u->handle ) )
+ if ( !find_service_info_by_hnd( p, r->in.scmanager_handle) )
return WERR_BADFID;
- /* perform access checks. Use the root token in order to ensure that we
+ /* perform access checks. Use the root token in order to ensure that we
retrieve the security descriptor */
if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
return WERR_NOMEM;
- se_map_generic( &q_u->access, &svc_generic_map );
- status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
+ se_map_generic( &r->in.access_mask, &svc_generic_map );
+ status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
- return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
+ return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
}
/********************************************************************
@@ -329,49 +328,58 @@ WERROR _svcctl_CloseServiceHandle(pipes_struct *p, struct svcctl_CloseServiceHan
if ( !close_policy_hnd( p, r->in.handle ) )
return WERR_BADFID;
- return WERR_OK;
+ return WERR_OK;
}
/********************************************************************
+ _svcctl_GetServiceDisplayNameW
********************************************************************/
-WERROR _svcctl_get_display_name(pipes_struct *p, SVCCTL_Q_GET_DISPLAY_NAME *q_u, SVCCTL_R_GET_DISPLAY_NAME *r_u)
+WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p,
+ struct svcctl_GetServiceDisplayNameW *r)
{
- fstring service;
+ const char *service;
const char *display_name;
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
/* can only use an SCM handle here */
-
+
if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
return WERR_BADFID;
-
- rpcstr_pull(service, q_u->servicename.buffer, sizeof(service), q_u->servicename.uni_str_len*2, 0);
-
+
+ service = r->in.service_name;
+
display_name = svcctl_lookup_dispname(p->mem_ctx, service, p->pipe_user.nt_user_token );
- init_svcctl_r_get_display_name( r_u, display_name ? display_name : "");
+ if (!display_name) {
+ display_name = "";
+ }
+
+ *r->out.display_name = display_name;
+ *r->out.display_name_length = strlen(display_name);
return WERR_OK;
}
/********************************************************************
+ _svcctl_QueryServiceStatus
********************************************************************/
-WERROR _svcctl_query_status(pipes_struct *p, SVCCTL_Q_QUERY_STATUS *q_u, SVCCTL_R_QUERY_STATUS *r_u)
+WERROR _svcctl_QueryServiceStatus(pipes_struct *p,
+ struct svcctl_QueryServiceStatus *r)
{
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
/* perform access checks */
if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
return WERR_BADFID;
-
+
if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
return WERR_ACCESS_DENIED;
-
+
/* try the service specific status call */
- return info->ops->service_status( info->name, &r_u->svc_status );
+ return info->ops->service_status( info->name, r->out.service_status );
}
/********************************************************************
@@ -383,7 +391,7 @@ static int enumerate_status( TALLOC_CTX *ctx, ENUM_SERVICES_STATUS **status, NT_
int i;
ENUM_SERVICES_STATUS *st;
const char *display_name;
-
+
/* just count */
while ( svcctl_ops[num_services].name )
num_services++;
@@ -392,16 +400,16 @@ static int enumerate_status( TALLOC_CTX *ctx, ENUM_SERVICES_STATUS **status, NT_
DEBUG(0,("enumerate_status: talloc() failed!\n"));
return -1;
}
-
+
for ( i=0; i<num_services; i++ ) {
init_unistr( &st[i].servicename, svcctl_ops[i].name );
-
+
display_name = svcctl_lookup_dispname(ctx, svcctl_ops[i].name, token );
init_unistr( &st[i].displayname, display_name ? display_name : "");
-
+
svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
}
-
+
*status = st;
return num_services;
@@ -419,12 +427,12 @@ WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STAT
WERROR result = WERR_OK;
SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
NT_USER_TOKEN *token = p->pipe_user.nt_user_token;
-
+
/* perform access checks */
if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
return WERR_BADFID;
-
+
if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) ) {
return WERR_ACCESS_DENIED;
}
@@ -464,51 +472,57 @@ WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STAT
}
/********************************************************************
+ _svcctl_StartServiceW
********************************************************************/
-WERROR _svcctl_start_service(pipes_struct *p, SVCCTL_Q_START_SERVICE *q_u, SVCCTL_R_START_SERVICE *r_u)
+WERROR _svcctl_StartServiceW(pipes_struct *p,
+ struct svcctl_StartServiceW *r)
{
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
/* perform access checks */
if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
return WERR_BADFID;
-
+
if ( !(info->access_granted & SC_RIGHT_SVC_START) )
return WERR_ACCESS_DENIED;
-
+
return info->ops->start_service( info->name );
}
/********************************************************************
+ _svcctl_ControlService
********************************************************************/
-WERROR _svcctl_control_service(pipes_struct *p, SVCCTL_Q_CONTROL_SERVICE *q_u, SVCCTL_R_CONTROL_SERVICE *r_u)
+WERROR _svcctl_ControlService(pipes_struct *p,
+ struct svcctl_ControlService *r)
{
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
/* perform access checks */
-
+
if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
- return WERR_BADFID;
-
- switch ( q_u->control ) {
+ return WERR_BADFID;
+
+ switch ( r->in.control ) {
case SVCCTL_CONTROL_STOP:
if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
return WERR_ACCESS_DENIED;
-
- return info->ops->stop_service( info->name, &r_u->svc_status );
-
+
+ return info->ops->stop_service( info->name,
+ r->out.service_status );
+
case SVCCTL_CONTROL_INTERROGATE:
if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
return WERR_ACCESS_DENIED;
-
- return info->ops->service_status( info->name, &r_u->svc_status );
+
+ return info->ops->service_status( info->name,
+ r->out.service_status );
}
-
+
/* default control action */
-
+
return WERR_ACCESS_DENIED;
}
@@ -518,22 +532,22 @@ WERROR _svcctl_control_service(pipes_struct *p, SVCCTL_Q_CONTROL_SERVICE *q_u, S
WERROR _svcctl_enum_dependent_services( pipes_struct *p, SVCCTL_Q_ENUM_DEPENDENT_SERVICES *q_u, SVCCTL_R_ENUM_DEPENDENT_SERVICES *r_u )
{
SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-
+
/* perform access checks */
if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
- return WERR_BADFID;
-
+ return WERR_BADFID;
+
if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
return WERR_ACCESS_DENIED;
-
- /* we have to set the outgoing buffer size to the same as the
+
+ /* we have to set the outgoing buffer size to the same as the
incoming buffer size (even in the case of failure */
rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
-
+
r_u->needed = q_u->buffer_size;
-
+
/* no dependent services...basically a stub function */
r_u->returned = 0;
@@ -547,21 +561,21 @@ WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_
{
SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
uint32 buffer_size;
-
+
/* perform access checks */
if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
- return WERR_BADFID;
-
+ return WERR_BADFID;
+
if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
return WERR_ACCESS_DENIED;
- /* we have to set the outgoing buffer size to the same as the
+ /* we have to set the outgoing buffer size to the same as the
incoming buffer size (even in the case of failure) */
rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
r_u->needed = q_u->buffer_size;
-
+
switch ( q_u->level ) {
case SVC_STATUS_PROCESS_INFO:
{
@@ -576,18 +590,18 @@ WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_
buffer_size = sizeof(SERVICE_STATUS_PROCESS);
break;
}
-
+
default:
- return WERR_UNKNOWN_LEVEL;
+ return WERR_UNKNOWN_LEVEL;
}
-
+
buffer_size += buffer_size % 4;
r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
- if (buffer_size > q_u->buffer_size )
+ if (buffer_size > q_u->buffer_size )
return WERR_MORE_DATA;
-
+
return WERR_OK;
}
@@ -600,12 +614,12 @@ static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG
REGISTRY_VALUE *val;
/* retrieve the registry values for this service */
-
+
if ( !(values = svcctl_fetch_regvalues( name, token )) )
return WERR_REG_CORRUPT;
-
+
/* now fill in the individual values */
-
+
config->displayname = TALLOC_ZERO_P( ctx, UNISTR2 );
if ( (val = regval_ctr_getvalue( values, "DisplayName" )) != NULL )
init_unistr2( config->displayname, regval_sz( val ), UNI_STR_TERMINATE );
@@ -613,23 +627,23 @@ static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG
init_unistr2( config->displayname, name, UNI_STR_TERMINATE );
if ( (val = regval_ctr_getvalue( values, "ObjectName" )) != NULL ) {
- config->startname = TALLOC_ZERO_P( ctx, UNISTR2 );
+ config->startname = TALLOC_ZERO_P( ctx, UNISTR2 );
init_unistr2( config->startname, regval_sz( val ), UNI_STR_TERMINATE );
}
-
+
if ( (val = regval_ctr_getvalue( values, "ImagePath" )) != NULL ) {
- config->executablepath = TALLOC_ZERO_P( ctx, UNISTR2 );
+ config->executablepath = TALLOC_ZERO_P( ctx, UNISTR2 );
init_unistr2( config->executablepath, regval_sz( val ), UNI_STR_TERMINATE );
}
/* a few hard coded values */
/* loadordergroup and dependencies are empty */
-
+
config->tag_id = 0x00000000; /* unassigned loadorder group */
config->service_type = SVCCTL_WIN32_OWN_PROC;
config->error_control = SVCCTL_SVC_ERROR_NORMAL;
- /* set the start type. NetLogon and WINS are disabled to prevent
+ /* set the start type. NetLogon and WINS are disabled to prevent
the client from showing the "Start" button (if of course the services
are not running */
@@ -639,7 +653,7 @@ static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG
config->start_type = SVCCTL_DISABLED;
else
config->start_type = SVCCTL_DEMAND_START;
-
+
TALLOC_FREE( values );
@@ -654,24 +668,24 @@ WERROR _svcctl_query_service_config( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CON
SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
uint32 buffer_size;
WERROR wresult;
-
+
/* perform access checks */
if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
- return WERR_BADFID;
-
+ return WERR_BADFID;
+
if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
return WERR_ACCESS_DENIED;
- /* we have to set the outgoing buffer size to the same as the
+ /* we have to set the outgoing buffer size to the same as the
incoming buffer size (even in the case of failure */
r_u->needed = q_u->buffer_size;
-
+
wresult = fill_svc_config( p->mem_ctx, info->name, &r_u->config, p->pipe_user.nt_user_token );
if ( !W_ERROR_IS_OK(wresult) )
return wresult;
-
+
buffer_size = svcctl_sizeof_service_config( &r_u->config );
r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
@@ -679,7 +693,7 @@ WERROR _svcctl_query_service_config( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CON
ZERO_STRUCTP( &r_u->config );
return WERR_INSUFFICIENT_BUFFER;
}
-
+
return WERR_OK;
}
@@ -750,53 +764,61 @@ WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CO
}
/********************************************************************
+ _svcctl_LockServiceDatabase
********************************************************************/
-WERROR _svcctl_lock_service_db( pipes_struct *p, SVCCTL_Q_LOCK_SERVICE_DB *q_u, SVCCTL_R_LOCK_SERVICE_DB *r_u )
+WERROR _svcctl_LockServiceDatabase(pipes_struct *p,
+ struct svcctl_LockServiceDatabase *r)
{
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
/* perform access checks */
if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
- return WERR_BADFID;
-
+ return WERR_BADFID;
+
if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
return WERR_ACCESS_DENIED;
/* Just open a handle. Doesn't actually lock anything */
-
- return create_open_service_handle( p, &r_u->h_lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
-;
+
+ return create_open_service_handle( p, r->out.lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
}
/********************************************************************
+ _svcctl_UnlockServiceDatabase
********************************************************************/
-WERROR _svcctl_unlock_service_db( pipes_struct *p, SVCCTL_Q_UNLOCK_SERVICE_DB *q_u, SVCCTL_R_UNLOCK_SERVICE_DB *r_u )
+WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p,
+ struct svcctl_UnlockServiceDatabase *r)
{
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->h_lock );
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.lock );
if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
- return WERR_BADFID;
-
- return close_policy_hnd( p, &q_u->h_lock) ? WERR_OK : WERR_BADFID;
+ return WERR_BADFID;
+
+ return close_policy_hnd( p, r->out.lock) ? WERR_OK : WERR_BADFID;
}
/********************************************************************
+ _svcctl_QueryServiceObjectSecurity
********************************************************************/
-WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, SVCCTL_R_QUERY_SERVICE_SEC *r_u )
+WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
+ struct svcctl_QueryServiceObjectSecurity *r)
{
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
SEC_DESC *sec_desc;
+ NTSTATUS status;
+ uint8_t *buffer = NULL;
+ size_t len = 0;
/* only support the SCM and individual services */
if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
- return WERR_BADFID;
+ return WERR_BADFID;
/* check access reights (according to MSDN) */
@@ -805,7 +827,7 @@ WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q
/* TODO: handle something besides DACL_SECURITY_INFORMATION */
- if ( (q_u->security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
+ if ( (r->in.security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
return WERR_INVALID_PARAM;
/* lookup the security descriptor and marshall it up for a reply */
@@ -813,29 +835,35 @@ WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q
if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) )
return WERR_NOMEM;
- r_u->needed = ndr_size_security_descriptor( sec_desc, 0 );
+ *r->out.needed = ndr_size_security_descriptor( sec_desc, 0 );
- if ( r_u->needed > q_u->buffer_size ) {
- ZERO_STRUCTP( &r_u->buffer );
+ if ( *r->out.needed > r->in.buffer_size ) {
+ ZERO_STRUCTP( &r->out.buffer );
return WERR_INSUFFICIENT_BUFFER;
}
- rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
+ status = marshall_sec_desc(p->mem_ctx, sec_desc, &buffer, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ntstatus_to_werror(status);
+ }
+
+ *r->out.needed = len;
+ r->out.buffer = buffer;
- if ( !sec_io_desc("", &sec_desc, &r_u->buffer.prs, 0 ) )
- return WERR_NOMEM;
-
return WERR_OK;
}
/********************************************************************
+ _svcctl_SetServiceObjectSecurity
********************************************************************/
-WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u, SVCCTL_R_SET_SERVICE_SEC *r_u )
+WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
+ struct svcctl_SetServiceObjectSecurity *r)
{
- SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+ SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
SEC_DESC *sec_desc = NULL;
uint32 required_access;
+ NTSTATUS status;
if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
return WERR_BADFID;
@@ -843,298 +871,242 @@ WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u,
/* can't set the security de4scriptor on the ServiceControlManager */
if ( info->type == SVC_HANDLE_IS_SCM )
- return WERR_ACCESS_DENIED;
+ return WERR_ACCESS_DENIED;
/* check the access on the open handle */
-
- switch ( q_u->security_flags ) {
+
+ switch ( r->in.security_flags ) {
case DACL_SECURITY_INFORMATION:
required_access = STD_RIGHT_WRITE_DAC_ACCESS;
break;
-
+
case OWNER_SECURITY_INFORMATION:
case GROUP_SECURITY_INFORMATION:
required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
break;
-
+
case SACL_SECURITY_INFORMATION:
return WERR_INVALID_PARAM;
default:
return WERR_INVALID_PARAM;
}
-
+
if ( !(info->access_granted & required_access) )
return WERR_ACCESS_DENIED;
-
+
/* read the security descfriptor */
-
- if ( !sec_io_desc("", &sec_desc, &q_u->buffer.prs, 0 ) )
- return WERR_NOMEM;
-
+
+ status = unmarshall_sec_desc(p->mem_ctx,
+ r->in.buffer, r->in.buffer_size,
+ &sec_desc);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ntstatus_to_werror(status);
+ }
+
/* store the new SD */
- if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) )
+ if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) )
return WERR_ACCESS_DENIED;
return WERR_OK;
}
-WERROR _svcctl_ControlService(pipes_struct *p, struct svcctl_ControlService *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
WERROR _svcctl_DeleteService(pipes_struct *p, struct svcctl_DeleteService *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_LockServiceDatabase(pipes_struct *p, struct svcctl_LockServiceDatabase *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p, struct svcctl_QueryServiceObjectSecurity *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, struct svcctl_SetServiceObjectSecurity *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_QueryServiceStatus(pipes_struct *p, struct svcctl_QueryServiceStatus *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_SetServiceStatus(pipes_struct *p, struct svcctl_SetServiceStatus *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p, struct svcctl_UnlockServiceDatabase *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_NotifyBootConfigStatus(pipes_struct *p, struct svcctl_NotifyBootConfigStatus *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_SCSetServiceBitsW(pipes_struct *p, struct svcctl_SCSetServiceBitsW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_ChangeServiceConfigW(pipes_struct *p, struct svcctl_ChangeServiceConfigW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_CreateServiceW(pipes_struct *p, struct svcctl_CreateServiceW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_EnumDependentServicesW(pipes_struct *p, struct svcctl_EnumDependentServicesW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_EnumServicesStatusW(pipes_struct *p, struct svcctl_EnumServicesStatusW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_OpenSCManagerW(pipes_struct *p, struct svcctl_OpenSCManagerW *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_OpenServiceW(pipes_struct *p, struct svcctl_OpenServiceW *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, struct svcctl_QueryServiceConfigW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_QueryServiceLockStatusW(pipes_struct *p, struct svcctl_QueryServiceLockStatusW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_StartServiceW(pipes_struct *p, struct svcctl_StartServiceW *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
-}
-
-WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p, struct svcctl_GetServiceDisplayNameW *r)
-{
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_GetServiceKeyNameW(pipes_struct *p, struct svcctl_GetServiceKeyNameW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_SCSetServiceBitsA(pipes_struct *p, struct svcctl_SCSetServiceBitsA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_ChangeServiceConfigA(pipes_struct *p, struct svcctl_ChangeServiceConfigA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_CreateServiceA(pipes_struct *p, struct svcctl_CreateServiceA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_EnumDependentServicesA(pipes_struct *p, struct svcctl_EnumDependentServicesA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_EnumServicesStatusA(pipes_struct *p, struct svcctl_EnumServicesStatusA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_OpenSCManagerA(pipes_struct *p, struct svcctl_OpenSCManagerA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_OpenServiceA(pipes_struct *p, struct svcctl_OpenServiceA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_QueryServiceConfigA(pipes_struct *p, struct svcctl_QueryServiceConfigA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_QueryServiceLockStatusA(pipes_struct *p, struct svcctl_QueryServiceLockStatusA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_StartServiceA(pipes_struct *p, struct svcctl_StartServiceA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_GetServiceDisplayNameA(pipes_struct *p, struct svcctl_GetServiceDisplayNameA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_GetServiceKeyNameA(pipes_struct *p, struct svcctl_GetServiceKeyNameA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_GetCurrentGroupeStateW(pipes_struct *p, struct svcctl_GetCurrentGroupeStateW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_EnumServiceGroupW(pipes_struct *p, struct svcctl_EnumServiceGroupW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_ChangeServiceConfig2A(pipes_struct *p, struct svcctl_ChangeServiceConfig2A *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_ChangeServiceConfig2W(pipes_struct *p, struct svcctl_ChangeServiceConfig2W *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_QueryServiceConfig2A(pipes_struct *p, struct svcctl_QueryServiceConfig2A *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p, struct svcctl_QueryServiceConfig2W *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p, struct svcctl_QueryServiceStatusEx *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _EnumServicesStatusExA(pipes_struct *p, struct EnumServicesStatusExA *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _EnumServicesStatusExW(pipes_struct *p, struct EnumServicesStatusExW *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
WERROR _svcctl_SCSendTSMessage(pipes_struct *p, struct svcctl_SCSendTSMessage *r)
{
p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ return WERR_NOT_SUPPORTED;
}
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 74ee94cf75..7ff93e0b07 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -21,14 +21,10 @@
/* Implementation of registry functions. */
#include "includes.h"
-#include "regfio.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
-static const struct generic_mapping reg_generic_map =
- { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
-
/******************************************************************
free() function for struct registry_key
*****************************************************************/
@@ -40,7 +36,7 @@ static void free_regkey(void *ptr)
}
/******************************************************************
- Find a registry key handle and return a REGISTRY_KEY
+ Find a registry key handle and return a struct registry_key *
*****************************************************************/
static struct registry_key *find_regkey_by_hnd(pipes_struct *p,
@@ -370,9 +366,7 @@ WERROR _winreg_GetVersion(pipes_struct *p, struct winreg_GetVersion *r)
if ( !regkey )
return WERR_BADFID;
- *r->out.version = 0x00000005; /* Windows 2000 registry API version */
-
- return WERR_OK;
+ return reg_getversion(r->out.version);
}
@@ -657,125 +651,6 @@ static int validate_reg_filename(TALLOC_CTX *ctx, char **pp_fname )
}
/*******************************************************************
- Note: topkeypat is the *full* path that this *key will be
- loaded into (including the name of the key)
- ********************************************************************/
-
-static WERROR reg_load_tree( REGF_FILE *regfile, const char *topkeypath,
- REGF_NK_REC *key )
-{
- REGF_NK_REC *subkey;
- REGISTRY_KEY registry_key;
- REGVAL_CTR *values;
- REGSUBKEY_CTR *subkeys;
- int i;
- char *path = NULL;
- WERROR result = WERR_OK;
-
- /* initialize the REGISTRY_KEY structure */
-
- if ( !(registry_key.hook = reghook_cache_find(topkeypath)) ) {
- DEBUG(0,("reg_load_tree: Failed to assigned a REGISTRY_HOOK to [%s]\n",
- topkeypath ));
- return WERR_BADFILE;
- }
-
- registry_key.name = talloc_strdup( regfile->mem_ctx, topkeypath );
- if ( !registry_key.name ) {
- DEBUG(0,("reg_load_tree: Talloc failed for reg_key.name!\n"));
- return WERR_NOMEM;
- }
-
- /* now start parsing the values and subkeys */
-
- if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
- return WERR_NOMEM;
-
- if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
- return WERR_NOMEM;
-
- /* copy values into the REGVAL_CTR */
-
- for ( i=0; i<key->num_values; i++ ) {
- regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type,
- (char*)key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) );
- }
-
- /* copy subkeys into the REGSUBKEY_CTR */
-
- key->subkey_index = 0;
- while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
- regsubkey_ctr_addkey( subkeys, subkey->keyname );
- }
-
- /* write this key and values out */
-
- if ( !store_reg_values( &registry_key, values )
- || !store_reg_keys( &registry_key, subkeys ) )
- {
- DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath));
- result = WERR_REG_IO_FAILURE;
- }
-
- TALLOC_FREE( subkeys );
-
- if ( !W_ERROR_IS_OK(result) )
- return result;
-
- /* now continue to load each subkey registry tree */
-
- key->subkey_index = 0;
- while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
- path = talloc_asprintf(regfile->mem_ctx,
- "%s\\%s",
- topkeypath,
- subkey->keyname);
- if (!path) {
- return WERR_NOMEM;
- }
- result = reg_load_tree( regfile, path, subkey );
- if ( !W_ERROR_IS_OK(result) )
- break;
- }
-
- return result;
-}
-
-/*******************************************************************
- ********************************************************************/
-
-static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname )
-{
- REGF_FILE *regfile;
- REGF_NK_REC *rootkey;
- WERROR result;
-
- /* open the registry file....fail if the file already exists */
-
- if ( !(regfile = regfio_open( fname, (O_RDONLY), 0 )) ) {
- DEBUG(0,("restore_registry_key: failed to open \"%s\" (%s)\n",
- fname, strerror(errno) ));
- return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
- }
-
- /* get the rootkey from the regf file and then load the tree
- via recursive calls */
-
- if ( !(rootkey = regfio_rootkey( regfile )) ) {
- regfio_close( regfile );
- return WERR_REG_FILE_INVALID;
- }
-
- result = reg_load_tree( regfile, krecord->name, rootkey );
-
- /* cleanup */
-
- regfio_close( regfile );
-
- return result;
-}
-
-/*******************************************************************
********************************************************************/
WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r)
@@ -809,175 +684,9 @@ WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r)
DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n",
regkey->key->name, fname, lp_servicename(snum) ));
- return restore_registry_key( regkey->key, fname );
-}
-
-/********************************************************************
-********************************************************************/
-
-static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
- REGF_NK_REC *parent, SEC_DESC *sec_desc )
-{
- REGF_NK_REC *key;
- REGVAL_CTR *values;
- REGSUBKEY_CTR *subkeys;
- int i, num_subkeys;
- char *key_tmp = NULL;
- char *keyname, *parentpath;
- char *subkeypath = NULL;
- char *subkeyname;
- REGISTRY_KEY registry_key;
- WERROR result = WERR_OK;
-
- if (!regfile)
- return WERR_GENERAL_FAILURE;
-
- if (!keypath)
- return WERR_OBJECT_PATH_INVALID;
-
- /* split up the registry key path */
-
- key_tmp = talloc_strdup(regfile->mem_ctx, keypath);
- if (!key_tmp) {
- return WERR_NOMEM;
- }
- if (!reg_split_key( key_tmp, &parentpath, &keyname ) )
- return WERR_OBJECT_PATH_INVALID;
-
- if ( !keyname )
- keyname = parentpath;
-
- /* we need a REGISTRY_KEY object here to enumerate subkeys and values */
-
- ZERO_STRUCT( registry_key );
-
- if ( (registry_key.name = talloc_strdup(regfile->mem_ctx, keypath)) == NULL )
- return WERR_NOMEM;
-
- if ( (registry_key.hook = reghook_cache_find( registry_key.name )) == NULL )
- return WERR_BADFILE;
-
- /* lookup the values and subkeys */
-
- if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
- return WERR_NOMEM;
-
- if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
- return WERR_NOMEM;
-
- fetch_reg_keys( &registry_key, subkeys );
- fetch_reg_values( &registry_key, values );
-
- /* write out this key */
-
- if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) {
- result = WERR_CAN_NOT_COMPLETE;
- goto done;
- }
-
- /* write each one of the subkeys out */
-
- num_subkeys = regsubkey_ctr_numkeys( subkeys );
- for ( i=0; i<num_subkeys; i++ ) {
- subkeyname = regsubkey_ctr_specific_key( subkeys, i );
- subkeypath = talloc_asprintf(regfile->mem_ctx,
- "%s\\%s", keypath, subkeyname);
- if (!subkeypath) {
- result = WERR_NOMEM;
- goto done;
- }
- result = reg_write_tree( regfile, subkeypath, key, sec_desc );
- if ( !W_ERROR_IS_OK(result) )
- goto done;
- }
-
- DEBUG(6,("reg_write_tree: wrote key [%s]\n", keypath ));
-
-done:
- TALLOC_FREE( subkeys );
- TALLOC_FREE( registry_key.name );
-
- return result;
-}
-
-/*******************************************************************
- ********************************************************************/
-
-static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd )
-{
- DOM_SID adm_sid, owner_sid;
- SEC_ACE ace[2]; /* at most 2 entries */
- SEC_ACCESS mask;
- SEC_ACL *psa = NULL;
- size_t sd_size;
-
- /* set the owner to BUILTIN\Administrator */
-
- sid_copy(&owner_sid, &global_sid_Builtin);
- sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
-
-
- /* basic access for Everyone */
-
- init_sec_access(&mask, reg_generic_map.generic_execute | reg_generic_map.generic_read );
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
- /* add Full Access 'BUILTIN\Administrators' */
-
- init_sec_access(&mask, reg_generic_map.generic_all);
- sid_copy(&adm_sid, &global_sid_Builtin);
- sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
- init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
- /* create the security descriptor */
-
- if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
- return WERR_NOMEM;
-
- if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
- SEC_DESC_SELF_RELATIVE, &owner_sid, NULL,
- NULL, psa, &sd_size)) == NULL)
- return WERR_NOMEM;
-
- return WERR_OK;
+ return reg_restorekey(regkey, fname);
}
-/*******************************************************************
- ********************************************************************/
-
-static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname )
-{
- REGF_FILE *regfile;
- WERROR result;
- SEC_DESC *sd = NULL;
-
- /* open the registry file....fail if the file already exists */
-
- if ( !(regfile = regfio_open( fname, (O_RDWR|O_CREAT|O_EXCL), (S_IREAD|S_IWRITE) )) ) {
- DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
- fname, strerror(errno) ));
- return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
- }
-
- if ( !W_ERROR_IS_OK(result = make_default_reg_sd( regfile->mem_ctx, &sd )) ) {
- regfio_close( regfile );
- return result;
- }
-
- /* write the registry tree to the file */
-
- result = reg_write_tree( regfile, krecord->name, NULL, sd );
-
- /* cleanup */
-
- regfio_close( regfile );
-
- return result;
-}
-
-/*******************************************************************
- ********************************************************************/
-
WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r)
{
struct registry_key *regkey = find_regkey_by_hnd( p, r->in.handle );
@@ -1004,7 +713,7 @@ WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r)
DEBUG(2,("_winreg_SaveKey: Saving [%s] to %s in share %s\n",
regkey->key->name, fname, lp_servicename(snum) ));
- return backup_registry_key( regkey->key, fname );
+ return reg_savekey(regkey, fname);
}
/*******************************************************************
@@ -1115,7 +824,7 @@ WERROR _winreg_GetKeySecurity(pipes_struct *p, struct winreg_GetKeySecurity *r)
if ( !(key->key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
return WERR_ACCESS_DENIED;
- err = regkey_get_secdesc(p->mem_ctx, key->key, &secdesc);
+ err = reg_getkeysecurity(p->mem_ctx, key, &secdesc);
if (!W_ERROR_IS_OK(err)) {
return err;
}
@@ -1161,7 +870,7 @@ WERROR _winreg_SetKeySecurity(pipes_struct *p, struct winreg_SetKeySecurity *r)
return err;
}
- return regkey_set_secdesc(key->key, secdesc);
+ return reg_setkeysecurity(key, secdesc);
}
/*******************************************************************
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 849ec9c4eb..6d03009d00 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -281,19 +281,20 @@ WERROR _wkssvc_NetrGetJoinableOus(pipes_struct *p, struct wkssvc_NetrGetJoinable
}
/********************************************************************
+ _wkssvc_NetrJoinDomain2
********************************************************************/
-WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r)
+WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
+ struct wkssvc_NetrJoinDomain2 *r)
{
-#if 0
struct libnet_JoinCtx *j = NULL;
- char *pwd = NULL;
+ char *cleartext_pwd = NULL;
char *admin_domain = NULL;
char *admin_account = NULL;
WERROR werr;
NTSTATUS status;
struct nt_user_token *token = p->pipe_user.nt_user_token;
- struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+ struct netr_DsRGetDCNameInfo *info = NULL;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
@@ -302,18 +303,15 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
if (!user_has_privileges(token, &se_machine_account) &&
!nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
!nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+ DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
+ "sufficient privileges\n"));
return WERR_ACCESS_DENIED;
}
werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
r->in.encrypted_password,
&p->session_key,
- &pwd);
- if (!W_ERROR_IS_OK(werr)) {
- return werr;
- }
-
- werr = libnet_init_JoinCtx(p->mem_ctx, &j);
+ &cleartext_pwd);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
@@ -323,8 +321,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
&admin_domain,
&admin_account);
- status = DsGetDcName(p->mem_ctx,
- NULL,
+ status = dsgetdcname(p->mem_ctx,
r->in.domain_name,
NULL,
NULL,
@@ -336,33 +333,101 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
return ntstatus_to_werror(status);
}
- j->in.server_name = info->domain_controller_name;
+ werr = libnet_init_JoinCtx(p->mem_ctx, &j);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ j->in.dc_name = info->dc_unc;
j->in.domain_name = r->in.domain_name;
j->in.account_ou = r->in.account_ou;
j->in.join_flags = r->in.join_flags;
-
- j->in.admin_account = admin_account;
- j->in.password = pwd;
- j->in.modify_config = true;
+ j->in.admin_account = admin_account;
+ j->in.admin_password = cleartext_pwd;
+ j->in.debug = true;
become_root();
werr = libnet_Join(p->mem_ctx, j);
unbecome_root();
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n",
+ j->out.error_string ? j->out.error_string :
+ dos_errstr(werr)));
+ }
+
+ TALLOC_FREE(j);
return werr;
-#endif
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
}
/********************************************************************
+ _wkssvc_NetrUnjoinDomain2
********************************************************************/
-WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, struct wkssvc_NetrUnjoinDomain2 *r)
+WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
+ struct wkssvc_NetrUnjoinDomain2 *r)
{
- /* FIXME: Add implementation code here */
- p->rng_fault_state = True;
- return WERR_NOT_SUPPORTED;
+ struct libnet_UnjoinCtx *u = NULL;
+ char *cleartext_pwd = NULL;
+ char *admin_domain = NULL;
+ char *admin_account = NULL;
+ WERROR werr;
+ NTSTATUS status;
+ struct nt_user_token *token = p->pipe_user.nt_user_token;
+ struct netr_DsRGetDCNameInfo *info = NULL;
+
+ if (!user_has_privileges(token, &se_machine_account) &&
+ !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+ !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+ DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
+ "sufficient privileges\n"));
+ return WERR_ACCESS_DENIED;
+ }
+
+ werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
+ r->in.encrypted_password,
+ &p->session_key,
+ &cleartext_pwd);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ split_domain_user(p->mem_ctx,
+ r->in.account,
+ &admin_domain,
+ &admin_account);
+
+ status = dsgetdcname(p->mem_ctx,
+ lp_realm(),
+ NULL,
+ NULL,
+ DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_RETURN_DNS_NAME,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ntstatus_to_werror(status);
+ }
+
+ werr = libnet_init_UnjoinCtx(p->mem_ctx, &u);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ u->in.dc_name = info->dc_unc;
+ u->in.domain_name = lp_realm();
+ u->in.unjoin_flags = r->in.unjoin_flags |
+ WKSSVC_JOIN_FLAGS_JOIN_TYPE;
+ u->in.admin_account = admin_account;
+ u->in.admin_password = cleartext_pwd;
+ u->in.debug = true;
+
+ become_root();
+ werr = libnet_Unjoin(p->mem_ctx, u);
+ unbecome_root();
+
+ TALLOC_FREE(u);
+ return werr;
}
/********************************************************************