summaryrefslogtreecommitdiff
path: root/source3/smbd/lanman.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/lanman.c')
-rw-r--r--source3/smbd/lanman.c131
1 files changed, 91 insertions, 40 deletions
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index a5f7a7b2ea..b27ccc23ef 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1706,13 +1706,24 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
int uLevel = SVAL(p,0);
const char *level_string;
int count=0;
+ SAM_ACCOUNT *sampw = NULL;
+ BOOL ret = False;
+ DOM_GID *gids = NULL;
+ int num_groups = 0;
+ int i;
+ fstring grp_domain;
+ fstring grp_name;
+ enum SID_NAME_USE grp_type;
+ DOM_SID sid, dom_sid;
*rparam_len = 8;
*rparam = REALLOC(*rparam,*rparam_len);
/* check it's a supported varient */
- if (!strcmp(str1,"zWrLeh"))
+
+ if ( strcmp(str1,"zWrLeh") != 0 )
return False;
+
switch( uLevel ) {
case 0:
level_string = "B21";
@@ -1732,18 +1743,59 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
p = *rdata;
- /* XXXX we need a real SAM database some day */
- pstrcpy(p,"Users"); p += 21; count++;
- pstrcpy(p,"Domain Users"); p += 21; count++;
- pstrcpy(p,"Guests"); p += 21; count++;
- pstrcpy(p,"Domain Guests"); p += 21; count++;
+ /* Lookup the user information; This should only be one of
+ our accounts (not remote domains) */
+
+ pdb_init_sam( &sampw );
+
+ become_root(); /* ROOT BLOCK */
+
+ if ( !pdb_getsampwnam(sampw, UserName) )
+ goto out;
+
+ /* this next set of code is horribly inefficient, but since
+ it is rarely called, I'm going to leave it like this since
+ it easier to follow --jerry */
+
+ /* get the list of group SIDs */
+
+ if ( !get_domain_user_groups(conn->mem_ctx, &num_groups, &gids, sampw) ) {
+ DEBUG(1,("api_NetUserGetGroups: get_domain_user_groups() failed!\n"));
+ goto out;
+ }
+ /* convert to names (we don't support universal groups so the domain
+ can only be ours) */
+
+ sid_copy( &dom_sid, get_global_sam_sid() );
+ for (i=0; i<num_groups; i++) {
+
+ /* make the DOM_GID into a DOM_SID and then lookup
+ the name */
+
+ sid_copy( &sid, &dom_sid );
+ sid_append_rid( &sid, gids[i].g_rid );
+
+ if ( lookup_sid(&sid, grp_domain, grp_name, &grp_type) ) {
+ pstrcpy(p, grp_name);
+ p += 21;
+ count++;
+ }
+ }
+
*rdata_len = PTR_DIFF(p,*rdata);
SSVAL(*rparam,4,count); /* is this right?? */
SSVAL(*rparam,6,count); /* is this right?? */
- return(True);
+ ret = True;
+
+out:
+ unbecome_root(); /* END ROOT BLOCK */
+
+ pdb_free_sam( &sampw );
+
+ return ret;
}
/*******************************************************************
@@ -1932,7 +1984,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) {
become_root();
- if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2))) {
+ if (NT_STATUS_IS_OK(change_oem_password(server_info->sam_account, pass1, pass2, False))) {
SSVAL(*rparam,0,NERR_Success);
}
unbecome_root();
@@ -1957,7 +2009,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
if (check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &hnd)) {
become_root();
- if (change_lanman_password(hnd,pass2)) {
+ if (change_lanman_password(hnd,(uchar *)pass2)) {
SSVAL(*rparam,0,NERR_Success);
}
unbecome_root();
@@ -1980,47 +2032,46 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- fstring user;
- char *p = param + 2;
- *rparam_len = 2;
- *rparam = REALLOC(*rparam,*rparam_len);
+ fstring user;
+ char *p = param + 2;
+ *rparam_len = 2;
+ *rparam = REALLOC(*rparam,*rparam_len);
- *rdata_len = 0;
+ *rdata_len = 0;
- SSVAL(*rparam,0,NERR_badpass);
+ SSVAL(*rparam,0,NERR_badpass);
- /*
- * Check the parameter definition is correct.
- */
- if(!strequal(param + 2, "zsT")) {
- DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", param + 2));
- return False;
- }
- p = skip_string(p, 1);
+ /*
+ * Check the parameter definition is correct.
+ */
- if(!strequal(p, "B516B16")) {
- DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %s\n", p));
- return False;
- }
- p = skip_string(p,1);
+ if(!strequal(param + 2, "zsT")) {
+ DEBUG(0,("api_SamOEMChangePassword: Invalid parameter string %s\n", param + 2));
+ return False;
+ }
+ p = skip_string(p, 1);
- p += pull_ascii_fstring(user,p);
+ if(!strequal(p, "B516B16")) {
+ DEBUG(0,("api_SamOEMChangePassword: Invalid data parameter string %s\n", p));
+ return False;
+ }
+ p = skip_string(p,1);
+ p += pull_ascii_fstring(user,p);
- DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user));
+ DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user));
- /*
- * Pass the user through the NT -> unix user mapping
- * function.
- */
+ /*
+ * Pass the user through the NT -> unix user mapping
+ * function.
+ */
- (void)map_username(user);
+ (void)map_username(user);
- if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL)))
- {
- SSVAL(*rparam,0,NERR_Success);
- }
+ if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar *)&data[516], NULL, NULL))) {
+ SSVAL(*rparam,0,NERR_Success);
+ }
- return(True);
+ return(True);
}
/****************************************************************************