diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 39 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 116 | ||||
-rw-r--r-- | source3/passdb/pdb_compat.c | 104 | ||||
-rw-r--r-- | source3/passdb/pdb_get_set.c | 75 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 91 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 259 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_util.c | 143 |
7 files changed, 461 insertions, 366 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 91fee728ab..f04d6de485 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -168,17 +168,19 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \ $(RPC_PARSE_OBJ1) -LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \ +LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o \ libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \ - libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\ - rpc_client/cli_pipe.o libsmb/cli_spoolss_notify.o + libsmb/cli_dfs.o libsmb/cli_reg.o \ + rpc_client/cli_pipe.o libsmb/cli_spoolss.o libsmb/cli_spoolss_notify.o + +LIBMSRPC_SERVER_OBJ = libsmb/trust_passwd.o LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po) RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \ rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \ rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \ - rpc_server/srv_samr.o rpc_server/srv_samr_nt.o \ + rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_samr_util.o \ rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \ rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \ rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \ @@ -205,7 +207,8 @@ PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ passdb/machine_sid.o passdb/pdb_smbpasswd.o \ passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \ - passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o + passdb/pdb_nisplus.o passdb/pdb_unix.o passdb/util_sam_sid.o \ + passdb/pdb_compat.o GROUPDB_OBJ = groupdb/mapping.o @@ -256,7 +259,8 @@ SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(SECRETS_OBJ) \ $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \ $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \ - $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ) \ + $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) @@ -364,12 +368,12 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \ utils/net_rap.o utils/net_rpc.o \ utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o -NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ - $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ +NET_OBJ = $(NET_OBJ1) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ + $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) - CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) MOUNT_OBJ = client/smbmount.o \ @@ -406,8 +410,8 @@ LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ $(UBIQX_OBJ) $(LIB_OBJ) SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \ - $(LIBMSRPC_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) + $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_GET_SET_OBJ) \ + $(LIBMSRPC_OBJ) TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) @@ -428,13 +432,16 @@ SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \ PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \ $(SMBWRAPPER_OBJ1) $(SMBTORTURE_OBJ1) $(RPCCLIENT_OBJ1) \ - $(LIBMSRPC_OBJ) $(RPC_CLIENT_OBJ) $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \ + $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) $(RPC_CLIENT_OBJ) \ + $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \ $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \ $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \ - $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) $(READLINE_OBJ) \ - $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) + $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \ + $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) + +NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \ + $(LIB_OBJ) $(NSSWINS_OBJ) -NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) $(LIB_OBJ) $(NSSWINS_OBJ) NSS_OBJ = $(NSS_OBJ_0:.o=.po) PICOBJS = $(SMBWRAPPER_OBJ:.o=.po) @@ -473,7 +480,7 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_dual.o WINBINDD_OBJ = \ - $(WINBINDD_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ + $(WINBINDD_OBJ1) $(PASSDB_GET_SET_OBJ) \ $(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ $(PROFILE_OBJ) $(UNIGRP_OBJ) \ diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 88b624cc19..2bf3eccfb7 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -937,122 +937,6 @@ const char *pdb_unistr2_convert(const UNISTR2 *from) } /************************************************************* - Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT - **************************************************************/ - -void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) -{ - - if (from == NULL || to == NULL) - return; - - pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); - pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); - pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); - pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); - pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); - - pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); - - if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); - if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); - if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); - if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); - if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); - if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); - if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); - if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); - if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); - if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); - - if (from->user_rid) - pdb_set_user_sid_from_rid(to, from->user_rid); - if (from->group_rid) - pdb_set_group_sid_from_rid(to, from->group_rid); - - pdb_set_acct_ctrl(to, from->acb_info); - pdb_set_unknown_3(to, from->unknown_3); - - pdb_set_logon_divs(to, from->logon_divs); - pdb_set_hours_len(to, from->logon_hrs.len); - pdb_set_hours(to, from->logon_hrs.hours); - - pdb_set_unknown_5(to, from->unknown_5); - pdb_set_unknown_6(to, from->unknown_6); -} - - -/************************************************************* - Copies a sam passwd. - **************************************************************/ - -void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) -{ - if (from == NULL || to == NULL) - return; - - pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); - pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); - pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); - pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); - pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); - - pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); - - if (from->uni_user_name.buffer) - pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); - if (from->uni_full_name.buffer) - pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); - if (from->uni_home_dir.buffer) - pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); - if (from->uni_dir_drive.buffer) - pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); - if (from->uni_logon_script.buffer) - pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); - if (from->uni_profile_path.buffer) - pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); - if (from->uni_acct_desc.buffer) - pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); - if (from->uni_workstations.buffer) - pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); - if (from->uni_unknown_str.buffer) - pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); - if (from->uni_munged_dial.buffer) - pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); - - if (from->user_rid) - pdb_set_user_sid_from_rid(to, from->user_rid); - if (from->group_rid) - pdb_set_group_sid_from_rid(to, from->group_rid); - - /* FIXME!! Do we need to copy the passwords here as well? - I don't know. Need to figure this out --jerry */ - - /* Passwords dealt with in caller --abartlet */ - - pdb_set_acct_ctrl(to, from->acb_info); - pdb_set_unknown_3(to, from->unknown_3); - - pdb_set_logon_divs(to, from->logon_divs); - pdb_set_hours_len(to, from->logon_hrs.len); - pdb_set_hours(to, from->logon_hrs.hours); - - pdb_set_unknown_5(to, from->unknown_5); - pdb_set_unknown_6(to, from->unknown_6); -} - - -/************************************************************* Change a password entry in the local smbpasswd file. FIXME!! The function needs to be abstracted into the diff --git a/source3/passdb/pdb_compat.c b/source3/passdb/pdb_compat.c new file mode 100644 index 0000000000..713c92e3ac --- /dev/null +++ b/source3/passdb/pdb_compat.c @@ -0,0 +1,104 @@ +/* + Unix SMB/CIFS implementation. + SAM_ACCOUNT access routines + Copyright (C) Jeremy Allison 1996-2001 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Gerald (Jerry) Carter 2000-2001 + Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_PASSDB + +uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) +{ + uint32 u_rid; + + if (sampass) + if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid)) + return u_rid; + + return (0); +} + +uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) +{ + uint32 g_rid; + + if (sampass) + if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid)) + return g_rid; + return (0); +} + +BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) +{ + DOM_SID u_sid; + const DOM_SID *global_sam_sid; + + if (!sampass) + return False; + + if (!(global_sam_sid = get_global_sam_sid())) { + DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); + return False; + } + + sid_copy(&u_sid, global_sam_sid); + + if (!sid_append_rid(&u_sid, rid)) + return False; + + if (!pdb_set_user_sid(sampass, &u_sid)) + return False; + + DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", + sid_string_static(&u_sid),rid)); + + return True; +} + +BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) +{ + DOM_SID g_sid; + const DOM_SID *global_sam_sid; + + if (!sampass) + return False; + + if (!(global_sam_sid = get_global_sam_sid())) { + DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); + return False; + } + + sid_copy(&g_sid, global_sam_sid); + + if (!sid_append_rid(&g_sid, grid)) + return False; + + if (!pdb_set_group_sid(sampass, &g_sid)) + return False; + + DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", + sid_string_static(&g_sid), grid)); + + return True; +} + diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index 37530d0e46..dff4b40f4d 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -172,27 +172,6 @@ const DOM_SID *pdb_get_group_sid(const SAM_ACCOUNT *sampass) return (NULL); } -uint32 pdb_get_user_rid (const SAM_ACCOUNT *sampass) -{ - uint32 u_rid; - - if (sampass) - if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid)) - return u_rid; - - return (0); -} - -uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass) -{ - uint32 g_rid; - - if (sampass) - if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_group_sid(sampass),&g_rid)) - return g_rid; - return (0); -} - /** * Get flags showing what is initalised in the SAM_ACCOUNT * @param sampass the SAM_ACCOUNT in question @@ -577,60 +556,6 @@ BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid) return True; } -BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid) -{ - DOM_SID u_sid; - const DOM_SID *global_sam_sid; - - if (!sampass) - return False; - - if (!(global_sam_sid = get_global_sam_sid())) { - DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); - return False; - } - - sid_copy(&u_sid, global_sam_sid); - - if (!sid_append_rid(&u_sid, rid)) - return False; - - if (!pdb_set_user_sid(sampass, &u_sid)) - return False; - - DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n", - sid_string_static(&u_sid),rid)); - - return True; -} - -BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid) -{ - DOM_SID g_sid; - const DOM_SID *global_sam_sid; - - if (!sampass) - return False; - - if (!(global_sam_sid = get_global_sam_sid())) { - DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); - return False; - } - - sid_copy(&g_sid, global_sam_sid); - - if (!sid_append_rid(&g_sid, grid)) - return False; - - if (!pdb_set_group_sid(sampass, &g_sid)) - return False; - - DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n", - sid_string_static(&g_sid), grid)); - - return True; -} - /********************************************************************* Set the user's UNIX name. ********************************************************************/ diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 34aa75f1d0..137883cc7e 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1440,7 +1440,8 @@ inits a SAM_DISPINFO_1 structure. ********************************************************************/ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_entries, - uint32 start_idx, DISP_USER_INFO *disp_user_info) + uint32 start_idx, DISP_USER_INFO *disp_user_info, + DOM_SID *domain_sid) { uint32 len_sam_name, len_sam_full, len_sam_desc; uint32 i; @@ -1468,6 +1469,9 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en const char *username; const char *fullname; const char *acct_desc; + uint32 user_rid; + const DOM_SID *user_sid; + fstring user_sid_string, domain_sid_string; DEBUG(11, ("init_sam_dispinfo_1: entry: %d\n",i)); @@ -1486,14 +1490,25 @@ NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 num_en if (!acct_desc) acct_desc = ""; + user_sid = pdb_get_user_sid(pwd); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + DEBUG(0, ("init_sam_dispinfo_1: User %s has SID %s, which conflicts with " + "the domain sid %s. Failing operation.\n", + username, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + len_sam_name = strlen(username); len_sam_full = strlen(fullname); len_sam_desc = strlen(acct_desc); init_sam_entry1(&sam->sam[i], start_idx + i + 1, len_sam_name, len_sam_full, len_sam_desc, - pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd)); - + user_rid, pdb_get_acct_ctrl(pwd)); + ZERO_STRUCTP(&sam->str[i].uni_acct_name); ZERO_STRUCTP(&sam->str[i].uni_full_name); ZERO_STRUCTP(&sam->str[i].uni_acct_desc); @@ -1560,7 +1575,8 @@ inits a SAM_DISPINFO_2 structure. ********************************************************************/ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_entries, - uint32 start_idx, DISP_USER_INFO *disp_user_info) + uint32 start_idx, DISP_USER_INFO *disp_user_info, + DOM_SID *domain_sid ) { uint32 len_sam_name, len_sam_desc; uint32 i; @@ -1583,20 +1599,39 @@ NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 num_en ZERO_STRUCTP(sam->str); for (i = 0; i < num_entries; i++) { + uint32 user_rid; + const DOM_SID *user_sid; + const char *username; + const char *acct_desc; + fstring user_sid_string, domain_sid_string; + DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i)); pwd=disp_user_info[i+start_idx].sam; - len_sam_name = strlen(pdb_get_username(pwd)); - len_sam_desc = strlen(pdb_get_acct_desc(pwd)); + username = pdb_get_username(pwd); + acct_desc = pdb_get_acct_desc(pwd); + user_sid = pdb_get_user_sid(pwd); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + DEBUG(0, ("init_sam_dispinfo_2: User %s has SID %s, which conflicts with " + "the domain sid %s. Failing operation.\n", + username, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + len_sam_name = strlen(username); + len_sam_desc = strlen(acct_desc); init_sam_entry2(&sam->sam[i], start_idx + i + 1, len_sam_name, len_sam_desc, - pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd)); + user_rid, pdb_get_acct_ctrl(pwd)); ZERO_STRUCTP(&sam->str[i].uni_srv_name); ZERO_STRUCTP(&sam->str[i].uni_srv_desc); - init_unistr2(&sam->str[i].uni_srv_name, pdb_get_username(pwd), len_sam_name); + init_unistr2(&sam->str[i].uni_srv_name, username, len_sam_name); init_unistr2(&sam->str[i].uni_srv_desc, pdb_get_acct_desc(pwd), len_sam_desc); } @@ -5844,7 +5879,7 @@ void init_sam_user_info21W(SAM_USER_INFO_21 * usr, *************************************************************************/ -void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) +NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw, DOM_SID *domain_sid) { NTTIME logon_time, logoff_time, kickoff_time, pass_last_set_time, pass_can_change_time, @@ -5865,6 +5900,12 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) const char* workstations = pdb_get_workstations(pw); const char* munged_dial = pdb_get_munged_dial(pw); + uint32 user_rid; + const DOM_SID *user_sid; + + uint32 group_rid; + const DOM_SID *group_sid; + len_user_name = user_name != NULL ? strlen(user_name )+1 : 0; len_full_name = full_name != NULL ? strlen(full_name )+1 : 0; len_home_dir = home_dir != NULL ? strlen(home_dir )+1 : 0; @@ -5907,8 +5948,34 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) ZERO_STRUCT(usr->nt_pwd); ZERO_STRUCT(usr->lm_pwd); - usr->user_rid = pdb_get_user_rid(pw); - usr->group_rid = pdb_get_group_rid(pw); + user_sid = pdb_get_user_sid(pw); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + fstring user_sid_string; + fstring domain_sid_string; + DEBUG(0, ("init_sam_user_info_21A: User %s has SID %s, \nwhich conflicts with " + "the domain sid %s. Failing operation.\n", + user_name, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + group_sid = pdb_get_group_sid(pw); + + if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) { + fstring group_sid_string; + fstring domain_sid_string; + DEBUG(0, ("init_sam_user_info_21A: User %s has Primary Group SID %s, \n" + "which conflicts with the domain sid %s. Failing operation.\n", + user_name, + sid_to_string(group_sid_string, group_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + usr->user_rid = user_rid; + usr->group_rid = group_rid; usr->acb_info = pdb_get_acct_ctrl(pw); usr->unknown_3 = pdb_get_unknown3(pw); @@ -5937,6 +6004,8 @@ void init_sam_user_info21A(SAM_USER_INFO_21 *usr, SAM_ACCOUNT *pw) memcpy(&usr->logon_hrs.hours, pdb_get_hours(pw), MAX_HOURS_LEN); } else memset(&usr->logon_hrs, 0xff, sizeof(usr->logon_hrs)); + + return NT_STATUS_OK; } /******************************************************************* diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 9e826436f6..9393917cde 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -126,19 +126,6 @@ static void free_samr_info(void *ptr) Ensure password info is never given out. Paranioa... JRA. ********************************************************************/ -static void samr_clear_passwd_fields( SAM_USER_INFO_21 *pass, int num_entries) -{ - int i; - - if (!pass) - return; - - for (i = 0; i < num_entries; i++) { - memset(&pass[i].lm_pwd, '\0', sizeof(pass[i].lm_pwd)); - memset(&pass[i].nt_pwd, '\0', sizeof(pass[i].nt_pwd)); - } -} - static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass) { @@ -267,103 +254,6 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) /******************************************************************* - This next function should be replaced with something that - dynamically returns the correct user info..... JRA. - ********************************************************************/ - -static NTSTATUS get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx, - int *total_entries, int *num_entries, - int max_num_entries, uint16 acb_mask) -{ - SAM_ACCOUNT *pwd = NULL; - BOOL not_finished = True; - NTSTATUS nt_status; - - (*num_entries) = 0; - (*total_entries) = 0; - - if (pw_buf == NULL) - return NT_STATUS_NO_MEMORY; - - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) { - return nt_status; - } - - if (!pdb_setsampwent(False)) { - DEBUG(0, ("get_sampwd_entries: Unable to open passdb.\n")); - pdb_free_sam(&pwd); - return NT_STATUS_ACCESS_DENIED; - } - - while (((not_finished = pdb_getsampwent(pwd)) != False) - && (*num_entries) < max_num_entries) - { - int user_name_len; - const char *user_name; - - if (start_idx > 0) { - - pdb_free_sam(&pwd); - - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) { - pdb_endsampwent(); - return nt_status; - } - - /* skip the requested number of entries. - not very efficient, but hey... */ - start_idx--; - continue; - } - - user_name = pdb_get_username(pwd); - - if (!user_name) { - DEBUG(2, ("account had NULL username!\n")); - } else if (!(acb_mask == 0 || (pdb_get_acct_ctrl(pwd) & acb_mask))) { - DEBUG(5,(" acb_mask %x rejects\n", acb_mask)); - } else { - DEBUG(5,(" acb_mask %x accepts\n", acb_mask)); - - user_name_len = strlen(user_name)+1; - init_unistr2(&pw_buf[(*num_entries)].uni_user_name, user_name, user_name_len); - init_uni_hdr(&pw_buf[(*num_entries)].hdr_user_name, user_name_len); - pw_buf[(*num_entries)].user_rid = pdb_get_user_rid(pwd); - memset((char *)pw_buf[(*num_entries)].nt_pwd, '\0', 16); - - /* Now check if the NT compatible password is available. */ - if (pdb_get_nt_passwd(pwd)) - memcpy( pw_buf[(*num_entries)].nt_pwd , pdb_get_nt_passwd(pwd), 16); - - pw_buf[(*num_entries)].acb_info = pdb_get_acct_ctrl(pwd); - - DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x", - (*num_entries), pdb_get_username(pwd), pdb_get_user_rid(pwd), pdb_get_acct_ctrl(pwd) )); - - (*num_entries)++; - } - - (*total_entries)++; - - pdb_free_sam(&pwd); - - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&pwd))) { - pdb_endsampwent(); - return nt_status; - } - - } - - pdb_endsampwent(); - pdb_free_sam(&pwd); - - if (not_finished) - return STATUS_MORE_ENTRIES; - else - return NT_STATUS_OK; -} - -/******************************************************************* _samr_close_hnd ********************************************************************/ @@ -526,69 +416,118 @@ NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_ makes a SAM_ENTRY / UNISTR2* structure from a user list. ********************************************************************/ -static void make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp, - uint32 num_sam_entries, SAM_USER_INFO_21 *pass) +static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp, + uint32 num_entries, uint32 start_idx, DISP_USER_INFO *disp_user_info, + DOM_SID *domain_sid) { uint32 i; SAM_ENTRY *sam; UNISTR2 *uni_name; - + SAM_ACCOUNT *pwd = NULL; + UNISTR2 uni_temp_name; + const char *temp_name; + const DOM_SID *user_sid; + uint32 user_rid; + fstring user_sid_string; + fstring domain_sid_string; + *sam_pp = NULL; *uni_name_pp = NULL; - if (num_sam_entries == 0) - return; + if (num_entries == 0) + return NT_STATUS_OK; - sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries); + sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_entries); - uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries); + uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_entries); if (sam == NULL || uni_name == NULL) { - DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); - return; + DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n")); + return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(sam); - ZERO_STRUCTP(uni_name); - - for (i = 0; i < num_sam_entries; i++) { - int len = pass[i].uni_user_name.uni_str_len; + for (i = 0; i < num_entries; i++) { + int len = uni_temp_name.uni_str_len; + + pwd = disp_user_info[i+start_idx].sam; + temp_name = pdb_get_username(pwd); + init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1); + user_sid = pdb_get_user_sid(pwd); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + DEBUG(0, ("make_user_sam_entry_list: User %s has SID %s, which conflicts with " + "the domain sid %s. Failing operation.\n", + temp_name, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } - init_sam_entry(&sam[i], len, pass[i].user_rid); - copy_unistr2(&uni_name[i], &pass[i].uni_user_name); + init_sam_entry(&sam[i], len, user_rid); + copy_unistr2(&uni_name[i], &uni_temp_name); } *sam_pp = sam; *uni_name_pp = uni_name; + return NT_STATUS_OK; } /******************************************************************* samr_reply_enum_dom_users ********************************************************************/ -NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_R_ENUM_DOM_USERS *r_u) +NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, + SAMR_R_ENUM_DOM_USERS *r_u) { - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]; - int num_entries = 0; - int total_entries = 0; + struct samr_info *info = NULL; + uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */ + int num_account; + uint32 enum_context=q_u->start_idx; + uint32 max_size=q_u->max_size; + uint32 temp_size; + enum remote_arch_types ra_type = get_remote_arch(); + int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + uint32 max_entries = max_sam_entries; + DOM_SID domain_sid; r_u->status = NT_STATUS_OK; /* find the policy handle. open a policy on it. */ - if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &domain_sid)) return NT_STATUS_INVALID_HANDLE; DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); become_root(); - r_u->status = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries, - MAX_SAM_ENTRIES, q_u->acb_mask); + r_u->status=load_sampwd_entries(info, q_u->acb_mask); unbecome_root(); - - if (NT_STATUS_IS_ERR(r_u->status)) + + if (!NT_STATUS_IS_OK(r_u->status)) return r_u->status; - samr_clear_passwd_fields(pass, num_entries); + num_account = info->disp_info.num_user_account; + + if (enum_context > num_account) { + DEBUG(5, ("_samr_enum_dom_users: enumeration handle over total entries\n")); + return NT_STATUS_OK; + } + + /* verify we won't overflow */ + if (max_entries > num_account-enum_context) { + max_entries = num_account-enum_context; + DEBUG(5, ("_samr_enum_dom_users: only %d entries to return\n", max_entries)); + } + + /* calculate the size and limit on the number of entries we will return */ + temp_size=max_entries*struct_size; + + if (temp_size>max_size) { + max_entries=MIN((max_size/struct_size),max_entries);; + DEBUG(5, ("_samr_enum_dom_users: buffer size limits to only %d entries\n", max_entries)); + } /* * Note from JRA. total_entries is not being used here. Currently if there is a @@ -603,9 +542,20 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_ * value (again I think this is wrong). */ - make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name, num_entries, pass); + r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name, + max_entries, enum_context, + info->disp_info.disp_user_info, + &domain_sid); + + if (!NT_STATUS_IS_OK(r_u->status)) + return r_u->status; + + if (enum_context+max_entries < num_account) + r_u->status = STATUS_MORE_ENTRIES; + + DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__)); - init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_entries, num_entries); + init_samr_r_enum_dom_users(r_u, q_u->start_idx + max_entries, max_entries); DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); @@ -891,7 +841,8 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S /******************************************************************* samr_reply_query_dispinfo ********************************************************************/ -NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_QUERY_DISPINFO *r_u) +NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, + SAMR_R_QUERY_DISPINFO *r_u) { struct samr_info *info = NULL; uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */ @@ -906,9 +857,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ NTSTATUS disp_ret; uint32 num_account = 0; enum remote_arch_types ra_type = get_remote_arch(); - int max_sam_entries; - - max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + DOM_SID domain_sid; DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__)); r_u->status = NT_STATUS_OK; @@ -917,6 +867,9 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; + if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &domain_sid)) + return NT_STATUS_INVALID_HANDLE; + /* * calculate how many entries we will return. * based on @@ -1015,7 +968,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_1)))) return NT_STATUS_NO_MEMORY; } - disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, info->disp_info.disp_user_info); + disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, + info->disp_info.disp_user_info, &domain_sid); if (!NT_STATUS_IS_OK(disp_ret)) return disp_ret; break; @@ -1024,7 +978,8 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_ if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_2)))) return NT_STATUS_NO_MEMORY; } - disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, info->disp_info.disp_user_info); + disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, + info->disp_info.disp_user_info, &domain_sid); if (!NT_STATUS_IS_OK(disp_ret)) return disp_ret; break; @@ -1582,7 +1537,8 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DO get_user_info_21 *************************************************************************/ -static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, DOM_SID *user_sid) +static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, + DOM_SID *user_sid, DOM_SID *domain_sid) { SAM_ACCOUNT *sampass=NULL; BOOL ret; @@ -1607,7 +1563,7 @@ static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, DO DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); ZERO_STRUCTP(id21); - init_sam_user_info21A(id21, sampass); + nt_status = init_sam_user_info21A(id21, sampass, domain_sid); pdb_free_sam(&sampass); @@ -1622,13 +1578,19 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ { SAM_USERINFO_CTR *ctr; struct samr_info *info = NULL; - + DOM_SID domain_sid; + uint32 rid; + r_u->status=NT_STATUS_OK; /* search for the handle */ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; + domain_sid = info->sid; + + sid_split_rid(&domain_sid, &rid); + if (!sid_check_is_in_our_domain(&info->sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; @@ -1700,7 +1662,8 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_ ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21)); if (ctr->info.id21 == NULL) return NT_STATUS_NO_MEMORY; - if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, &info->sid))) + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, + &info->sid, &domain_sid))) return r_u->status; break; diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c new file mode 100644 index 0000000000..7a5b1e5f46 --- /dev/null +++ b/source3/rpc_server/srv_samr_util.c @@ -0,0 +1,143 @@ +/* + Unix SMB/CIFS implementation. + SAMR Pipe utility functions. + Copyright (C) Jeremy Allison 1996-2001 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Gerald (Jerry) Carter 2000-2001 + Copyright (C) Andrew Bartlett 2001-2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/************************************************************* + Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT + **************************************************************/ + +void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) +{ + + if (from == NULL || to == NULL) + return; + + pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); + pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); + pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); + pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); + pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); + + pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); + + if (from->uni_user_name.buffer) + pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); + if (from->uni_full_name.buffer) + pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); + if (from->uni_home_dir.buffer) + pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); + if (from->uni_dir_drive.buffer) + pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); + if (from->uni_logon_script.buffer) + pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); + if (from->uni_profile_path.buffer) + pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); + if (from->uni_acct_desc.buffer) + pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); + if (from->uni_workstations.buffer) + pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); + if (from->uni_unknown_str.buffer) + pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); + if (from->uni_munged_dial.buffer) + pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); + + if (from->user_rid) + pdb_set_user_sid_from_rid(to, from->user_rid); + if (from->group_rid) + pdb_set_group_sid_from_rid(to, from->group_rid); + + pdb_set_acct_ctrl(to, from->acb_info); + pdb_set_unknown_3(to, from->unknown_3); + + pdb_set_logon_divs(to, from->logon_divs); + pdb_set_hours_len(to, from->logon_hrs.len); + pdb_set_hours(to, from->logon_hrs.hours); + + pdb_set_unknown_5(to, from->unknown_5); + pdb_set_unknown_6(to, from->unknown_6); +} + + +/************************************************************* + Copies a sam passwd. + **************************************************************/ + +void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) +{ + if (from == NULL || to == NULL) + return; + + pdb_set_logon_time(to,nt_time_to_unix(&from->logon_time), True); + pdb_set_logoff_time(to,nt_time_to_unix(&from->logoff_time), True); + pdb_set_kickoff_time(to, nt_time_to_unix(&from->kickoff_time), True); + pdb_set_pass_can_change_time(to, nt_time_to_unix(&from->pass_can_change_time), True); + pdb_set_pass_must_change_time(to, nt_time_to_unix(&from->pass_must_change_time), True); + + pdb_set_pass_last_set_time(to, nt_time_to_unix(&from->pass_last_set_time)); + + if (from->uni_user_name.buffer) + pdb_set_username(to , pdb_unistr2_convert(&from->uni_user_name )); + if (from->uni_full_name.buffer) + pdb_set_fullname(to , pdb_unistr2_convert(&from->uni_full_name )); + if (from->uni_home_dir.buffer) + pdb_set_homedir(to , pdb_unistr2_convert(&from->uni_home_dir ), True); + if (from->uni_dir_drive.buffer) + pdb_set_dir_drive(to , pdb_unistr2_convert(&from->uni_dir_drive ), True); + if (from->uni_logon_script.buffer) + pdb_set_logon_script(to , pdb_unistr2_convert(&from->uni_logon_script), True); + if (from->uni_profile_path.buffer) + pdb_set_profile_path(to , pdb_unistr2_convert(&from->uni_profile_path), True); + if (from->uni_acct_desc.buffer) + pdb_set_acct_desc(to , pdb_unistr2_convert(&from->uni_acct_desc )); + if (from->uni_workstations.buffer) + pdb_set_workstations(to , pdb_unistr2_convert(&from->uni_workstations)); + if (from->uni_unknown_str.buffer) + pdb_set_unknown_str(to , pdb_unistr2_convert(&from->uni_unknown_str )); + if (from->uni_munged_dial.buffer) + pdb_set_munged_dial(to , pdb_unistr2_convert(&from->uni_munged_dial )); + + if (from->user_rid) + pdb_set_user_sid_from_rid(to, from->user_rid); + if (from->group_rid) + pdb_set_group_sid_from_rid(to, from->group_rid); + + /* FIXME!! Do we need to copy the passwords here as well? + I don't know. Need to figure this out --jerry */ + + /* Passwords dealt with in caller --abartlet */ + + pdb_set_acct_ctrl(to, from->acb_info); + pdb_set_unknown_3(to, from->unknown_3); + + pdb_set_logon_divs(to, from->logon_divs); + pdb_set_hours_len(to, from->logon_hrs.len); + pdb_set_hours(to, from->logon_hrs.hours); + + pdb_set_unknown_5(to, from->unknown_5); + pdb_set_unknown_6(to, from->unknown_6); +} + |