diff options
Diffstat (limited to 'source4/rpc_server')
| -rw-r--r-- | source4/rpc_server/.cvsignore | 0 | ||||
| -rw-r--r-- | source4/rpc_server/srv_dfs.c | 177 | ||||
| -rw-r--r-- | source4/rpc_server/srv_dfs_nt.c | 371 | ||||
| -rw-r--r-- | source4/rpc_server/srv_lsa.c | 810 | ||||
| -rw-r--r-- | source4/rpc_server/srv_lsa_hnd.c | 265 | ||||
| -rw-r--r-- | source4/rpc_server/srv_lsa_nt.c | 1399 | ||||
| -rw-r--r-- | source4/rpc_server/srv_netlog.c | 345 | ||||
| -rw-r--r-- | source4/rpc_server/srv_netlog_nt.c | 743 | ||||
| -rw-r--r-- | source4/rpc_server/srv_pipe.c | 1386 | ||||
| -rw-r--r-- | source4/rpc_server/srv_pipe_hnd.c | 1156 | ||||
| -rw-r--r-- | source4/rpc_server/srv_reg.c | 400 | ||||
| -rw-r--r-- | source4/rpc_server/srv_reg_nt.c | 664 | ||||
| -rw-r--r-- | source4/rpc_server/srv_samr.c | 1510 | ||||
| -rw-r--r-- | source4/rpc_server/srv_samr_nt.c | 4432 | ||||
| -rw-r--r-- | source4/rpc_server/srv_samr_util.c | 437 | ||||
| -rwxr-xr-x | source4/rpc_server/srv_spoolss.c | 1649 | ||||
| -rw-r--r-- | source4/rpc_server/srv_spoolss_nt.c | 9079 | ||||
| -rw-r--r-- | source4/rpc_server/srv_srvsvc.c | 557 | ||||
| -rw-r--r-- | source4/rpc_server/srv_srvsvc_nt.c | 2138 | ||||
| -rw-r--r-- | source4/rpc_server/srv_util.c | 546 | ||||
| -rw-r--r-- | source4/rpc_server/srv_wkssvc.c | 75 | ||||
| -rw-r--r-- | source4/rpc_server/srv_wkssvc_nt.c | 79 |
22 files changed, 28218 insertions, 0 deletions
diff --git a/source4/rpc_server/.cvsignore b/source4/rpc_server/.cvsignore new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/source4/rpc_server/.cvsignore diff --git a/source4/rpc_server/srv_dfs.c b/source4/rpc_server/srv_dfs.c new file mode 100644 index 0000000000..14c1cb4088 --- /dev/null +++ b/source4/rpc_server/srv_dfs.c @@ -0,0 +1,177 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines for Dfs + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Shirish Kalele 2000, + * Copyright (C) Jeremy Allison 2001, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface to the dfs pipe. */ + +#include "includes.h" +#include "nterr.h" + +#define MAX_MSDFS_JUNCTIONS 256 + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/********************************************************************** + api_dfs_exist + **********************************************************************/ + +static BOOL api_dfs_exist(pipes_struct *p) +{ + DFS_Q_DFS_EXIST q_u; + DFS_R_DFS_EXIST r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + if(!dfs_io_q_dfs_exist("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_exist(p, &q_u, &r_u); + + if (!dfs_io_r_dfs_exist("", &r_u, rdata, 0)) + return False; + + return True; +} + +/***************************************************************** + api_dfs_add + *****************************************************************/ + +static BOOL api_dfs_add(pipes_struct *p) +{ + DFS_Q_DFS_ADD q_u; + DFS_R_DFS_ADD r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!dfs_io_q_dfs_add("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_add(p, &q_u, &r_u); + + if (!dfs_io_r_dfs_add("", &r_u, rdata, 0)) + return False; + + return True; +} + +/***************************************************************** + api_dfs_remove + *****************************************************************/ + +static BOOL api_dfs_remove(pipes_struct *p) +{ + DFS_Q_DFS_REMOVE q_u; + DFS_R_DFS_REMOVE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!dfs_io_q_dfs_remove("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_remove(p, &q_u, &r_u); + + if (!dfs_io_r_dfs_remove("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_dfs_get_info + *******************************************************************/ + +static BOOL api_dfs_get_info(pipes_struct *p) +{ + DFS_Q_DFS_GET_INFO q_u; + DFS_R_DFS_GET_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!dfs_io_q_dfs_get_info("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_get_info(p, &q_u, &r_u); + + if(!dfs_io_r_dfs_get_info("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_dfs_enum + *******************************************************************/ + +static BOOL api_dfs_enum(pipes_struct *p) +{ + DFS_Q_DFS_ENUM q_u; + DFS_R_DFS_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!dfs_io_q_dfs_enum("", &q_u, data, 0)) + return False; + + r_u.status = _dfs_enum(p, &q_u, &r_u); + + if(!dfs_io_r_dfs_enum("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* +\pipe\netdfs commands +********************************************************************/ + +#ifdef RPC_DFS_DYNAMIC +int init_module(void) +#else +int rpc_dfs_init(void) +#endif +{ + struct api_struct api_netdfs_cmds[] = + { + {"DFS_EXIST", DFS_EXIST, api_dfs_exist }, + {"DFS_ADD", DFS_ADD, api_dfs_add }, + {"DFS_REMOVE", DFS_REMOVE, api_dfs_remove }, + {"DFS_GET_INFO", DFS_GET_INFO, api_dfs_get_info }, + {"DFS_ENUM", DFS_ENUM, api_dfs_enum } + }; + return rpc_pipe_register_commands("netdfs", "netdfs", api_netdfs_cmds, + sizeof(api_netdfs_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_dfs_nt.c b/source4/rpc_server/srv_dfs_nt.c new file mode 100644 index 0000000000..bb9ed87a48 --- /dev/null +++ b/source4/rpc_server/srv_dfs_nt.c @@ -0,0 +1,371 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines for Dfs + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Shirish Kalele 2000. + * Copyright (C) Jeremy Allison 2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the implementation of the dfs pipe. */ + +#include "includes.h" +#include "nterr.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +#define MAX_MSDFS_JUNCTIONS 256 + +/* This function does not return a WERROR or NTSTATUS code but rather 1 if + dfs exists, or 0 otherwise. */ + +uint32 _dfs_exist(pipes_struct *p, DFS_Q_DFS_EXIST *q_u, DFS_R_DFS_EXIST *r_u) +{ + if(lp_host_msdfs()) + return 1; + else + return 0; +} + +WERROR _dfs_add(pipes_struct *p, DFS_Q_DFS_ADD* q_u, DFS_R_DFS_ADD *r_u) +{ + struct current_user user; + struct junction_map jn; + struct referral* old_referral_list = NULL; + BOOL exists = False; + + pstring dfspath, servername, sharename; + pstring altpath; + + get_current_user(&user,p); + + if (user.uid != 0) { + DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); + return WERR_ACCESS_DENIED; + } + + unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1); + unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1); + unistr2_to_ascii(sharename, &q_u->ShareName, sizeof(sharename)-1); + + DEBUG(5,("init_reply_dfs_add: Request to add %s -> %s\\%s.\n", + dfspath, servername, sharename)); + + pstrcpy(altpath, servername); + pstrcat(altpath, "\\"); + pstrcat(altpath, sharename); + + if(get_referred_path(dfspath, &jn, NULL, NULL)) + { + exists = True; + jn.referral_count += 1; + old_referral_list = jn.referral_list; + } + else + jn.referral_count = 1; + + jn.referral_list = (struct referral*) talloc(p->mem_ctx, jn.referral_count + * sizeof(struct referral)); + + if(jn.referral_list == NULL) + { + DEBUG(0,("init_reply_dfs_add: talloc failed for referral list!\n")); + return WERR_DFS_INTERNAL_ERROR; + } + + if(old_referral_list) + { + memcpy(jn.referral_list, old_referral_list, + sizeof(struct referral)*jn.referral_count-1); + SAFE_FREE(old_referral_list); + } + + jn.referral_list[jn.referral_count-1].proximity = 0; + jn.referral_list[jn.referral_count-1].ttl = REFERRAL_TTL; + + pstrcpy(jn.referral_list[jn.referral_count-1].alternate_path, altpath); + + if(!create_msdfs_link(&jn, exists)) + return WERR_DFS_CANT_CREATE_JUNCT; + + return WERR_OK; +} + +WERROR _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, + DFS_R_DFS_REMOVE *r_u) +{ + struct current_user user; + struct junction_map jn; + BOOL found = False; + + pstring dfspath, servername, sharename; + pstring altpath; + + get_current_user(&user,p); + + if (user.uid != 0) { + DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); + return WERR_ACCESS_DENIED; + } + + unistr2_to_ascii(dfspath, &q_u->DfsEntryPath, sizeof(dfspath)-1); + if(q_u->ptr_ServerName) + unistr2_to_ascii(servername, &q_u->ServerName, sizeof(servername)-1); + + if(q_u->ptr_ShareName) + unistr2_to_ascii(sharename, &q_u->ShareName, sizeof(sharename)-1); + + if(q_u->ptr_ServerName && q_u->ptr_ShareName) + { + pstrcpy(altpath, servername); + pstrcat(altpath, "\\"); + pstrcat(altpath, sharename); + strlower(altpath); + } + + DEBUG(5,("init_reply_dfs_remove: Request to remove %s -> %s\\%s.\n", + dfspath, servername, sharename)); + + if(!get_referred_path(dfspath, &jn, NULL, NULL)) + return WERR_DFS_NO_SUCH_VOL; + + /* if no server-share pair given, remove the msdfs link completely */ + if(!q_u->ptr_ServerName && !q_u->ptr_ShareName) + { + if(!remove_msdfs_link(&jn)) + return WERR_DFS_NO_SUCH_VOL; + } + else + { + int i=0; + /* compare each referral in the list with the one to remove */ + DEBUG(10,("altpath: .%s. refcnt: %d\n", altpath, jn.referral_count)); + for(i=0;i<jn.referral_count;i++) + { + pstring refpath; + pstrcpy(refpath,jn.referral_list[i].alternate_path); + trim_string(refpath, "\\", "\\"); + DEBUG(10,("_dfs_remove: refpath: .%s.\n", refpath)); + if(strequal(refpath, altpath)) + { + *(jn.referral_list[i].alternate_path)='\0'; + DEBUG(10,("_dfs_remove: Removal request matches referral %s\n", + refpath)); + found = True; + } + } + if(!found) + return WERR_DFS_NO_SUCH_SHARE; + + /* Only one referral, remove it */ + if(jn.referral_count == 1) + { + if(!remove_msdfs_link(&jn)) + return WERR_DFS_NO_SUCH_VOL; + } + else + { + if(!create_msdfs_link(&jn, True)) + return WERR_DFS_CANT_CREATE_JUNCT; + } + } + + return WERR_OK; +} + +static BOOL init_reply_dfs_info_1(struct junction_map* j, DFS_INFO_1* dfs1, int num_j) +{ + int i=0; + for(i=0;i<num_j;i++) + { + pstring str; + dfs1[i].ptr_entrypath = 1; + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", lp_netbios_name(), + j[i].service_name, j[i].volume_name); + DEBUG(5,("init_reply_dfs_info_1: %d) initing entrypath: %s\n",i,str)); + init_unistr2(&dfs1[i].entrypath,str,strlen(str)+1); + } + return True; +} + +static BOOL init_reply_dfs_info_2(struct junction_map* j, DFS_INFO_2* dfs2, int num_j) +{ + int i=0; + for(i=0;i<num_j;i++) + { + pstring str; + dfs2[i].ptr_entrypath = 1; + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", lp_netbios_name(), + j[i].service_name, j[i].volume_name); + init_unistr2(&dfs2[i].entrypath, str, strlen(str)+1); + dfs2[i].ptr_comment = 0; + dfs2[i].state = 1; /* set up state of dfs junction as OK */ + dfs2[i].num_storages = j[i].referral_count; + } + return True; +} + +static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, DFS_INFO_3* dfs3, int num_j) +{ + int i=0,ii=0; + for(i=0;i<num_j;i++) + { + pstring str; + dfs3[i].ptr_entrypath = 1; + if (j[i].volume_name[0] == '\0') + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s", + lp_netbios_name(), j[i].service_name); + else + slprintf(str, sizeof(pstring)-1, "\\\\%s\\%s\\%s", lp_netbios_name(), + j[i].service_name, j[i].volume_name); + + init_unistr2(&dfs3[i].entrypath, str, strlen(str)+1); + dfs3[i].ptr_comment = 1; + init_unistr2(&dfs3[i].comment, "", 1); + dfs3[i].state = 1; + dfs3[i].num_storages = dfs3[i].num_storage_infos = j[i].referral_count; + dfs3[i].ptr_storages = 1; + + /* also enumerate the storages */ + dfs3[i].storages = (DFS_STORAGE_INFO*) talloc(ctx, j[i].referral_count * + sizeof(DFS_STORAGE_INFO)); + if (!dfs3[i].storages) + return False; + + memset(dfs3[i].storages, '\0', j[i].referral_count * sizeof(DFS_STORAGE_INFO)); + + for(ii=0;ii<j[i].referral_count;ii++) + { + char* p; + pstring path; + DFS_STORAGE_INFO* stor = &(dfs3[i].storages[ii]); + struct referral* ref = &(j[i].referral_list[ii]); + + pstrcpy(path, ref->alternate_path); + trim_string(path,"\\",""); + p = strrchr_m(path,'\\'); + if(p==NULL) + { + DEBUG(4,("init_reply_dfs_info_3: invalid path: no \\ found in %s\n",path)); + continue; + } + *p = '\0'; + DEBUG(5,("storage %d: %s.%s\n",ii,path,p+1)); + stor->state = 2; /* set all storages as ONLINE */ + init_unistr2(&stor->servername, path, strlen(path)+1); + init_unistr2(&stor->sharename, p+1, strlen(p+1)+1); + stor->ptr_servername = stor->ptr_sharename = 1; + } + } + return True; +} + +static WERROR init_reply_dfs_ctr(TALLOC_CTX *ctx, uint32 level, + DFS_INFO_CTR* ctr, struct junction_map* jn, + int num_jn) +{ + /* do the levels */ + switch(level) + { + case 1: + { + DFS_INFO_1* dfs1; + dfs1 = (DFS_INFO_1*) talloc(ctx, num_jn * sizeof(DFS_INFO_1)); + if (!dfs1) + return WERR_NOMEM; + init_reply_dfs_info_1(jn, dfs1, num_jn); + ctr->dfs.info1 = dfs1; + break; + } + case 2: + { + DFS_INFO_2* dfs2; + dfs2 = (DFS_INFO_2*) talloc(ctx, num_jn * sizeof(DFS_INFO_2)); + if (!dfs2) + return WERR_NOMEM; + init_reply_dfs_info_2(jn, dfs2, num_jn); + ctr->dfs.info2 = dfs2; + break; + } + case 3: + { + DFS_INFO_3* dfs3; + dfs3 = (DFS_INFO_3*) talloc(ctx, num_jn * sizeof(DFS_INFO_3)); + if (!dfs3) + return WERR_NOMEM; + init_reply_dfs_info_3(ctx, jn, dfs3, num_jn); + ctr->dfs.info3 = dfs3; + break; + } + default: + return WERR_INVALID_PARAM; + } + return WERR_OK; +} + +WERROR _dfs_enum(pipes_struct *p, DFS_Q_DFS_ENUM *q_u, DFS_R_DFS_ENUM *r_u) +{ + uint32 level = q_u->level; + struct junction_map jn[MAX_MSDFS_JUNCTIONS]; + int num_jn = 0; + + num_jn = enum_msdfs_links(jn); + + DEBUG(5,("make_reply_dfs_enum: %d junctions found in Dfs, doing level %d\n", num_jn, level)); + + r_u->ptr_buffer = level; + r_u->level = r_u->level2 = level; + r_u->ptr_num_entries = r_u->ptr_num_entries2 = 1; + r_u->num_entries = r_u->num_entries2 = num_jn; + r_u->reshnd.ptr_hnd = 1; + r_u->reshnd.handle = num_jn; + + r_u->ctr = (DFS_INFO_CTR*)talloc(p->mem_ctx, sizeof(DFS_INFO_CTR)); + if (!r_u->ctr) + return WERR_NOMEM; + ZERO_STRUCTP(r_u->ctr); + r_u->ctr->switch_value = level; + r_u->ctr->num_entries = num_jn; + r_u->ctr->ptr_dfs_ctr = 1; + + r_u->status = init_reply_dfs_ctr(p->mem_ctx, level, r_u->ctr, jn, num_jn); + + return r_u->status; +} + +WERROR _dfs_get_info(pipes_struct *p, DFS_Q_DFS_GET_INFO *q_u, + DFS_R_DFS_GET_INFO *r_u) +{ + UNISTR2* uni_path = &q_u->uni_path; + uint32 level = q_u->level; + pstring path; + struct junction_map jn; + + unistr2_to_ascii(path, uni_path, sizeof(path)-1); + if(!create_junction(path, &jn)) + return WERR_DFS_NO_SUCH_SERVER; + + if(!get_referred_path(path, &jn, NULL, NULL)) + return WERR_DFS_NO_SUCH_VOL; + + r_u->level = level; + r_u->ptr_ctr = 1; + r_u->status = init_reply_dfs_ctr(p->mem_ctx, level, &r_u->ctr, &jn, 1); + + return r_u->status; +} diff --git a/source4/rpc_server/srv_lsa.c b/source4/rpc_server/srv_lsa.c new file mode 100644 index 0000000000..0e4039326b --- /dev/null +++ b/source4/rpc_server/srv_lsa.c @@ -0,0 +1,810 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Jeremy Allison 2001, + * Copyright (C) Jim McDonough 2002, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface to the lsa server code. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/*************************************************************************** + api_lsa_open_policy2 + ***************************************************************************/ + +static BOOL api_lsa_open_policy2(pipes_struct *p) +{ + LSA_Q_OPEN_POL2 q_u; + LSA_R_OPEN_POL2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the server, object attributes and desired access flag...*/ + if(!lsa_io_q_open_pol2("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n")); + return False; + } + + r_u.status = _lsa_open_policy2(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_open_pol2("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n")); + return False; + } + + return True; +} + +/*************************************************************************** +api_lsa_open_policy + ***************************************************************************/ + +static BOOL api_lsa_open_policy(pipes_struct *p) +{ + LSA_Q_OPEN_POL q_u; + LSA_R_OPEN_POL r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the server, object attributes and desired access flag...*/ + if(!lsa_io_q_open_pol("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n")); + return False; + } + + r_u.status = _lsa_open_policy(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_open_pol("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_open_policy: unable to marshall LSA_R_OPEN_POL.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_enum_trust_dom + ***************************************************************************/ + +static BOOL api_lsa_enum_trust_dom(pipes_struct *p) +{ + LSA_Q_ENUM_TRUST_DOM q_u; + LSA_R_ENUM_TRUST_DOM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the enum trust domain context etc. */ + if(!lsa_io_q_enum_trust_dom("", &q_u, data, 0)) + return False; + + /* get required trusted domains information */ + r_u.status = _lsa_enum_trust_dom(p, &q_u, &r_u); + + /* prepare the response */ + if(!lsa_io_r_enum_trust_dom("", &r_u, rdata, 0)) + return False; + + return True; +} + +/*************************************************************************** + api_lsa_query_info + ***************************************************************************/ + +static BOOL api_lsa_query_info(pipes_struct *p) +{ + LSA_Q_QUERY_INFO q_u; + LSA_R_QUERY_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the info class and policy handle */ + if(!lsa_io_q_query("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n")); + return False; + } + + r_u.status = _lsa_query_info(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_query("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_query_info: failed to marshall LSA_R_QUERY_INFO.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_lookup_sids + ***************************************************************************/ + +static BOOL api_lsa_lookup_sids(pipes_struct *p) +{ + LSA_Q_LOOKUP_SIDS q_u; + LSA_R_LOOKUP_SIDS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the info class and policy handle */ + if(!lsa_io_q_lookup_sids("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n")); + return False; + } + + r_u.status = _lsa_lookup_sids(p, &q_u, &r_u); + + if(!lsa_io_r_lookup_sids("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_lookup_names + ***************************************************************************/ + +static BOOL api_lsa_lookup_names(pipes_struct *p) +{ + LSA_Q_LOOKUP_NAMES q_u; + LSA_R_LOOKUP_NAMES r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the info class and policy handle */ + if(!lsa_io_q_lookup_names("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n")); + return False; + } + + r_u.status = _lsa_lookup_names(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_lookup_names("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_close. + ***************************************************************************/ + +static BOOL api_lsa_close(pipes_struct *p) +{ + LSA_Q_CLOSE q_u; + LSA_R_CLOSE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!lsa_io_q_close("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_close: lsa_io_q_close failed.\n")); + return False; + } + + r_u.status = _lsa_close(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if (!lsa_io_r_close("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_close: lsa_io_r_close failed.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_open_secret. + ***************************************************************************/ + +static BOOL api_lsa_open_secret(pipes_struct *p) +{ + LSA_Q_OPEN_SECRET q_u; + LSA_R_OPEN_SECRET r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_open_secret("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_open_secret: failed to unmarshall LSA_Q_OPEN_SECRET.\n")); + return False; + } + + r_u.status = _lsa_open_secret(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_open_secret("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_open_secret: Failed to marshall LSA_R_OPEN_SECRET.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_open_secret. + ***************************************************************************/ + +static BOOL api_lsa_enum_privs(pipes_struct *p) +{ + LSA_Q_ENUM_PRIVS q_u; + LSA_R_ENUM_PRIVS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_privs("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_enum_privs: failed to unmarshall LSA_Q_ENUM_PRIVS.\n")); + return False; + } + + r_u.status = _lsa_enum_privs(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_privs("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_enum_privs: Failed to marshall LSA_R_ENUM_PRIVS.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_open_secret. + ***************************************************************************/ + +static BOOL api_lsa_priv_get_dispname(pipes_struct *p) +{ + LSA_Q_PRIV_GET_DISPNAME q_u; + LSA_R_PRIV_GET_DISPNAME r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_priv_get_dispname("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_priv_get_dispname: failed to unmarshall LSA_Q_PRIV_GET_DISPNAME.\n")); + return False; + } + + r_u.status = _lsa_priv_get_dispname(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_priv_get_dispname("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_priv_get_dispname: Failed to marshall LSA_R_PRIV_GET_DISPNAME.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_open_secret. + ***************************************************************************/ + +static BOOL api_lsa_enum_accounts(pipes_struct *p) +{ + LSA_Q_ENUM_ACCOUNTS q_u; + LSA_R_ENUM_ACCOUNTS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_accounts("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_enum_accounts: failed to unmarshall LSA_Q_ENUM_ACCOUNTS.\n")); + return False; + } + + r_u.status = _lsa_enum_accounts(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_accounts("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_enum_accounts: Failed to marshall LSA_R_ENUM_ACCOUNTS.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_UNK_GET_CONNUSER + ***************************************************************************/ + +static BOOL api_lsa_unk_get_connuser(pipes_struct *p) +{ + LSA_Q_UNK_GET_CONNUSER q_u; + LSA_R_UNK_GET_CONNUSER r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_unk_get_connuser("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_unk_get_connuser: failed to unmarshall LSA_Q_UNK_GET_CONNUSER.\n")); + return False; + } + + r_u.status = _lsa_unk_get_connuser(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_unk_get_connuser("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_unk_get_connuser: Failed to marshall LSA_R_UNK_GET_CONNUSER.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_open_user + ***************************************************************************/ + +static BOOL api_lsa_open_account(pipes_struct *p) +{ + LSA_Q_OPENACCOUNT q_u; + LSA_R_OPENACCOUNT r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_open_account("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_open_account: failed to unmarshall LSA_Q_OPENACCOUNT.\n")); + return False; + } + + r_u.status = _lsa_open_account(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_open_account("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_open_account: Failed to marshall LSA_R_OPENACCOUNT.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_get_privs + ***************************************************************************/ + +static BOOL api_lsa_enum_privsaccount(pipes_struct *p) +{ + LSA_Q_ENUMPRIVSACCOUNT q_u; + LSA_R_ENUMPRIVSACCOUNT r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_privsaccount("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_enum_privsaccount: failed to unmarshall LSA_Q_ENUMPRIVSACCOUNT.\n")); + return False; + } + + r_u.status = _lsa_enum_privsaccount(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_privsaccount("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_enum_privsaccount: Failed to marshall LSA_R_ENUMPRIVSACCOUNT.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_getsystemaccount + ***************************************************************************/ + +static BOOL api_lsa_getsystemaccount(pipes_struct *p) +{ + LSA_Q_GETSYSTEMACCOUNT q_u; + LSA_R_GETSYSTEMACCOUNT r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_getsystemaccount("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_getsystemaccount: failed to unmarshall LSA_Q_GETSYSTEMACCOUNT.\n")); + return False; + } + + r_u.status = _lsa_getsystemaccount(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_getsystemaccount("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_getsystemaccount: Failed to marshall LSA_R_GETSYSTEMACCOUNT.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_setsystemaccount + ***************************************************************************/ + +static BOOL api_lsa_setsystemaccount(pipes_struct *p) +{ + LSA_Q_SETSYSTEMACCOUNT q_u; + LSA_R_SETSYSTEMACCOUNT r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_setsystemaccount("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_setsystemaccount: failed to unmarshall LSA_Q_SETSYSTEMACCOUNT.\n")); + return False; + } + + r_u.status = _lsa_setsystemaccount(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_setsystemaccount("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_setsystemaccount: Failed to marshall LSA_R_SETSYSTEMACCOUNT.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_addprivs + ***************************************************************************/ + +static BOOL api_lsa_addprivs(pipes_struct *p) +{ + LSA_Q_ADDPRIVS q_u; + LSA_R_ADDPRIVS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_addprivs("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_addprivs: failed to unmarshall LSA_Q_ADDPRIVS.\n")); + return False; + } + + r_u.status = _lsa_addprivs(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_addprivs("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_addprivs: Failed to marshall LSA_R_ADDPRIVS.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_removeprivs + ***************************************************************************/ + +static BOOL api_lsa_removeprivs(pipes_struct *p) +{ + LSA_Q_REMOVEPRIVS q_u; + LSA_R_REMOVEPRIVS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_removeprivs("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_removeprivs: failed to unmarshall LSA_Q_REMOVEPRIVS.\n")); + return False; + } + + r_u.status = _lsa_removeprivs(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_removeprivs("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_removeprivs: Failed to marshall LSA_R_REMOVEPRIVS.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_query_secobj + ***************************************************************************/ + +static BOOL api_lsa_query_secobj(pipes_struct *p) +{ + LSA_Q_QUERY_SEC_OBJ q_u; + LSA_R_QUERY_SEC_OBJ r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_query_sec_obj("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_query_secobj: failed to unmarshall LSA_Q_QUERY_SEC_OBJ.\n")); + return False; + } + + r_u.status = _lsa_query_secobj(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_query_sec_obj("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_query_secobj: Failed to marshall LSA_R_QUERY_SEC_OBJ.\n")); + return False; + } + + return True; +} + +/*************************************************************************** + api_lsa_query_dnsdomainfo + ***************************************************************************/ + +static BOOL api_lsa_query_info2(pipes_struct *p) +{ + LSA_Q_QUERY_INFO2 q_u; + LSA_R_QUERY_INFO2 r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_query_info2("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_query_info2: failed to unmarshall LSA_Q_QUERY_INFO2.\n")); + return False; + } + + r_u.status = _lsa_query_info2(p, &q_u, &r_u); + + if (!lsa_io_r_query_info2("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_query_info2: failed to marshall LSA_R_QUERY_INFO2.\n")); + return False; + } + + return True; +} + + + +/*************************************************************************** + api_lsa_enum_acctrights + ***************************************************************************/ +static BOOL api_lsa_enum_acct_rights(pipes_struct *p) +{ + LSA_Q_ENUM_ACCT_RIGHTS q_u; + LSA_R_ENUM_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_enum_acct_with_right + ***************************************************************************/ +static BOOL api_lsa_enum_acct_with_right(pipes_struct *p) +{ + LSA_Q_ENUM_ACCT_WITH_RIGHT q_u; + LSA_R_ENUM_ACCT_WITH_RIGHT r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_enum_acct_with_right("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_enum_acct_with_right: failed to unmarshall LSA_Q_ENUM_ACCT_WITH_RIGHT.\n")); + return False; + } + + r_u.status = _lsa_enum_acct_with_right(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_enum_acct_with_right("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_enum_acct_with_right: Failed to marshall LSA_R_ENUM_ACCT_WITH_RIGHT.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_add_acctrights + ***************************************************************************/ +static BOOL api_lsa_add_acct_rights(pipes_struct *p) +{ + LSA_Q_ADD_ACCT_RIGHTS q_u; + LSA_R_ADD_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + api_lsa_remove_acctrights + ***************************************************************************/ +static BOOL api_lsa_remove_acct_rights(pipes_struct *p) +{ + LSA_Q_REMOVE_ACCT_RIGHTS q_u; + LSA_R_REMOVE_ACCT_RIGHTS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) { + DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n")); + return False; + } + + r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) { + DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n")); + return False; + } + + return True; +} + + +/*************************************************************************** + \PIPE\ntlsa commands + ***************************************************************************/ + +#ifdef RPC_LSA_DYNAMIC +int init_module(void) +#else +int rpc_lsa_init(void) +#endif +{ + static const struct api_struct api_lsa_cmds[] = + { + { "LSA_OPENPOLICY2" , LSA_OPENPOLICY2 , api_lsa_open_policy2 }, + { "LSA_OPENPOLICY" , LSA_OPENPOLICY , api_lsa_open_policy }, + { "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info }, + { "LSA_ENUMTRUSTDOM" , LSA_ENUMTRUSTDOM , api_lsa_enum_trust_dom }, + { "LSA_CLOSE" , LSA_CLOSE , api_lsa_close }, + { "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret }, + { "LSA_LOOKUPSIDS" , LSA_LOOKUPSIDS , api_lsa_lookup_sids }, + { "LSA_LOOKUPNAMES" , LSA_LOOKUPNAMES , api_lsa_lookup_names }, + { "LSA_ENUM_PRIVS" , LSA_ENUM_PRIVS , api_lsa_enum_privs }, + { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname}, + { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts }, + { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser }, + { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account }, + { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount}, + { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount }, + { "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount }, + { "LSA_ADDPRIVS" , LSA_ADDPRIVS , api_lsa_addprivs }, + { "LSA_REMOVEPRIVS" , LSA_REMOVEPRIVS , api_lsa_removeprivs }, + { "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj }, + { "LSA_QUERYINFO2" , LSA_QUERYINFO2 , api_lsa_query_info2 }, + { "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights }, + { "LSA_ENUMACCTWITHRIGHT", LSA_ENUMACCTWITHRIGHT, api_lsa_enum_acct_with_right }, + { "LSA_ADDACCTRIGHTS" , LSA_ADDACCTRIGHTS , api_lsa_add_acct_rights }, + { "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights}, + }; + + return rpc_pipe_register_commands("lsarpc", "lsass", api_lsa_cmds, + sizeof(api_lsa_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_lsa_hnd.c b/source4/rpc_server/srv_lsa_hnd.c new file mode 100644 index 0000000000..814fa60aab --- /dev/null +++ b/source4/rpc_server/srv_lsa_hnd.c @@ -0,0 +1,265 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Jeremy Allison 2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/* This is the max handles across all instances of a pipe name. */ +#ifndef MAX_OPEN_POLS +#define MAX_OPEN_POLS 1024 +#endif + +/**************************************************************************** + Hack as handles need to be persisant over lsa pipe closes so long as a samr + pipe is open. JRA. +****************************************************************************/ + +static BOOL is_samr_lsa_pipe(const char *pipe_name) +{ + return (strstr(pipe_name, "samr") || strstr(pipe_name, "lsa")); +} + +/**************************************************************************** + Initialise a policy handle list on a pipe. Handle list is shared between all + pipes of the same name. +****************************************************************************/ + +BOOL init_pipe_handle_list(pipes_struct *p, char *pipe_name) +{ + pipes_struct *plist = get_first_internal_pipe(); + struct handle_list *hl = NULL; + + for (plist = get_first_internal_pipe(); plist; plist = get_next_internal_pipe(plist)) { + if (strequal( plist->name, pipe_name) || + (is_samr_lsa_pipe(plist->name) && is_samr_lsa_pipe(pipe_name))) { + if (!plist->pipe_handles) { + pstring msg; + slprintf(msg, sizeof(msg)-1, "init_pipe_handles: NULL pipe_handle pointer in pipe %s", + pipe_name ); + smb_panic(msg); + } + hl = plist->pipe_handles; + break; + } + } + + if (!hl) { + /* + * No handle list for this pipe (first open of pipe). + * Create list. + */ + + if ((hl = (struct handle_list *)malloc(sizeof(struct handle_list))) == NULL) + return False; + ZERO_STRUCTP(hl); + + DEBUG(10,("init_pipe_handles: created handle list for pipe %s\n", pipe_name )); + } + + /* + * One more pipe is using this list. + */ + + hl->pipe_ref_count++; + + /* + * Point this pipe at this list. + */ + + p->pipe_handles = hl; + + DEBUG(10,("init_pipe_handles: pipe_handles ref count = %u for pipe %s\n", + p->pipe_handles->pipe_ref_count, pipe_name )); + + return True; +} + +/**************************************************************************** + find first available policy slot. creates a policy handle for you. +****************************************************************************/ + +BOOL create_policy_hnd(pipes_struct *p, POLICY_HND *hnd, void (*free_fn)(void *), void *data_ptr) +{ + static uint32 pol_hnd_low = 0; + static uint32 pol_hnd_high = 0; + + struct policy *pol; + + if (p->pipe_handles->count > MAX_OPEN_POLS) { + DEBUG(0,("create_policy_hnd: ERROR: too many handles (%d) on this pipe.\n", + (int)p->pipe_handles->count)); + return False; + } + + pol = (struct policy *)malloc(sizeof(*p)); + if (!pol) { + DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n")); + return False; + } + + ZERO_STRUCTP(pol); + + pol->data_ptr = data_ptr; + pol->free_fn = free_fn; + + pol_hnd_low++; + if (pol_hnd_low == 0) + (pol_hnd_high)++; + + SIVAL(&pol->pol_hnd.data1, 0 , 0); /* first bit must be null */ + SIVAL(&pol->pol_hnd.data2, 0 , pol_hnd_low ); /* second bit is incrementing */ + SSVAL(&pol->pol_hnd.data3, 0 , pol_hnd_high); /* second bit is incrementing */ + SSVAL(&pol->pol_hnd.data4, 0 , (pol_hnd_high>>16)); /* second bit is incrementing */ + SIVAL(pol->pol_hnd.data5, 0, time(NULL)); /* something random */ + SIVAL(pol->pol_hnd.data5, 4, sys_getpid()); /* something more random */ + + DLIST_ADD(p->pipe_handles->Policy, pol); + p->pipe_handles->count++; + + *hnd = pol->pol_hnd; + + DEBUG(4,("Opened policy hnd[%d] ", (int)p->pipe_handles->count)); + dump_data(4, (char *)hnd, sizeof(*hnd)); + + return True; +} + +/**************************************************************************** + find policy by handle - internal version. +****************************************************************************/ + +static struct policy *find_policy_by_hnd_internal(pipes_struct *p, POLICY_HND *hnd, void **data_p) +{ + struct policy *pol; + size_t i; + + if (data_p) + *data_p = NULL; + + for (i = 0, pol=p->pipe_handles->Policy;pol;pol=pol->next, i++) { + if (memcmp(&pol->pol_hnd, hnd, sizeof(*hnd)) == 0) { + DEBUG(4,("Found policy hnd[%d] ", (int)i)); + dump_data(4, (char *)hnd, sizeof(*hnd)); + if (data_p) + *data_p = pol->data_ptr; + return pol; + } + } + + DEBUG(4,("Policy not found: ")); + dump_data(4, (char *)hnd, sizeof(*hnd)); + + p->bad_handle_fault_state = True; + + return NULL; +} + +/**************************************************************************** + find policy by handle +****************************************************************************/ + +BOOL find_policy_by_hnd(pipes_struct *p, POLICY_HND *hnd, void **data_p) +{ + return find_policy_by_hnd_internal(p, hnd, data_p) == NULL ? False : True; +} + +/**************************************************************************** + Close a policy. +****************************************************************************/ + +BOOL close_policy_hnd(pipes_struct *p, POLICY_HND *hnd) +{ + struct policy *pol = find_policy_by_hnd_internal(p, hnd, NULL); + + if (!pol) { + DEBUG(3,("Error closing policy\n")); + return False; + } + + DEBUG(3,("Closed policy\n")); + + if (pol->free_fn && pol->data_ptr) + (*pol->free_fn)(pol->data_ptr); + + p->pipe_handles->count--; + + DLIST_REMOVE(p->pipe_handles->Policy, pol); + + ZERO_STRUCTP(pol); + + SAFE_FREE(pol); + + return True; +} + +/**************************************************************************** + Close a pipe - free the handle list if it was the last pipe reference. +****************************************************************************/ + +void close_policy_by_pipe(pipes_struct *p) +{ + p->pipe_handles->pipe_ref_count--; + + if (p->pipe_handles->pipe_ref_count == 0) { + /* + * Last pipe open on this list - free the list. + */ + while (p->pipe_handles->Policy) + close_policy_hnd(p, &p->pipe_handles->Policy->pol_hnd); + + p->pipe_handles->Policy = NULL; + p->pipe_handles->count = 0; + + SAFE_FREE(p->pipe_handles); + DEBUG(10,("close_policy_by_pipe: deleted handle list for pipe %s\n", p->name )); + } +} + +/******************************************************************* +Shall we allow access to this rpc? Currently this function +implements the 'restrict anonymous' setting by denying access to +anonymous users if the restrict anonymous level is > 0. Further work +will be checking a security descriptor to determine whether a user +token has enough access to access the pipe. +********************************************************************/ + +BOOL pipe_access_check(pipes_struct *p) +{ + /* Don't let anonymous users access this RPC if restrict + anonymous > 0 */ + + if (lp_restrict_anonymous() > 0) { + user_struct *user = get_valid_user_struct(p->vuid); + + if (!user) { + DEBUG(3, ("invalid vuid %d\n", p->vuid)); + return False; + } + + if (user->guest) + return False; + } + + return True; +} diff --git a/source4/rpc_server/srv_lsa_nt.c b/source4/rpc_server/srv_lsa_nt.c new file mode 100644 index 0000000000..3af3e75e6b --- /dev/null +++ b/source4/rpc_server/srv_lsa_nt.c @@ -0,0 +1,1399 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Jeremy Allison 2001, + * Copyright (C) Rafal Szczesniak 2002, + * Copyright (C) Jim McDonough 2002. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the implementation of the lsa server code. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +extern PRIVS privs[]; + +struct lsa_info { + DOM_SID sid; + uint32 access; +}; + +struct generic_mapping lsa_generic_mapping = { + POLICY_READ, + POLICY_WRITE, + POLICY_EXECUTE, + POLICY_ALL_ACCESS +}; + +/******************************************************************* + Function to free the per handle data. + ********************************************************************/ + +static void free_lsa_info(void *ptr) +{ + struct lsa_info *lsa = (struct lsa_info *)ptr; + + SAFE_FREE(lsa); +} + +/*************************************************************************** +Init dom_query + ***************************************************************************/ + +static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_sid) +{ + int domlen = (dom_name != NULL) ? strlen(dom_name) : 0; + + /* + * I'm not sure why this really odd combination of length + * values works, but it does appear to. I need to look at + * this *much* more closely - but at the moment leave alone + * until it's understood. This allows a W2k client to join + * a domain with both odd and even length names... JRA. + */ + + d_q->uni_dom_str_len = domlen ? ((domlen + 1) * 2) : 0; + d_q->uni_dom_max_len = domlen * 2; + d_q->buffer_dom_name = domlen != 0 ? 1 : 0; /* domain buffer pointer */ + d_q->buffer_dom_sid = dom_sid != NULL ? 1 : 0; /* domain sid pointer */ + + /* this string is supposed to be character short */ + init_unistr2(&d_q->uni_domain_name, dom_name, domlen); + d_q->uni_domain_name.uni_max_len++; + + if (dom_sid != NULL) + init_dom_sid2(&d_q->dom_sid, dom_sid); +} + +/*************************************************************************** + init_dom_ref - adds a domain if it's not already in, returns the index. +***************************************************************************/ + +static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid) +{ + int num = 0; + int len; + + if (dom_name != NULL) { + for (num = 0; num < ref->num_ref_doms_1; num++) { + fstring domname; + rpcstr_pull(domname, &ref->ref_dom[num].uni_dom_name, sizeof(domname), -1, 0); + if (strequal(domname, dom_name)) + return num; + } + } else { + num = ref->num_ref_doms_1; + } + + if (num >= MAX_REF_DOMAINS) { + /* index not found, already at maximum domain limit */ + return -1; + } + + ref->num_ref_doms_1 = num+1; + ref->ptr_ref_dom = 1; + ref->max_entries = MAX_REF_DOMAINS; + ref->num_ref_doms_2 = num+1; + + len = (dom_name != NULL) ? strlen(dom_name) : 0; + if(dom_name != NULL && len == 0) + len = 1; + + init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, len); + ref->hdr_ref_dom[num].ptr_dom_sid = dom_sid != NULL ? 1 : 0; + + init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, len); + init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid ); + + return num; +} + +/*************************************************************************** + init_lsa_rid2s + ***************************************************************************/ + +static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, + int num_entries, UNISTR2 *name, + uint32 *mapped_count, BOOL endian) +{ + int i; + int total = 0; + *mapped_count = 0; + + SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); + + become_root(); /* lookup_name can require root privs */ + + for (i = 0; i < num_entries; i++) { + BOOL status = False; + DOM_SID sid; + uint32 rid = 0xffffffff; + int dom_idx = -1; + pstring full_name; + fstring dom_name, user; + enum SID_NAME_USE name_type = SID_NAME_UNKNOWN; + + /* Split name into domain and user component */ + + unistr2_to_ascii(full_name, &name[i], sizeof(full_name)); + split_domain_name(full_name, dom_name, user); + + /* Lookup name */ + + DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name)); + + status = lookup_name(dom_name, user, &sid, &name_type); + + DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : + "not found")); + + if (status && name_type != SID_NAME_UNKNOWN) { + sid_split_rid(&sid, &rid); + dom_idx = init_dom_ref(ref, dom_name, &sid); + (*mapped_count)++; + } else { + dom_idx = -1; + rid = 0xffffffff; + name_type = SID_NAME_UNKNOWN; + } + + init_dom_rid2(&rid2[total], rid, name_type, dom_idx); + total++; + } + + unbecome_root(); +} + +/*************************************************************************** + init_reply_lookup_names + ***************************************************************************/ + +static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, + DOM_R_REF *ref, uint32 num_entries, + DOM_RID2 *rid2, uint32 mapped_count) +{ + r_l->ptr_dom_ref = 1; + r_l->dom_ref = ref; + + r_l->num_entries = num_entries; + r_l->ptr_entries = 1; + r_l->num_entries2 = num_entries; + r_l->dom_rid = rid2; + + r_l->mapped_count = mapped_count; + + if (mapped_count == 0) + r_l->status = NT_STATUS_NONE_MAPPED; + else + r_l->status = NT_STATUS_OK; +} + +/*************************************************************************** + Init lsa_trans_names. + ***************************************************************************/ + +static void init_lsa_trans_names(TALLOC_CTX *ctx, DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn, + int num_entries, DOM_SID2 *sid, + uint32 *mapped_count) +{ + int i; + int total = 0; + *mapped_count = 0; + + /* Allocate memory for list of names */ + + if (num_entries > 0) { + if (!(trn->name = (LSA_TRANS_NAME *)talloc(ctx, sizeof(LSA_TRANS_NAME) * + num_entries))) { + DEBUG(0, ("init_lsa_trans_names(): out of memory\n")); + return; + } + + if (!(trn->uni_name = (UNISTR2 *)talloc(ctx, sizeof(UNISTR2) * + num_entries))) { + DEBUG(0, ("init_lsa_trans_names(): out of memory\n")); + return; + } + } + + become_root(); /* Need root to get to passdb to for local sids */ + + for (i = 0; i < num_entries; i++) { + BOOL status = False; + DOM_SID find_sid = sid[i].sid; + uint32 rid = 0xffffffff; + int dom_idx = -1; + fstring name, dom_name; + enum SID_NAME_USE sid_name_use = (enum SID_NAME_USE)0; + + sid_to_string(name, &find_sid); + DEBUG(5, ("init_lsa_trans_names: looking up sid %s\n", name)); + + /* Lookup sid from winbindd */ + + memset(dom_name, '\0', sizeof(dom_name)); + memset(name, '\0', sizeof(name)); + + status = lookup_sid(&find_sid, dom_name, name, &sid_name_use); + + DEBUG(5, ("init_lsa_trans_names: %s\n", status ? "found" : + "not found")); + + if (!status) { + sid_name_use = SID_NAME_UNKNOWN; + } else { + (*mapped_count)++; + } + + /* Store domain sid in ref array */ + + if (find_sid.num_auths == 5) { + sid_split_rid(&find_sid, &rid); + } + + dom_idx = init_dom_ref(ref, dom_name, &find_sid); + + DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to " + "referenced list.\n", dom_name, name )); + + init_lsa_trans_name(&trn->name[total], &trn->uni_name[total], + sid_name_use, name, dom_idx); + total++; + } + + unbecome_root(); + + trn->num_entries = total; + trn->ptr_trans_names = 1; + trn->num_entries2 = total; +} + +/*************************************************************************** + Init_reply_lookup_sids. + ***************************************************************************/ + +static void init_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, + DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names, + uint32 mapped_count) +{ + r_l->ptr_dom_ref = 1; + r_l->dom_ref = ref; + r_l->names = names; + r_l->mapped_count = mapped_count; + + if (mapped_count == 0) + r_l->status = NT_STATUS_NONE_MAPPED; + else + r_l->status = NT_STATUS_OK; +} + +static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + extern DOM_SID global_sid_Builtin; + DOM_SID local_adm_sid; + DOM_SID adm_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + init_sec_access(&mask, POLICY_EXECUTE); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + sid_copy(&adm_sid, get_global_sam_sid()); + sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS); + init_sec_access(&mask, POLICY_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + sid_copy(&local_adm_sid, &global_sid_Builtin); + sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS); + init_sec_access(&mask, POLICY_ALL_ACCESS); + init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + +/*************************************************************************** + Init_dns_dom_info. +***************************************************************************/ + +static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, + const char *dns_name, const char *forest_name, + GUID *dom_guid, DOM_SID *dom_sid) +{ + if (nb_name && *nb_name) { + init_uni_hdr(&r_l->hdr_nb_dom_name, strlen(nb_name)); + init_unistr2(&r_l->uni_nb_dom_name, nb_name, + strlen(nb_name)); + r_l->hdr_nb_dom_name.uni_max_len += 2; + r_l->uni_nb_dom_name.uni_max_len += 1; + } + + if (dns_name && *dns_name) { + init_uni_hdr(&r_l->hdr_dns_dom_name, strlen(dns_name)); + init_unistr2(&r_l->uni_dns_dom_name, dns_name, + strlen(dns_name)); + r_l->hdr_dns_dom_name.uni_max_len += 2; + r_l->uni_dns_dom_name.uni_max_len += 1; + } + + if (forest_name && *forest_name) { + init_uni_hdr(&r_l->hdr_forest_name, strlen(forest_name)); + init_unistr2(&r_l->uni_forest_name, forest_name, + strlen(forest_name)); + r_l->hdr_forest_name.uni_max_len += 2; + r_l->uni_forest_name.uni_max_len += 1; + } + + /* how do we init the guid ? probably should write an init fn */ + if (dom_guid) { + memcpy(&r_l->dom_guid, dom_guid, sizeof(GUID)); + } + + if (dom_sid) { + r_l->ptr_dom_sid = 1; + init_dom_sid2(&r_l->dom_sid, dom_sid); + } +} + +/*************************************************************************** + _lsa_open_policy2. + ***************************************************************************/ + +NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL2 *r_u) +{ + struct lsa_info *info; + SEC_DESC *psd = NULL; + size_t sd_size; + uint32 des_access=q_u->des_access; + uint32 acc_granted; + NTSTATUS status; + + + /* map the generic bits to the lsa policy ones */ + se_map_generic(&des_access, &lsa_generic_mapping); + + /* get the generic lsa policy SD until we store it */ + lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); + + if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) + return status; + + /* associate the domain SID with the (unique) handle. */ + if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + sid_copy(&info->sid,get_global_sam_sid()); + info->access = acc_granted; + + /* set up the LSA QUERY INFO response */ + if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; +} + +/*************************************************************************** + _lsa_open_policy + ***************************************************************************/ + +NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *r_u) +{ + struct lsa_info *info; + SEC_DESC *psd = NULL; + size_t sd_size; + uint32 des_access=q_u->des_access; + uint32 acc_granted; + NTSTATUS status; + + + /* map the generic bits to the lsa policy ones */ + se_map_generic(&des_access, &lsa_generic_mapping); + + /* get the generic lsa policy SD until we store it */ + lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); + + if(!se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted, &status)) + return status; + + /* associate the domain SID with the (unique) handle. */ + if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + sid_copy(&info->sid,get_global_sam_sid()); + info->access = acc_granted; + + /* set up the LSA QUERY INFO response */ + if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; +} + +/*************************************************************************** + _lsa_enum_trust_dom - this needs fixing to do more than return NULL ! JRA. + ufff, done :) mimir + ***************************************************************************/ + +NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENUM_TRUST_DOM *r_u) +{ + struct lsa_info *info; + uint32 enum_context = q_u->enum_context; + + /* + * preferred length is set to 5 as a "our" preferred length + * nt sets this parameter to 2 + * update (20.08.2002): it's not preferred length, but preferred size! + * it needs further investigation how to optimally choose this value + */ + uint32 max_num_domains = q_u->preferred_len < 5 ? q_u->preferred_len : 10; + TRUSTDOM **trust_doms; + uint32 num_domains; + NTSTATUS nt_status; + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + /* check if the user have enough rights */ + if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + nt_status = secrets_get_trusted_domains(p->mem_ctx, &enum_context, max_num_domains, &num_domains, &trust_doms); + + if (!NT_STATUS_IS_OK(nt_status) && + !NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES) && + !NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MORE_ENTRIES)) { + return nt_status; + } else { + r_u->status = nt_status; + } + + /* set up the lsa_enum_trust_dom response */ + init_r_enum_trust_dom(p->mem_ctx, r_u, enum_context, max_num_domains, num_domains, trust_doms); + + return r_u->status; +} + +/*************************************************************************** + _lsa_query_info. See the POLICY_INFOMATION_CLASS docs at msdn. + ***************************************************************************/ + +NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u) +{ + struct lsa_info *handle; + LSA_INFO_UNION *info = &r_u->dom; + DOM_SID domain_sid; + const char *name; + DOM_SID *sid = NULL; + + r_u->status = NT_STATUS_OK; + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) + return NT_STATUS_INVALID_HANDLE; + + switch (q_u->info_class) { + case 0x02: + { + unsigned int i; + /* check if the user have enough rights */ + if (!(handle->access & POLICY_VIEW_AUDIT_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + /* fake info: We audit everything. ;) */ + info->id2.auditing_enabled = 1; + info->id2.count1 = 7; + info->id2.count2 = 7; + if ((info->id2.auditsettings = (uint32 *)talloc(p->mem_ctx,7*sizeof(uint32))) == NULL) + return NT_STATUS_NO_MEMORY; + for (i = 0; i < 7; i++) + info->id2.auditsettings[i] = 3; + break; + } + case 0x03: + /* check if the user have enough rights */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + /* Request PolicyPrimaryDomainInformation. */ + switch (lp_server_role()) { + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + name = lp_workgroup(); + sid = get_global_sam_sid(); + break; + case ROLE_DOMAIN_MEMBER: + name = lp_workgroup(); + /* We need to return the Domain SID here. */ + if (secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) + sid = &domain_sid; + else + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + break; + case ROLE_STANDALONE: + name = lp_workgroup(); + sid = NULL; + break; + default: + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + init_dom_query(&r_u->dom.id3, name, sid); + break; + case 0x05: + /* check if the user have enough rights */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + /* Request PolicyAccountDomainInformation. */ + switch (lp_server_role()) { + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + name = lp_workgroup(); + sid = get_global_sam_sid(); + break; + case ROLE_DOMAIN_MEMBER: + name = lp_netbios_name(); + sid = get_global_sam_sid(); + break; + case ROLE_STANDALONE: + name = lp_netbios_name(); + sid = get_global_sam_sid(); + break; + default: + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + init_dom_query(&r_u->dom.id5, name, sid); + break; + case 0x06: + /* check if the user have enough rights */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + switch (lp_server_role()) { + case ROLE_DOMAIN_BDC: + /* + * only a BDC is a backup controller + * of the domain, it controls. + */ + info->id6.server_role = 2; + break; + default: + /* + * any other role is a primary + * of the domain, it controls. + */ + info->id6.server_role = 3; + break; + } + break; + default: + DEBUG(0,("_lsa_query_info: unknown info level in Lsa Query: %d\n", q_u->info_class)); + r_u->status = NT_STATUS_INVALID_INFO_CLASS; + break; + } + + if (NT_STATUS_IS_OK(r_u->status)) { + r_u->undoc_buffer = 0x22000000; /* bizarre */ + r_u->info_class = q_u->info_class; + } + + return r_u->status; +} + +/*************************************************************************** + _lsa_lookup_sids + ***************************************************************************/ + +NTSTATUS _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_SIDS *r_u) +{ + struct lsa_info *handle; + DOM_SID2 *sid = q_u->sids.sid; + int num_entries = q_u->sids.num_entries; + DOM_R_REF *ref = NULL; + LSA_TRANS_NAME_ENUM *names = NULL; + uint32 mapped_count = 0; + + ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); + names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM)); + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) { + r_u->status = NT_STATUS_INVALID_HANDLE; + goto done; + } + + /* check if the user have enough rights */ + if (!(handle->access & POLICY_LOOKUP_NAMES)) { + r_u->status = NT_STATUS_ACCESS_DENIED; + goto done; + } + if (!ref || !names) + return NT_STATUS_NO_MEMORY; + +done: + + /* set up the LSA Lookup SIDs response */ + init_lsa_trans_names(p->mem_ctx, ref, names, num_entries, sid, &mapped_count); + init_reply_lookup_sids(r_u, ref, names, mapped_count); + + return r_u->status; +} + +/*************************************************************************** +lsa_reply_lookup_names + ***************************************************************************/ + +NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_NAMES *r_u) +{ + struct lsa_info *handle; + UNISTR2 *names = q_u->uni_name; + int num_entries = q_u->num_entries; + DOM_R_REF *ref; + DOM_RID2 *rids; + uint32 mapped_count = 0; + + if (num_entries > MAX_LOOKUP_SIDS) { + num_entries = MAX_LOOKUP_SIDS; + DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries)); + } + + ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); + rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*num_entries); + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) { + r_u->status = NT_STATUS_INVALID_HANDLE; + goto done; + } + + /* check if the user have enough rights */ + if (!(handle->access & POLICY_LOOKUP_NAMES)) { + r_u->status = NT_STATUS_ACCESS_DENIED; + goto done; + } + + if (!ref || !rids) + return NT_STATUS_NO_MEMORY; + +done: + + /* set up the LSA Lookup RIDs response */ + init_lsa_rid2s(ref, rids, num_entries, names, &mapped_count, p->endian); + init_reply_lookup_names(r_u, ref, num_entries, rids, mapped_count); + + return r_u->status; +} + +/*************************************************************************** + _lsa_close. Also weird - needs to check if lsa handle is correct. JRA. + ***************************************************************************/ + +NTSTATUS _lsa_close(pipes_struct *p, LSA_Q_CLOSE *q_u, LSA_R_CLOSE *r_u) +{ + if (!find_policy_by_hnd(p, &q_u->pol, NULL)) + return NT_STATUS_INVALID_HANDLE; + + close_policy_hnd(p, &q_u->pol); + return NT_STATUS_OK; +} + +/*************************************************************************** + "No more secrets Marty...." :-). + ***************************************************************************/ + +NTSTATUS _lsa_open_secret(pipes_struct *p, LSA_Q_OPEN_SECRET *q_u, LSA_R_OPEN_SECRET *r_u) +{ + return NT_STATUS_OBJECT_NAME_NOT_FOUND; +} + +/*************************************************************************** +_lsa_enum_privs. + ***************************************************************************/ + +NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIVS *r_u) +{ + struct lsa_info *handle; + uint32 i; + + uint32 enum_context=q_u->enum_context; + LSA_PRIV_ENTRY *entry; + LSA_PRIV_ENTRY *entries=NULL; + + if (enum_context >= PRIV_ALL_INDEX) + return NT_STATUS_NO_MORE_ENTRIES; + + entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX)); + if (entries==NULL) + return NT_STATUS_NO_MEMORY; + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) + return NT_STATUS_INVALID_HANDLE; + + /* check if the user have enough rights */ + + /* + * I don't know if it's the right one. not documented. + */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + entry = entries; + + DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", enum_context, PRIV_ALL_INDEX)); + + for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) { + if( i<enum_context) { + init_uni_hdr(&entry->hdr_name, 0); + init_unistr2(&entry->name, NULL, 0 ); + entry->luid_low = 0; + entry->luid_high = 0; + } else { + init_uni_hdr(&entry->hdr_name, strlen(privs[i+1].priv)); + init_unistr2(&entry->name, privs[i+1].priv, strlen(privs[i+1].priv) ); + entry->luid_low = privs[i+1].se_priv; + entry->luid_high = 0; + } + } + + enum_context = PRIV_ALL_INDEX; + init_lsa_r_enum_privs(r_u, enum_context, PRIV_ALL_INDEX, entries); + + return NT_STATUS_OK; +} + +/*************************************************************************** +_lsa_priv_get_dispname. + ***************************************************************************/ + +NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, LSA_R_PRIV_GET_DISPNAME *r_u) +{ + struct lsa_info *handle; + fstring name_asc; + int i=1; + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) + return NT_STATUS_INVALID_HANDLE; + + /* check if the user have enough rights */ + + /* + * I don't know if it's the right one. not documented. + */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + unistr2_to_ascii(name_asc, &q_u->name, sizeof(name_asc)); + + DEBUG(10,("_lsa_priv_get_dispname: %s", name_asc)); + + while (privs[i].se_priv!=SE_PRIV_ALL && strcmp(name_asc, privs[i].priv)) + i++; + + if (privs[i].se_priv!=SE_PRIV_ALL) { + DEBUG(10,(": %s\n", privs[i].description)); + init_uni_hdr(&r_u->hdr_desc, strlen(privs[i].description)); + init_unistr2(&r_u->desc, privs[i].description, strlen(privs[i].description) ); + + r_u->ptr_info=0xdeadbeef; + r_u->lang_id=q_u->lang_id; + return NT_STATUS_OK; + } else { + DEBUG(10,("_lsa_priv_get_dispname: doesn't exist\n")); + r_u->ptr_info=0; + return NT_STATUS_NO_SUCH_PRIVILEGE; + } +} + +/*************************************************************************** +_lsa_enum_accounts. + ***************************************************************************/ + +NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u) +{ + struct lsa_info *handle; + GROUP_MAP *map=NULL; + int num_entries=0; + LSA_SID_ENUM *sids=&r_u->sids; + int i=0,j=0; + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) + return NT_STATUS_INVALID_HANDLE; + + /* check if the user have enough rights */ + + /* + * I don't know if it's the right one. not documented. + */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + /* get the list of mapped groups (domain, local, builtin) */ + if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_OK; + + if (q_u->enum_context >= num_entries) + return NT_STATUS_NO_MORE_ENTRIES; + + sids->ptr_sid = (uint32 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(uint32)); + sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2)); + + if (sids->ptr_sid==NULL || sids->sid==NULL) { + SAFE_FREE(map); + return NT_STATUS_NO_MEMORY; + } + + for (i=q_u->enum_context, j=0; i<num_entries; i++) { + init_dom_sid2( &(*sids).sid[j], &map[i].sid); + (*sids).ptr_sid[j]=1; + j++; + } + + SAFE_FREE(map); + + init_lsa_r_enum_accounts(r_u, j); + + return NT_STATUS_OK; +} + + +NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u) +{ + fstring username, domname; + int ulen, dlen; + user_struct *vuser = get_valid_user_struct(p->vuid); + + if (vuser == NULL) + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + + fstrcpy(username, vuser->user.smb_name); + fstrcpy(domname, vuser->user.domain); + + ulen = strlen(username) + 1; + dlen = strlen(domname) + 1; + + init_uni_hdr(&r_u->hdr_user_name, ulen); + r_u->ptr_user_name = 1; + init_unistr2(&r_u->uni2_user_name, username, ulen); + + r_u->unk1 = 1; + + init_uni_hdr(&r_u->hdr_dom_name, dlen); + r_u->ptr_dom_name = 1; + init_unistr2(&r_u->uni2_dom_name, domname, dlen); + + r_u->status = NT_STATUS_OK; + + return r_u->status; +} + +/*************************************************************************** + + ***************************************************************************/ + +NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u) +{ + struct lsa_info *handle; + struct lsa_info *info; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) + return NT_STATUS_INVALID_HANDLE; + + /* check if the user have enough rights */ + + /* + * I don't know if it's the right one. not documented. + * but guessed with rpcclient. + */ + if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + /* associate the user/group SID with the (unique) handle. */ + if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(info); + info->sid = q_u->sid.sid; + info->access = q_u->access; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return r_u->status; +} + +/*************************************************************************** + For a given SID, enumerate all the privilege this account has. + ***************************************************************************/ + +NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u) +{ + struct lsa_info *info=NULL; + GROUP_MAP map; + int i=0; + + LUID_ATTR *set=NULL; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count)); + if (map.priv_set.count!=0) { + + set=(LUID_ATTR *)talloc(p->mem_ctx, map.priv_set.count*sizeof(LUID_ATTR)); + if (set == NULL) { + free_privilege(&map.priv_set); + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<map.priv_set.count; i++) { + set[i].luid.low=map.priv_set.set[i].luid.low; + set[i].luid.high=map.priv_set.set[i].luid.high; + set[i].attr=map.priv_set.set[i].attr; + DEBUG(10,("_lsa_enum_privsaccount: priv %d: %d:%d:%d\n", i, + set[i].luid.high, set[i].luid.low, set[i].attr)); + } + } + + init_lsa_r_enum_privsaccount(r_u, set, map.priv_set.count, 0); + free_privilege(&map.priv_set); + + return r_u->status; +} + +/*************************************************************************** + + ***************************************************************************/ + +NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u) +{ + struct lsa_info *info=NULL; + GROUP_MAP map; + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!pdb_getgrsid(&map, info->sid, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + /* + 0x01 -> Log on locally + 0x02 -> Access this computer from network + 0x04 -> Log on as a batch job + 0x10 -> Log on as a service + + they can be ORed together + */ + + r_u->access=map.systemaccount; + + return r_u->status; +} + +/*************************************************************************** + update the systemaccount information + ***************************************************************************/ + +NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA_R_SETSYSTEMACCOUNT *r_u) +{ + struct lsa_info *info=NULL; + GROUP_MAP map; + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + map.systemaccount=q_u->access; + + if(!pdb_update_group_mapping_entry(&map)) + return NT_STATUS_NO_SUCH_GROUP; + + free_privilege(&map.priv_set); + + return r_u->status; +} + +/*************************************************************************** + For a given SID, add some privileges. + ***************************************************************************/ + +NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u) +{ + struct lsa_info *info=NULL; + GROUP_MAP map; + int i=0; + + LUID_ATTR *luid_attr=NULL; + PRIVILEGE_SET *set=NULL; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + set=&q_u->set; + + for (i=0; i<set->count; i++) { + luid_attr=&set->set[i]; + + /* check if the privilege is already there */ + if (check_priv_in_privilege(&map.priv_set, *luid_attr)){ + free_privilege(&map.priv_set); + return NT_STATUS_NO_SUCH_PRIVILEGE; + } + + add_privilege(&map.priv_set, *luid_attr); + } + + if(!pdb_update_group_mapping_entry(&map)) + return NT_STATUS_NO_SUCH_GROUP; + + free_privilege(&map.priv_set); + + return r_u->status; +} + +/*************************************************************************** + For a given SID, remove some privileges. + ***************************************************************************/ + +NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u) +{ + struct lsa_info *info=NULL; + GROUP_MAP map; + int i=0; + + LUID_ATTR *luid_attr=NULL; + PRIVILEGE_SET *set=NULL; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + if (q_u->allrights!=0) { + /* log it and return, until I see one myself don't do anything */ + DEBUG(5,("_lsa_removeprivs: trying to remove all privileges ?\n")); + return NT_STATUS_OK; + } + + if (q_u->ptr==0) { + /* log it and return, until I see one myself don't do anything */ + DEBUG(5,("_lsa_removeprivs: no privileges to remove ?\n")); + return NT_STATUS_OK; + } + + set=&q_u->set; + + for (i=0; i<set->count; i++) { + luid_attr=&set->set[i]; + + /* if we don't have the privilege, we're trying to remove, give up */ + /* what else can we do ??? JFM. */ + if (!check_priv_in_privilege(&map.priv_set, *luid_attr)){ + free_privilege(&map.priv_set); + return NT_STATUS_NO_SUCH_PRIVILEGE; + } + + remove_privilege(&map.priv_set, *luid_attr); + } + + if(!pdb_update_group_mapping_entry(&map)) + return NT_STATUS_NO_SUCH_GROUP; + + free_privilege(&map.priv_set); + + return r_u->status; +} + +/*************************************************************************** + For a given SID, remove some privileges. + ***************************************************************************/ + +NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUERY_SEC_OBJ *r_u) +{ + struct lsa_info *handle=NULL; + SEC_DESC *psd = NULL; + size_t sd_size; + NTSTATUS status; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) + return NT_STATUS_INVALID_HANDLE; + + /* check if the user have enough rights */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + + switch (q_u->sec_info) { + case 1: + /* SD contains only the owner */ + + status=lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); + if(!NT_STATUS_IS_OK(status)) + return NT_STATUS_NO_MEMORY; + + + if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) + return NT_STATUS_NO_MEMORY; + break; + case 4: + /* SD contains only the ACL */ + + status=lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); + if(!NT_STATUS_IS_OK(status)) + return NT_STATUS_NO_MEMORY; + + if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) + return NT_STATUS_NO_MEMORY; + break; + default: + return NT_STATUS_INVALID_LEVEL; + } + + r_u->ptr=1; + + return r_u->status; +} + + +NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_INFO2 *r_u) +{ + struct lsa_info *handle; + const char *nb_name; + char *dns_name = NULL; + char *forest_name = NULL; + DOM_SID *sid = NULL; + GUID guid; + + ZERO_STRUCT(guid); + r_u->status = NT_STATUS_OK; + + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) + return NT_STATUS_INVALID_HANDLE; + + switch (q_u->info_class) { + case 0x0c: + /* check if the user have enough rights */ + if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) + return NT_STATUS_ACCESS_DENIED; + + /* Request PolicyPrimaryDomainInformation. */ + switch (lp_server_role()) { + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + nb_name = lp_workgroup(); + /* ugly temp hack for these next two */ + dns_name = lp_realm(); + forest_name = lp_realm(); + sid = get_global_sam_sid(); + secrets_fetch_domain_guid(lp_workgroup(), &guid); + break; + default: + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + init_dns_dom_info(&r_u->info.dns_dom_info, nb_name, dns_name, + forest_name,&guid,sid); + break; + default: + DEBUG(0,("_lsa_query_info2: unknown info level in Lsa Query: %d\n", q_u->info_class)); + r_u->status = NT_STATUS_INVALID_INFO_CLASS; + break; + } + + if (NT_STATUS_IS_OK(r_u->status)) { + r_u->ptr = 0x1; + r_u->info_class = q_u->info_class; + } + + return r_u->status; +} + + +/*************************************************************************** + For a given SID, enumerate all the privilege this account has. + ***************************************************************************/ +NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + char **rights = NULL; + int num_rights = 0; + int i; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + r_u->status = privilege_enum_account_rights(&q_u->sid.sid, &num_rights, &rights); + + init_r_enum_acct_rights(r_u, num_rights, (const char **)rights); + + for (i=0;i<num_rights;i++) { + free(rights[i]); + } + safe_free(rights); + + return r_u->status; +} + +/*************************************************************************** +return a list of SIDs for a particular privilege + ***************************************************************************/ +NTSTATUS _lsa_enum_acct_with_right(pipes_struct *p, + LSA_Q_ENUM_ACCT_WITH_RIGHT *q_u, + LSA_R_ENUM_ACCT_WITH_RIGHT *r_u) +{ + struct lsa_info *info=NULL; + char *right; + DOM_SID *sids = NULL; + uint32 count = 0; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + right = unistr2_tdup(p->mem_ctx, &q_u->right); + + DEBUG(5,("lsa_enum_acct_with_right on right %s\n", right)); + + r_u->status = privilege_enum_account_with_right(right, &count, &sids); + + init_r_enum_acct_with_right(r_u, count, sids); + + safe_free(sids); + + return r_u->status; +} + +/*************************************************************************** + add privileges to a acct by SID + ***************************************************************************/ +NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + int i; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + DEBUG(5,("_lsa_add_acct_rights to %s (%d rights)\n", + sid_string_static(&q_u->sid.sid), q_u->rights.count)); + + for (i=0;i<q_u->rights.count;i++) { + DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); + } + + + for (i=0;i<q_u->rights.count;i++) { + r_u->status = privilege_add_account_right(unistr2_static(&q_u->rights.strings[i].string), + &q_u->sid.sid); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(2,("Failed to add right '%s'\n", + unistr2_static(&q_u->rights.strings[i].string))); + break; + } + } + + init_r_add_acct_rights(r_u); + + return r_u->status; +} + + +/*************************************************************************** + remove privileges from a acct by SID + ***************************************************************************/ +NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u) +{ + struct lsa_info *info=NULL; + int i; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + + DEBUG(5,("_lsa_remove_acct_rights from %s all=%d (%d rights)\n", + sid_string_static(&q_u->sid.sid), + q_u->removeall, + q_u->rights.count)); + + for (i=0;i<q_u->rights.count;i++) { + DEBUG(5,("\t%s\n", unistr2_static(&q_u->rights.strings[i].string))); + } + + for (i=0;i<q_u->rights.count;i++) { + r_u->status = privilege_remove_account_right(unistr2_static(&q_u->rights.strings[i].string), + &q_u->sid.sid); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(2,("Failed to remove right '%s'\n", + unistr2_static(&q_u->rights.strings[i].string))); + break; + } + } + + init_r_remove_acct_rights(r_u); + + return r_u->status; +} diff --git a/source4/rpc_server/srv_netlog.c b/source4/rpc_server/srv_netlog.c new file mode 100644 index 0000000000..c9e4fc1b1f --- /dev/null +++ b/source4/rpc_server/srv_netlog.c @@ -0,0 +1,345 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Jeremy Allison 1998-2001, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface to the netlogon pipe. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/************************************************************************* + api_net_req_chal: + *************************************************************************/ + +static BOOL api_net_req_chal(pipes_struct *p) +{ + NET_Q_REQ_CHAL q_u; + NET_R_REQ_CHAL r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the challenge... */ + if(!net_io_q_req_chal("", &q_u, data, 0)) { + DEBUG(0,("api_net_req_chal: Failed to unmarshall NET_Q_REQ_CHAL.\n")); + return False; + } + + r_u.status = _net_req_chal(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_req_chal("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_req_chal: Failed to marshall NET_R_REQ_CHAL.\n")); + return False; + } + + return True; +} + +/************************************************************************* + api_net_auth: + *************************************************************************/ + +static BOOL api_net_auth(pipes_struct *p) +{ + NET_Q_AUTH q_u; + NET_R_AUTH r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the challenge... */ + if(!net_io_q_auth("", &q_u, data, 0)) { + DEBUG(0,("api_net_auth: Failed to unmarshall NET_Q_AUTH.\n")); + return False; + } + + r_u.status = _net_auth(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_auth("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_auth: Failed to marshall NET_R_AUTH.\n")); + return False; + } + + return True; +} + +/************************************************************************* + api_net_auth_2: + *************************************************************************/ + +static BOOL api_net_auth_2(pipes_struct *p) +{ + NET_Q_AUTH_2 q_u; + NET_R_AUTH_2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the challenge... */ + if(!net_io_q_auth_2("", &q_u, data, 0)) { + DEBUG(0,("api_net_auth_2: Failed to unmarshall NET_Q_AUTH_2.\n")); + return False; + } + + r_u.status = _net_auth_2(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_auth_2("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_auth_2: Failed to marshall NET_R_AUTH_2.\n")); + return False; + } + + return True; +} + +/************************************************************************* + api_net_srv_pwset: + *************************************************************************/ + +static BOOL api_net_srv_pwset(pipes_struct *p) +{ + NET_Q_SRV_PWSET q_u; + NET_R_SRV_PWSET r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the challenge and encrypted password ... */ + if(!net_io_q_srv_pwset("", &q_u, data, 0)) { + DEBUG(0,("api_net_srv_pwset: Failed to unmarshall NET_Q_SRV_PWSET.\n")); + return False; + } + + r_u.status = _net_srv_pwset(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_srv_pwset("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_srv_pwset: Failed to marshall NET_R_SRV_PWSET.\n")); + return False; + } + + return True; +} + +/************************************************************************* + api_net_sam_logoff: + *************************************************************************/ + +static BOOL api_net_sam_logoff(pipes_struct *p) +{ + NET_Q_SAM_LOGOFF q_u; + NET_R_SAM_LOGOFF r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!net_io_q_sam_logoff("", &q_u, data, 0)) { + DEBUG(0,("api_net_sam_logoff: Failed to unmarshall NET_Q_SAM_LOGOFF.\n")); + return False; + } + + r_u.status = _net_sam_logoff(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_sam_logoff("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_sam_logoff: Failed to marshall NET_R_SAM_LOGOFF.\n")); + return False; + } + + return True; +} + +/************************************************************************* + api_net_sam_logon: + *************************************************************************/ + +static BOOL api_net_sam_logon(pipes_struct *p) +{ + NET_Q_SAM_LOGON q_u; + NET_R_SAM_LOGON r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!net_io_q_sam_logon("", &q_u, data, 0)) { + DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n")); + return False; + } + + r_u.status = _net_sam_logon(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_sam_logon("", &r_u, rdata, 0)) { + DEBUG(0,("api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n")); + return False; + } + + return True; +} + +/************************************************************************* + api_net_trust_dom_list: + *************************************************************************/ + +static BOOL api_net_trust_dom_list(pipes_struct *p) +{ + NET_Q_TRUST_DOM_LIST q_u; + NET_R_TRUST_DOM_LIST r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__)); + + /* grab the lsa trusted domain list query... */ + if(!net_io_q_trust_dom("", &q_u, data, 0)) { + DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n")); + return False; + } + + /* construct reply. */ + r_u.status = _net_trust_dom_list(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!net_io_r_trust_dom("", &r_u, rdata, 0)) { + DEBUG(0,("net_reply_trust_dom_list: Failed to marshall NET_R_TRUST_DOM_LIST.\n")); + return False; + } + + DEBUG(6,("api_net_trust_dom_list: %d\n", __LINE__)); + + return True; +} + +/************************************************************************* + api_net_logon_ctrl2: + *************************************************************************/ + +static BOOL api_net_logon_ctrl2(pipes_struct *p) +{ + NET_Q_LOGON_CTRL2 q_u; + NET_R_LOGON_CTRL2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); + + /* grab the lsa netlogon ctrl2 query... */ + if(!net_io_q_logon_ctrl2("", &q_u, data, 0)) { + DEBUG(0,("api_net_logon_ctrl2: Failed to unmarshall NET_Q_LOGON_CTRL2.\n")); + return False; + } + + r_u.status = _net_logon_ctrl2(p, &q_u, &r_u); + + if(!net_io_r_logon_ctrl2("", &r_u, rdata, 0)) { + DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n")); + return False; + } + + DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); + + return True; +} + +/************************************************************************* + api_net_logon_ctrl: + *************************************************************************/ + +static BOOL api_net_logon_ctrl(pipes_struct *p) +{ + NET_Q_LOGON_CTRL q_u; + NET_R_LOGON_CTRL r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + DEBUG(6,("api_net_logon_ctrl: %d\n", __LINE__)); + + /* grab the lsa netlogon ctrl query... */ + if(!net_io_q_logon_ctrl("", &q_u, data, 0)) { + DEBUG(0,("api_net_logon_ctrl: Failed to unmarshall NET_Q_LOGON_CTRL.\n")); + return False; + } + + r_u.status = _net_logon_ctrl(p, &q_u, &r_u); + + if(!net_io_r_logon_ctrl("", &r_u, rdata, 0)) { + DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n")); + return False; + } + + DEBUG(6,("api_net_logon_ctrl2: %d\n", __LINE__)); + + return True; +} + +/******************************************************************* + array of \PIPE\NETLOGON operations + ********************************************************************/ + +#ifdef RPC_NETLOG_DYNAMIC +int init_module(void) +#else +int rpc_net_init(void) +#endif +{ + static struct api_struct api_net_cmds [] = + { + { "NET_REQCHAL" , NET_REQCHAL , api_net_req_chal }, + { "NET_AUTH" , NET_AUTH , api_net_auth }, + { "NET_AUTH2" , NET_AUTH2 , api_net_auth_2 }, + { "NET_SRVPWSET" , NET_SRVPWSET , api_net_srv_pwset }, + { "NET_SAMLOGON" , NET_SAMLOGON , api_net_sam_logon }, + { "NET_SAMLOGOFF" , NET_SAMLOGOFF , api_net_sam_logoff }, + { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 }, + { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list }, + { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl } + }; + + return rpc_pipe_register_commands("NETLOGON", "lsass", api_net_cmds, + sizeof(api_net_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_netlog_nt.c b/source4/rpc_server/srv_netlog_nt.c new file mode 100644 index 0000000000..daf3e2ae07 --- /dev/null +++ b/source4/rpc_server/srv_netlog_nt.c @@ -0,0 +1,743 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997. + * Copyright (C) Jeremy Allison 1998-2001. + * Copyirht (C) Andrew Bartlett 2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the implementation of the netlogon pipe. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/************************************************************************* + init_net_r_req_chal: + *************************************************************************/ + +static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c, + DOM_CHAL *srv_chal, NTSTATUS status) +{ + DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__)); + memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data)); + r_c->status = status; +} + +/************************************************************************* + error messages cropping up when using nltest.exe... + *************************************************************************/ + +#define ERROR_NO_SUCH_DOMAIN 0x54b +#define ERROR_NO_LOGON_SERVERS 0x51f + +/************************************************************************* + net_reply_logon_ctrl: + *************************************************************************/ + +/* Some flag values reverse engineered from NLTEST.EXE */ + +#define LOGON_CTRL_IN_SYNC 0x00 +#define LOGON_CTRL_REPL_NEEDED 0x01 +#define LOGON_CTRL_REPL_IN_PROGRESS 0x02 + +NTSTATUS _net_logon_ctrl(pipes_struct *p, NET_Q_LOGON_CTRL *q_u, + NET_R_LOGON_CTRL *r_u) +{ + uint32 flags = 0x0; + uint32 pdc_connection_status = 0x00; /* Maybe a win32 error code? */ + + /* Setup the Logon Control response */ + + init_net_r_logon_ctrl(r_u, q_u->query_level, flags, + pdc_connection_status); + + return r_u->status; +} + +/**************************************************************************** +Send a message to smbd to do a sam synchronisation +**************************************************************************/ +static void send_sync_message(void) +{ + TDB_CONTEXT *tdb; + + tdb = tdb_open_log(lock_path("connections.tdb"), 0, + TDB_DEFAULT, O_RDONLY, 0); + + if (!tdb) { + DEBUG(3, ("send_sync_message(): failed to open connections " + "database\n")); + return; + } + + DEBUG(3, ("sending sam synchronisation message\n")); + + message_send_all(tdb, MSG_SMB_SAM_SYNC, NULL, 0, False, NULL); + + tdb_close(tdb); +} + +/************************************************************************* + net_reply_logon_ctrl2: + *************************************************************************/ + +NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTRL2 *r_u) +{ + uint32 flags = 0x0; + uint32 pdc_connection_status = 0x0; + uint32 logon_attempts = 0x0; + uint32 tc_status = ERROR_NO_LOGON_SERVERS; + const char *trusted_domain = "test_domain"; + + DEBUG(0, ("*** net long ctrl2 %d, %d, %d\n", + q_u->function_code, q_u->query_level, q_u->switch_value)); + + DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__)); + + + /* set up the Logon Control2 response */ + init_net_r_logon_ctrl2(r_u, q_u->query_level, + flags, pdc_connection_status, logon_attempts, + tc_status, trusted_domain); + + if (lp_server_role() == ROLE_DOMAIN_BDC) + send_sync_message(); + + DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__)); + + return r_u->status; +} + +/************************************************************************* + net_reply_trust_dom_list: + *************************************************************************/ + +NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_TRUST_DOM_LIST *r_u) +{ + const char *trusted_domain = "test_domain"; + uint32 num_trust_domains = 1; + + DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__)); + + /* set up the Trusted Domain List response */ + init_r_trust_dom(r_u, num_trust_domains, trusted_domain); + + DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__)); + + return r_u->status; +} + +/*********************************************************************************** + init_net_r_srv_pwset: + ***********************************************************************************/ + +static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s, + DOM_CRED *srv_cred, NTSTATUS status) +{ + DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__)); + + memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred)); + r_s->status = status; + + DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__)); +} + +/****************************************************************** + gets a machine password entry. checks access rights of the host. + ******************************************************************/ + +static BOOL get_md4pw(char *md4pw, char *mach_acct) +{ + SAM_ACCOUNT *sampass = NULL; + const uint8 *pass; + BOOL ret; + uint32 acct_ctrl; + +#if 0 + /* + * Currently this code is redundent as we already have a filter + * by hostname list. What this code really needs to do is to + * get a hosts allowed/hosts denied list from the SAM database + * on a per user basis, and make the access decision there. + * I will leave this code here for now as a reminder to implement + * this at a later date. JRA. + */ + + if (!allow_access(lp_domain_hostsdeny(), lp_domain_hostsallow(), + client_name(), client_addr())) + { + DEBUG(0,("get_md4pw: Workstation %s denied access to domain\n", mach_acct)); + return False; + } +#endif /* 0 */ + + if(!NT_STATUS_IS_OK(pdb_init_sam(&sampass))) + return False; + + /* JRA. This is ok as it is only used for generating the challenge. */ + become_root(); + ret=pdb_getsampwnam(sampass, mach_acct); + unbecome_root(); + + if (ret==False) { + DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); + pdb_free_sam(&sampass); + return False; + } + + acct_ctrl = pdb_get_acct_ctrl(sampass); + if (!(acct_ctrl & ACB_DISABLED) && + ((acct_ctrl & ACB_DOMTRUST) || + (acct_ctrl & ACB_WSTRUST) || + (acct_ctrl & ACB_SVRTRUST)) && + ((pass=pdb_get_nt_passwd(sampass)) != NULL)) { + memcpy(md4pw, pass, 16); + dump_data(5, md4pw, 16); + pdb_free_sam(&sampass); + return True; + } + + DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct)); + pdb_free_sam(&sampass); + return False; + +} + +/************************************************************************* + _net_req_chal + *************************************************************************/ + +NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + + rpcstr_pull(p->dc.remote_machine,q_u->uni_logon_clnt.buffer,sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0); + + /* create a server challenge for the client */ + /* Set these to random values. */ + generate_random_buffer(p->dc.srv_chal.data, 8, False); + + memcpy(p->dc.srv_cred.challenge.data, p->dc.srv_chal.data, 8); + + memcpy(p->dc.clnt_chal.data , q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data)); + memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data)); + + memset((char *)p->dc.sess_key, '\0', sizeof(p->dc.sess_key)); + + p->dc.challenge_sent = True; + /* set up the LSA REQUEST CHALLENGE response */ + init_net_r_req_chal(r_u, &p->dc.srv_chal, status); + + return status; +} + +/************************************************************************* + init_net_r_auth: + *************************************************************************/ + +static void init_net_r_auth(NET_R_AUTH *r_a, DOM_CHAL *resp_cred, NTSTATUS status) +{ + memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data)); + r_a->status = status; +} + +/************************************************************************* + _net_auth + *************************************************************************/ + +NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + DOM_CHAL srv_cred; + UTIME srv_time; + fstring mach_acct; + + srv_time.time = 0; + + rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),q_u->clnt_id.uni_acct_name.uni_str_len*2,0); + + if (p->dc.challenge_sent && get_md4pw((char *)p->dc.md4pw, mach_acct)) { + + /* from client / server challenges and md4 password, generate sess key */ + cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal, + p->dc.md4pw, p->dc.sess_key); + + /* check that the client credentials are valid */ + if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) { + + /* create server challenge for inclusion in the reply */ + cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred); + + /* copy the received client credentials for use next time */ + memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data)); + memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data)); + + /* Save the machine account name. */ + fstrcpy(p->dc.mach_acct, mach_acct); + + p->dc.authenticated = True; + + } else { + status = NT_STATUS_ACCESS_DENIED; + } + } else { + status = NT_STATUS_ACCESS_DENIED; + } + + /* set up the LSA AUTH response */ + init_net_r_auth(r_u, &srv_cred, status); + + return r_u->status; +} + +/************************************************************************* + init_net_r_auth_2: + *************************************************************************/ + +static void init_net_r_auth_2(NET_R_AUTH_2 *r_a, + DOM_CHAL *resp_cred, NEG_FLAGS *flgs, NTSTATUS status) +{ + memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data)); + memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs)); + r_a->status = status; +} + +/************************************************************************* + _net_auth_2 + *************************************************************************/ + +NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + DOM_CHAL srv_cred; + UTIME srv_time; + NEG_FLAGS srv_flgs; + fstring mach_acct; + + srv_time.time = 0; + + rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),q_u->clnt_id.uni_acct_name.uni_str_len*2,0); + + if (p->dc.challenge_sent && get_md4pw((char *)p->dc.md4pw, mach_acct)) { + + /* from client / server challenges and md4 password, generate sess key */ + cred_session_key(&p->dc.clnt_chal, &p->dc.srv_chal, + p->dc.md4pw, p->dc.sess_key); + + /* check that the client credentials are valid */ + if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) { + + /* create server challenge for inclusion in the reply */ + cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred); + + /* copy the received client credentials for use next time */ + memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data)); + memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data)); + + /* Save the machine account name. */ + fstrcpy(p->dc.mach_acct, mach_acct); + + p->dc.authenticated = True; + + } else { + status = NT_STATUS_ACCESS_DENIED; + } + } else { + status = NT_STATUS_ACCESS_DENIED; + } + + srv_flgs.neg_flags = 0x000001ff; + + /* set up the LSA AUTH 2 response */ + init_net_r_auth_2(r_u, &srv_cred, &srv_flgs, status); + + return r_u->status; +} + +/************************************************************************* + _net_srv_pwset + *************************************************************************/ + +NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u) +{ + NTSTATUS status = NT_STATUS_ACCESS_DENIED; + DOM_CRED srv_cred; + pstring workstation; + SAM_ACCOUNT *sampass=NULL; + BOOL ret = False; + unsigned char pwd[16]; + int i; + uint32 acct_ctrl; + + /* checks and updates credentials. creates reply credentials */ + if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->clnt_id.cred, &srv_cred))) + return NT_STATUS_INVALID_HANDLE; + + memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); + + DEBUG(5,("_net_srv_pwset: %d\n", __LINE__)); + + rpcstr_pull(workstation,q_u->clnt_id.login.uni_comp_name.buffer, + sizeof(workstation),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0); + + DEBUG(3,("Server Password Set by Wksta:[%s] on account [%s]\n", workstation, p->dc.mach_acct)); + + pdb_init_sam(&sampass); + + become_root(); + ret=pdb_getsampwnam(sampass, p->dc.mach_acct); + unbecome_root(); + + /* Ensure the account exists and is a machine account. */ + + acct_ctrl = pdb_get_acct_ctrl(sampass); + + if (!(ret + && (acct_ctrl & ACB_WSTRUST || + acct_ctrl & ACB_SVRTRUST || + acct_ctrl & ACB_DOMTRUST))) { + pdb_free_sam(&sampass); + return NT_STATUS_NO_SUCH_USER; + } + + if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { + pdb_free_sam(&sampass); + return NT_STATUS_ACCOUNT_DISABLED; + } + + DEBUG(100,("Server password set : new given value was :\n")); + for(i = 0; i < 16; i++) + DEBUG(100,("%02X ", q_u->pwd[i])); + DEBUG(100,("\n")); + + cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0); + + /* lies! nt and lm passwords are _not_ the same: don't care */ + if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) { + pdb_free_sam(&sampass); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_nt_passwd (sampass, pwd, PDB_CHANGED)) { + pdb_free_sam(&sampass); + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_set_pass_changed_now (sampass)) { + pdb_free_sam(&sampass); + /* Not quite sure what this one qualifies as, but this will do */ + return NT_STATUS_UNSUCCESSFUL; + } + + become_root(); + ret = pdb_update_sam_account (sampass); + unbecome_root(); + + if (ret) + status = NT_STATUS_OK; + + /* set up the LSA Server Password Set response */ + init_net_r_srv_pwset(r_u, &srv_cred, status); + + pdb_free_sam(&sampass); + return r_u->status; +} + + +/************************************************************************* + _net_sam_logoff: + *************************************************************************/ + +NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u) +{ + DOM_CRED srv_cred; + + if (!get_valid_user_struct(p->vuid)) + return NT_STATUS_NO_SUCH_USER; + + /* checks and updates credentials. creates reply credentials */ + if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, + &q_u->sam_id.client.cred, &srv_cred))) + return NT_STATUS_INVALID_HANDLE; + + memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); + + /* XXXX maybe we want to say 'no', reject the client's credentials */ + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); + + r_u->status = NT_STATUS_OK; + + return r_u->status; +} + + +/************************************************************************* + _net_sam_logon + *************************************************************************/ + +NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + NET_USER_INFO_3 *usr_info = NULL; + NET_ID_INFO_CTR *ctr = q_u->sam_id.ctr; + DOM_CRED srv_cred; + UNISTR2 *uni_samlogon_user = NULL; + UNISTR2 *uni_samlogon_domain = NULL; + UNISTR2 *uni_samlogon_workstation = NULL; + fstring nt_username, nt_domain, nt_workstation; + auth_usersupplied_info *user_info = NULL; + auth_serversupplied_info *server_info = NULL; + extern userdom_struct current_user_info; + SAM_ACCOUNT *sampw; + + usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3)); + if (!usr_info) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(usr_info); + + /* store the user information, if there is any. */ + r_u->user = usr_info; + r_u->switch_value = 0; /* indicates no info */ + r_u->auth_resp = 1; /* authoritative response */ + r_u->switch_value = 3; /* indicates type of validation user info */ + + if (!get_valid_user_struct(p->vuid)) + return NT_STATUS_NO_SUCH_USER; + + /* checks and updates credentials. creates reply credentials */ + if (!(p->dc.authenticated && deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))) + return NT_STATUS_INVALID_HANDLE; + + memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred)); + + r_u->buffer_creds = 1; /* yes, we have valid server credentials */ + memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds)); + + /* find the username */ + + switch (q_u->sam_id.logon_level) { + case INTERACTIVE_LOGON_TYPE: + uni_samlogon_user = &ctr->auth.id1.uni_user_name; + uni_samlogon_domain = &ctr->auth.id1.uni_domain_name; + + uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name; + + DEBUG(3,("SAM Logon (Interactive). Domain:[%s]. ", lp_workgroup())); + break; + case NET_LOGON_TYPE: + uni_samlogon_user = &ctr->auth.id2.uni_user_name; + uni_samlogon_domain = &ctr->auth.id2.uni_domain_name; + uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name; + + DEBUG(3,("SAM Logon (Network). Domain:[%s]. ", lp_workgroup())); + break; + default: + DEBUG(2,("SAM Logon: unsupported switch value\n")); + return NT_STATUS_INVALID_INFO_CLASS; + } /* end switch */ + + /* check username exists */ + + rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0); + rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0); + rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0); + + DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, + nt_workstation, nt_domain)); + + fstrcpy(current_user_info.smb_name, nt_username); + sub_set_smb_name(nt_username); + + /* + * Convert to a UNIX username. + */ + + DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username)); + + switch (ctr->switch_value) { + case NET_LOGON_TYPE: + { + struct auth_context *auth_context = NULL; + if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) { + return status; + } + + /* Standard challenge/response authenticaion */ + if (!make_user_info_netlogon_network(&user_info, + nt_username, nt_domain, + nt_workstation, + ctr->auth.id2.lm_chal_resp.buffer, + ctr->auth.id2.lm_chal_resp.str_str_len, + ctr->auth.id2.nt_chal_resp.buffer, + ctr->auth.id2.nt_chal_resp.str_str_len)) { + status = NT_STATUS_NO_MEMORY; + } else { + status = auth_context->check_ntlm_password(auth_context, user_info, &server_info); + } + (auth_context->free)(&auth_context); + + break; + } + case INTERACTIVE_LOGON_TYPE: + /* 'Interactive' autheticaion, supplies the password in its + MD4 form, encrypted with the session key. We will + convert this to chellange/responce for the auth + subsystem to chew on */ + { + struct auth_context *auth_context = NULL; + const uint8 *chal; + if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) { + return status; + } + + chal = auth_context->get_ntlm_challenge(auth_context); + + if (!make_user_info_netlogon_interactive(&user_info, + nt_username, nt_domain, + nt_workstation, chal, + ctr->auth.id1.lm_owf.data, + ctr->auth.id1.nt_owf.data, + p->dc.sess_key)) { + status = NT_STATUS_NO_MEMORY; + } else { + status = auth_context->check_ntlm_password(auth_context, user_info, &server_info); + } + + (auth_context->free)(&auth_context); + + break; + } + default: + DEBUG(2,("SAM Logon: unsupported switch value\n")); + return NT_STATUS_INVALID_INFO_CLASS; + } /* end switch */ + + free_user_info(&user_info); + + DEBUG(5, ("_net_sam_logon: check_password returned status %s\n", + nt_errstr(status))); + + /* Check account and password */ + + if (!NT_STATUS_IS_OK(status)) { + free_server_info(&server_info); + return status; + } + + if (server_info->guest) { + /* We don't like guest domain logons... */ + DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n")); + free_server_info(&server_info); + return NT_STATUS_LOGON_FAILURE; + } + + /* This is the point at which, if the login was successful, that + the SAM Local Security Authority should record that the user is + logged in to the domain. */ + + { + DOM_GID *gids = NULL; + const DOM_SID *user_sid = NULL; + const DOM_SID *group_sid = NULL; + DOM_SID domain_sid; + uint32 user_rid, group_rid; + + int num_gids = 0; + pstring my_name; + fstring user_sid_string; + fstring group_sid_string; + uchar user_sess_key[16]; + uchar netlogon_sess_key[16]; + + sampw = server_info->sam_account; + + /* set up pointer indicating user/password failed to be found */ + usr_info->ptr_user_info = 0; + + user_sid = pdb_get_user_sid(sampw); + group_sid = pdb_get_group_sid(sampw); + + sid_copy(&domain_sid, user_sid); + sid_split_rid(&domain_sid, &user_rid); + + if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) { + DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid %s\n but group sid %s.\nThe conflicting domain portions are not supported for NETLOGON calls\n", + pdb_get_domain(sampw), pdb_get_username(sampw), + sid_to_string(user_sid_string, user_sid), + sid_to_string(group_sid_string, group_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + pstrcpy(my_name, lp_netbios_name()); + + if (!NT_STATUS_IS_OK(status + = nt_token_to_group_list(p->mem_ctx, + &domain_sid, + server_info->ptok, + &num_gids, + &gids))) { + return status; + } + + ZERO_STRUCT(netlogon_sess_key); + memcpy(netlogon_sess_key, p->dc.sess_key, 8); + memcpy(user_sess_key, server_info->session_key, sizeof(user_sess_key)); + SamOEMhash(user_sess_key, netlogon_sess_key, 16); + ZERO_STRUCT(netlogon_sess_key); + + init_net_user_info3(p->mem_ctx, usr_info, + user_rid, + group_rid, + + pdb_get_username(sampw), + pdb_get_fullname(sampw), + pdb_get_homedir(sampw), + pdb_get_dir_drive(sampw), + pdb_get_logon_script(sampw), + pdb_get_profile_path(sampw), + pdb_get_logon_time(sampw), + get_time_t_max(), + get_time_t_max(), + pdb_get_pass_last_set_time(sampw), + pdb_get_pass_can_change_time(sampw), + pdb_get_pass_must_change_time(sampw), + + 0, /* logon_count */ + 0, /* bad_pw_count */ + num_gids, /* uint32 num_groups */ + gids , /* DOM_GID *gids */ + 0x20 , /* uint32 user_flgs (?) */ + user_sess_key, + my_name , /* char *logon_srv */ + pdb_get_domain(sampw), + &domain_sid, /* DOM_SID *dom_sid */ + /* Should be users domain sid, not servers - for trusted domains */ + + NULL); /* char *other_sids */ + ZERO_STRUCT(user_sess_key); + } + free_server_info(&server_info); + return status; +} + + diff --git a/source4/rpc_server/srv_pipe.c b/source4/rpc_server/srv_pipe.c new file mode 100644 index 0000000000..f6deac68f8 --- /dev/null +++ b/source4/rpc_server/srv_pipe.c @@ -0,0 +1,1386 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1998 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998, + * Copyright (C) Jeremy Allison 1999, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* this module apparently provides an implementation of DCE/RPC over a + * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC + * documentation are available (in on-line form) from the X-Open group. + * + * this module should provide a level of abstraction between SMB + * and DCE/RPC, while minimising the amount of mallocs, unnecessary + * data copies, and network traffic. + * + * in this version, which takes a "let's learn what's going on and + * get something running" approach, there is additional network + * traffic generated, but the code should be easier to understand... + * + * ... if you read the docs. or stare at packets for weeks on end. + * + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +static void NTLMSSPcalc_p( pipes_struct *p, unsigned char *data, int len) +{ + unsigned char *hash = p->ntlmssp_hash; + unsigned char index_i = hash[256]; + unsigned char index_j = hash[257]; + int ind; + + for( ind = 0; ind < len; ind++) { + unsigned char tc; + unsigned char t; + + index_i++; + index_j += hash[index_i]; + + tc = hash[index_i]; + hash[index_i] = hash[index_j]; + hash[index_j] = tc; + + t = hash[index_i] + hash[index_j]; + data[ind] = data[ind] ^ hash[t]; + } + + hash[256] = index_i; + hash[257] = index_j; +} + +/******************************************************************* + Generate the next PDU to be returned from the data in p->rdata. + We cheat here as this function doesn't handle the special auth + footers of the authenticated bind response reply. + ********************************************************************/ + +BOOL create_next_pdu(pipes_struct *p) +{ + RPC_HDR_RESP hdr_resp; + BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0); + BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0); + uint32 data_len; + uint32 data_space_available; + uint32 data_len_left; + prs_struct outgoing_pdu; + uint32 data_pos; + + /* + * If we're in the fault state, keep returning fault PDU's until + * the pipe gets closed. JRA. + */ + + if(p->fault_state) { + setup_fault_pdu(p, NT_STATUS(0x1c010002)); + return True; + } + + memset((char *)&hdr_resp, '\0', sizeof(hdr_resp)); + + /* Change the incoming request header to a response. */ + p->hdr.pkt_type = RPC_RESPONSE; + + /* Set up rpc header flags. */ + if (p->out_data.data_sent_length == 0) + p->hdr.flags = RPC_FLG_FIRST; + else + p->hdr.flags = 0; + + /* + * Work out how much we can fit in a single PDU. + */ + + data_space_available = sizeof(p->out_data.current_pdu) - RPC_HEADER_LEN - RPC_HDR_RESP_LEN; + if(p->ntlmssp_auth_validated) + data_space_available -= (RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN); + + /* + * The amount we send is the minimum of the available + * space and the amount left to send. + */ + + data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length; + + /* + * Ensure there really is data left to send. + */ + + if(!data_len_left) { + DEBUG(0,("create_next_pdu: no data left to send !\n")); + return False; + } + + data_len = MIN(data_len_left, data_space_available); + + /* + * Set up the alloc hint. This should be the data left to + * send. + */ + + hdr_resp.alloc_hint = data_len_left; + + /* + * Set up the header lengths. + */ + + if (p->ntlmssp_auth_validated) { + p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len + + RPC_HDR_AUTH_LEN + RPC_AUTH_NTLMSSP_CHK_LEN; + p->hdr.auth_len = RPC_AUTH_NTLMSSP_CHK_LEN; + } else { + p->hdr.frag_len = RPC_HEADER_LEN + RPC_HDR_RESP_LEN + data_len; + p->hdr.auth_len = 0; + } + + /* + * Work out if this PDU will be the last. + */ + + if(p->out_data.data_sent_length + data_len >= prs_offset(&p->out_data.rdata)) + p->hdr.flags |= RPC_FLG_LAST; + + /* + * Init the parse struct to point at the outgoing + * data. + */ + + prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL); + prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); + + /* Store the header in the data stream. */ + if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) { + DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n")); + prs_mem_free(&outgoing_pdu); + return False; + } + + if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) { + DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n")); + prs_mem_free(&outgoing_pdu); + return False; + } + + /* Store the current offset. */ + data_pos = prs_offset(&outgoing_pdu); + + /* Copy the data into the PDU. */ + + if(!prs_append_some_prs_data(&outgoing_pdu, &p->out_data.rdata, p->out_data.data_sent_length, data_len)) { + DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len)); + prs_mem_free(&outgoing_pdu); + return False; + } + + if (p->hdr.auth_len > 0) { + uint32 crc32 = 0; + char *data; + + DEBUG(5,("create_next_pdu: sign: %s seal: %s data %d auth %d\n", + BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, p->hdr.auth_len)); + + /* + * Set data to point to where we copied the data into. + */ + + data = prs_data_p(&outgoing_pdu) + data_pos; + + if (auth_seal) { + crc32 = crc32_calc_buffer(data, data_len); + NTLMSSPcalc_p(p, (uchar*)data, data_len); + } + + if (auth_seal || auth_verify) { + RPC_HDR_AUTH auth_info; + + init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, + (auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0)); + if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) { + DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n")); + prs_mem_free(&outgoing_pdu); + return False; + } + } + + if (auth_verify) { + RPC_AUTH_NTLMSSP_CHK ntlmssp_chk; + char *auth_data = prs_data_p(&outgoing_pdu); + + p->ntlmssp_seq_num++; + init_rpc_auth_ntlmssp_chk(&ntlmssp_chk, NTLMSSP_SIGN_VERSION, + crc32, p->ntlmssp_seq_num++); + auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4; + if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) { + DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n")); + prs_mem_free(&outgoing_pdu); + return False; + } + NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4); + } + } + + /* + * Setup the counts for this PDU. + */ + + p->out_data.data_sent_length += data_len; + p->out_data.current_pdu_len = p->hdr.frag_len; + p->out_data.current_pdu_sent = 0; + + prs_mem_free(&outgoing_pdu); + return True; +} + +/******************************************************************* + Process an NTLMSSP authentication response. + If this function succeeds, the user has been authenticated + and their domain, name and calling workstation stored in + the pipe struct. + The initial challenge is stored in p->challenge. + *******************************************************************/ + +static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlmssp_resp) +{ + uchar lm_owf[24]; + uchar nt_owf[128]; + int nt_pw_len; + int lm_pw_len; + fstring user_name; + fstring domain; + fstring wks; + + NTSTATUS nt_status; + + struct auth_context *auth_context = NULL; + auth_usersupplied_info *user_info = NULL; + auth_serversupplied_info *server_info = NULL; + + DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n")); + + memset(p->user_name, '\0', sizeof(p->user_name)); + memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name)); + memset(p->domain, '\0', sizeof(p->domain)); + memset(p->wks, '\0', sizeof(p->wks)); + + /* Set up for non-authenticated user. */ + delete_nt_token(&p->pipe_user.nt_user_token); + p->pipe_user.ngroups = 0; + SAFE_FREE( p->pipe_user.groups); + + /* + * Setup an empty password for a guest user. + */ + + /* + * We always negotiate UNICODE. + */ + + if (p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_UNICODE) { + rpcstr_pull(user_name, ntlmssp_resp->user, sizeof(fstring), ntlmssp_resp->hdr_usr.str_str_len*2, 0 ); + rpcstr_pull(domain, ntlmssp_resp->domain, sizeof(fstring), ntlmssp_resp->hdr_domain.str_str_len*2, 0); + rpcstr_pull(wks, ntlmssp_resp->wks, sizeof(fstring), ntlmssp_resp->hdr_wks.str_str_len*2, 0); + } else { + pull_ascii_fstring(user_name, ntlmssp_resp->user); + pull_ascii_fstring(domain, ntlmssp_resp->domain); + pull_ascii_fstring(wks, ntlmssp_resp->wks); + } + + DEBUG(5,("user: %s domain: %s wks: %s\n", user_name, domain, wks)); + + nt_pw_len = MIN(sizeof(nt_owf), ntlmssp_resp->hdr_nt_resp.str_str_len); + lm_pw_len = MIN(sizeof(lm_owf), ntlmssp_resp->hdr_lm_resp.str_str_len); + + memcpy(lm_owf, ntlmssp_resp->lm_resp, sizeof(lm_owf)); + memcpy(nt_owf, ntlmssp_resp->nt_resp, nt_pw_len); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("lm, nt owfs, chal\n")); + dump_data(100, (char *)lm_owf, sizeof(lm_owf)); + dump_data(100, (char *)nt_owf, nt_pw_len); + dump_data(100, (char *)p->challenge, 8); +#endif + + /* + * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>. + */ + + if (*user_name) { + + /* + * Do the length checking only if user is not NULL. + */ + + if (ntlmssp_resp->hdr_lm_resp.str_str_len == 0) + return False; + if (ntlmssp_resp->hdr_nt_resp.str_str_len == 0) + return False; + if (ntlmssp_resp->hdr_usr.str_str_len == 0) + return False; + if (ntlmssp_resp->hdr_domain.str_str_len == 0) + return False; + if (ntlmssp_resp->hdr_wks.str_str_len == 0) + return False; + + } + + make_auth_context_fixed(&auth_context, (uchar*)p->challenge); + + if (!make_user_info_netlogon_network(&user_info, + user_name, domain, wks, + lm_owf, lm_pw_len, + nt_owf, nt_pw_len)) { + DEBUG(0,("make_user_info_netlogon_network failed! Failing authenticaion.\n")); + return False; + } + + nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info); + + (auth_context->free)(&auth_context); + free_user_info(&user_info); + + p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status); + + if (!p->ntlmssp_auth_validated) { + DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \ +failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); + free_server_info(&server_info); + return False; + } + + /* + * Set up the sign/seal data. + */ + + { + uchar p24[24]; + NTLMSSPOWFencrypt(server_info->first_8_lm_hash, lm_owf, p24); + { + unsigned char j = 0; + int ind; + + unsigned char k2[8]; + + memcpy(k2, p24, 5); + k2[5] = 0xe5; + k2[6] = 0x38; + k2[7] = 0xb0; + + for (ind = 0; ind < 256; ind++) + p->ntlmssp_hash[ind] = (unsigned char)ind; + + for( ind = 0; ind < 256; ind++) { + unsigned char tc; + + j += (p->ntlmssp_hash[ind] + k2[ind%8]); + + tc = p->ntlmssp_hash[ind]; + p->ntlmssp_hash[ind] = p->ntlmssp_hash[j]; + p->ntlmssp_hash[j] = tc; + } + + p->ntlmssp_hash[256] = 0; + p->ntlmssp_hash[257] = 0; + } +/* NTLMSSPhash(p->ntlmssp_hash, p24); */ + p->ntlmssp_seq_num = 0; + + } + + fstrcpy(p->user_name, user_name); + fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account)); + fstrcpy(p->domain, domain); + fstrcpy(p->wks, wks); + + /* + * Store the UNIX credential data (uid/gid pair) in the pipe structure. + */ + + if (!IS_SAM_UNIX_USER(server_info->sam_account)) { + DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n")); + free_server_info(&server_info); + return False; + } + + memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); + + p->pipe_user.uid = pdb_get_uid(server_info->sam_account); + p->pipe_user.gid = pdb_get_gid(server_info->sam_account); + + p->pipe_user.ngroups = server_info->n_groups; + if (p->pipe_user.ngroups) { + if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) { + DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); + free_server_info(&server_info); + return False; + } + } + + if (server_info->ptok) + p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok); + else { + DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); + p->pipe_user.nt_user_token = NULL; + free_server_info(&server_info); + return False; + } + + p->ntlmssp_auth_validated = True; + + free_server_info(&server_info); + return True; +} + +/******************************************************************* + The switch table for the pipe names and the functions to handle them. + *******************************************************************/ + +struct api_cmd +{ + const char *name; + int (*init)(void); +}; + +static struct api_cmd api_fd_commands[] = +{ +#ifndef RPC_LSA_DYNAMIC + { "lsarpc", rpc_lsa_init }, +#endif +#ifndef RPC_SAMR_DYNAMIC + { "samr", rpc_samr_init }, +#endif +#ifndef RPC_SVC_DYNAMIC + { "srvsvc", rpc_srv_init }, +#endif +#ifndef RPC_WKS_DYNAMIC + { "wkssvc", rpc_wks_init }, +#endif +#ifndef RPC_NETLOG_DYNAMIC + { "NETLOGON", rpc_net_init }, +#endif +#ifndef RPC_REG_DYNAMIC + { "winreg", rpc_reg_init }, +#endif +#ifndef RPC_SPOOLSS_DYNAMIC + { "spoolss", rpc_spoolss_init }, +#endif +#ifndef RPC_DFS_DYNAMIC + { "netdfs", rpc_dfs_init }, +#endif + { NULL, NULL } +}; + +struct rpc_table +{ + struct + { + const char *clnt; + const char *srv; + } pipe; + struct api_struct *cmds; + int n_cmds; +}; + +static struct rpc_table *rpc_lookup; +static int rpc_lookup_size; + +/******************************************************************* + This is the client reply to our challenge for an authenticated + bind request. The challenge we sent is in p->challenge. +*******************************************************************/ + +BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p) +{ + RPC_HDR_AUTHA autha_info; + RPC_AUTH_VERIFIER auth_verifier; + RPC_AUTH_NTLMSSP_RESP ntlmssp_resp; + + DEBUG(5,("api_pipe_bind_auth_resp: decode request. %d\n", __LINE__)); + + if (p->hdr.auth_len == 0) { + DEBUG(0,("api_pipe_bind_auth_resp: No auth field sent !\n")); + return False; + } + + /* + * Decode the authentication verifier response. + */ + + if(!smb_io_rpc_hdr_autha("", &autha_info, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_HDR_AUTHA failed.\n")); + return False; + } + + if (autha_info.auth_type != NTLMSSP_AUTH_TYPE || autha_info.auth_level != NTLMSSP_AUTH_LEVEL) { + DEBUG(0,("api_pipe_bind_auth_resp: incorrect auth type (%d) or level (%d).\n", + (int)autha_info.auth_type, (int)autha_info.auth_level )); + return False; + } + + if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_auth_resp: unmarshall of RPC_AUTH_VERIFIER failed.\n")); + return False; + } + + /* + * Ensure this is a NTLMSSP_AUTH packet type. + */ + + if (!rpc_auth_verifier_chk(&auth_verifier, "NTLMSSP", NTLMSSP_AUTH)) { + DEBUG(0,("api_pipe_bind_auth_resp: rpc_auth_verifier_chk failed.\n")); + return False; + } + + if(!smb_io_rpc_auth_ntlmssp_resp("", &ntlmssp_resp, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_auth_resp: Failed to unmarshall RPC_AUTH_NTLMSSP_RESP.\n")); + return False; + } + + /* + * The following call actually checks the challenge/response data. + * for correctness against the given DOMAIN\user name. + */ + + if (!api_pipe_ntlmssp_verify(p, &ntlmssp_resp)) + return False; + + p->pipe_bound = True +; + return True; +} + +/******************************************************************* + Marshall a bind_nak pdu. +*******************************************************************/ + +static BOOL setup_bind_nak(pipes_struct *p) +{ + prs_struct outgoing_rpc; + RPC_HDR nak_hdr; + uint16 zero = 0; + + /* Free any memory in the current return data buffer. */ + prs_mem_free(&p->out_data.rdata); + + /* + * Marshall directly into the outgoing PDU space. We + * must do this as we need to set to the bind response + * header and are never sending more than one PDU here. + */ + + prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL); + prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); + + + /* + * Initialize a bind_nak header. + */ + + init_rpc_hdr(&nak_hdr, RPC_BINDNACK, RPC_FLG_FIRST | RPC_FLG_LAST, + p->hdr.call_id, RPC_HEADER_LEN + sizeof(uint16), 0); + + /* + * Marshall the header into the outgoing PDU. + */ + + if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) { + DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n")); + prs_mem_free(&outgoing_rpc); + return False; + } + + /* + * Now add the reject reason. + */ + + if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) { + prs_mem_free(&outgoing_rpc); + return False; + } + + p->out_data.data_sent_length = 0; + p->out_data.current_pdu_len = prs_offset(&outgoing_rpc); + p->out_data.current_pdu_sent = 0; + + p->pipe_bound = False; + + return True; +} + +/******************************************************************* + Marshall a fault pdu. +*******************************************************************/ + +BOOL setup_fault_pdu(pipes_struct *p, NTSTATUS status) +{ + prs_struct outgoing_pdu; + RPC_HDR fault_hdr; + RPC_HDR_RESP hdr_resp; + RPC_HDR_FAULT fault_resp; + + /* Free any memory in the current return data buffer. */ + prs_mem_free(&p->out_data.rdata); + + /* + * Marshall directly into the outgoing PDU space. We + * must do this as we need to set to the bind response + * header and are never sending more than one PDU here. + */ + + prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL); + prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); + + /* + * Initialize a fault header. + */ + + init_rpc_hdr(&fault_hdr, RPC_FAULT, RPC_FLG_FIRST | RPC_FLG_LAST | RPC_FLG_NOCALL, + p->hdr.call_id, RPC_HEADER_LEN + RPC_HDR_RESP_LEN + RPC_HDR_FAULT_LEN, 0); + + /* + * Initialize the HDR_RESP and FAULT parts of the PDU. + */ + + memset((char *)&hdr_resp, '\0', sizeof(hdr_resp)); + + fault_resp.status = status; + fault_resp.reserved = 0; + + /* + * Marshall the header into the outgoing PDU. + */ + + if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) { + DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n")); + prs_mem_free(&outgoing_pdu); + return False; + } + + if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) { + DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n")); + prs_mem_free(&outgoing_pdu); + return False; + } + + if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) { + DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n")); + prs_mem_free(&outgoing_pdu); + return False; + } + + p->out_data.data_sent_length = 0; + p->out_data.current_pdu_len = prs_offset(&outgoing_pdu); + p->out_data.current_pdu_sent = 0; + + prs_mem_free(&outgoing_pdu); + return True; +} + +/******************************************************************* + Ensure a bind request has the correct abstract & transfer interface. + Used to reject unknown binds from Win2k. +*******************************************************************/ + +BOOL check_bind_req(char* pipe_name, RPC_IFACE* abstract, + RPC_IFACE* transfer) +{ + extern struct pipe_id_info pipe_names[]; + int i=0; + fstring pname; + fstrcpy(pname,"\\PIPE\\"); + fstrcat(pname,pipe_name); + + DEBUG(3,("check_bind_req for %s\n", pname)); + +#ifndef SUPPORT_NEW_LSARPC_UUID + + /* check for the first pipe matching the name */ + + for ( i=0; pipe_names[i].client_pipe; i++ ) { + if ( strequal(pipe_names[i].client_pipe, pname) ) + break; + } +#else + /* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */ + + for ( i=0; pipe_names[i].client_pipe; i++ ) + { + if ( strequal(pipe_names[i].client_pipe, pname) + && (abstract->version == pipe_names[i].abstr_syntax.version) + && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) == 0) + && (transfer->version == pipe_names[i].trans_syntax.version) + && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) == 0) ) + { + break; + } + } +#endif + + if(pipe_names[i].client_pipe == NULL) + return False; + +#ifndef SUPPORT_NEW_LSARPC_UUID + /* check the abstract interface */ + if ( (abstract->version != pipe_names[i].abstr_syntax.version) + || (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) != 0) ) + { + return False; + } + + /* check the transfer interface */ + if ( (transfer->version != pipe_names[i].trans_syntax.version) + || (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) != 0) ) + { + return False; + } +#endif + return True; +} + +/******************************************************************* + Register commands to an RPC pipe +*******************************************************************/ +int rpc_pipe_register_commands(const char *clnt, const char *srv, const struct api_struct *cmds, int size) +{ + struct rpc_table *rpc_entry; + + + /* We use a temporary variable because this call can fail and + rpc_lookup will still be valid afterwards. It could then succeed if + called again later */ + rpc_entry = realloc(rpc_lookup, + ++rpc_lookup_size*sizeof(struct rpc_table)); + if (NULL == rpc_entry) { + rpc_lookup_size--; + DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n")); + return 0; + } else { + rpc_lookup = rpc_entry; + } + + rpc_entry = rpc_lookup + (rpc_lookup_size - 1); + ZERO_STRUCTP(rpc_entry); + rpc_entry->pipe.clnt = strdup(clnt); + rpc_entry->pipe.srv = strdup(srv); + rpc_entry->cmds = realloc(rpc_entry->cmds, + (rpc_entry->n_cmds + size) * + sizeof(struct api_struct)); + memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds, + size * sizeof(struct api_struct)); + rpc_entry->n_cmds += size; + + return size; +} + +/******************************************************************* + Register commands to an RPC pipe +*******************************************************************/ +int rpc_load_module(const char *module) +{ + pstring full_path; + int status; + + pstrcpy(full_path, lib_path("rpc")); + pstrcat(full_path, "/librpc_"); + pstrcat(full_path, module); + pstrcat(full_path, "."); + pstrcat(full_path, shlib_ext()); + + if (!(status = smb_load_module(full_path))) { + DEBUG(0, ("Could not load requested pipe %s as %s\n", + module, full_path)); + } + + return status; +} + +/******************************************************************* + Respond to a pipe bind request. +*******************************************************************/ + +BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) +{ + RPC_HDR_BA hdr_ba; + RPC_HDR_RB hdr_rb; + RPC_HDR_AUTH auth_info; + uint16 assoc_gid; + fstring ack_pipe_name; + prs_struct out_hdr_ba; + prs_struct out_auth; + prs_struct outgoing_rpc; + int i = 0; + int auth_len = 0; + enum RPC_PKT_TYPE reply_pkt_type; + + p->ntlmssp_auth_requested = False; + + DEBUG(5,("api_pipe_bind_req: decode request. %d\n", __LINE__)); + + /* + * Try and find the correct pipe name to ensure + * that this is a pipe name we support. + */ + + + for (i = 0; i < rpc_lookup_size; i++) { + if (strequal(rpc_lookup[i].pipe.clnt, p->name)) { + DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n", + rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv)); + fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv); + break; + } + } + + if (i == rpc_lookup_size) { + for (i = 0; api_fd_commands[i].name; i++) { + if (strequal(api_fd_commands[i].name, p->name)) { + api_fd_commands[i].init(); + break; + } + } + + if (!api_fd_commands[i].name && !rpc_load_module(p->name)) { + DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n", + p->name )); + if(!setup_bind_nak(p)) + return False; + return True; + } + + for (i = 0; i < rpc_lookup_size; i++) { + if (strequal(rpc_lookup[i].pipe.clnt, p->name)) { + DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n", + rpc_lookup[i].pipe.clnt, rpc_lookup[i].pipe.srv)); + fstrcpy(p->pipe_srv_name, rpc_lookup[i].pipe.srv); + break; + } + } + } + + /* decode the bind request */ + if(!smb_io_rpc_hdr_rb("", &hdr_rb, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_RB struct.\n")); + return False; + } + + /* + * Check if this is an authenticated request. + */ + + if (p->hdr.auth_len != 0) { + RPC_AUTH_VERIFIER auth_verifier; + RPC_AUTH_NTLMSSP_NEG ntlmssp_neg; + + /* + * Decode the authentication verifier. + */ + + if(!smb_io_rpc_hdr_auth("", &auth_info, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n")); + return False; + } + + /* + * We only support NTLMSSP_AUTH_TYPE requests. + */ + + if(auth_info.auth_type != NTLMSSP_AUTH_TYPE) { + DEBUG(0,("api_pipe_bind_req: unknown auth type %x requested.\n", + auth_info.auth_type )); + return False; + } + + if(!smb_io_rpc_auth_verifier("", &auth_verifier, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_req: unable to unmarshall RPC_HDR_AUTH struct.\n")); + return False; + } + + if(!strequal(auth_verifier.signature, "NTLMSSP")) { + DEBUG(0,("api_pipe_bind_req: auth_verifier.signature != NTLMSSP\n")); + return False; + } + + if(auth_verifier.msg_type != NTLMSSP_NEGOTIATE) { + DEBUG(0,("api_pipe_bind_req: auth_verifier.msg_type (%d) != NTLMSSP_NEGOTIATE\n", + auth_verifier.msg_type)); + return False; + } + + if(!smb_io_rpc_auth_ntlmssp_neg("", &ntlmssp_neg, rpc_in_p, 0)) { + DEBUG(0,("api_pipe_bind_req: Failed to unmarshall RPC_AUTH_NTLMSSP_NEG.\n")); + return False; + } + + p->ntlmssp_chal_flags = SMBD_NTLMSSP_NEG_FLAGS; + p->ntlmssp_auth_requested = True; + } + + switch(p->hdr.pkt_type) { + case RPC_BIND: + /* name has to be \PIPE\xxxxx */ + fstrcpy(ack_pipe_name, "\\PIPE\\"); + fstrcat(ack_pipe_name, p->pipe_srv_name); + reply_pkt_type = RPC_BINDACK; + break; + case RPC_ALTCONT: + /* secondary address CAN be NULL + * as the specs say it's ignored. + * It MUST NULL to have the spoolss working. + */ + fstrcpy(ack_pipe_name,""); + reply_pkt_type = RPC_ALTCONTRESP; + break; + default: + return False; + } + + DEBUG(5,("api_pipe_bind_req: make response. %d\n", __LINE__)); + + /* + * Marshall directly into the outgoing PDU space. We + * must do this as we need to set to the bind response + * header and are never sending more than one PDU here. + */ + + prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL); + prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); + + /* + * Setup the memory to marshall the ba header, and the + * auth footers. + */ + + if(!prs_init(&out_hdr_ba, 1024, p->mem_ctx, MARSHALL)) { + DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n")); + prs_mem_free(&outgoing_rpc); + return False; + } + + if(!prs_init(&out_auth, 1024, p->mem_ctx, MARSHALL)) { + DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n")); + prs_mem_free(&outgoing_rpc); + prs_mem_free(&out_hdr_ba); + return False; + } + + if (p->ntlmssp_auth_requested) + assoc_gid = 0x7a77; + else + assoc_gid = hdr_rb.bba.assoc_gid ? hdr_rb.bba.assoc_gid : 0x53f0; + + /* + * Create the bind response struct. + */ + + /* If the requested abstract synt uuid doesn't match our client pipe, + reject the bind_ack & set the transfer interface synt to all 0's, + ver 0 (observed when NT5 attempts to bind to abstract interfaces + unknown to NT4) + Needed when adding entries to a DACL from NT5 - SK */ + + if(check_bind_req(p->name, &hdr_rb.abstract, &hdr_rb.transfer)) { + init_rpc_hdr_ba(&hdr_ba, + MAX_PDU_FRAG_LEN, + MAX_PDU_FRAG_LEN, + assoc_gid, + ack_pipe_name, + 0x1, 0x0, 0x0, + &hdr_rb.transfer); + } else { + RPC_IFACE null_interface; + ZERO_STRUCT(null_interface); + /* Rejection reason: abstract syntax not supported */ + init_rpc_hdr_ba(&hdr_ba, MAX_PDU_FRAG_LEN, + MAX_PDU_FRAG_LEN, assoc_gid, + ack_pipe_name, 0x1, 0x2, 0x1, + &null_interface); + } + + /* + * and marshall it. + */ + + if(!smb_io_rpc_hdr_ba("", &hdr_ba, &out_hdr_ba, 0)) { + DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_BA failed.\n")); + goto err_exit; + } + + /* + * Now the authentication. + */ + + if (p->ntlmssp_auth_requested) { + RPC_AUTH_VERIFIER auth_verifier; + RPC_AUTH_NTLMSSP_CHAL ntlmssp_chal; + + generate_random_buffer(p->challenge, 8, False); + + /*** Authentication info ***/ + + init_rpc_hdr_auth(&auth_info, NTLMSSP_AUTH_TYPE, NTLMSSP_AUTH_LEVEL, RPC_HDR_AUTH_LEN, 1); + if(!smb_io_rpc_hdr_auth("", &auth_info, &out_auth, 0)) { + DEBUG(0,("api_pipe_bind_req: marshalling of RPC_HDR_AUTH failed.\n")); + goto err_exit; + } + + /*** NTLMSSP verifier ***/ + + init_rpc_auth_verifier(&auth_verifier, "NTLMSSP", NTLMSSP_CHALLENGE); + if(!smb_io_rpc_auth_verifier("", &auth_verifier, &out_auth, 0)) { + DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_VERIFIER failed.\n")); + goto err_exit; + } + + /* NTLMSSP challenge ***/ + + init_rpc_auth_ntlmssp_chal(&ntlmssp_chal, p->ntlmssp_chal_flags, p->challenge); + if(!smb_io_rpc_auth_ntlmssp_chal("", &ntlmssp_chal, &out_auth, 0)) { + DEBUG(0,("api_pipe_bind_req: marshalling of RPC_AUTH_NTLMSSP_CHAL failed.\n")); + goto err_exit; + } + + /* Auth len in the rpc header doesn't include auth_header. */ + auth_len = prs_offset(&out_auth) - RPC_HDR_AUTH_LEN; + } + + /* + * Create the header, now we know the length. + */ + + init_rpc_hdr(&p->hdr, reply_pkt_type, RPC_FLG_FIRST | RPC_FLG_LAST, + p->hdr.call_id, + RPC_HEADER_LEN + prs_offset(&out_hdr_ba) + prs_offset(&out_auth), + auth_len); + + /* + * Marshall the header into the outgoing PDU. + */ + + if(!smb_io_rpc_hdr("", &p->hdr, &outgoing_rpc, 0)) { + DEBUG(0,("pi_pipe_bind_req: marshalling of RPC_HDR failed.\n")); + goto err_exit; + } + + /* + * Now add the RPC_HDR_BA and any auth needed. + */ + + if(!prs_append_prs_data( &outgoing_rpc, &out_hdr_ba)) { + DEBUG(0,("api_pipe_bind_req: append of RPC_HDR_BA failed.\n")); + goto err_exit; + } + + if(p->ntlmssp_auth_requested && !prs_append_prs_data( &outgoing_rpc, &out_auth)) { + DEBUG(0,("api_pipe_bind_req: append of auth info failed.\n")); + goto err_exit; + } + + if(!p->ntlmssp_auth_requested) + p->pipe_bound = True; + + /* + * Setup the lengths for the initial reply. + */ + + p->out_data.data_sent_length = 0; + p->out_data.current_pdu_len = prs_offset(&outgoing_rpc); + p->out_data.current_pdu_sent = 0; + + prs_mem_free(&out_hdr_ba); + prs_mem_free(&out_auth); + + return True; + + err_exit: + + prs_mem_free(&outgoing_rpc); + prs_mem_free(&out_hdr_ba); + prs_mem_free(&out_auth); + return False; +} + +/**************************************************************************** + Deal with sign & seal processing on an RPC request. +****************************************************************************/ + +BOOL api_pipe_auth_process(pipes_struct *p, prs_struct *rpc_in) +{ + /* + * We always negotiate the following two bits.... + */ + BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0); + BOOL auth_seal = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL) != 0); + int data_len; + int auth_len; + uint32 old_offset; + uint32 crc32 = 0; + + auth_len = p->hdr.auth_len; + + if ((auth_len != RPC_AUTH_NTLMSSP_CHK_LEN) && auth_verify) { + DEBUG(0,("api_pipe_auth_process: Incorrect auth_len %d.\n", auth_len )); + return False; + } + + /* + * The following is that length of the data we must verify or unseal. + * This doesn't include the RPC headers or the auth_len or the RPC_HDR_AUTH_LEN + * preceeding the auth_data. + */ + + data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - + (auth_verify ? RPC_HDR_AUTH_LEN : 0) - auth_len; + + DEBUG(5,("api_pipe_auth_process: sign: %s seal: %s data %d auth %d\n", + BOOLSTR(auth_verify), BOOLSTR(auth_seal), data_len, auth_len)); + + if (auth_seal) { + /* + * The data in rpc_in doesn't contain the RPC_HEADER as this + * has already been consumed. + */ + char *data = prs_data_p(rpc_in) + RPC_HDR_REQ_LEN; + NTLMSSPcalc_p(p, (uchar*)data, data_len); + crc32 = crc32_calc_buffer(data, data_len); + } + + old_offset = prs_offset(rpc_in); + + if (auth_seal || auth_verify) { + RPC_HDR_AUTH auth_info; + + if(!prs_set_offset(rpc_in, old_offset + data_len)) { + DEBUG(0,("api_pipe_auth_process: cannot move offset to %u.\n", + (unsigned int)old_offset + data_len )); + return False; + } + + if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, rpc_in, 0)) { + DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_HDR_AUTH.\n")); + return False; + } + } + + if (auth_verify) { + RPC_AUTH_NTLMSSP_CHK ntlmssp_chk; + char *req_data = prs_data_p(rpc_in) + prs_offset(rpc_in) + 4; + + DEBUG(5,("api_pipe_auth_process: auth %d\n", prs_offset(rpc_in) + 4)); + + /* + * Ensure we have RPC_AUTH_NTLMSSP_CHK_LEN - 4 more bytes in the + * incoming buffer. + */ + if(prs_mem_get(rpc_in, RPC_AUTH_NTLMSSP_CHK_LEN - 4) == NULL) { + DEBUG(0,("api_pipe_auth_process: missing %d bytes in buffer.\n", + RPC_AUTH_NTLMSSP_CHK_LEN - 4 )); + return False; + } + + NTLMSSPcalc_p(p, (uchar*)req_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4); + if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, rpc_in, 0)) { + DEBUG(0,("api_pipe_auth_process: failed to unmarshall RPC_AUTH_NTLMSSP_CHK.\n")); + return False; + } + + if (!rpc_auth_ntlmssp_chk(&ntlmssp_chk, crc32, p->ntlmssp_seq_num)) { + DEBUG(0,("api_pipe_auth_process: NTLMSSP check failed.\n")); + return False; + } + } + + /* + * Return the current pointer to the data offset. + */ + + if(!prs_set_offset(rpc_in, old_offset)) { + DEBUG(0,("api_pipe_auth_process: failed to set offset back to %u\n", + (unsigned int)old_offset )); + return False; + } + + return True; +} + +/**************************************************************************** + Return a user struct for a pipe user. +****************************************************************************/ + +struct current_user *get_current_user(struct current_user *user, pipes_struct *p) +{ + if (p->ntlmssp_auth_validated) { + memcpy(user, &p->pipe_user, sizeof(struct current_user)); + } else { + extern struct current_user current_user; + memcpy(user, ¤t_user, sizeof(struct current_user)); + } + + return user; +} + +/**************************************************************************** + Find the correct RPC function to call for this request. + If the pipe is authenticated then become the correct UNIX user + before doing the call. +****************************************************************************/ + +BOOL api_pipe_request(pipes_struct *p) +{ + int i = 0; + BOOL ret = False; + + if (p->ntlmssp_auth_validated) { + + if(!become_authenticated_pipe_user(p)) { + prs_mem_free(&p->out_data.rdata); + return False; + } + } + + DEBUG(5, ("Requested \\PIPE\\%s\n", p->name)); + + for (i = 0; i < rpc_lookup_size; i++) { + if (strequal(rpc_lookup[i].pipe.clnt, p->name)) { + DEBUG(3,("Doing \\PIPE\\%s\n", + rpc_lookup[i].pipe.clnt)); + set_current_rpc_talloc(p->mem_ctx); + ret = api_rpcTNP(p, rpc_lookup[i].pipe.clnt, + rpc_lookup[i].cmds, + rpc_lookup[i].n_cmds); + set_current_rpc_talloc(NULL); + break; + } + } + + + if (i == rpc_lookup_size) { + for (i = 0; api_fd_commands[i].name; i++) { + if (strequal(api_fd_commands[i].name, p->name)) { + api_fd_commands[i].init(); + break; + } + } + + if (!api_fd_commands[i].name) { + rpc_load_module(p->name); + } + + for (i = 0; i < rpc_lookup_size; i++) { + if (strequal(rpc_lookup[i].pipe.clnt, p->name)) { + DEBUG(3,("Doing \\PIPE\\%s\n", + rpc_lookup[i].pipe.clnt)); + set_current_rpc_talloc(p->mem_ctx); + ret = api_rpcTNP(p, rpc_lookup[i].pipe.clnt, + rpc_lookup[i].cmds, + rpc_lookup[i].n_cmds); + set_current_rpc_talloc(NULL); + break; + } + } + } + + if(p->ntlmssp_auth_validated) + unbecome_authenticated_pipe_user(); + + return ret; +} + +/******************************************************************* + Calls the underlying RPC function for a named pipe. + ********************************************************************/ + +BOOL api_rpcTNP(pipes_struct *p, const char *rpc_name, + const struct api_struct *api_rpc_cmds, int n_cmds) +{ + int fn_num; + fstring name; + uint32 offset1, offset2; + + /* interpret the command */ + DEBUG(4,("api_rpcTNP: %s op 0x%x - ", rpc_name, p->hdr_req.opnum)); + + slprintf(name, sizeof(name)-1, "in_%s", rpc_name); + prs_dump(name, p->hdr_req.opnum, &p->in_data.data); + + for (fn_num = 0; fn_num < n_cmds; fn_num++) { + if (api_rpc_cmds[fn_num].opnum == p->hdr_req.opnum && api_rpc_cmds[fn_num].fn != NULL) { + DEBUG(3,("api_rpcTNP: rpc command: %s\n", api_rpc_cmds[fn_num].name)); + break; + } + } + + if (fn_num == n_cmds) { + /* + * For an unknown RPC just return a fault PDU but + * return True to allow RPC's on the pipe to continue + * and not put the pipe into fault state. JRA. + */ + DEBUG(4, ("unknown\n")); + setup_fault_pdu(p, NT_STATUS(0x1c010002)); + return True; + } + + offset1 = prs_offset(&p->out_data.rdata); + + DEBUG(6, ("api_rpc_cmds[%d].fn == %p\n", + fn_num, api_rpc_cmds[fn_num].fn)); + /* do the actual command */ + if(!api_rpc_cmds[fn_num].fn(p)) { + DEBUG(0,("api_rpcTNP: %s: %s failed.\n", rpc_name, api_rpc_cmds[fn_num].name)); + prs_mem_free(&p->out_data.rdata); + return False; + } + + if (p->bad_handle_fault_state) { + DEBUG(4,("api_rpcTNP: bad handle fault return.\n")); + p->bad_handle_fault_state = False; + setup_fault_pdu(p, NT_STATUS(0x1C00001A)); + return True; + } + + slprintf(name, sizeof(name)-1, "out_%s", rpc_name); + offset2 = prs_offset(&p->out_data.rdata); + prs_set_offset(&p->out_data.rdata, offset1); + prs_dump(name, p->hdr_req.opnum, &p->out_data.rdata); + prs_set_offset(&p->out_data.rdata, offset2); + + DEBUG(5,("api_rpcTNP: called %s successfully\n", rpc_name)); + + /* Check for buffer underflow in rpc parsing */ + + if ((DEBUGLEVEL >= 10) && + (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) { + size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data); + char *data; + + data = malloc(data_len); + + DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n")); + if (data) { + prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len); + SAFE_FREE(data); + } + + } + + return True; +} diff --git a/source4/rpc_server/srv_pipe_hnd.c b/source4/rpc_server/srv_pipe_hnd.c new file mode 100644 index 0000000000..602a7ed0ab --- /dev/null +++ b/source4/rpc_server/srv_pipe_hnd.c @@ -0,0 +1,1156 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1998, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Jeremy Allison 1999. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +#define PIPE "\\PIPE\\" +#define PIPELEN strlen(PIPE) + +static smb_np_struct *chain_p; +static int pipes_open; + +/* + * Sometimes I can't decide if I hate Windows printer driver + * writers more than I hate the Windows spooler service driver + * writers. This gets around a combination of bugs in the spooler + * and the HP 8500 PCL driver that causes a spooler spin. JRA. + * + * bumped up from 20 -> 64 after viewing traffic from WordPerfect + * 2002 running on NT 4.- SP6 + * bumped up from 64 -> 256 after viewing traffic from con2prt + * for lots of printers on a WinNT 4.x SP6 box. + */ + +#ifndef MAX_OPEN_SPOOLSS_PIPES +#define MAX_OPEN_SPOOLSS_PIPES 256 +#endif +static int current_spoolss_pipes_open; + +static smb_np_struct *Pipes; +static pipes_struct *InternalPipes; +static struct bitmap *bmap; + +/* TODO + * the following prototypes are declared here to avoid + * code being moved about too much for a patch to be + * disrupted / less obvious. + * + * these functions, and associated functions that they + * call, should be moved behind a .so module-loading + * system _anyway_. so that's the next step... + */ + +static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, + BOOL *is_data_outstanding); +static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n); +static BOOL close_internal_rpc_pipe_hnd(void *np_conn); +static void *make_internal_rpc_pipe_p(char *pipe_name, + struct tcon_context *conn, uint16 vuid); + +/**************************************************************************** + Pipe iterator functions. +****************************************************************************/ + +smb_np_struct *get_first_pipe(void) +{ + return Pipes; +} + +smb_np_struct *get_next_pipe(smb_np_struct *p) +{ + return p->next; +} + +/**************************************************************************** + Internal Pipe iterator functions. +****************************************************************************/ + +pipes_struct *get_first_internal_pipe(void) +{ + return InternalPipes; +} + +pipes_struct *get_next_internal_pipe(pipes_struct *p) +{ + return p->next; +} + +/* this must be larger than the sum of the open files and directories */ +static int pipe_handle_offset; + +/**************************************************************************** + Set the pipe_handle_offset. Called from smbd/files.c +****************************************************************************/ + +void set_pipe_handle_offset(int max_open_files) +{ + if(max_open_files < 0x7000) + pipe_handle_offset = 0x7000; + else + pipe_handle_offset = max_open_files + 10; /* For safety. :-) */ +} + +/**************************************************************************** + Reset pipe chain handle number. +****************************************************************************/ + +void reset_chain_p(void) +{ + chain_p = NULL; +} + +/**************************************************************************** + Initialise pipe handle states. +****************************************************************************/ + +void init_rpc_pipe_hnd(void) +{ + bmap = bitmap_allocate(MAX_OPEN_PIPES); + if (!bmap) + exit_server("out of memory in init_rpc_pipe_hnd"); +} + +/**************************************************************************** + Initialise an outgoing packet. +****************************************************************************/ + +static BOOL pipe_init_outgoing_data(pipes_struct *p) +{ + output_data *o_data = &p->out_data; + + /* Reset the offset counters. */ + o_data->data_sent_length = 0; + o_data->current_pdu_len = 0; + o_data->current_pdu_sent = 0; + + memset(o_data->current_pdu, '\0', sizeof(o_data->current_pdu)); + + /* Free any memory in the current return data buffer. */ + prs_mem_free(&o_data->rdata); + + /* + * Initialize the outgoing RPC data buffer. + * we will use this as the raw data area for replying to rpc requests. + */ + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { + DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); + return False; + } + + return True; +} + +/**************************************************************************** + Find first available pipe slot. +****************************************************************************/ + +smb_np_struct *open_rpc_pipe_p(char *pipe_name, + struct tcon_context *conn, uint16 vuid) +{ + int i; + smb_np_struct *p, *p_it; + static int next_pipe; + BOOL is_spoolss_pipe = False; + + DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", + pipe_name, pipes_open)); + + if (strstr(pipe_name, "spoolss")) + is_spoolss_pipe = True; + + if (is_spoolss_pipe && current_spoolss_pipes_open >= MAX_OPEN_SPOOLSS_PIPES) { + DEBUG(10,("open_rpc_pipe_p: spooler bug workaround. Denying open on pipe %s\n", + pipe_name )); + return NULL; + } + + /* not repeating pipe numbers makes it easier to track things in + log files and prevents client bugs where pipe numbers are reused + over connection restarts */ + if (next_pipe == 0) + next_pipe = (sys_getpid() ^ time(NULL)) % MAX_OPEN_PIPES; + + i = bitmap_find(bmap, next_pipe); + + if (i == -1) { + DEBUG(0,("ERROR! Out of pipe structures\n")); + return NULL; + } + + next_pipe = (i+1) % MAX_OPEN_PIPES; + + for (p = Pipes; p; p = p->next) + DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum)); + + p = (smb_np_struct *)malloc(sizeof(*p)); + + if (!p) { + DEBUG(0,("ERROR! no memory for pipes_struct!\n")); + return NULL; + } + + ZERO_STRUCTP(p); + + /* add a dso mechanism instead of this, here */ + + p->namedpipe_create = make_internal_rpc_pipe_p; + p->namedpipe_read = read_from_internal_pipe; + p->namedpipe_write = write_to_internal_pipe; + p->namedpipe_close = close_internal_rpc_pipe_hnd; + + p->np_state = p->namedpipe_create(pipe_name, conn, vuid); + + if (p->np_state == NULL) { + DEBUG(0,("open_rpc_pipe_p: make_internal_rpc_pipe_p failed.\n")); + SAFE_FREE(p); + return NULL; + } + + DLIST_ADD(Pipes, p); + + /* + * Initialize the incoming RPC data buffer with one PDU worth of memory. + * We cheat here and say we're marshalling, as we intend to add incoming + * data directly into the prs_struct and we want it to auto grow. We will + * change the type to UNMARSALLING before processing the stream. + */ + + bitmap_set(bmap, i); + i += pipe_handle_offset; + + pipes_open++; + + p->pnum = i; + + p->open = True; + p->device_state = 0; + p->priority = 0; + p->conn = conn; + p->vuid = vuid; + + p->max_trans_reply = 0; + + fstrcpy(p->name, pipe_name); + + DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", + pipe_name, i, pipes_open)); + + chain_p = p; + + /* Iterate over p_it as a temp variable, to display all open pipes */ + for (p_it = Pipes; p_it; p_it = p_it->next) + DEBUG(5,("open pipes: name %s pnum=%x\n", p_it->name, p_it->pnum)); + + return chain_p; +} + +/**************************************************************************** + Make an internal namedpipes structure +****************************************************************************/ + +static void *make_internal_rpc_pipe_p(char *pipe_name, + struct tcon_context *conn, uint16 vuid) +{ + pipes_struct *p; + user_struct *vuser = get_valid_user_struct(vuid); + + DEBUG(4,("Create pipe requested %s\n", pipe_name)); + + if (!vuser && vuid != UID_FIELD_INVALID) { + DEBUG(0,("ERROR! vuid %d did not map to a valid vuser struct!\n", vuid)); + return NULL; + } + + p = (pipes_struct *)malloc(sizeof(*p)); + + if (!p) + { + DEBUG(0,("ERROR! no memory for pipes_struct!\n")); + return NULL; + } + + ZERO_STRUCTP(p); + + if ((p->mem_ctx = talloc_init("pipe %s %p", pipe_name, p)) == NULL) { + DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); + SAFE_FREE(p); + return NULL; + } + + if (!init_pipe_handle_list(p, pipe_name)) { + DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); + talloc_destroy(p->mem_ctx); + SAFE_FREE(p); + return NULL; + } + + /* + * Initialize the incoming RPC data buffer with one PDU worth of memory. + * We cheat here and say we're marshalling, as we intend to add incoming + * data directly into the prs_struct and we want it to auto grow. We will + * change the type to UNMARSALLING before processing the stream. + */ + + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, p->mem_ctx, MARSHALL)) { + DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); + return NULL; + } + + DLIST_ADD(InternalPipes, p); + + p->conn = conn; + + /* Ensure the connection isn't idled whilst this pipe is open. */ + p->conn->num_files_open++; + + p->vuid = vuid; + + p->ntlmssp_chal_flags = 0; + p->ntlmssp_auth_validated = False; + p->ntlmssp_auth_requested = False; + + p->pipe_bound = False; + p->fault_state = False; + p->endian = RPC_LITTLE_ENDIAN; + + ZERO_STRUCT(p->pipe_user); + + p->pipe_user.uid = (uid_t)-1; + p->pipe_user.gid = (gid_t)-1; + + /* Store the session key and NT_TOKEN */ + if (vuser) { + memcpy(p->session_key, vuser->session_key, sizeof(p->session_key)); + p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); + } + + /* + * Initialize the incoming RPC struct. + */ + + p->in_data.pdu_needed_len = 0; + p->in_data.pdu_received_len = 0; + + /* + * Initialize the outgoing RPC struct. + */ + + p->out_data.current_pdu_len = 0; + p->out_data.current_pdu_sent = 0; + p->out_data.data_sent_length = 0; + + /* + * Initialize the outgoing RPC data buffer with no memory. + */ + prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL); + + fstrcpy(p->name, pipe_name); + + DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", + pipe_name, pipes_open)); + + return (void*)p; +} + +/**************************************************************************** + Sets the fault state on incoming packets. +****************************************************************************/ + +static void set_incoming_fault(pipes_struct *p) +{ + prs_mem_free(&p->in_data.data); + p->in_data.pdu_needed_len = 0; + p->in_data.pdu_received_len = 0; + p->fault_state = True; + DEBUG(10,("set_incoming_fault: Setting fault state on pipe %s : vuid = 0x%x\n", + p->name, p->vuid )); +} + +/**************************************************************************** + Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer. +****************************************************************************/ + +static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy) +{ + size_t len_needed_to_complete_hdr = MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu_received_len); + + DEBUG(10,("fill_rpc_header: data_to_copy = %u, len_needed_to_complete_hdr = %u, receive_len = %u\n", + (unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr, + (unsigned int)p->in_data.pdu_received_len )); + + memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr); + p->in_data.pdu_received_len += len_needed_to_complete_hdr; + + return (ssize_t)len_needed_to_complete_hdr; +} + +/**************************************************************************** + Unmarshalls a new PDU header. Assumes the raw header data is in current_in_pdu. +****************************************************************************/ + +static ssize_t unmarshall_rpc_header(pipes_struct *p) +{ + /* + * Unmarshall the header to determine the needed length. + */ + + prs_struct rpc_in; + + if(p->in_data.pdu_received_len != RPC_HEADER_LEN) { + DEBUG(0,("unmarshall_rpc_header: assert on rpc header length failed.\n")); + set_incoming_fault(p); + return -1; + } + + prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + prs_set_endian_data( &rpc_in, p->endian); + + prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], + p->in_data.pdu_received_len, False); + + /* + * Unmarshall the header as this will tell us how much + * data we need to read to get the complete pdu. + * This also sets the endian flag in rpc_in. + */ + + if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { + DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n")); + set_incoming_fault(p); + prs_mem_free(&rpc_in); + return -1; + } + + /* + * Validate the RPC header. + */ + + if(p->hdr.major != 5 && p->hdr.minor != 0) { + DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n")); + set_incoming_fault(p); + prs_mem_free(&rpc_in); + return -1; + } + + /* + * If there's not data in the incoming buffer this should be the start of a new RPC. + */ + + if(prs_offset(&p->in_data.data) == 0) { + + /* + * AS/U doesn't set FIRST flag in a BIND packet it seems. + */ + + if ((p->hdr.pkt_type == RPC_REQUEST) && !(p->hdr.flags & RPC_FLG_FIRST)) { + /* + * Ensure that the FIRST flag is set. If not then we have + * a stream missmatch. + */ + + DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); + set_incoming_fault(p); + prs_mem_free(&rpc_in); + return -1; + } + + /* + * If this is the first PDU then set the endianness + * flag in the pipe. We will need this when parsing all + * data in this RPC. + */ + + p->endian = rpc_in.bigendian_data; + + DEBUG(5,("unmarshall_rpc_header: using %sendian RPC\n", + p->endian == RPC_LITTLE_ENDIAN ? "little-" : "big-" )); + + } else { + + /* + * If this is *NOT* the first PDU then check the endianness + * flag in the pipe is the same as that in the PDU. + */ + + if (p->endian != rpc_in.bigendian_data) { + DEBUG(0,("unmarshall_rpc_header: FIRST endianness flag (%d) different in next PDU !\n", (int)p->endian)); + set_incoming_fault(p); + prs_mem_free(&rpc_in); + return -1; + } + } + + /* + * Ensure that the pdu length is sane. + */ + + if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) { + DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); + set_incoming_fault(p); + prs_mem_free(&rpc_in); + return -1; + } + + DEBUG(10,("unmarshall_rpc_header: type = %u, flags = %u\n", (unsigned int)p->hdr.pkt_type, + (unsigned int)p->hdr.flags )); + + /* + * Adjust for the header we just ate. + */ + p->in_data.pdu_received_len = 0; + p->in_data.pdu_needed_len = (uint32)p->hdr.frag_len - RPC_HEADER_LEN; + + /* + * Null the data we just ate. + */ + + memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN); + + prs_mem_free(&rpc_in); + + return 0; /* No extra data processed. */ +} + +/**************************************************************************** + Call this to free any talloc'ed memory. Do this before and after processing + a complete PDU. +****************************************************************************/ + +void free_pipe_context(pipes_struct *p) +{ + if (p->mem_ctx) { + DEBUG(3,("free_pipe_context: destroying talloc pool of size %u\n", talloc_pool_size(p->mem_ctx) )); + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init("pipe %s %p", p->name, p); + if (p->mem_ctx == NULL) + p->fault_state = True; + } +} + +/**************************************************************************** + Processes a request pdu. This will do auth processing if needed, and + appends the data into the complete stream if the LAST flag is not set. +****************************************************************************/ + +static BOOL process_request_pdu(pipes_struct *p, prs_struct *rpc_in_p) +{ + BOOL auth_verify = ((p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) != 0); + size_t data_len = p->hdr.frag_len - RPC_HEADER_LEN - RPC_HDR_REQ_LEN - + (auth_verify ? RPC_HDR_AUTH_LEN : 0) - p->hdr.auth_len; + + if(!p->pipe_bound) { + DEBUG(0,("process_request_pdu: rpc request with no bind.\n")); + set_incoming_fault(p); + return False; + } + + /* + * Check if we need to do authentication processing. + * This is only done on requests, not binds. + */ + + /* + * Read the RPC request header. + */ + + if(!smb_io_rpc_hdr_req("req", &p->hdr_req, rpc_in_p, 0)) { + DEBUG(0,("process_request_pdu: failed to unmarshall RPC_HDR_REQ.\n")); + set_incoming_fault(p); + return False; + } + + if(p->ntlmssp_auth_validated && !api_pipe_auth_process(p, rpc_in_p)) { + DEBUG(0,("process_request_pdu: failed to do auth processing.\n")); + set_incoming_fault(p); + return False; + } + + if (p->ntlmssp_auth_requested && !p->ntlmssp_auth_validated) { + + /* + * Authentication _was_ requested and it already failed. + */ + + DEBUG(0,("process_request_pdu: RPC request received on pipe %s where \ +authentication failed. Denying the request.\n", p->name)); + set_incoming_fault(p); + return False; + } + + /* + * Check the data length doesn't go over the 15Mb limit. + * increased after observing a bug in the Windows NT 4.0 SP6a + * spoolsv.exe when the response to a GETPRINTERDRIVER2 RPC + * will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002 + */ + + if(prs_offset(&p->in_data.data) + data_len > 15*1024*1024) { + DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", + (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); + set_incoming_fault(p); + return False; + } + + /* + * Append the data portion into the buffer and return. + */ + + if(!prs_append_some_prs_data(&p->in_data.data, rpc_in_p, prs_offset(rpc_in_p), data_len)) { + DEBUG(0,("process_request_pdu: Unable to append data size %u to parse buffer of size %u.\n", + (unsigned int)data_len, (unsigned int)prs_data_size(&p->in_data.data) )); + set_incoming_fault(p); + return False; + } + + if(p->hdr.flags & RPC_FLG_LAST) { + BOOL ret = False; + /* + * Ok - we finally have a complete RPC stream. + * Call the rpc command to process it. + */ + + /* + * Ensure the internal prs buffer size is *exactly* the same + * size as the current offset. + */ + + if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) + { + DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n")); + set_incoming_fault(p); + return False; + } + + /* + * Set the parse offset to the start of the data and set the + * prs_struct to UNMARSHALL. + */ + + prs_set_offset(&p->in_data.data, 0); + prs_switch_type(&p->in_data.data, UNMARSHALL); + + /* + * Process the complete data stream here. + */ + + free_pipe_context(p); + + if(pipe_init_outgoing_data(p)) + ret = api_pipe_request(p); + + free_pipe_context(p); + + /* + * We have consumed the whole data stream. Set back to + * marshalling and set the offset back to the start of + * the buffer to re-use it (we could also do a prs_mem_free() + * and then re_init on the next start of PDU. Not sure which + * is best here.... JRA. + */ + + prs_switch_type(&p->in_data.data, MARSHALL); + prs_set_offset(&p->in_data.data, 0); + return ret; + } + + return True; +} + +/**************************************************************************** + Processes a finished PDU stored in current_in_pdu. The RPC_HEADER has + already been parsed and stored in p->hdr. +****************************************************************************/ + +static ssize_t process_complete_pdu(pipes_struct *p) +{ + prs_struct rpc_in; + size_t data_len = p->in_data.pdu_received_len; + char *data_p = (char *)&p->in_data.current_in_pdu[0]; + BOOL reply = False; + + if(p->fault_state) { + DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", + p->name )); + set_incoming_fault(p); + setup_fault_pdu(p, NT_STATUS(0x1c010002)); + return (ssize_t)data_len; + } + + prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + + /* + * Ensure we're using the corrent endianness for both the + * RPC header flags and the raw data we will be reading from. + */ + + prs_set_endian_data( &rpc_in, p->endian); + prs_set_endian_data( &p->in_data.data, p->endian); + + prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); + + DEBUG(10,("process_complete_pdu: processing packet type %u\n", + (unsigned int)p->hdr.pkt_type )); + + switch (p->hdr.pkt_type) { + case RPC_BIND: + case RPC_ALTCONT: + /* + * We assume that a pipe bind is only in one pdu. + */ + if(pipe_init_outgoing_data(p)) + reply = api_pipe_bind_req(p, &rpc_in); + break; + case RPC_BINDRESP: + /* + * We assume that a pipe bind_resp is only in one pdu. + */ + if(pipe_init_outgoing_data(p)) + reply = api_pipe_bind_auth_resp(p, &rpc_in); + break; + case RPC_REQUEST: + reply = process_request_pdu(p, &rpc_in); + break; + default: + DEBUG(0,("process_complete_pdu: Unknown rpc type = %u received.\n", (unsigned int)p->hdr.pkt_type )); + break; + } + + /* Reset to little endian. Probably don't need this but it won't hurt. */ + prs_set_endian_data( &p->in_data.data, RPC_LITTLE_ENDIAN); + + if (!reply) { + DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); + set_incoming_fault(p); + setup_fault_pdu(p, NT_STATUS(0x1c010002)); + prs_mem_free(&rpc_in); + } else { + /* + * Reset the lengths. We're ready for a new pdu. + */ + p->in_data.pdu_needed_len = 0; + p->in_data.pdu_received_len = 0; + } + + prs_mem_free(&rpc_in); + return (ssize_t)data_len; +} + +/**************************************************************************** + Accepts incoming data on an rpc pipe. Processes the data in pdu sized units. +****************************************************************************/ + +static ssize_t process_incoming_data(pipes_struct *p, char *data, size_t n) +{ + size_t data_to_copy = MIN(n, MAX_PDU_FRAG_LEN - p->in_data.pdu_received_len); + + DEBUG(10,("process_incoming_data: Start: pdu_received_len = %u, pdu_needed_len = %u, incoming data = %u\n", + (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len, + (unsigned int)n )); + + if(data_to_copy == 0) { + /* + * This is an error - data is being received and there is no + * space in the PDU. Free the received data and go into the fault state. + */ + DEBUG(0,("process_incoming_data: No space in incoming pdu buffer. Current size = %u \ +incoming data size = %u\n", (unsigned int)p->in_data.pdu_received_len, (unsigned int)n )); + set_incoming_fault(p); + return -1; + } + + /* + * If we have no data already, wait until we get at least a RPC_HEADER_LEN + * number of bytes before we can do anything. + */ + + if((p->in_data.pdu_needed_len == 0) && (p->in_data.pdu_received_len < RPC_HEADER_LEN)) { + /* + * Always return here. If we have more data then the RPC_HEADER + * will be processed the next time around the loop. + */ + return fill_rpc_header(p, data, data_to_copy); + } + + /* + * At this point we know we have at least an RPC_HEADER_LEN amount of data + * stored in current_in_pdu. + */ + + /* + * If pdu_needed_len is zero this is a new pdu. + * Unmarshall the header so we know how much more + * data we need, then loop again. + */ + + if(p->in_data.pdu_needed_len == 0) + return unmarshall_rpc_header(p); + + /* + * Ok - at this point we have a valid RPC_HEADER in p->hdr. + * Keep reading until we have a full pdu. + */ + + data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len); + + /* + * Copy as much of the data as we need into the current_in_pdu buffer. + */ + + memcpy( (char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, data_to_copy); + p->in_data.pdu_received_len += data_to_copy; + + /* + * Do we have a complete PDU ? + */ + + if(p->in_data.pdu_received_len == p->in_data.pdu_needed_len) + return process_complete_pdu(p); + + DEBUG(10,("process_incoming_data: not a complete PDU yet. pdu_received_len = %u, pdu_needed_len = %u\n", + (unsigned int)p->in_data.pdu_received_len, (unsigned int)p->in_data.pdu_needed_len )); + + return (ssize_t)data_to_copy; + +} + +/**************************************************************************** + Accepts incoming data on an rpc pipe. +****************************************************************************/ + +ssize_t write_to_pipe(smb_np_struct *p, char *data, size_t n) +{ + DEBUG(6,("write_to_pipe: %x", p->pnum)); + + DEBUG(6,(" name: %s open: %s len: %d\n", + p->name, BOOLSTR(p->open), (int)n)); + + dump_data(50, data, n); + + return p->namedpipe_write(p->np_state, data, n); +} + +/**************************************************************************** + Accepts incoming data on an internal rpc pipe. +****************************************************************************/ + +static ssize_t write_to_internal_pipe(void *np_conn, char *data, size_t n) +{ + pipes_struct *p = (pipes_struct*)np_conn; + size_t data_left = n; + + while(data_left) { + ssize_t data_used; + + DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); + + data_used = process_incoming_data(p, data, data_left); + + DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); + + if(data_used < 0) + return -1; + + data_left -= data_used; + data += data_used; + } + + return n; +} + +/**************************************************************************** + Replies to a request to read data from a pipe. + + Headers are interspersed with the data at PDU intervals. By the time + this function is called, the start of the data could possibly have been + read by an SMBtrans (file_offset != 0). + + Calling create_rpc_reply() here is a hack. The data should already + have been prepared into arrays of headers + data stream sections. +****************************************************************************/ + +ssize_t read_from_pipe(smb_np_struct *p, char *data, size_t n, + BOOL *is_data_outstanding) +{ + if (!p || !p->open) { + DEBUG(0,("read_from_pipe: pipe not open\n")); + return -1; + } + + DEBUG(6,("read_from_pipe: %x", p->pnum)); + + return p->namedpipe_read(p->np_state, data, n, is_data_outstanding); +} + +/**************************************************************************** + Replies to a request to read data from a pipe. + + Headers are interspersed with the data at PDU intervals. By the time + this function is called, the start of the data could possibly have been + read by an SMBtrans (file_offset != 0). + + Calling create_rpc_reply() here is a hack. The data should already + have been prepared into arrays of headers + data stream sections. +****************************************************************************/ + +static ssize_t read_from_internal_pipe(void *np_conn, char *data, size_t n, + BOOL *is_data_outstanding) +{ + pipes_struct *p = (pipes_struct*)np_conn; + uint32 pdu_remaining = 0; + ssize_t data_returned = 0; + + if (!p) { + DEBUG(0,("read_from_pipe: pipe not open\n")); + return -1; + } + + DEBUG(6,(" name: %s len: %u\n", p->name, (unsigned int)n)); + + /* + * We cannot return more than one PDU length per + * read request. + */ + + /* + * This condition should result in the connection being closed. + * Netapp filers seem to set it to 0xffff which results in domain + * authentications failing. Just ignore it so things work. + */ + + if(n > MAX_PDU_FRAG_LEN) { + DEBUG(5,("read_from_pipe: too large read (%u) requested on \ +pipe %s. We can only service %d sized reads.\n", (unsigned int)n, p->name, MAX_PDU_FRAG_LEN )); + } + + /* + * Determine if there is still data to send in the + * pipe PDU buffer. Always send this first. Never + * send more than is left in the current PDU. The + * client should send a new read request for a new + * PDU. + */ + + if((pdu_remaining = p->out_data.current_pdu_len - p->out_data.current_pdu_sent) > 0) { + data_returned = (ssize_t)MIN(n, pdu_remaining); + + DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, current_pdu_sent = %u \ +returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, + (unsigned int)p->out_data.current_pdu_sent, (int)data_returned)); + + memcpy( data, &p->out_data.current_pdu[p->out_data.current_pdu_sent], (size_t)data_returned); + p->out_data.current_pdu_sent += (uint32)data_returned; + goto out; + } + + /* + * At this point p->current_pdu_len == p->current_pdu_sent (which + * may of course be zero if this is the first return fragment. + */ + + DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length \ += %u, prs_offset(&p->out_data.rdata) = %u.\n", + p->name, (int)p->fault_state, (unsigned int)p->out_data.data_sent_length, (unsigned int)prs_offset(&p->out_data.rdata) )); + + if(p->out_data.data_sent_length >= prs_offset(&p->out_data.rdata)) { + /* + * We have sent all possible data, return 0. + */ + data_returned = 0; + goto out; + } + + /* + * We need to create a new PDU from the data left in p->rdata. + * Create the header/data/footers. This also sets up the fields + * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length + * and stores the outgoing PDU in p->current_pdu. + */ + + if(!create_next_pdu(p)) { + DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); + return -1; + } + + data_returned = MIN(n, p->out_data.current_pdu_len); + + memcpy( data, p->out_data.current_pdu, (size_t)data_returned); + p->out_data.current_pdu_sent += (uint32)data_returned; + + out: + + (*is_data_outstanding) = p->out_data.current_pdu_len > n; + return data_returned; +} + +/**************************************************************************** + Wait device state on a pipe. Exactly what this is for is unknown... +****************************************************************************/ + +BOOL wait_rpc_pipe_hnd_state(smb_np_struct *p, uint16 priority) +{ + if (p == NULL) + return False; + + if (p->open) { + DEBUG(3,("wait_rpc_pipe_hnd_state: Setting pipe wait state priority=%x on pipe (name=%s)\n", + priority, p->name)); + + p->priority = priority; + + return True; + } + + DEBUG(3,("wait_rpc_pipe_hnd_state: Error setting pipe wait state priority=%x (name=%s)\n", + priority, p->name)); + return False; +} + + +/**************************************************************************** + Set device state on a pipe. Exactly what this is for is unknown... +****************************************************************************/ + +BOOL set_rpc_pipe_hnd_state(smb_np_struct *p, uint16 device_state) +{ + if (p == NULL) + return False; + + if (p->open) { + DEBUG(3,("set_rpc_pipe_hnd_state: Setting pipe device state=%x on pipe (name=%s)\n", + device_state, p->name)); + + p->device_state = device_state; + + return True; + } + + DEBUG(3,("set_rpc_pipe_hnd_state: Error setting pipe device state=%x (name=%s)\n", + device_state, p->name)); + return False; +} + + +/**************************************************************************** + Close an rpc pipe. +****************************************************************************/ + +BOOL close_rpc_pipe_hnd(smb_np_struct *p) +{ + if (!p) { + DEBUG(0,("Invalid pipe in close_rpc_pipe_hnd\n")); + return False; + } + + p->namedpipe_close(p->np_state); + + bitmap_clear(bmap, p->pnum - pipe_handle_offset); + + pipes_open--; + + DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", + p->name, p->pnum, pipes_open)); + + DLIST_REMOVE(Pipes, p); + + ZERO_STRUCTP(p); + + SAFE_FREE(p); + + return True; +} + +/**************************************************************************** + Close an rpc pipe. +****************************************************************************/ + +static BOOL close_internal_rpc_pipe_hnd(void *np_conn) +{ + pipes_struct *p = (pipes_struct *)np_conn; + if (!p) { + DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n")); + return False; + } + + prs_mem_free(&p->out_data.rdata); + prs_mem_free(&p->in_data.data); + + if (p->mem_ctx) + talloc_destroy(p->mem_ctx); + + /* Free the handles database. */ + close_policy_by_pipe(p); + + delete_nt_token(&p->pipe_user.nt_user_token); + SAFE_FREE(p->pipe_user.groups); + + DLIST_REMOVE(InternalPipes, p); + + p->conn->num_files_open--; + + ZERO_STRUCTP(p); + + SAFE_FREE(p); + + return True; +} + +/**************************************************************************** + Find an rpc pipe given a pipe handle in a buffer and an offset. +****************************************************************************/ + +smb_np_struct *get_rpc_pipe_p(char *buf, int where) +{ + int pnum = SVAL(buf,where); + + if (chain_p) + return chain_p; + + return get_rpc_pipe(pnum); +} + +/**************************************************************************** + Find an rpc pipe given a pipe handle. +****************************************************************************/ + +smb_np_struct *get_rpc_pipe(int pnum) +{ + smb_np_struct *p; + + DEBUG(4,("search for pipe pnum=%x\n", pnum)); + + for (p=Pipes;p;p=p->next) + DEBUG(5,("pipe name %s pnum=%x (pipes_open=%d)\n", + p->name, p->pnum, pipes_open)); + + for (p=Pipes;p;p=p->next) { + if (p->pnum == pnum) { + chain_p = p; + return p; + } + } + + return NULL; +} diff --git a/source4/rpc_server/srv_reg.c b/source4/rpc_server/srv_reg.c new file mode 100644 index 0000000000..8fc1d42b2f --- /dev/null +++ b/source4/rpc_server/srv_reg.c @@ -0,0 +1,400 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Marc Jacobsen 2000, + * Copyright (C) Jeremy Allison 2001, + * Copyright (C) Gerald Carter 2002, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface for the registry functions. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/******************************************************************* + api_reg_close + ********************************************************************/ + +static BOOL api_reg_close(pipes_struct *p) +{ + REG_Q_CLOSE q_u; + REG_R_CLOSE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg unknown 1 */ + if(!reg_io_q_close("", &q_u, data, 0)) + return False; + + r_u.status = _reg_close(p, &q_u, &r_u); + + if(!reg_io_r_close("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_open_khlm + ********************************************************************/ + +static BOOL api_reg_open_hklm(pipes_struct *p) +{ + REG_Q_OPEN_HKLM q_u; + REG_R_OPEN_HKLM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg open */ + if(!reg_io_q_open_hklm("", &q_u, data, 0)) + return False; + + r_u.status = _reg_open_hklm(p, &q_u, &r_u); + + if(!reg_io_r_open_hklm("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_open_khu + ********************************************************************/ + +static BOOL api_reg_open_hku(pipes_struct *p) +{ + REG_Q_OPEN_HKU q_u; + REG_R_OPEN_HKU r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg open */ + if(!reg_io_q_open_hku("", &q_u, data, 0)) + return False; + + r_u.status = _reg_open_hku(p, &q_u, &r_u); + + if(!reg_io_r_open_hku("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_open_khcr + ********************************************************************/ + +static BOOL api_reg_open_hkcr(pipes_struct *p) +{ + REG_Q_OPEN_HKCR q_u; + REG_R_OPEN_HKCR r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg open */ + if(!reg_io_q_open_hkcr("", &q_u, data, 0)) + return False; + + r_u.status = _reg_open_hkcr(p, &q_u, &r_u); + + if(!reg_io_r_open_hkcr("", &r_u, rdata, 0)) + return False; + + return True; +} + + +/******************************************************************* + api_reg_open_entry + ********************************************************************/ + +static BOOL api_reg_open_entry(pipes_struct *p) +{ + REG_Q_OPEN_ENTRY q_u; + REG_R_OPEN_ENTRY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg open entry */ + if(!reg_io_q_open_entry("", &q_u, data, 0)) + return False; + + /* construct reply. */ + r_u.status = _reg_open_entry(p, &q_u, &r_u); + + if(!reg_io_r_open_entry("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_info + ********************************************************************/ + +static BOOL api_reg_info(pipes_struct *p) +{ + REG_Q_INFO q_u; + REG_R_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg unknown 0x11*/ + if(!reg_io_q_info("", &q_u, data, 0)) + return False; + + r_u.status = _reg_info(p, &q_u, &r_u); + + if(!reg_io_r_info("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_shutdown + ********************************************************************/ + +static BOOL api_reg_shutdown(pipes_struct *p) +{ + REG_Q_SHUTDOWN q_u; + REG_R_SHUTDOWN r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg shutdown */ + if(!reg_io_q_shutdown("", &q_u, data, 0)) + return False; + + r_u.status = _reg_shutdown(p, &q_u, &r_u); + + if(!reg_io_r_shutdown("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_abort_shutdown + ********************************************************************/ + +static BOOL api_reg_abort_shutdown(pipes_struct *p) +{ + REG_Q_ABORT_SHUTDOWN q_u; + REG_R_ABORT_SHUTDOWN r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the reg shutdown */ + if(!reg_io_q_abort_shutdown("", &q_u, data, 0)) + return False; + + r_u.status = _reg_abort_shutdown(p, &q_u, &r_u); + + if(!reg_io_r_abort_shutdown("", &r_u, rdata, 0)) + return False; + + return True; +} + + +/******************************************************************* + api_reg_query_key + ********************************************************************/ + +static BOOL api_reg_query_key(pipes_struct *p) +{ + REG_Q_QUERY_KEY q_u; + REG_R_QUERY_KEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_query_key("", &q_u, data, 0)) + return False; + + r_u.status = _reg_query_key(p, &q_u, &r_u); + + if(!reg_io_r_query_key("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_unknown_1a + ********************************************************************/ + +static BOOL api_reg_unknown_1a(pipes_struct *p) +{ + REG_Q_UNKNOWN_1A q_u; + REG_R_UNKNOWN_1A r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_unknown_1a("", &q_u, data, 0)) + return False; + + r_u.status = _reg_unknown_1a(p, &q_u, &r_u); + + if(!reg_io_r_unknown_1a("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_enum_key + ********************************************************************/ + +static BOOL api_reg_enum_key(pipes_struct *p) +{ + REG_Q_ENUM_KEY q_u; + REG_R_ENUM_KEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_enum_key("", &q_u, data, 0)) + return False; + + r_u.status = _reg_enum_key(p, &q_u, &r_u); + + if(!reg_io_r_enum_key("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_enum_value + ********************************************************************/ + +static BOOL api_reg_enum_value(pipes_struct *p) +{ + REG_Q_ENUM_VALUE q_u; + REG_R_ENUM_VALUE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_enum_val("", &q_u, data, 0)) + return False; + + r_u.status = _reg_enum_value(p, &q_u, &r_u); + + if(!reg_io_r_enum_val("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_reg_save_key + ********************************************************************/ + +static BOOL api_reg_save_key(pipes_struct *p) +{ + REG_Q_SAVE_KEY q_u; + REG_R_SAVE_KEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!reg_io_q_save_key("", &q_u, data, 0)) + return False; + + r_u.status = _reg_save_key(p, &q_u, &r_u); + + if(!reg_io_r_save_key("", &r_u, rdata, 0)) + return False; + + return True; +} + + + +/******************************************************************* + array of \PIPE\reg operations + ********************************************************************/ + +#ifdef RPC_REG_DYNAMIC +int init_module(void) +#else +int rpc_reg_init(void) +#endif +{ + static struct api_struct api_reg_cmds[] = + { + { "REG_CLOSE" , REG_CLOSE , api_reg_close }, + { "REG_OPEN_ENTRY" , REG_OPEN_ENTRY , api_reg_open_entry }, + { "REG_OPEN_HKCR" , REG_OPEN_HKCR , api_reg_open_hkcr }, + { "REG_OPEN_HKLM" , REG_OPEN_HKLM , api_reg_open_hklm }, + { "REG_OPEN_HKU" , REG_OPEN_HKU , api_reg_open_hku }, + { "REG_ENUM_KEY" , REG_ENUM_KEY , api_reg_enum_key }, + { "REG_ENUM_VALUE" , REG_ENUM_VALUE , api_reg_enum_value }, + { "REG_QUERY_KEY" , REG_QUERY_KEY , api_reg_query_key }, + { "REG_INFO" , REG_INFO , api_reg_info }, + { "REG_SHUTDOWN" , REG_SHUTDOWN , api_reg_shutdown }, + { "REG_ABORT_SHUTDOWN" , REG_ABORT_SHUTDOWN , api_reg_abort_shutdown }, + { "REG_UNKNOWN_1A" , REG_UNKNOWN_1A , api_reg_unknown_1a }, + { "REG_SAVE_KEY" , REG_SAVE_KEY , api_reg_save_key } + }; + return rpc_pipe_register_commands("winreg", "winreg", api_reg_cmds, + sizeof(api_reg_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_reg_nt.c b/source4/rpc_server/srv_reg_nt.c new file mode 100644 index 0000000000..5632544909 --- /dev/null +++ b/source4/rpc_server/srv_reg_nt.c @@ -0,0 +1,664 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997. + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997. + * Copyright (C) Paul Ashton 1997. + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Gerald Carter 2002. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Implementation of registry functions. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +#define REGSTR_PRODUCTTYPE "ProductType" +#define REG_PT_WINNT "WinNT" +#define REG_PT_LANMANNT "LanmanNT" +#define REG_PT_SERVERNT "ServerNT" + +#define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \ +((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid()) + + +static REGISTRY_KEY *regkeys_list; + + +/****************************************************************** + free() function for REGISTRY_KEY + *****************************************************************/ + +static void free_regkey_info(void *ptr) +{ + REGISTRY_KEY *info = (REGISTRY_KEY*)ptr; + + DLIST_REMOVE(regkeys_list, info); + + SAFE_FREE(info); +} + +/****************************************************************** + Find a registry key handle and return a REGISTRY_KEY + *****************************************************************/ + +static REGISTRY_KEY *find_regkey_index_by_hnd(pipes_struct *p, POLICY_HND *hnd) +{ + REGISTRY_KEY *regkey = NULL; + + if(!find_policy_by_hnd(p,hnd,(void **)®key)) { + DEBUG(2,("find_regkey_index_by_hnd: Registry Key not found: ")); + return NULL; + } + + return regkey; +} + + +/******************************************************************* + Function for open a new registry handle and creating a handle + Note that P should be valid & hnd should already have space + + When we open a key, we store the full path to the key as + HK[LM|U]\<key>\<key>\... + *******************************************************************/ + +static NTSTATUS open_registry_key(pipes_struct *p, POLICY_HND *hnd, REGISTRY_KEY *parent, + const char *subkeyname, uint32 access_granted ) +{ + REGISTRY_KEY *regkey = NULL; + NTSTATUS result = NT_STATUS_OK; + REGSUBKEY_CTR subkeys; + pstring subkeyname2; + int subkey_len; + + DEBUG(7,("open_registry_key: name = [%s][%s]\n", + parent ? parent->name : "NULL", subkeyname)); + + /* strip any trailing '\'s */ + pstrcpy( subkeyname2, subkeyname ); + subkey_len = strlen ( subkeyname2 ); + if ( subkey_len && subkeyname2[subkey_len-1] == '\\' ) + subkeyname2[subkey_len-1] = '\0'; + + if ((regkey=(REGISTRY_KEY*)malloc(sizeof(REGISTRY_KEY))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP( regkey ); + + /* + * very crazy, but regedit.exe on Win2k will attempt to call + * REG_OPEN_ENTRY with a keyname of "". We should return a new + * (second) handle here on the key->name. regedt32.exe does + * not do this stupidity. --jerry + */ + + if ( !subkey_len ) { + pstrcpy( regkey->name, parent->name ); + } + else { + pstrcpy( regkey->name, "" ); + if ( parent ) { + pstrcat( regkey->name, parent->name ); + pstrcat( regkey->name, "\\" ); + } + pstrcat( regkey->name, subkeyname2 ); + } + + /* Look up the table of registry I/O operations */ + + if ( !(regkey->hook = reghook_cache_find( regkey->name )) ) { + DEBUG(0,("open_registry_key: Failed to assigned a REGISTRY_HOOK to [%s]\n", + regkey->name )); + return NT_STATUS_OBJECT_PATH_NOT_FOUND; + } + + /* check if the path really exists; failed is indicated by -1 */ + /* if the subkey count failed, bail out */ + + ZERO_STRUCTP( &subkeys ); + + regsubkey_ctr_init( &subkeys ); + + if ( fetch_reg_keys( regkey, &subkeys ) == -1 ) { + + /* don't really know what to return here */ + result = NT_STATUS_NO_SUCH_FILE; + } + else { + /* + * This would previously return NT_STATUS_TOO_MANY_SECRETS + * that doesn't sound quite right to me --jerry + */ + + if ( !create_policy_hnd( p, hnd, free_regkey_info, regkey ) ) + result = NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + /* clean up */ + + regsubkey_ctr_destroy( &subkeys ); + + if ( ! NT_STATUS_IS_OK(result) ) + SAFE_FREE( regkey ); + else + DLIST_ADD( regkeys_list, regkey ); + + + DEBUG(7,("open_registry_key: exit\n")); + + return result; +} + +/******************************************************************* + Function for open a new registry handle and creating a handle + Note that P should be valid & hnd should already have space + *******************************************************************/ + +static BOOL close_registry_key(pipes_struct *p, POLICY_HND *hnd) +{ + REGISTRY_KEY *regkey = find_regkey_index_by_hnd(p, hnd); + + if ( !regkey ) { + DEBUG(2,("close_registry_key: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd))); + return False; + } + + close_policy_hnd(p, hnd); + + return True; +} + +/******************************************************************** + retrieve information about the subkeys + *******************************************************************/ + +static BOOL get_subkey_information( REGISTRY_KEY *key, uint32 *maxnum, uint32 *maxlen ) +{ + int num_subkeys, i; + uint32 max_len; + REGSUBKEY_CTR subkeys; + uint32 len; + + if ( !key ) + return False; + + ZERO_STRUCTP( &subkeys ); + + regsubkey_ctr_init( &subkeys ); + + if ( fetch_reg_keys( key, &subkeys ) == -1 ) + return False; + + /* find the longest string */ + + max_len = 0; + num_subkeys = regsubkey_ctr_numkeys( &subkeys ); + + for ( i=0; i<num_subkeys; i++ ) { + len = strlen( regsubkey_ctr_specific_key(&subkeys, i) ); + max_len = MAX(max_len, len); + } + + *maxnum = num_subkeys; + *maxlen = max_len*2; + + regsubkey_ctr_destroy( &subkeys ); + + return True; +} + +/******************************************************************** + retrieve information about the values. We don't store values + here. The registry tdb is intended to be a frontend to oether + Samba tdb's (such as ntdrivers.tdb). + *******************************************************************/ + +static BOOL get_value_information( REGISTRY_KEY *key, uint32 *maxnum, + uint32 *maxlen, uint32 *maxsize ) +{ + REGVAL_CTR values; + REGISTRY_VALUE *val; + uint32 sizemax, lenmax; + int i, num_values; + + if ( !key ) + return False; + + + ZERO_STRUCTP( &values ); + + regval_ctr_init( &values ); + + if ( fetch_reg_values( key, &values ) == -1 ) + return False; + + lenmax = sizemax = 0; + num_values = regval_ctr_numvals( &values ); + + val = regval_ctr_specific_value( &values, 0 ); + + for ( i=0; i<num_values && val; i++ ) + { + lenmax = MAX(lenmax, strlen(val->valuename)+1 ); + sizemax = MAX(sizemax, val->size ); + + val = regval_ctr_specific_value( &values, i ); + } + + *maxnum = num_values; + *maxlen = lenmax; + *maxsize = sizemax; + + regval_ctr_destroy( &values ); + + return True; +} + + +/******************************************************************** + reg_close + ********************************************************************/ + +NTSTATUS _reg_close(pipes_struct *p, REG_Q_CLOSE *q_u, REG_R_CLOSE *r_u) +{ + /* set up the REG unknown_1 response */ + ZERO_STRUCT(r_u->pol); + + /* close the policy handle */ + if (!close_registry_key(p, &q_u->pol)) + return NT_STATUS_OBJECT_NAME_INVALID; + + return NT_STATUS_OK; +} + +/******************************************************************* + ********************************************************************/ + +NTSTATUS _reg_open_hklm(pipes_struct *p, REG_Q_OPEN_HKLM *q_u, REG_R_OPEN_HKLM *r_u) +{ + return open_registry_key( p, &r_u->pol, NULL, KEY_HKLM, 0x0 ); +} + +/******************************************************************* + ********************************************************************/ + +NTSTATUS _reg_open_hkcr(pipes_struct *p, REG_Q_OPEN_HKCR *q_u, REG_R_OPEN_HKCR *r_u) +{ + return open_registry_key( p, &r_u->pol, NULL, KEY_HKCR, 0x0 ); +} + +/******************************************************************* + ********************************************************************/ + +NTSTATUS _reg_open_hku(pipes_struct *p, REG_Q_OPEN_HKU *q_u, REG_R_OPEN_HKU *r_u) +{ + return open_registry_key( p, &r_u->pol, NULL, KEY_HKU, 0x0 ); +} + +/******************************************************************* + reg_reply_open_entry + ********************************************************************/ + +NTSTATUS _reg_open_entry(pipes_struct *p, REG_Q_OPEN_ENTRY *q_u, REG_R_OPEN_ENTRY *r_u) +{ + POLICY_HND pol; + fstring name; + REGISTRY_KEY *key = find_regkey_index_by_hnd(p, &q_u->pol); + NTSTATUS result; + + DEBUG(5,("reg_open_entry: Enter\n")); + + if ( !key ) + return NT_STATUS_INVALID_HANDLE; + + rpcstr_pull(name,q_u->uni_name.buffer,sizeof(name),q_u->uni_name.uni_str_len*2,0); + + result = open_registry_key( p, &pol, key, name, 0x0 ); + + init_reg_r_open_entry( r_u, &pol, result ); + + DEBUG(5,("reg_open_entry: Exit\n")); + + return r_u->status; +} + +/******************************************************************* + reg_reply_info + ********************************************************************/ + +NTSTATUS _reg_info(pipes_struct *p, REG_Q_INFO *q_u, REG_R_INFO *r_u) +{ + NTSTATUS status = NT_STATUS_NO_SUCH_FILE; + fstring name; + const char *value_ascii = ""; + fstring value; + int value_length; + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + REGISTRY_VALUE *val = NULL; + REGVAL_CTR regvals; + int i; + + DEBUG(5,("_reg_info: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + DEBUG(7,("_reg_info: policy key name = [%s]\n", regkey->name)); + + rpcstr_pull(name, q_u->uni_type.buffer, sizeof(name), q_u->uni_type.uni_str_len*2, 0); + + DEBUG(5,("reg_info: looking up value: [%s]\n", name)); + + ZERO_STRUCTP( ®vals ); + + regval_ctr_init( ®vals ); + + /* couple of hard coded registry values */ + + if ( strequal(name, "RefusePasswordChange") ) { + if ( (val = (REGISTRY_VALUE*)malloc(sizeof(REGISTRY_VALUE))) == NULL ) { + DEBUG(0,("_reg_info: malloc() failed!\n")); + return NT_STATUS_NO_MEMORY; + } + ZERO_STRUCTP( val ); + + goto out; + } + + if ( strequal(name, REGSTR_PRODUCTTYPE) ) { + /* This makes the server look like a member server to clients */ + /* which tells clients that we have our own local user and */ + /* group databases and helps with ACL support. */ + + switch (lp_server_role()) { + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + value_ascii = REG_PT_LANMANNT; + break; + case ROLE_STANDALONE: + value_ascii = REG_PT_SERVERNT; + break; + case ROLE_DOMAIN_MEMBER: + value_ascii = REG_PT_WINNT; + break; + } + value_length = push_ucs2(value, value, value_ascii, + sizeof(value), + STR_TERMINATE|STR_NOALIGN); + regval_ctr_addvalue(®vals, REGSTR_PRODUCTTYPE, REG_SZ, + value, value_length); + + val = dup_registry_value( regval_ctr_specific_value( ®vals, 0 ) ); + + status = NT_STATUS_OK; + + goto out; + } + + /* else fall back to actually looking up the value */ + + for ( i=0; fetch_reg_values_specific(regkey, &val, i); i++ ) + { + DEBUG(10,("_reg_info: Testing value [%s]\n", val->valuename)); + if ( StrCaseCmp( val->valuename, name ) == 0 ) { + DEBUG(10,("_reg_info: Found match for value [%s]\n", name)); + status = NT_STATUS_OK; + break; + } + + free_registry_value( val ); + } + + +out: + new_init_reg_r_info(q_u->ptr_buf, r_u, val, status); + + regval_ctr_destroy( ®vals ); + free_registry_value( val ); + + DEBUG(5,("_reg_info: Exit\n")); + + return status; +} + + +/***************************************************************************** + Implementation of REG_QUERY_KEY + ****************************************************************************/ + +NTSTATUS _reg_query_key(pipes_struct *p, REG_Q_QUERY_KEY *q_u, REG_R_QUERY_KEY *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + + DEBUG(5,("_reg_query_key: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + if ( !get_subkey_information( regkey, &r_u->num_subkeys, &r_u->max_subkeylen ) ) + return NT_STATUS_ACCESS_DENIED; + + if ( !get_value_information( regkey, &r_u->num_values, &r_u->max_valnamelen, &r_u->max_valbufsize ) ) + return NT_STATUS_ACCESS_DENIED; + + + r_u->sec_desc = 0x00000078; /* size for key's sec_desc */ + + /* Win9x set this to 0x0 since it does not keep timestamps. + Doing the same here for simplicity --jerry */ + + ZERO_STRUCT(r_u->mod_time); + + DEBUG(5,("_reg_query_key: Exit\n")); + + return status; +} + + +/***************************************************************************** + Implementation of REG_UNKNOWN_1A + ****************************************************************************/ + +NTSTATUS _reg_unknown_1a(pipes_struct *p, REG_Q_UNKNOWN_1A *q_u, REG_R_UNKNOWN_1A *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + + DEBUG(5,("_reg_unknown_1a: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + r_u->unknown = 0x00000005; /* seems to be consistent...no idea what it means */ + + DEBUG(5,("_reg_unknown_1a: Exit\n")); + + return status; +} + + +/***************************************************************************** + Implementation of REG_ENUM_KEY + ****************************************************************************/ + +NTSTATUS _reg_enum_key(pipes_struct *p, REG_Q_ENUM_KEY *q_u, REG_R_ENUM_KEY *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + char *subkey = NULL; + + + DEBUG(5,("_reg_enum_key: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + DEBUG(8,("_reg_enum_key: enumerating key [%s]\n", regkey->name)); + + if ( !fetch_reg_keys_specific( regkey, &subkey, q_u->key_index ) ) + { + status = NT_STATUS_NO_MORE_ENTRIES; + goto done; + } + + DEBUG(10,("_reg_enum_key: retrieved subkey named [%s]\n", subkey)); + + /* subkey has the string name now */ + + init_reg_r_enum_key( r_u, subkey, q_u->unknown_1, q_u->unknown_2 ); + + DEBUG(5,("_reg_enum_key: Exit\n")); + +done: + SAFE_FREE( subkey ); + return status; +} + +/***************************************************************************** + Implementation of REG_ENUM_VALUE + ****************************************************************************/ + +NTSTATUS _reg_enum_value(pipes_struct *p, REG_Q_ENUM_VALUE *q_u, REG_R_ENUM_VALUE *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + REGISTRY_VALUE *val; + + + DEBUG(5,("_reg_enum_value: Enter\n")); + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + DEBUG(8,("_reg_enum_key: enumerating values for key [%s]\n", regkey->name)); + + if ( !fetch_reg_values_specific( regkey, &val, q_u->val_index ) ) + { + status = NT_STATUS_NO_MORE_ENTRIES; + goto done; + } + + DEBUG(10,("_reg_enum_value: retrieved value named [%s]\n", val->valuename)); + + /* subkey has the string name now */ + + init_reg_r_enum_val( r_u, val ); + + + DEBUG(5,("_reg_enum_value: Exit\n")); + +done: + free_registry_value( val ); + + return status; +} + + +/******************************************************************* + reg_shutdwon + ********************************************************************/ + +#define SHUTDOWN_R_STRING "-r" +#define SHUTDOWN_F_STRING "-f" + + +NTSTATUS _reg_shutdown(pipes_struct *p, REG_Q_SHUTDOWN *q_u, REG_R_SHUTDOWN *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + pstring shutdown_script; + UNISTR2 unimsg = q_u->uni_msg; + pstring message; + pstring chkmsg; + fstring timeout; + fstring r; + fstring f; + + /* message */ + rpcstr_pull (message, unimsg.buffer, sizeof(message), unimsg.uni_str_len*2,0); + /* security check */ + alpha_strcpy (chkmsg, message, NULL, sizeof(message)); + /* timeout */ + snprintf(timeout, sizeof(timeout), "%d", q_u->timeout); + /* reboot */ + snprintf(r, sizeof(r), (q_u->reboot) ? SHUTDOWN_R_STRING : ""); + /* force */ + snprintf(f, sizeof(f), (q_u->force) ? SHUTDOWN_F_STRING : ""); + + pstrcpy(shutdown_script, lp_shutdown_script()); + + if(*shutdown_script) { + int shutdown_ret; + all_string_sub(shutdown_script, "%m", chkmsg, sizeof(shutdown_script)); + all_string_sub(shutdown_script, "%t", timeout, sizeof(shutdown_script)); + all_string_sub(shutdown_script, "%r", r, sizeof(shutdown_script)); + all_string_sub(shutdown_script, "%f", f, sizeof(shutdown_script)); + shutdown_ret = smbrun(shutdown_script,NULL); + DEBUG(3,("_reg_shutdown: Running the command `%s' gave %d\n",shutdown_script,shutdown_ret)); + } + + return status; +} + +/******************************************************************* + reg_abort_shutdwon + ********************************************************************/ + +NTSTATUS _reg_abort_shutdown(pipes_struct *p, REG_Q_ABORT_SHUTDOWN *q_u, REG_R_ABORT_SHUTDOWN *r_u) +{ + NTSTATUS status = NT_STATUS_OK; + pstring abort_shutdown_script; + + pstrcpy(abort_shutdown_script, lp_abort_shutdown_script()); + + if(*abort_shutdown_script) { + int abort_shutdown_ret; + abort_shutdown_ret = smbrun(abort_shutdown_script,NULL); + DEBUG(3,("_reg_abort_shutdown: Running the command `%s' gave %d\n",abort_shutdown_script,abort_shutdown_ret)); + } + + return status; +} + +/******************************************************************* + REG_SAVE_KEY (0x14) + ********************************************************************/ + +NTSTATUS _reg_save_key(pipes_struct *p, REG_Q_SAVE_KEY *q_u, REG_R_SAVE_KEY *r_u) +{ + REGISTRY_KEY *regkey = find_regkey_index_by_hnd( p, &q_u->pol ); + + DEBUG(5,("_reg_save_key: Enter\n")); + + /* + * basically this is a no op function which just gverifies + * that the client gave us a valid registry key handle + */ + + if ( !regkey ) + return NT_STATUS_INVALID_HANDLE; + + DEBUG(8,("_reg_save_key: berifying backup of key [%s]\n", regkey->name)); + + + return NT_STATUS_OK; +} + + diff --git a/source4/rpc_server/srv_samr.c b/source4/rpc_server/srv_samr.c new file mode 100644 index 0000000000..b75195ceef --- /dev/null +++ b/source4/rpc_server/srv_samr.c @@ -0,0 +1,1510 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Marc Jacobsen 1999, + * Copyright (C) Jean François Micouleau 1998-2001, + * Copyright (C) Anthony Liguori 2002-2003, + * Copyright (C) Jim McDonough 2002. + * + * Split into interface and implementation modules by, + * + * Copyright (C) Jeremy Allison 2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* + * This is the interface to the SAMR code. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/******************************************************************* + api_samr_close_hnd + ********************************************************************/ + +static BOOL api_samr_close_hnd(pipes_struct *p) +{ + SAMR_Q_CLOSE_HND q_u; + SAMR_R_CLOSE_HND r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_close_hnd("", &q_u, data, 0)) { + DEBUG(0,("api_samr_close_hnd: unable to unmarshall SAMR_Q_CLOSE_HND.\n")); + return False; + } + + r_u.status = _samr_close_hnd(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_close_hnd("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_close_hnd: unable to marshall SAMR_R_CLOSE_HND.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_open_domain + ********************************************************************/ + +static BOOL api_samr_open_domain(pipes_struct *p) +{ + SAMR_Q_OPEN_DOMAIN q_u; + SAMR_R_OPEN_DOMAIN r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_open_domain("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_domain: unable to unmarshall SAMR_Q_OPEN_DOMAIN.\n")); + return False; + } + + r_u.status = _samr_open_domain(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_open_domain("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_domain: unable to marshall SAMR_R_OPEN_DOMAIN.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_get_usrdom_pwinfo + ********************************************************************/ + +static BOOL api_samr_get_usrdom_pwinfo(pipes_struct *p) +{ + SAMR_Q_GET_USRDOM_PWINFO q_u; + SAMR_R_GET_USRDOM_PWINFO r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to unmarshall SAMR_Q_GET_USRDOM_PWINFO.\n")); + return False; + } + + r_u.status = _samr_get_usrdom_pwinfo(p, &q_u, &r_u); + + if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to marshall SAMR_R_GET_USRDOM_PWINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_set_sec_obj + ********************************************************************/ + +static BOOL api_samr_set_sec_obj(pipes_struct *p) +{ + SAMR_Q_SET_SEC_OBJ q_u; + SAMR_R_SET_SEC_OBJ r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_set_sec_obj("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_sec_obj: unable to unmarshall SAMR_Q_SET_SEC_OBJ.\n")); + return False; + } + + r_u.status = _samr_set_sec_obj(p, &q_u, &r_u); + + if(!samr_io_r_set_sec_obj("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_sec_obj: unable to marshall SAMR_R_SET_SEC_OBJ.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_sec_obj + ********************************************************************/ + +static BOOL api_samr_query_sec_obj(pipes_struct *p) +{ + SAMR_Q_QUERY_SEC_OBJ q_u; + SAMR_R_QUERY_SEC_OBJ r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_sec_obj: unable to unmarshall SAMR_Q_QUERY_SEC_OBJ.\n")); + return False; + } + + r_u.status = _samr_query_sec_obj(p, &q_u, &r_u); + + if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_sec_obj: unable to marshall SAMR_R_QUERY_SEC_OBJ.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_enum_dom_users + ********************************************************************/ + +static BOOL api_samr_enum_dom_users(pipes_struct *p) +{ + SAMR_Q_ENUM_DOM_USERS q_u; + SAMR_R_ENUM_DOM_USERS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open */ + if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_dom_users: unable to unmarshall SAMR_Q_ENUM_DOM_USERS.\n")); + return False; + } + + r_u.status = _samr_enum_dom_users(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_dom_users: unable to marshall SAMR_R_ENUM_DOM_USERS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_enum_dom_groups + ********************************************************************/ + +static BOOL api_samr_enum_dom_groups(pipes_struct *p) +{ + SAMR_Q_ENUM_DOM_GROUPS q_u; + SAMR_R_ENUM_DOM_GROUPS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open */ + if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_dom_groups: unable to unmarshall SAMR_Q_ENUM_DOM_GROUPS.\n")); + return False; + } + + r_u.status = _samr_enum_dom_groups(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_dom_groups: unable to marshall SAMR_R_ENUM_DOM_GROUPS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_enum_dom_aliases + ********************************************************************/ + +static BOOL api_samr_enum_dom_aliases(pipes_struct *p) +{ + SAMR_Q_ENUM_DOM_ALIASES q_u; + SAMR_R_ENUM_DOM_ALIASES r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open */ + if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_dom_aliases: unable to unmarshall SAMR_Q_ENUM_DOM_ALIASES.\n")); + return False; + } + + r_u.status = _samr_enum_dom_aliases(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_dom_aliases: unable to marshall SAMR_R_ENUM_DOM_ALIASES.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_dispinfo + ********************************************************************/ + +static BOOL api_samr_query_dispinfo(pipes_struct *p) +{ + SAMR_Q_QUERY_DISPINFO q_u; + SAMR_R_QUERY_DISPINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_dispinfo: unable to unmarshall SAMR_Q_QUERY_DISPINFO.\n")); + return False; + } + + r_u.status = _samr_query_dispinfo(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_dispinfo: unable to marshall SAMR_R_QUERY_DISPINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_aliasinfo + ********************************************************************/ + +static BOOL api_samr_query_aliasinfo(pipes_struct *p) +{ + SAMR_Q_QUERY_ALIASINFO q_u; + SAMR_R_QUERY_ALIASINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open */ + if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_aliasinfo: unable to unmarshall SAMR_Q_QUERY_ALIASINFO.\n")); + return False; + } + + r_u.status = _samr_query_aliasinfo(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_aliasinfo: unable to marshall SAMR_R_QUERY_ALIASINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_lookup_names + ********************************************************************/ + +static BOOL api_samr_lookup_names(pipes_struct *p) +{ + SAMR_Q_LOOKUP_NAMES q_u; + SAMR_R_LOOKUP_NAMES r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr lookup names */ + if(!samr_io_q_lookup_names("", &q_u, data, 0)) { + DEBUG(0,("api_samr_lookup_names: unable to unmarshall SAMR_Q_LOOKUP_NAMES.\n")); + return False; + } + + r_u.status = _samr_lookup_names(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_lookup_names: unable to marshall SAMR_R_LOOKUP_NAMES.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_chgpasswd_user + ********************************************************************/ + +static BOOL api_samr_chgpasswd_user(pipes_struct *p) +{ + SAMR_Q_CHGPASSWD_USER q_u; + SAMR_R_CHGPASSWD_USER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* unknown 38 command */ + if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n")); + return False; + } + + r_u.status = _samr_chgpasswd_user(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_chgpasswd_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER.\n" )); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_lookup_rids + ********************************************************************/ + +static BOOL api_samr_lookup_rids(pipes_struct *p) +{ + SAMR_Q_LOOKUP_RIDS q_u; + SAMR_R_LOOKUP_RIDS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr lookup names */ + if(!samr_io_q_lookup_rids("", &q_u, data, 0)) { + DEBUG(0,("api_samr_lookup_rids: unable to unmarshall SAMR_Q_LOOKUP_RIDS.\n")); + return False; + } + + r_u.status = _samr_lookup_rids(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_lookup_rids: unable to marshall SAMR_R_LOOKUP_RIDS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_open_user + ********************************************************************/ + +static BOOL api_samr_open_user(pipes_struct *p) +{ + SAMR_Q_OPEN_USER q_u; + SAMR_R_OPEN_USER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 22 */ + if(!samr_io_q_open_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n")); + return False; + } + + r_u.status = _api_samr_open_user(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_open_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_user: unable to marshall SAMR_R_OPEN_USER.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_userinfo + ********************************************************************/ + +static BOOL api_samr_query_userinfo(pipes_struct *p) +{ + SAMR_Q_QUERY_USERINFO q_u; + SAMR_R_QUERY_USERINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 24 */ + if(!samr_io_q_query_userinfo("", &q_u, data, 0)){ + DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n")); + return False; + } + + r_u.status = _samr_query_userinfo(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_usergroups + ********************************************************************/ + +static BOOL api_samr_query_usergroups(pipes_struct *p) +{ + SAMR_Q_QUERY_USERGROUPS q_u; + SAMR_R_QUERY_USERGROUPS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 32 */ + if(!samr_io_q_query_usergroups("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n")); + return False; + } + + r_u.status = _samr_query_usergroups(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_dom_info + ********************************************************************/ + +static BOOL api_samr_query_dom_info(pipes_struct *p) +{ + SAMR_Q_QUERY_DOMAIN_INFO q_u; + SAMR_R_QUERY_DOMAIN_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 8 command */ + if(!samr_io_q_query_dom_info("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_dom_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n")); + return False; + } + + r_u.status = _samr_query_dom_info(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_query_dom_info("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_dom_info: unable to marshall SAMR_R_QUERY_DOMAIN_INFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_create_user + ********************************************************************/ + +static BOOL api_samr_create_user(pipes_struct *p) +{ + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + SAMR_Q_CREATE_USER q_u; + SAMR_R_CREATE_USER r_u; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr create user */ + if (!samr_io_q_create_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER.\n")); + return False; + } + + r_u.status=_api_samr_create_user(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_create_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_create_user: Unable to marshall SAMR_R_CREATE_USER.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_connect_anon + ********************************************************************/ + +static BOOL api_samr_connect_anon(pipes_struct *p) +{ + SAMR_Q_CONNECT_ANON q_u; + SAMR_R_CONNECT_ANON r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open policy */ + if(!samr_io_q_connect_anon("", &q_u, data, 0)) { + DEBUG(0,("api_samr_connect_anon: unable to unmarshall SAMR_Q_CONNECT_ANON.\n")); + return False; + } + + r_u.status = _samr_connect_anon(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_connect_anon: unable to marshall SAMR_R_CONNECT_ANON.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_connect + ********************************************************************/ + +static BOOL api_samr_connect(pipes_struct *p) +{ + SAMR_Q_CONNECT q_u; + SAMR_R_CONNECT r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open policy */ + if(!samr_io_q_connect("", &q_u, data, 0)) { + DEBUG(0,("api_samr_connect: unable to unmarshall SAMR_Q_CONNECT.\n")); + return False; + } + + r_u.status = _samr_connect(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_connect("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_connect: unable to marshall SAMR_R_CONNECT.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_connect4 + ********************************************************************/ + +static BOOL api_samr_connect4(pipes_struct *p) +{ + SAMR_Q_CONNECT4 q_u; + SAMR_R_CONNECT4 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open policy */ + if(!samr_io_q_connect4("", &q_u, data, 0)) { + DEBUG(0,("api_samr_connect4: unable to unmarshall SAMR_Q_CONNECT4.\n")); + return False; + } + + r_u.status = _samr_connect4(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_connect4("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_connect4: unable to marshall SAMR_R_CONNECT4.\n")); + return False; + } + + return True; +} + +/********************************************************************** + api_samr_lookup_domain + **********************************************************************/ + +static BOOL api_samr_lookup_domain(pipes_struct *p) +{ + SAMR_Q_LOOKUP_DOMAIN q_u; + SAMR_R_LOOKUP_DOMAIN r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_lookup_domain("", &q_u, data, 0)) { + DEBUG(0,("api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN.\n")); + return False; + } + + r_u.status = _samr_lookup_domain(p, &q_u, &r_u); + + if(!samr_io_r_lookup_domain("", &r_u, rdata, 0)){ + DEBUG(0,("api_samr_lookup_domain: Unable to marshall SAMR_R_LOOKUP_DOMAIN.\n")); + return False; + } + + return True; +} + +/********************************************************************** + api_samr_enum_domains + **********************************************************************/ + +static BOOL api_samr_enum_domains(pipes_struct *p) +{ + SAMR_Q_ENUM_DOMAINS q_u; + SAMR_R_ENUM_DOMAINS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!samr_io_q_enum_domains("", &q_u, data, 0)) { + DEBUG(0,("api_samr_enum_domains: Unable to unmarshall SAMR_Q_ENUM_DOMAINS.\n")); + return False; + } + + r_u.status = _samr_enum_domains(p, &q_u, &r_u); + + if(!samr_io_r_enum_domains("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_open_alias + ********************************************************************/ + +static BOOL api_samr_open_alias(pipes_struct *p) +{ + SAMR_Q_OPEN_ALIAS q_u; + SAMR_R_OPEN_ALIAS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr open policy */ + if(!samr_io_q_open_alias("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_alias: Unable to unmarshall SAMR_Q_OPEN_ALIAS.\n")); + return False; + } + + r_u.status=_api_samr_open_alias(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_open_alias("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_alias: Unable to marshall SAMR_R_OPEN_ALIAS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_set_userinfo + ********************************************************************/ + +static BOOL api_samr_set_userinfo(pipes_struct *p) +{ + SAMR_Q_SET_USERINFO q_u; + SAMR_R_SET_USERINFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_set_userinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n")); + /* Fix for W2K SP2 */ + if (q_u.switch_value == 0x1a) { + setup_fault_pdu(p, NT_STATUS(0x1c000006)); + return True; + } + return False; + } + + r_u.status = _samr_set_userinfo(p, &q_u, &r_u); + + if(!samr_io_r_set_userinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_userinfo: Unable to marshall SAMR_R_SET_USERINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_set_userinfo2 + ********************************************************************/ + +static BOOL api_samr_set_userinfo2(pipes_struct *p) +{ + SAMR_Q_SET_USERINFO2 q_u; + SAMR_R_SET_USERINFO2 r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_set_userinfo2("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_userinfo2: Unable to unmarshall SAMR_Q_SET_USERINFO2.\n")); + return False; + } + + r_u.status = _samr_set_userinfo2(p, &q_u, &r_u); + + if(!samr_io_r_set_userinfo2("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_userinfo2: Unable to marshall SAMR_R_SET_USERINFO2.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_useraliases + ********************************************************************/ + +static BOOL api_samr_query_useraliases(pipes_struct *p) +{ + SAMR_Q_QUERY_USERALIASES q_u; + SAMR_R_QUERY_USERALIASES r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_query_useraliases("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_useraliases: Unable to unmarshall SAMR_Q_QUERY_USERALIASES.\n")); + return False; + } + + r_u.status = _samr_query_useraliases(p, &q_u, &r_u); + + if (! samr_io_r_query_useraliases("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_useraliases: Unable to nmarshall SAMR_R_QUERY_USERALIASES.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_aliasmem + ********************************************************************/ + +static BOOL api_samr_query_aliasmem(pipes_struct *p) +{ + SAMR_Q_QUERY_ALIASMEM q_u; + SAMR_R_QUERY_ALIASMEM r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_query_aliasmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_aliasmem: unable to unmarshall SAMR_Q_QUERY_ALIASMEM.\n")); + return False; + } + + r_u.status = _samr_query_aliasmem(p, &q_u, &r_u); + + if (!samr_io_r_query_aliasmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_aliasmem: unable to marshall SAMR_R_QUERY_ALIASMEM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_groupmem + ********************************************************************/ + +static BOOL api_samr_query_groupmem(pipes_struct *p) +{ + SAMR_Q_QUERY_GROUPMEM q_u; + SAMR_R_QUERY_GROUPMEM r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_query_groupmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_groupmem: unable to unmarshall SAMR_Q_QUERY_GROUPMEM.\n")); + return False; + } + + r_u.status = _samr_query_groupmem(p, &q_u, &r_u); + + if (!samr_io_r_query_groupmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_groupmem: unable to marshall SAMR_R_QUERY_GROUPMEM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_add_aliasmem + ********************************************************************/ + +static BOOL api_samr_add_aliasmem(pipes_struct *p) +{ + SAMR_Q_ADD_ALIASMEM q_u; + SAMR_R_ADD_ALIASMEM r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_add_aliasmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_add_aliasmem: unable to unmarshall SAMR_Q_ADD_ALIASMEM.\n")); + return False; + } + + r_u.status = _samr_add_aliasmem(p, &q_u, &r_u); + + if (!samr_io_r_add_aliasmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_add_aliasmem: unable to marshall SAMR_R_ADD_ALIASMEM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_del_aliasmem + ********************************************************************/ + +static BOOL api_samr_del_aliasmem(pipes_struct *p) +{ + SAMR_Q_DEL_ALIASMEM q_u; + SAMR_R_DEL_ALIASMEM r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_del_aliasmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_del_aliasmem: unable to unmarshall SAMR_Q_DEL_ALIASMEM.\n")); + return False; + } + + r_u.status = _samr_del_aliasmem(p, &q_u, &r_u); + + if (!samr_io_r_del_aliasmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_del_aliasmem: unable to marshall SAMR_R_DEL_ALIASMEM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_add_groupmem + ********************************************************************/ + +static BOOL api_samr_add_groupmem(pipes_struct *p) +{ + SAMR_Q_ADD_GROUPMEM q_u; + SAMR_R_ADD_GROUPMEM r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_add_groupmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_add_groupmem: unable to unmarshall SAMR_Q_ADD_GROUPMEM.\n")); + return False; + } + + r_u.status = _samr_add_groupmem(p, &q_u, &r_u); + + if (!samr_io_r_add_groupmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_add_groupmem: unable to marshall SAMR_R_ADD_GROUPMEM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_del_groupmem + ********************************************************************/ + +static BOOL api_samr_del_groupmem(pipes_struct *p) +{ + SAMR_Q_DEL_GROUPMEM q_u; + SAMR_R_DEL_GROUPMEM r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_del_groupmem("", &q_u, data, 0)) { + DEBUG(0,("api_samr_del_groupmem: unable to unmarshall SAMR_Q_DEL_GROUPMEM.\n")); + return False; + } + + r_u.status = _samr_del_groupmem(p, &q_u, &r_u); + + if (!samr_io_r_del_groupmem("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_del_groupmem: unable to marshall SAMR_R_DEL_GROUPMEM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_delete_dom_user + ********************************************************************/ + +static BOOL api_samr_delete_dom_user(pipes_struct *p) +{ + SAMR_Q_DELETE_DOM_USER q_u; + SAMR_R_DELETE_DOM_USER r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_delete_dom_user("", &q_u, data, 0)) { + DEBUG(0,("api_samr_delete_dom_user: unable to unmarshall SAMR_Q_DELETE_DOM_USER.\n")); + return False; + } + + r_u.status = _samr_delete_dom_user(p, &q_u, &r_u); + + if (!samr_io_r_delete_dom_user("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_delete_dom_user: unable to marshall SAMR_R_DELETE_DOM_USER.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_delete_dom_group + ********************************************************************/ + +static BOOL api_samr_delete_dom_group(pipes_struct *p) +{ + SAMR_Q_DELETE_DOM_GROUP q_u; + SAMR_R_DELETE_DOM_GROUP r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_delete_dom_group("", &q_u, data, 0)) { + DEBUG(0,("api_samr_delete_dom_group: unable to unmarshall SAMR_Q_DELETE_DOM_GROUP.\n")); + return False; + } + + r_u.status = _samr_delete_dom_group(p, &q_u, &r_u); + + if (!samr_io_r_delete_dom_group("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_delete_dom_group: unable to marshall SAMR_R_DELETE_DOM_GROUP.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_delete_dom_alias + ********************************************************************/ + +static BOOL api_samr_delete_dom_alias(pipes_struct *p) +{ + SAMR_Q_DELETE_DOM_ALIAS q_u; + SAMR_R_DELETE_DOM_ALIAS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_delete_dom_alias("", &q_u, data, 0)) { + DEBUG(0,("api_samr_delete_dom_alias: unable to unmarshall SAMR_Q_DELETE_DOM_ALIAS.\n")); + return False; + } + + r_u.status = _samr_delete_dom_alias(p, &q_u, &r_u); + + if (!samr_io_r_delete_dom_alias("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_delete_dom_alias: unable to marshall SAMR_R_DELETE_DOM_ALIAS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_create_dom_group + ********************************************************************/ + +static BOOL api_samr_create_dom_group(pipes_struct *p) +{ + SAMR_Q_CREATE_DOM_GROUP q_u; + SAMR_R_CREATE_DOM_GROUP r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_create_dom_group("", &q_u, data, 0)) { + DEBUG(0,("api_samr_create_dom_group: unable to unmarshall SAMR_Q_CREATE_DOM_GROUP.\n")); + return False; + } + + r_u.status = _samr_create_dom_group(p, &q_u, &r_u); + + if (!samr_io_r_create_dom_group("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_create_dom_group: unable to marshall SAMR_R_CREATE_DOM_GROUP.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_create_dom_alias + ********************************************************************/ + +static BOOL api_samr_create_dom_alias(pipes_struct *p) +{ + SAMR_Q_CREATE_DOM_ALIAS q_u; + SAMR_R_CREATE_DOM_ALIAS r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_create_dom_alias("", &q_u, data, 0)) { + DEBUG(0,("api_samr_create_dom_alias: unable to unmarshall SAMR_Q_CREATE_DOM_ALIAS.\n")); + return False; + } + + r_u.status = _samr_create_dom_alias(p, &q_u, &r_u); + + if (!samr_io_r_create_dom_alias("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_create_dom_alias: unable to marshall SAMR_R_CREATE_DOM_ALIAS.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_groupinfo + ********************************************************************/ + +static BOOL api_samr_query_groupinfo(pipes_struct *p) +{ + SAMR_Q_QUERY_GROUPINFO q_u; + SAMR_R_QUERY_GROUPINFO r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_query_groupinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_query_groupinfo: unable to unmarshall SAMR_Q_QUERY_GROUPINFO.\n")); + return False; + } + + r_u.status = _samr_query_groupinfo(p, &q_u, &r_u); + + if (!samr_io_r_query_groupinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_query_groupinfo: unable to marshall SAMR_R_QUERY_GROUPINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_set_groupinfo + ********************************************************************/ + +static BOOL api_samr_set_groupinfo(pipes_struct *p) +{ + SAMR_Q_SET_GROUPINFO q_u; + SAMR_R_SET_GROUPINFO r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_set_groupinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_groupinfo: unable to unmarshall SAMR_Q_SET_GROUPINFO.\n")); + return False; + } + + r_u.status = _samr_set_groupinfo(p, &q_u, &r_u); + + if (!samr_io_r_set_groupinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_groupinfo: unable to marshall SAMR_R_SET_GROUPINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_set_aliasinfo + ********************************************************************/ + +static BOOL api_samr_set_aliasinfo(pipes_struct *p) +{ + SAMR_Q_SET_ALIASINFO q_u; + SAMR_R_SET_ALIASINFO r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_set_aliasinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_aliasinfo: unable to unmarshall SAMR_Q_SET_ALIASINFO.\n")); + return False; + } + + r_u.status = _samr_set_aliasinfo(p, &q_u, &r_u); + + if (!samr_io_r_set_aliasinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_aliasinfo: unable to marshall SAMR_R_SET_ALIASINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_get_dom_pwinfo + ********************************************************************/ + +static BOOL api_samr_get_dom_pwinfo(pipes_struct *p) +{ + SAMR_Q_GET_DOM_PWINFO q_u; + SAMR_R_GET_DOM_PWINFO r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_get_dom_pwinfo("", &q_u, data, 0)) { + DEBUG(0,("api_samr_get_dom_pwinfo: unable to unmarshall SAMR_Q_GET_DOM_PWINFO.\n")); + return False; + } + + r_u.status = _samr_get_dom_pwinfo(p, &q_u, &r_u); + + if (!samr_io_r_get_dom_pwinfo("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_get_dom_pwinfo: unable to marshall SAMR_R_GET_DOM_PWINFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_open_group + ********************************************************************/ + +static BOOL api_samr_open_group(pipes_struct *p) +{ + SAMR_Q_OPEN_GROUP q_u; + SAMR_R_OPEN_GROUP r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_open_group("", &q_u, data, 0)) { + DEBUG(0,("api_samr_open_group: unable to unmarshall SAMR_Q_OPEN_GROUP.\n")); + return False; + } + + r_u.status = _samr_open_group(p, &q_u, &r_u); + + if (!samr_io_r_open_group("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_open_group: unable to marshall SAMR_R_OPEN_GROUP.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_unknown_2d + ********************************************************************/ + +static BOOL api_samr_unknown_2d(pipes_struct *p) +{ + SAMR_Q_UNKNOWN_2D q_u; + SAMR_R_UNKNOWN_2D r_u; + + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!samr_io_q_unknown_2d("", &q_u, data, 0)) { + DEBUG(0,("api_samr_unknown_2d: unable to unmarshall SAMR_Q_UNKNOWN_2D.\n")); + return False; + } + + r_u.status = _samr_unknown_2d(p, &q_u, &r_u); + + if (!samr_io_r_unknown_2d("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_unknown_2d: unable to marshall SAMR_R_UNKNOWN_2D.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_query_dom_info + ********************************************************************/ + +static BOOL api_samr_unknown_2e(pipes_struct *p) +{ + SAMR_Q_UNKNOWN_2E q_u; + SAMR_R_UNKNOWN_2E r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 8 command */ + if(!samr_io_q_unknown_2e("", &q_u, data, 0)) { + DEBUG(0,("api_samr_unknown_2e: unable to unmarshall SAMR_Q_UNKNOWN_2E.\n")); + return False; + } + + r_u.status = _samr_unknown_2e(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_samr_unknown_2e("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_unknown_2e: unable to marshall SAMR_R_UNKNOWN_2E.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_samr_set_dom_info + ********************************************************************/ + +static BOOL api_samr_set_dom_info(pipes_struct *p) +{ + SAMR_Q_SET_DOMAIN_INFO q_u; + SAMR_R_SET_DOMAIN_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the samr unknown 8 command */ + if(!samr_io_q_set_domain_info("", &q_u, data, 0)) { + DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n")); + return False; + } + + r_u.status = _samr_set_dom_info(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!samr_io_r_set_domain_info("", &r_u, rdata, 0)) { + DEBUG(0,("api_samr_set_dom_info: unable to marshall SAMR_R_SET_DOMAIN_INFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + array of \PIPE\samr operations + ********************************************************************/ + +#ifdef RPC_SAMR_DYNAMIC +int init_module(void) +#else +int rpc_samr_init(void) +#endif +{ + static struct api_struct api_samr_cmds [] = + { + {"SAMR_CLOSE_HND" , SAMR_CLOSE_HND , api_samr_close_hnd }, + {"SAMR_CONNECT" , SAMR_CONNECT , api_samr_connect }, + {"SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon }, + {"SAMR_ENUM_DOMAINS" , SAMR_ENUM_DOMAINS , api_samr_enum_domains }, + {"SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users }, + + {"SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups }, + {"SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases }, + {"SAMR_QUERY_USERALIASES" , SAMR_QUERY_USERALIASES, api_samr_query_useraliases}, + {"SAMR_QUERY_ALIASMEM" , SAMR_QUERY_ALIASMEM , api_samr_query_aliasmem }, + {"SAMR_QUERY_GROUPMEM" , SAMR_QUERY_GROUPMEM , api_samr_query_groupmem }, + {"SAMR_ADD_ALIASMEM" , SAMR_ADD_ALIASMEM , api_samr_add_aliasmem }, + {"SAMR_DEL_ALIASMEM" , SAMR_DEL_ALIASMEM , api_samr_del_aliasmem }, + {"SAMR_ADD_GROUPMEM" , SAMR_ADD_GROUPMEM , api_samr_add_groupmem }, + {"SAMR_DEL_GROUPMEM" , SAMR_DEL_GROUPMEM , api_samr_del_groupmem }, + + {"SAMR_DELETE_DOM_USER" , SAMR_DELETE_DOM_USER , api_samr_delete_dom_user }, + {"SAMR_DELETE_DOM_GROUP" , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group }, + {"SAMR_DELETE_DOM_ALIAS" , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias }, + {"SAMR_CREATE_DOM_GROUP" , SAMR_CREATE_DOM_GROUP , api_samr_create_dom_group }, + {"SAMR_CREATE_DOM_ALIAS" , SAMR_CREATE_DOM_ALIAS , api_samr_create_dom_alias }, + {"SAMR_LOOKUP_NAMES" , SAMR_LOOKUP_NAMES , api_samr_lookup_names }, + {"SAMR_OPEN_USER" , SAMR_OPEN_USER , api_samr_open_user }, + {"SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo }, + {"SAMR_SET_USERINFO" , SAMR_SET_USERINFO , api_samr_set_userinfo }, + {"SAMR_SET_USERINFO2" , SAMR_SET_USERINFO2 , api_samr_set_userinfo2 }, + + {"SAMR_QUERY_DOMAIN_INFO" , SAMR_QUERY_DOMAIN_INFO, api_samr_query_dom_info }, + {"SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups }, + {"SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo }, + {"SAMR_QUERY_DISPINFO3" , SAMR_QUERY_DISPINFO3 , api_samr_query_dispinfo }, + {"SAMR_QUERY_DISPINFO4" , SAMR_QUERY_DISPINFO4 , api_samr_query_dispinfo }, + + {"SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo }, + {"SAMR_QUERY_GROUPINFO" , SAMR_QUERY_GROUPINFO , api_samr_query_groupinfo }, + {"SAMR_SET_GROUPINFO" , SAMR_SET_GROUPINFO , api_samr_set_groupinfo }, + {"SAMR_SET_ALIASINFO" , SAMR_SET_ALIASINFO , api_samr_set_aliasinfo }, + {"SAMR_CREATE_USER" , SAMR_CREATE_USER , api_samr_create_user }, + {"SAMR_LOOKUP_RIDS" , SAMR_LOOKUP_RIDS , api_samr_lookup_rids }, + {"SAMR_GET_DOM_PWINFO" , SAMR_GET_DOM_PWINFO , api_samr_get_dom_pwinfo }, + {"SAMR_CHGPASSWD_USER" , SAMR_CHGPASSWD_USER , api_samr_chgpasswd_user }, + {"SAMR_OPEN_ALIAS" , SAMR_OPEN_ALIAS , api_samr_open_alias }, + {"SAMR_OPEN_GROUP" , SAMR_OPEN_GROUP , api_samr_open_group }, + {"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain }, + {"SAMR_UNKNOWN_2D" , SAMR_UNKNOWN_2D , api_samr_unknown_2d }, + {"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain }, + + {"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj }, + {"SAMR_SET_SEC_OBJECT" , SAMR_SET_SEC_OBJECT , api_samr_set_sec_obj }, + {"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo}, + {"SAMR_UNKNOWN_2E" , SAMR_UNKNOWN_2E , api_samr_unknown_2e }, + {"SAMR_SET_DOMAIN_INFO" , SAMR_SET_DOMAIN_INFO , api_samr_set_dom_info }, + {"SAMR_CONNECT4" , SAMR_CONNECT4 , api_samr_connect4 } + }; + return rpc_pipe_register_commands("samr", "lsass", api_samr_cmds, + sizeof(api_samr_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_samr_nt.c b/source4/rpc_server/srv_samr_nt.c new file mode 100644 index 0000000000..fd1fb92982 --- /dev/null +++ b/source4/rpc_server/srv_samr_nt.c @@ -0,0 +1,4432 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Marc Jacobsen 1999, + * Copyright (C) Jeremy Allison 2001-2002, + * Copyright (C) Jean François Micouleau 1998-2001, + * Copyright (C) Anthony Liguori 2002, + * Copyright (C) Jim McDonough 2002. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* + * This is the implementation of the SAMR code. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +extern DOM_SID global_sid_Builtin; + +extern rid_name domain_group_rids[]; +extern rid_name domain_alias_rids[]; +extern rid_name builtin_alias_rids[]; + + +typedef struct _disp_info { + BOOL user_dbloaded; + uint32 num_user_account; + DISP_USER_INFO *disp_user_info; + BOOL group_dbloaded; + uint32 num_group_account; + DISP_GROUP_INFO *disp_group_info; +} DISP_INFO; + +struct samr_info { + /* for use by the \PIPE\samr policy */ + DOM_SID sid; + uint32 status; /* some sort of flag. best to record it. comes from opnum 0x39 */ + uint32 acc_granted; + uint16 acb_mask; + BOOL all_machines; + DISP_INFO disp_info; + + TALLOC_CTX *mem_ctx; +}; + +struct generic_mapping sam_generic_mapping = {GENERIC_RIGHTS_SAM_READ, GENERIC_RIGHTS_SAM_WRITE, GENERIC_RIGHTS_SAM_EXECUTE, GENERIC_RIGHTS_SAM_ALL_ACCESS}; +struct generic_mapping dom_generic_mapping = {GENERIC_RIGHTS_DOMAIN_READ, GENERIC_RIGHTS_DOMAIN_WRITE, GENERIC_RIGHTS_DOMAIN_EXECUTE, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS}; +struct generic_mapping usr_generic_mapping = {GENERIC_RIGHTS_USER_READ, GENERIC_RIGHTS_USER_WRITE, GENERIC_RIGHTS_USER_EXECUTE, GENERIC_RIGHTS_USER_ALL_ACCESS}; +struct generic_mapping grp_generic_mapping = {GENERIC_RIGHTS_GROUP_READ, GENERIC_RIGHTS_GROUP_WRITE, GENERIC_RIGHTS_GROUP_EXECUTE, GENERIC_RIGHTS_GROUP_ALL_ACCESS}; +struct generic_mapping ali_generic_mapping = {GENERIC_RIGHTS_ALIAS_READ, GENERIC_RIGHTS_ALIAS_WRITE, GENERIC_RIGHTS_ALIAS_EXECUTE, GENERIC_RIGHTS_ALIAS_ALL_ACCESS}; + +static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size); + +/******************************************************************* + Checks if access to an object should be granted, and returns that + level of access for further checks. +********************************************************************/ + +NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access, + uint32 *acc_granted, const char *debug) +{ + NTSTATUS status = NT_STATUS_ACCESS_DENIED; + + if (!se_access_check(psd, nt_user_token, des_access, acc_granted, &status)) { + if (geteuid() == sec_initial_uid()) { + DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", + debug, des_access)); + DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n")); + status = NT_STATUS_OK; + } + else { + DEBUG(2,("%s: ACCESS DENIED (requested: %#010x)\n", + debug, des_access)); + } + } + return status; +} + +/******************************************************************* + Checks if access to a function can be granted +********************************************************************/ + +NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug) +{ + DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n", + debug, acc_granted, acc_required)); + if ((acc_granted & acc_required) != acc_required) { + if (geteuid() == sec_initial_uid()) { + DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", + debug, acc_granted, acc_required)); + DEBUGADD(4,("but overwritten by euid == 0\n")); + return NT_STATUS_OK; + } + DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n", + debug, acc_granted, acc_required)); + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; +} + + +/******************************************************************* + Create a samr_info struct. +********************************************************************/ + +static struct samr_info *get_samr_info_by_sid(DOM_SID *psid) +{ + struct samr_info *info; + fstring sid_str; + TALLOC_CTX *mem_ctx; + + if (psid) { + sid_to_string(sid_str, psid); + } else { + fstrcpy(sid_str,"(NULL)"); + } + + mem_ctx = talloc_init("samr_info for domain sid %s", sid_str); + + if ((info = (struct samr_info *)talloc(mem_ctx, sizeof(struct samr_info))) == NULL) + return NULL; + + ZERO_STRUCTP(info); + DEBUG(10,("get_samr_info_by_sid: created new info for sid %s\n", sid_str)); + if (psid) { + sid_copy( &info->sid, psid); + } else { + DEBUG(10,("get_samr_info_by_sid: created new info for NULL sid.\n")); + } + info->mem_ctx = mem_ctx; + return info; +} + + +/******************************************************************* + Function to free the per handle data. + ********************************************************************/ +static void free_samr_users(struct samr_info *info) +{ + int i; + + if (info->disp_info.user_dbloaded){ + for (i=0; i<info->disp_info.num_user_account; i++) { + /* Not really a free, actually a 'clear' */ + pdb_free_sam(&info->disp_info.disp_user_info[i].sam); + } + } + info->disp_info.user_dbloaded=False; + info->disp_info.num_user_account=0; +} + + +/******************************************************************* + Function to free the per handle data. + ********************************************************************/ +static void free_samr_db(struct samr_info *info) +{ + /* Groups are talloced */ + + free_samr_users(info); + + info->disp_info.group_dbloaded=False; + info->disp_info.num_group_account=0; +} + + +static void free_samr_info(void *ptr) +{ + struct samr_info *info=(struct samr_info *) ptr; + + free_samr_db(info); + talloc_destroy(info->mem_ctx); +} + +/******************************************************************* + Ensure password info is never given out. Paranioa... JRA. + ********************************************************************/ + +static void samr_clear_sam_passwd(SAM_ACCOUNT *sam_pass) +{ + + if (!sam_pass) + return; + + /* These now zero out the old password */ + + pdb_set_lanman_passwd(sam_pass, NULL, PDB_DEFAULT); + pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT); +} + + +static NTSTATUS load_sampwd_entries(struct samr_info *info, uint16 acb_mask, BOOL all_machines) +{ + SAM_ACCOUNT *pwd = NULL; + DISP_USER_INFO *pwd_array = NULL; + NTSTATUS nt_status = NT_STATUS_OK; + TALLOC_CTX *mem_ctx = info->mem_ctx; + + DEBUG(10,("load_sampwd_entries\n")); + + /* if the snapshoot is already loaded, return */ + if ((info->disp_info.user_dbloaded==True) + && (info->acb_mask == acb_mask) + && (info->all_machines == all_machines)) { + DEBUG(10,("load_sampwd_entries: already in memory\n")); + return NT_STATUS_OK; + } + + free_samr_users(info); + + if (!pdb_setsampwent(False)) { + DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n")); + return NT_STATUS_ACCESS_DENIED; + } + + for (; (NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(mem_ctx, &pwd))) + && pdb_getsampwent(pwd) == True; pwd=NULL) { + + if (all_machines) { + if (!((pdb_get_acct_ctrl(pwd) & ACB_WSTRUST) + || (pdb_get_acct_ctrl(pwd) & ACB_SVRTRUST))) { + DEBUG(5,("load_sampwd_entries: '%s' is not a machine account - ACB: %x - skipping\n", pdb_get_username(pwd), acb_mask)); + pdb_free_sam(&pwd); + continue; + } + } else { + if (acb_mask != 0 && !(pdb_get_acct_ctrl(pwd) & acb_mask)) { + pdb_free_sam(&pwd); + DEBUG(5,(" acb_mask %x reject\n", acb_mask)); + continue; + } + } + + /* Realloc some memory for the array of ptr to the SAM_ACCOUNT structs */ + if (info->disp_info.num_user_account % MAX_SAM_ENTRIES == 0) { + + DEBUG(10,("load_sampwd_entries: allocating more memory\n")); + pwd_array=(DISP_USER_INFO *)talloc_realloc(mem_ctx, info->disp_info.disp_user_info, + (info->disp_info.num_user_account+MAX_SAM_ENTRIES)*sizeof(DISP_USER_INFO)); + + if (pwd_array==NULL) + return NT_STATUS_NO_MEMORY; + + info->disp_info.disp_user_info=pwd_array; + } + + /* link the SAM_ACCOUNT to the array */ + info->disp_info.disp_user_info[info->disp_info.num_user_account].sam=pwd; + + DEBUG(10,("load_sampwd_entries: entry: %d\n", info->disp_info.num_user_account)); + + info->disp_info.num_user_account++; + } + + pdb_endsampwent(); + + /* the snapshoot is in memory, we're ready to enumerate fast */ + + info->acb_mask = acb_mask; + info->all_machines = all_machines; + info->disp_info.user_dbloaded=True; + + DEBUG(10,("load_sampwd_entries: done\n")); + + return nt_status; +} + +static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid) +{ + GROUP_MAP *map=NULL; + DISP_GROUP_INFO *grp_array = NULL; + uint32 group_entries = 0; + uint32 i; + TALLOC_CTX *mem_ctx = info->mem_ctx; + + DEBUG(10,("load_group_domain_entries\n")); + + /* if the snapshoot is already loaded, return */ + if (info->disp_info.group_dbloaded==True) { + DEBUG(10,("load_group_domain_entries: already in memory\n")); + return NT_STATUS_OK; + } + + if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) { + DEBUG(1, ("load_group_domain_entries: pdb_enum_group_mapping() failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + info->disp_info.num_group_account=group_entries; + + grp_array=(DISP_GROUP_INFO *)talloc(mem_ctx, info->disp_info.num_group_account*sizeof(DISP_GROUP_INFO)); + + if (group_entries!=0 && grp_array==NULL) { + DEBUG(1, ("load_group_domain_entries: talloc() failed for grp_array!\n")); + SAFE_FREE(map); + return NT_STATUS_NO_MEMORY; + } + + info->disp_info.disp_group_info=grp_array; + + for (i=0; i<group_entries; i++) { + + grp_array[i].grp=(DOMAIN_GRP *)talloc(mem_ctx, sizeof(DOMAIN_GRP)); + + fstrcpy(grp_array[i].grp->name, map[i].nt_name); + fstrcpy(grp_array[i].grp->comment, map[i].comment); + sid_split_rid(&map[i].sid, &grp_array[i].grp->rid); + grp_array[i].grp->attr=SID_NAME_DOM_GRP; + } + + SAFE_FREE(map); + + /* the snapshoot is in memory, we're ready to enumerate fast */ + + info->disp_info.group_dbloaded=True; + + DEBUG(10,("load_group_domain_entries: done\n")); + + return NT_STATUS_OK; +} + + +/******************************************************************* + _samr_close_hnd + ********************************************************************/ + +NTSTATUS _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HND *r_u) +{ + r_u->status = NT_STATUS_OK; + + /* close the policy handle */ + if (!close_policy_hnd(p, &q_u->pol)) + return NT_STATUS_OBJECT_NAME_INVALID; + + DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + samr_reply_open_domain + ********************************************************************/ + +NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN_DOMAIN *r_u) +{ + struct samr_info *info; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->flags; + size_t sd_size; + NTSTATUS status; + + r_u->status = NT_STATUS_OK; + + /* find the connection policy handle. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN,"_samr_open_domain"))) { + return status; + } + + /*check if access can be granted as requested by client. */ + samr_make_dom_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access,&dom_generic_mapping); + + if (!NT_STATUS_IS_OK(status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_domain"))) { + return status; + } + + /* associate the domain SID with the (unique) handle. */ + if ((info = get_samr_info_by_sid(&q_u->dom_sid.sid))==NULL) + return NT_STATUS_NO_MEMORY; + info->acc_granted = acc_granted; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->domain_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + DEBUG(5,("samr_open_domain: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + _samr_get_usrdom_pwinfo + ********************************************************************/ + +NTSTATUS _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, SAMR_R_GET_USRDOM_PWINFO *r_u) +{ + struct samr_info *info = NULL; + + r_u->status = NT_STATUS_OK; + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, &q_u->user_pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!sid_check_is_in_our_domain(&info->sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + init_samr_r_get_usrdom_pwinfo(r_u, NT_STATUS_OK); + + DEBUG(5,("_samr_get_usrdom_pwinfo: %d\n", __LINE__)); + + /* + * NT sometimes return NT_STATUS_ACCESS_DENIED + * I don't know yet why. + */ + + return r_u->status; +} + +/******************************************************************* + samr_make_dom_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, GENERIC_RIGHTS_DOMAIN_EXECUTE | GENERIC_RIGHTS_DOMAIN_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + +/******************************************************************* + samr_make_usr_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size, DOM_SID *usr_sid) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[4]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, GENERIC_RIGHTS_USER_EXECUTE | GENERIC_RIGHTS_USER_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, GENERIC_RIGHTS_USER_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*extended access for the user*/ + init_sec_access(&mask,READ_CONTROL_ACCESS | SA_RIGHT_USER_CHANGE_PASSWORD | SA_RIGHT_USER_SET_LOC_COM); + init_sec_ace(&ace[3], usr_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + +/******************************************************************* + samr_make_grp_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_grp_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, GENERIC_RIGHTS_GROUP_EXECUTE | GENERIC_RIGHTS_GROUP_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, GENERIC_RIGHTS_GROUP_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + +/******************************************************************* + samr_make_ali_obj_sd + ********************************************************************/ + +static NTSTATUS samr_make_ali_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) +{ + extern DOM_SID global_sid_World; + DOM_SID adm_sid; + DOM_SID act_sid; + + SEC_ACE ace[3]; + SEC_ACCESS mask; + + SEC_ACL *psa = NULL; + + sid_copy(&adm_sid, &global_sid_Builtin); + sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS); + + sid_copy(&act_sid, &global_sid_Builtin); + sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); + + /*basic access for every one*/ + init_sec_access(&mask, GENERIC_RIGHTS_ALIAS_EXECUTE | GENERIC_RIGHTS_ALIAS_READ); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + /*full access for builtin aliases Administrators and Account Operators*/ + init_sec_access(&mask, GENERIC_RIGHTS_ALIAS_ALL_ACCESS); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) + return NT_STATUS_NO_MEMORY; + + if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL) + return NT_STATUS_NO_MEMORY; + + return NT_STATUS_OK; +} + +static BOOL get_lsa_policy_samr_sid(pipes_struct *p, POLICY_HND *pol, DOM_SID *sid, uint32 *acc_granted) +{ + struct samr_info *info = NULL; + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, pol, (void **)&info)) + return False; + + if (!info) + return False; + + *sid = info->sid; + *acc_granted = info->acc_granted; + return True; +} + +/******************************************************************* + _samr_set_sec_obj + ********************************************************************/ + +NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_SEC_OBJ *r_u) +{ + DEBUG(0,("_samr_set_sec_obj: Not yet implemented!\n")); + return NT_STATUS_NOT_IMPLEMENTED; +} + + +/******************************************************************* + _samr_query_sec_obj + ********************************************************************/ + +NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_QUERY_SEC_OBJ *r_u) +{ + DOM_SID pol_sid; + fstring str_sid; + SEC_DESC * psd = NULL; + size_t sd_size; + uint32 acc_granted; + + r_u->status = NT_STATUS_OK; + + /* Get the SID. */ + if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + + + DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n", sid_to_string(str_sid, &pol_sid))); + + /* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */ + + /* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */ + if (pol_sid.sid_rev_num == 0) + { + DEBUG(5,("_samr_query_sec_obj: querying security on SAM\n")); + r_u->status = samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); + } + else if (sid_equal(&pol_sid,get_global_sam_sid())) /* check if it is our domain SID */ + + { + DEBUG(5,("_samr_query_sec_obj: querying security on Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid))); + r_u->status = samr_make_dom_obj_sd(p->mem_ctx, &psd, &sd_size); + } + else if (sid_equal(&pol_sid,&global_sid_Builtin)) /* check if it is the Builtin Domain */ + { + /* TODO: Builtin probably needs a different SD with restricted write access*/ + DEBUG(5,("_samr_query_sec_obj: querying security on Builtin Domain with SID: %s\n", sid_to_string(str_sid, &pol_sid))); + r_u->status = samr_make_dom_obj_sd(p->mem_ctx, &psd, &sd_size); + } + else if (sid_check_is_in_our_domain(&pol_sid) || + sid_check_is_in_builtin(&pol_sid)) + { + /* TODO: different SDs have to be generated for aliases groups and users. + Currently all three get a default user SD */ + DEBUG(10,("_samr_query_sec_obj: querying security on Object with SID: %s\n", sid_to_string(str_sid, &pol_sid))); + r_u->status = samr_make_usr_obj_sd(p->mem_ctx, &psd,&sd_size, &pol_sid); + } + else return NT_STATUS_OBJECT_TYPE_MISMATCH; + + if ((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL) + return NT_STATUS_NO_MEMORY; + + if (NT_STATUS_IS_OK(r_u->status)) + r_u->ptr = 1; + + return r_u->status; +} + +/******************************************************************* +makes a SAM_ENTRY / UNISTR2* structure from a user list. +********************************************************************/ + +static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp, + uint32 num_entries, uint32 start_idx, DISP_USER_INFO *disp_user_info, + DOM_SID *domain_sid) +{ + uint32 i; + SAM_ENTRY *sam; + UNISTR2 *uni_name; + SAM_ACCOUNT *pwd = NULL; + UNISTR2 uni_temp_name; + const char *temp_name; + const DOM_SID *user_sid; + uint32 user_rid; + fstring user_sid_string; + fstring domain_sid_string; + + *sam_pp = NULL; + *uni_name_pp = NULL; + + if (num_entries == 0) + return NT_STATUS_OK; + + sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_entries); + + uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_entries); + + if (sam == NULL || uni_name == NULL) { + DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n")); + return NT_STATUS_NO_MEMORY; + } + + for (i = 0; i < num_entries; i++) { + pwd = disp_user_info[i+start_idx].sam; + temp_name = pdb_get_username(pwd); + init_unistr2(&uni_temp_name, temp_name, strlen(temp_name)+1); + user_sid = pdb_get_user_sid(pwd); + + if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) { + DEBUG(0, ("make_user_sam_entry_list: User %s has SID %s, which conflicts with " + "the domain sid %s. Failing operation.\n", + temp_name, + sid_to_string(user_sid_string, user_sid), + sid_to_string(domain_sid_string, domain_sid))); + return NT_STATUS_UNSUCCESSFUL; + } + + init_sam_entry(&sam[i], uni_temp_name.uni_str_len, user_rid); + copy_unistr2(&uni_name[i], &uni_temp_name); + } + + *sam_pp = sam; + *uni_name_pp = uni_name; + return NT_STATUS_OK; +} + +/******************************************************************* + samr_reply_enum_dom_users + ********************************************************************/ + +NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, + SAMR_R_ENUM_DOM_USERS *r_u) +{ + struct samr_info *info = NULL; + uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */ + int num_account; + uint32 enum_context=q_u->start_idx; + uint32 max_size=q_u->max_size; + uint32 temp_size; + enum remote_arch_types ra_type = get_remote_arch(); + int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + uint32 max_entries = max_sam_entries; + DOM_SID domain_sid; + + r_u->status = NT_STATUS_OK; + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + domain_sid = info->sid; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, + "_samr_enum_dom_users"))) { + return r_u->status; + } + + DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); + + become_root(); + r_u->status=load_sampwd_entries(info, q_u->acb_mask, False); + unbecome_root(); + + if (!NT_STATUS_IS_OK(r_u->status)) + return r_u->status; + + num_account = info->disp_info.num_user_account; + + if (enum_context > num_account) { + DEBUG(5, ("_samr_enum_dom_users: enumeration handle over total entries\n")); + return NT_STATUS_OK; + } + + /* verify we won't overflow */ + if (max_entries > num_account-enum_context) { + max_entries = num_account-enum_context; + DEBUG(5, ("_samr_enum_dom_users: only %d entries to return\n", max_entries)); + } + + /* calculate the size and limit on the number of entries we will return */ + temp_size=max_entries*struct_size; + + if (temp_size>max_size) { + max_entries=MIN((max_size/struct_size),max_entries);; + DEBUG(5, ("_samr_enum_dom_users: buffer size limits to only %d entries\n", max_entries)); + } + + /* + * Note from JRA. total_entries is not being used here. Currently if there is a + * large user base then it looks like NT will enumerate until get_sampwd_entries + * returns False due to num_entries being zero. This will cause an access denied + * return. I don't think this is right and needs further investigation. Note that + * this is also the same in the TNG code (I don't think that has been tested with + * a very large user list as MAX_SAM_ENTRIES is set to 600). + * + * I also think that one of the 'num_entries' return parameters is probably + * the "max entries" parameter - but in the TNG code they're all currently set to the same + * value (again I think this is wrong). + */ + + r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_acct_name, + max_entries, enum_context, + info->disp_info.disp_user_info, + &domain_sid); + + if (!NT_STATUS_IS_OK(r_u->status)) + return r_u->status; + + if (enum_context+max_entries < num_account) + r_u->status = STATUS_MORE_ENTRIES; + + DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__)); + + init_samr_r_enum_dom_users(r_u, q_u->start_idx + max_entries, max_entries); + + DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* +makes a SAM_ENTRY / UNISTR2* structure from a group list. +********************************************************************/ + +static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNISTR2 **uni_name_pp, + uint32 num_sam_entries, DOMAIN_GRP *grp) +{ + uint32 i; + SAM_ENTRY *sam; + UNISTR2 *uni_name; + + *sam_pp = NULL; + *uni_name_pp = NULL; + + if (num_sam_entries == 0) + return; + + sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries); + + uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries); + + if (sam == NULL || uni_name == NULL) { + DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); + return; + } + + for (i = 0; i < num_sam_entries; i++) { + /* + * JRA. I think this should include the null. TNG does not. + */ + int len = strlen(grp[i].name)+1; + + init_sam_entry(&sam[i], len, grp[i].rid); + init_unistr2(&uni_name[i], grp[i].name, len); + } + + *sam_pp = sam; + *uni_name_pp = uni_name; +} + +/******************************************************************* + Get the group entries - similar to get_sampwd_entries(). + ********************************************************************/ + +static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries) +{ + fstring sid_str; + uint32 num_entries = 0; + int i; + GROUP_MAP smap; + GROUP_MAP *map = NULL; + + sid_to_string(sid_str, sid); + DEBUG(5, ("get_group_alias_entries: enumerating aliases on SID: %s\n", sid_str)); + + *p_num_entries = 0; + + /* well-known aliases */ + if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) { + + pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV); + + if (num_entries != 0) { + *d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP)); + if (*d_grp==NULL) + return NT_STATUS_NO_MEMORY; + + for(i=0; i<num_entries && i<max_entries; i++) { + fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name); + sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid); + + } + } + SAFE_FREE(map); + + } else if (sid_equal(sid, get_global_sam_sid()) && !lp_hide_local_users()) { + struct sys_grent *glist; + struct sys_grent *grp; + struct passwd *pw; + gid_t winbind_gid_low, winbind_gid_high; + BOOL winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); + + /* local aliases */ + /* we return the UNIX groups here. This seems to be the right */ + /* thing to do, since NT member servers return their local */ + /* groups in the same situation. */ + + /* use getgrent_list() to retrieve the list of groups to avoid + * problems with getgrent possible infinite loop by internal + * libc grent structures overwrites by called functions */ + grp = glist = getgrent_list(); + if (grp == NULL) + return NT_STATUS_NO_MEMORY; + + for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) { + uint32 trid; + + if(!pdb_getgrgid(&smap, grp->gr_gid, MAPPING_WITHOUT_PRIV)) + continue; + + if (smap.sid_name_use!=SID_NAME_ALIAS) { + continue; + } + + sid_split_rid(&smap.sid, &trid); + + if (!sid_equal(sid, &smap.sid)) + continue; + + /* Don't return winbind groups as they are not local! */ + if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) { + DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name )); + continue; + } + + /* Don't return user private groups... */ + + if ((pw = Get_Pwnam(smap.nt_name)) != 0) { + DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name )); + continue; + } + + for( i = 0; i < num_entries; i++) + if ( (*d_grp)[i].rid == trid ) + break; + + if ( i < num_entries ) { + continue; /* rid was there, dup! */ + } + + /* JRA - added this for large group db enumeration... */ + + if (start_idx > 0) { + /* skip the requested number of entries. + not very efficient, but hey... + */ + start_idx--; + continue; + } + + *d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP)); + if (*d_grp==NULL) { + grent_free(glist); + return NT_STATUS_NO_MEMORY; + } + + fstrcpy((*d_grp)[num_entries].name, smap.nt_name); + (*d_grp)[num_entries].rid = trid; + num_entries++; + DEBUG(10,("get_group_alias_entries: added entry %d, rid:%d\n", num_entries, trid)); + } + + grent_free(glist); + } + + *p_num_entries = num_entries; + + DEBUG(10,("get_group_alias_entries: returning %d entries\n", *p_num_entries)); + + if (num_entries >= max_entries) + return STATUS_MORE_ENTRIES; + return NT_STATUS_OK; +} + +/******************************************************************* + Get the group entries - similar to get_sampwd_entries(). + ********************************************************************/ + +static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries) +{ + GROUP_MAP *map=NULL; + int i; + uint32 group_entries = 0; + uint32 num_entries = 0; + + *p_num_entries = 0; + + pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV); + + num_entries=group_entries-start_idx; + + /* limit the number of entries */ + if (num_entries>max_entries) { + DEBUG(5,("Limiting to %d entries\n", max_entries)); + num_entries=max_entries; + } + + *d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP)); + if (num_entries!=0 && *d_grp==NULL){ + SAFE_FREE(map); + return NT_STATUS_NO_MEMORY; + } + + for (i=0; i<num_entries; i++) { + fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name); + fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment); + sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid); + (*d_grp)[i].attr=SID_NAME_DOM_GRP; + } + + SAFE_FREE(map); + + *p_num_entries = num_entries; + + return NT_STATUS_OK; +} + +/******************************************************************* + samr_reply_enum_dom_groups + ********************************************************************/ + +NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS *r_u) +{ + DOMAIN_GRP *grp=NULL; + uint32 num_entries; + DOM_SID sid; + uint32 acc_granted; + + r_u->status = NT_STATUS_OK; + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) { + return r_u->status; + } + + DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); + + /* the domain group array is being allocated in the function below */ + if (!NT_STATUS_IS_OK(r_u->status = get_group_domain_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES))) { + return r_u->status; + } + + make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); + + init_samr_r_enum_dom_groups(r_u, q_u->start_idx, num_entries); + + DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__)); + + return r_u->status; +} + + +/******************************************************************* + samr_reply_enum_dom_aliases + ********************************************************************/ + +NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES *r_u) +{ + DOMAIN_GRP *grp=NULL; + uint32 num_entries = 0; + fstring sid_str; + DOM_SID sid; + NTSTATUS status; + uint32 acc_granted; + + r_u->status = NT_STATUS_OK; + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) { + return r_u->status; + } + + sid_to_string(sid_str, &sid); + DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); + + status = get_group_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, + &num_entries, MAX_SAM_ENTRIES); + if (NT_STATUS_IS_ERR(status)) return status; + + make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); + + /*safe_free(grp);*/ + + init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_entries, num_entries); + + DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + samr_reply_query_dispinfo + ********************************************************************/ +NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, + SAMR_R_QUERY_DISPINFO *r_u) +{ + struct samr_info *info = NULL; + uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */ + + uint32 max_entries=q_u->max_entries; + uint32 enum_context=q_u->start_idx; + uint32 max_size=q_u->max_size; + + SAM_DISPINFO_CTR *ctr; + uint32 temp_size=0, total_data_size=0; + NTSTATUS disp_ret; + uint32 num_account = 0; + enum remote_arch_types ra_type = get_remote_arch(); + int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; + DOM_SID domain_sid; + + DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__)); + r_u->status = NT_STATUS_OK; + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + domain_sid = info->sid; + + /* + * calculate how many entries we will return. + * based on + * - the number of entries the client asked + * - our limit on that + * - the starting point (enumeration context) + * - the buffer size the client will accept + */ + + /* + * We are a lot more like W2K. Instead of reading the SAM + * each time to find the records we need to send back, + * we read it once and link that copy to the sam handle. + * For large user list (over the MAX_SAM_ENTRIES) + * it's a definitive win. + * second point to notice: between enumerations + * our sam is now the same as it's a snapshoot. + * third point: got rid of the static SAM_USER_21 struct + * no more intermediate. + * con: it uses much more memory, as a full copy is stored + * in memory. + * + * If you want to change it, think twice and think + * of the second point , that's really important. + * + * JFM, 12/20/2001 + */ + + /* Get what we need from the password database */ + switch (q_u->switch_level) { + case 0x1: + /* When playing with usrmgr, this is necessary + if you want immediate refresh after editing + a user. I would like to do this after the + setuserinfo2, but we do not have access to + the domain handle in that call, only to the + user handle. Where else does this hurt? + -- Volker + */ +#if 0 + /* We cannot do this here - it kills performace. JRA. */ + free_samr_users(info); +#endif + case 0x2: + case 0x4: + become_root(); + /* Level 2 is for all machines, otherwise only 'normal' users */ + r_u->status=load_sampwd_entries(info, ACB_NORMAL, q_u->switch_level==2); + unbecome_root(); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n")); + return r_u->status; + } + num_account = info->disp_info.num_user_account; + break; + case 0x3: + case 0x5: + r_u->status = load_group_domain_entries(info, &info->sid); + if (!NT_STATUS_IS_OK(r_u->status)) + return r_u->status; + num_account = info->disp_info.num_group_account; + break; + default: + DEBUG(0,("_samr_query_dispinfo: Unknown info level (%u)\n", (unsigned int)q_u->switch_level )); + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* first limit the number of entries we will return */ + if(max_entries > max_sam_entries) { + DEBUG(5, ("samr_reply_query_dispinfo: client requested %d entries, limiting to %d\n", max_entries, max_sam_entries)); + max_entries = max_sam_entries; + } + + if (enum_context > num_account) { + DEBUG(5, ("samr_reply_query_dispinfo: enumeration handle over total entries\n")); + return NT_STATUS_NO_MORE_ENTRIES; + } + + /* verify we won't overflow */ + if (max_entries > num_account-enum_context) { + max_entries = num_account-enum_context; + DEBUG(5, ("samr_reply_query_dispinfo: only %d entries to return\n", max_entries)); + } + + /* calculate the size and limit on the number of entries we will return */ + temp_size=max_entries*struct_size; + + if (temp_size>max_size) { + max_entries=MIN((max_size/struct_size),max_entries);; + DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to only %d entries\n", max_entries)); + } + + if (!(ctr = (SAM_DISPINFO_CTR *)talloc_zero(p->mem_ctx,sizeof(SAM_DISPINFO_CTR)))) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(ctr); + + /* Now create reply structure */ + switch (q_u->switch_level) { + case 0x1: + if (max_entries) { + if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_1)))) + return NT_STATUS_NO_MEMORY; + } + disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, + info->disp_info.disp_user_info, &domain_sid); + if (!NT_STATUS_IS_OK(disp_ret)) + return disp_ret; + break; + case 0x2: + if (max_entries) { + if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_2)))) + return NT_STATUS_NO_MEMORY; + } + disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, + info->disp_info.disp_user_info, &domain_sid); + if (!NT_STATUS_IS_OK(disp_ret)) + return disp_ret; + break; + case 0x3: + if (max_entries) { + if (!(ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_3)))) + return NT_STATUS_NO_MEMORY; + } + disp_ret = init_sam_dispinfo_3(p->mem_ctx, ctr->sam.info3, max_entries, enum_context, info->disp_info.disp_group_info); + if (!NT_STATUS_IS_OK(disp_ret)) + return disp_ret; + break; + case 0x4: + if (max_entries) { + if (!(ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_4)))) + return NT_STATUS_NO_MEMORY; + } + disp_ret = init_sam_dispinfo_4(p->mem_ctx, ctr->sam.info4, max_entries, enum_context, info->disp_info.disp_user_info); + if (!NT_STATUS_IS_OK(disp_ret)) + return disp_ret; + break; + case 0x5: + if (max_entries) { + if (!(ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_5)))) + return NT_STATUS_NO_MEMORY; + } + disp_ret = init_sam_dispinfo_5(p->mem_ctx, ctr->sam.info5, max_entries, enum_context, info->disp_info.disp_group_info); + if (!NT_STATUS_IS_OK(disp_ret)) + return disp_ret; + break; + + default: + ctr->sam.info = NULL; + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* calculate the total size */ + total_data_size=num_account*struct_size; + + if (enum_context+max_entries < num_account) + r_u->status = STATUS_MORE_ENTRIES; + + DEBUG(5, ("_samr_query_dispinfo: %d\n", __LINE__)); + + init_samr_r_query_dispinfo(r_u, max_entries, total_data_size, temp_size, q_u->switch_level, ctr, r_u->status); + + return r_u->status; + +} + +/******************************************************************* + samr_reply_query_aliasinfo + ********************************************************************/ + +NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u) +{ + DOM_SID sid; + GROUP_MAP map; + uint32 acc_granted; + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__)); + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) { + return r_u->status; + } + + if (!sid_check_is_in_our_domain(&sid) && + !sid_check_is_in_builtin(&sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + if (!pdb_getgrsid(&map, sid, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_ALIAS; + + switch (q_u->switch_level) { + case 1: + r_u->ptr = 1; + r_u->ctr.switch_value1 = 1; + init_samr_alias_info1(&r_u->ctr.alias.info1, map.nt_name, 1, map.comment); + break; + case 3: + r_u->ptr = 1; + r_u->ctr.switch_value1 = 3; + init_samr_alias_info3(&r_u->ctr.alias.info3, map.comment); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__)); + + return r_u->status; +} + +#if 0 +/******************************************************************* + samr_reply_lookup_ids + ********************************************************************/ + + uint32 _samr_lookup_ids(pipes_struct *p, SAMR_Q_LOOKUP_IDS *q_u, SAMR_R_LOOKUP_IDS *r_u) +{ + uint32 rid[MAX_SAM_ENTRIES]; + int num_rids = q_u->num_sids1; + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_lookup_ids: %d\n", __LINE__)); + + if (num_rids > MAX_SAM_ENTRIES) { + num_rids = MAX_SAM_ENTRIES; + DEBUG(5,("_samr_lookup_ids: truncating entries to %d\n", num_rids)); + } + +#if 0 + int i; + SMB_ASSERT_ARRAY(q_u->uni_user_name, num_rids); + + for (i = 0; i < num_rids && status == 0; i++) + { + struct sam_passwd *sam_pass; + fstring user_name; + + + fstrcpy(user_name, unistrn2(q_u->uni_user_name[i].buffer, + q_u->uni_user_name[i].uni_str_len)); + + /* find the user account */ + become_root(); + sam_pass = get_smb21pwd_entry(user_name, 0); + unbecome_root(); + + if (sam_pass == NULL) + { + status = 0xC0000000 | NT_STATUS_NO_SUCH_USER; + rid[i] = 0; + } + else + { + rid[i] = sam_pass->user_rid; + } + } +#endif + + num_rids = 1; + rid[0] = BUILTIN_ALIAS_RID_USERS; + + init_samr_r_lookup_ids(&r_u, num_rids, rid, NT_STATUS_OK); + + DEBUG(5,("_samr_lookup_ids: %d\n", __LINE__)); + + return r_u->status; +} +#endif + +/******************************************************************* + _samr_lookup_names + ********************************************************************/ + +NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOKUP_NAMES *r_u) +{ + uint32 rid[MAX_SAM_ENTRIES]; + uint32 local_rid; + enum SID_NAME_USE type[MAX_SAM_ENTRIES]; + enum SID_NAME_USE local_type; + int i; + int num_rids = q_u->num_names2; + DOM_SID pol_sid; + fstring sid_str; + uint32 acc_granted; + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_lookup_names: %d\n", __LINE__)); + + ZERO_ARRAY(rid); + ZERO_ARRAY(type); + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted)) { + init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH); + return r_u->status; + } + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */ + return r_u->status; + } + + if (num_rids > MAX_SAM_ENTRIES) { + num_rids = MAX_SAM_ENTRIES; + DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids)); + } + + DEBUG(5,("_samr_lookup_names: looking name on SID %s\n", sid_to_string(sid_str, &pol_sid))); + + become_root(); /* local_lookup_name can require root privs */ + + for (i = 0; i < num_rids; i++) { + fstring name; + DOM_SID sid; + + r_u->status = NT_STATUS_NONE_MAPPED; + + rid [i] = 0xffffffff; + type[i] = SID_NAME_UNKNOWN; + + rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0); + + /* + * we are only looking for a name + * the SID we get back can be outside + * the scope of the pol_sid + * + * in clear: it prevents to reply to domain\group: yes + * when only builtin\group exists. + * + * a cleaner code is to add the sid of the domain we're looking in + * to the local_lookup_name function. + */ + if(local_lookup_name(name, &sid, &local_type)) { + sid_split_rid(&sid, &local_rid); + + if (sid_equal(&sid, &pol_sid)) { + rid[i]=local_rid; + type[i]=local_type; + r_u->status = NT_STATUS_OK; + } + } + } + + unbecome_root(); + + init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, (uint32 *)type, r_u->status); + + DEBUG(5,("_samr_lookup_names: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + _samr_chgpasswd_user + ********************************************************************/ + +NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_R_CHGPASSWD_USER *r_u) +{ + fstring user_name; + fstring wks; + + DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__)); + + r_u->status = NT_STATUS_OK; + + rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0); + rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0); + + DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks)); + + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + (void)map_username(user_name); + + /* + * UNIX username case mangling not required, pass_oem_change + * is case insensitive. + */ + + r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash, + q_u->nt_newpass.pass, q_u->nt_oldhash.hash); + + init_samr_r_chgpasswd_user(r_u, r_u->status); + + DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* +makes a SAMR_R_LOOKUP_RIDS structure. +********************************************************************/ + +static BOOL make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names, fstring names[], + UNIHDR **pp_hdr_name, UNISTR2 **pp_uni_name) +{ + uint32 i; + UNIHDR *hdr_name=NULL; + UNISTR2 *uni_name=NULL; + + *pp_uni_name = NULL; + *pp_hdr_name = NULL; + + if (num_names != 0) { + hdr_name = (UNIHDR *)talloc_zero(ctx, sizeof(UNIHDR)*num_names); + if (hdr_name == NULL) + return False; + + uni_name = (UNISTR2 *)talloc_zero(ctx,sizeof(UNISTR2)*num_names); + if (uni_name == NULL) + return False; + } + + for (i = 0; i < num_names; i++) { + int len = names[i] != NULL ? strlen(names[i]) : 0; + DEBUG(10, ("names[%d]:%s\n", i, names[i])); + init_uni_hdr(&hdr_name[i], len); + init_unistr2(&uni_name[i], names[i], len); + } + + *pp_uni_name = uni_name; + *pp_hdr_name = hdr_name; + + return True; +} + +/******************************************************************* + _samr_lookup_rids + ********************************************************************/ + +NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP_RIDS *r_u) +{ + fstring group_names[MAX_SAM_ENTRIES]; + uint32 *group_attrs = NULL; + UNIHDR *hdr_name = NULL; + UNISTR2 *uni_name = NULL; + DOM_SID pol_sid; + int num_rids = q_u->num_rids1; + int i; + uint32 acc_granted; + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__)); + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (num_rids > MAX_SAM_ENTRIES) { + num_rids = MAX_SAM_ENTRIES; + DEBUG(5,("_samr_lookup_rids: truncating entries to %d\n", num_rids)); + } + + if (num_rids) { + if ((group_attrs = (uint32 *)talloc_zero(p->mem_ctx, num_rids * sizeof(uint32))) == NULL) + return NT_STATUS_NO_MEMORY; + } + + r_u->status = NT_STATUS_NONE_MAPPED; + + become_root(); /* lookup_sid can require root privs */ + + for (i = 0; i < num_rids; i++) { + fstring tmpname; + fstring domname; + DOM_SID sid; + enum SID_NAME_USE type; + + group_attrs[i] = SID_NAME_UNKNOWN; + *group_names[i] = '\0'; + + if (sid_equal(&pol_sid, get_global_sam_sid())) { + sid_copy(&sid, &pol_sid); + sid_append_rid(&sid, q_u->rid[i]); + + if (lookup_sid(&sid, domname, tmpname, &type)) { + r_u->status = NT_STATUS_OK; + group_attrs[i] = (uint32)type; + fstrcpy(group_names[i],tmpname); + DEBUG(5,("_samr_lookup_rids: %s:%d\n", group_names[i], group_attrs[i])); + } + } + } + + unbecome_root(); + + if(!make_samr_lookup_rids(p->mem_ctx, num_rids, group_names, &hdr_name, &uni_name)) + return NT_STATUS_NO_MEMORY; + + init_samr_r_lookup_rids(r_u, num_rids, hdr_name, uni_name, group_attrs); + + DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + _api_samr_open_user. Safe - gives out no passwd info. + ********************************************************************/ + +NTSTATUS _api_samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USER *r_u) +{ + SAM_ACCOUNT *sampass=NULL; + DOM_SID sid; + POLICY_HND domain_pol = q_u->domain_pol; + POLICY_HND *user_pol = &r_u->user_pol; + struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + size_t sd_size; + BOOL ret; + NTSTATUS nt_status; + + r_u->status = NT_STATUS_OK; + + /* find the domain policy handle and get domain SID / access bits in the domain policy. */ + if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user"))) { + return nt_status; + } + + nt_status = pdb_init_sam_talloc(p->mem_ctx, &sampass); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + /* append the user's RID to it */ + if (!sid_append_rid(&sid, q_u->user_rid)) + return NT_STATUS_NO_SUCH_USER; + + /* check if access can be granted as requested by client. */ + samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); + se_map_generic(&des_access, &usr_generic_mapping); + if (!NT_STATUS_IS_OK(nt_status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_user"))) { + return nt_status; + } + + become_root(); + ret=pdb_getsampwsid(sampass, &sid); + unbecome_root(); + + /* check that the SID exists in our domain. */ + if (ret == False) { + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sampass); + + /* associate the user's SID and access bits with the new handle. */ + if ((info = get_samr_info_by_sid(&sid)) == NULL) + return NT_STATUS_NO_MEMORY; + info->acc_granted = acc_granted; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return r_u->status; +} + +/************************************************************************* + get_user_info_10. Safe. Only gives out acb bits. + *************************************************************************/ + +static NTSTATUS get_user_info_10(TALLOC_CTX *mem_ctx, SAM_USER_INFO_10 *id10, DOM_SID *user_sid) +{ + SAM_ACCOUNT *smbpass=NULL; + BOOL ret; + NTSTATUS nt_status; + + nt_status = pdb_init_sam_talloc(mem_ctx, &smbpass); + + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + become_root(); + ret = pdb_getsampwsid(smbpass, user_sid); + unbecome_root(); + + if (ret==False) { + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); + return NT_STATUS_NO_SUCH_USER; + } + + DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) )); + + ZERO_STRUCTP(id10); + init_sam_user_info10(id10, pdb_get_acct_ctrl(smbpass) ); + + pdb_free_sam(&smbpass); + + return NT_STATUS_OK; +} + +/************************************************************************* + get_user_info_12. OK - this is the killer as it gives out password info. + Ensure that this is only allowed on an encrypted connection with a root + user. JRA. + *************************************************************************/ + +static NTSTATUS get_user_info_12(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_12 * id12, DOM_SID *user_sid) +{ + SAM_ACCOUNT *smbpass=NULL; + BOOL ret; + NTSTATUS nt_status; + + if (!p->ntlmssp_auth_validated) + return NT_STATUS_ACCESS_DENIED; + + if (!(p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SIGN) || !(p->ntlmssp_chal_flags & NTLMSSP_NEGOTIATE_SEAL)) + return NT_STATUS_ACCESS_DENIED; + + /* + * Do *NOT* do become_root()/unbecome_root() here ! JRA. + */ + + nt_status = pdb_init_sam_talloc(mem_ctx, &smbpass); + + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + ret = pdb_getsampwsid(smbpass, user_sid); + + if (ret == False) { + DEBUG(4, ("User %s not found\n", sid_string_static(user_sid))); + pdb_free_sam(&smbpass); + return (geteuid() == (uid_t)0) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED; + } + + DEBUG(3,("User:[%s] 0x%x\n", pdb_get_username(smbpass), pdb_get_acct_ctrl(smbpass) )); + + if ( pdb_get_acct_ctrl(smbpass) & ACB_DISABLED) { + pdb_free_sam(&smbpass); + return NT_STATUS_ACCOUNT_DISABLED; + } + + ZERO_STRUCTP(id12); + init_sam_user_info12(id12, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass)); + + pdb_free_sam(&smbpass); + + return NT_STATUS_OK; +} + +/************************************************************************* + get_user_info_20 + *************************************************************************/ + +static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid) +{ + SAM_ACCOUNT *sampass=NULL; + BOOL ret; + + pdb_init_sam_talloc(mem_ctx, &sampass); + + become_root(); + ret = pdb_getsampwsid(sampass, user_sid); + unbecome_root(); + + if (ret == False) { + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); + return NT_STATUS_NO_SUCH_USER; + } + + samr_clear_sam_passwd(sampass); + + DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); + + ZERO_STRUCTP(id20); + init_sam_user_info20A(id20, sampass); + + pdb_free_sam(&sampass); + + return NT_STATUS_OK; +} + +/************************************************************************* + get_user_info_21 + *************************************************************************/ + +static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, + DOM_SID *user_sid, DOM_SID *domain_sid) +{ + SAM_ACCOUNT *sampass=NULL; + BOOL ret; + NTSTATUS nt_status; + + nt_status = pdb_init_sam_talloc(mem_ctx, &sampass); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + become_root(); + ret = pdb_getsampwsid(sampass, user_sid); + unbecome_root(); + + if (ret == False) { + DEBUG(4,("User %s not found\n", sid_string_static(user_sid))); + return NT_STATUS_NO_SUCH_USER; + } + + samr_clear_sam_passwd(sampass); + + DEBUG(3,("User:[%s]\n", pdb_get_username(sampass) )); + + ZERO_STRUCTP(id21); + nt_status = init_sam_user_info21A(id21, sampass, domain_sid); + + pdb_free_sam(&sampass); + + return NT_STATUS_OK; +} + +/******************************************************************* + _samr_query_userinfo + ********************************************************************/ + +NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u) +{ + SAM_USERINFO_CTR *ctr; + struct samr_info *info = NULL; + DOM_SID domain_sid; + uint32 rid; + + r_u->status=NT_STATUS_OK; + + /* search for the handle */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + domain_sid = info->sid; + + sid_split_rid(&domain_sid, &rid); + + if (!sid_check_is_in_our_domain(&info->sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid))); + + ctr = (SAM_USERINFO_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_USERINFO_CTR)); + if (!ctr) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(ctr); + + /* ok! user info levels (lots: see MSDEV help), off we go... */ + ctr->switch_value = q_u->switch_value; + + switch (q_u->switch_value) { + case 0x10: + ctr->info.id10 = (SAM_USER_INFO_10 *)talloc_zero(p->mem_ctx, sizeof(SAM_USER_INFO_10)); + if (ctr->info.id10 == NULL) + return NT_STATUS_NO_MEMORY; + + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_10(p->mem_ctx, ctr->info.id10, &info->sid))) + return r_u->status; + break; + +#if 0 +/* whoops - got this wrong. i think. or don't understand what's happening. */ + case 0x11: + { + NTTIME expire; + info = (void *)&id11; + + expire.low = 0xffffffff; + expire.high = 0x7fffffff; + + ctr->info.id = (SAM_USER_INFO_11 *)talloc_zero(p->mem_ctx, + sizeof + (*ctr-> + info. + id11)); + ZERO_STRUCTP(ctr->info.id11); + init_sam_user_info11(ctr->info.id11, &expire, + "BROOKFIELDS$", /* name */ + 0x03ef, /* user rid */ + 0x201, /* group rid */ + 0x0080); /* acb info */ + + break; + } +#endif + + case 0x12: + ctr->info.id12 = (SAM_USER_INFO_12 *)talloc_zero(p->mem_ctx, sizeof(SAM_USER_INFO_12)); + if (ctr->info.id12 == NULL) + return NT_STATUS_NO_MEMORY; + + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_12(p, p->mem_ctx, ctr->info.id12, &info->sid))) + return r_u->status; + break; + + case 20: + ctr->info.id20 = (SAM_USER_INFO_20 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_20)); + if (ctr->info.id20 == NULL) + return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid))) + return r_u->status; + break; + + case 21: + ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21)); + if (ctr->info.id21 == NULL) + return NT_STATUS_NO_MEMORY; + if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, + &info->sid, &domain_sid))) + return r_u->status; + break; + + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + init_samr_r_query_userinfo(r_u, ctr, r_u->status); + + DEBUG(5,("_samr_query_userinfo: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + samr_reply_query_usergroups + ********************************************************************/ + +NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u) +{ + SAM_ACCOUNT *sam_pass=NULL; + DOM_SID sid; + DOM_GID *gids = NULL; + int num_groups = 0; + uint32 acc_granted; + BOOL ret; + + /* + * from the SID in the request: + * we should send back the list of DOMAIN GROUPS + * the user is a member of + * + * and only the DOMAIN GROUPS + * no ALIASES !!! neither aliases of the domain + * nor aliases of the builtin SID + * + * JFM, 12/2/2001 + */ + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) { + return r_u->status; + } + + if (!sid_check_is_in_our_domain(&sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + pdb_init_sam(&sam_pass); + + become_root(); + ret = pdb_getsampwsid(sam_pass, &sid); + unbecome_root(); + + if (ret == False) { + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + if(!get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_GROUP; + } + + /* construct the response. lkclXXXX: gids are not copied! */ + init_samr_r_query_usergroups(r_u, num_groups, gids, r_u->status); + + DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); + + pdb_free_sam(&sam_pass); + + return r_u->status; +} + +/******************************************************************* + _samr_query_dom_info + ********************************************************************/ + +NTSTATUS _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR_R_QUERY_DOMAIN_INFO *r_u) +{ + struct samr_info *info = NULL; + SAM_UNK_CTR *ctr; + uint32 min_pass_len,pass_hist,flag; + time_t u_expire, u_min_age; + NTTIME nt_expire, nt_min_age; + + time_t u_lock_duration, u_reset_time; + NTTIME nt_lock_duration, nt_reset_time; + uint32 lockout; + + time_t u_logout; + NTTIME nt_logout; + + uint32 account_policy_temp; + + uint32 num_users=0, num_groups=0, num_aliases=0; + + if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(ctr); + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__)); + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + switch (q_u->switch_value) { + case 0x01: + + account_policy_get(AP_MIN_PASSWORD_LEN, &account_policy_temp); + min_pass_len = account_policy_temp; + + account_policy_get(AP_PASSWORD_HISTORY, &account_policy_temp); + pass_hist = account_policy_temp; + + account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp); + flag = account_policy_temp; + + account_policy_get(AP_MAX_PASSWORD_AGE, &account_policy_temp); + u_expire = account_policy_temp; + + account_policy_get(AP_MIN_PASSWORD_AGE, &account_policy_temp); + u_min_age = account_policy_temp; + + unix_to_nt_time_abs(&nt_expire, u_expire); + unix_to_nt_time_abs(&nt_min_age, u_min_age); + + init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist, + flag, nt_expire, nt_min_age); + break; + case 0x02: + become_root(); + r_u->status=load_sampwd_entries(info, ACB_NORMAL, False); + unbecome_root(); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(5, ("_samr_query_dispinfo: load_sampwd_entries failed\n")); + return r_u->status; + } + num_users=info->disp_info.num_user_account; + free_samr_db(info); + + r_u->status=load_group_domain_entries(info, get_global_sam_sid()); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(5, ("_samr_query_dispinfo: load_group_domain_entries failed\n")); + return r_u->status; + } + num_groups=info->disp_info.num_group_account; + free_samr_db(info); + + /* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */ + init_unk_info2(&ctr->info.inf2, lp_workgroup(), lp_netbios_name(), (uint32) time(NULL), + num_users, num_groups, num_aliases); + break; + case 0x03: + account_policy_get(AP_TIME_TO_LOGOUT, (int *)&u_logout); + unix_to_nt_time_abs(&nt_logout, u_logout); + + init_unk_info3(&ctr->info.inf3, nt_logout); + break; + case 0x05: + init_unk_info5(&ctr->info.inf5, lp_netbios_name()); + break; + case 0x06: + init_unk_info6(&ctr->info.inf6); + break; + case 0x07: + init_unk_info7(&ctr->info.inf7); + break; + case 0x0c: + account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp); + u_lock_duration = account_policy_temp; + + account_policy_get(AP_RESET_COUNT_TIME, &account_policy_temp); + u_reset_time = account_policy_temp; + + account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); + lockout = account_policy_temp; + + unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration); + unix_to_nt_time_abs(&nt_reset_time, u_reset_time); + + init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + init_samr_r_query_dom_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK); + + DEBUG(5,("_samr_query_dom_info: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + _api_samr_create_user + Create an account, can be either a normal user or a machine. + This funcion will need to be updated for bdc/domain trusts. + ********************************************************************/ + +NTSTATUS _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREATE_USER *r_u) +{ + SAM_ACCOUNT *sam_pass=NULL; + fstring account; + DOM_SID sid; + pstring add_script; + POLICY_HND dom_pol = q_u->domain_pol; + UNISTR2 user_account = q_u->uni_name; + uint16 acb_info = q_u->acb_info; + POLICY_HND *user_pol = &r_u->user_pol; + struct samr_info *info = NULL; + BOOL ret; + NTSTATUS nt_status; + struct passwd *pw; + uint32 acc_granted; + SEC_DESC *psd; + size_t sd_size; + uint32 des_access; + + /* Get the domain SID stored in the domain policy */ + if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) { + return nt_status; + } + + /* find the account: tell the caller if it exists. + lkclXXXX i have *no* idea if this is a problem or not + or even if you are supposed to construct a different + reply if the account already exists... + */ + + rpcstr_pull(account, user_account.buffer, sizeof(account), user_account.uni_str_len*2, 0); + strlower(account); + + pdb_init_sam(&sam_pass); + + become_root(); + ret = pdb_getsampwnam(sam_pass, account); + unbecome_root(); + if (ret == True) { + /* this account exists: say so */ + pdb_free_sam(&sam_pass); + return NT_STATUS_USER_EXISTS; + } + + pdb_free_sam(&sam_pass); + + /* + * NB. VERY IMPORTANT ! This call must be done as the current pipe user, + * *NOT* surrounded by a become_root()/unbecome_root() call. This ensures + * that only people with write access to the smbpasswd file will be able + * to create a user. JRA. + */ + + /* + * add the user in the /etc/passwd file or the unix authority system. + * We don't check if the smb_create_user() function succed or not for 2 reasons: + * a) local_password_change() checks for us if the /etc/passwd account really exists + * b) smb_create_user() would return an error if the account already exists + * and as it could return an error also if it can't create the account, it would be tricky. + * + * So we go the easy way, only check after if the account exists. + * JFM (2/3/2001), to clear any possible bad understanding (-: + * + * We now have seperate script paramaters for adding users/machines so we + * now have some sainity-checking to match. + */ + + DEBUG(10,("checking account %s at pos %d for $ termination\n",account, strlen(account)-1)); +#if 0 + if ((acb_info & ACB_WSTRUST) && (account[strlen(account)-1] == '$')) { + pstrcpy(add_script, lp_addmachine_script()); + } else if ((!(acb_info & ACB_WSTRUST)) && (account[strlen(account)-1] != '$')) { + pstrcpy(add_script, lp_adduser_script()); + } else { + DEBUG(0, ("_api_samr_create_user: mismatch between trust flags and $ termination\n")); + pdb_free_sam(&sam_pass); + return NT_STATUS_UNSUCCESSFUL; + } +#endif + + /* + * we can't check both the ending $ and the acb_info. + * + * UserManager creates trust accounts (ending in $, + * normal that hidden accounts) with the acb_info equals to ACB_NORMAL. + * JFM, 11/29/2001 + */ + if (account[strlen(account)-1] == '$') + pstrcpy(add_script, lp_addmachine_script()); + else + pstrcpy(add_script, lp_adduser_script()); + + if (*add_script) { + int add_ret; + all_string_sub(add_script, "%u", account, sizeof(account)); + add_ret = smbrun(add_script,NULL); + DEBUG(3,("_api_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); + } + + pw = getpwnam_alloc(account); + + if (pw) { + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_pw(&sam_pass, pw))) { + passwd_free(&pw); + return nt_status; + } + passwd_free(&pw); /* done with this now */ + } else { + DEBUG(3,("attempting to create non-unix account %s\n", account)); + + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sam_pass))) { + return nt_status; + } + + if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_MEMORY; + } + } + + pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); + + if (!pdb_add_sam_account(sam_pass)) { + pdb_free_sam(&sam_pass); + DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n", + account)); + return NT_STATUS_ACCESS_DENIED; + } + + pdb_reset_sam(sam_pass); + + if (!pdb_getsampwnam(sam_pass, account)) { + pdb_free_sam(&sam_pass); + DEBUG(0, ("could not find user/computer %s just added to passdb?!?\n", + account)); + return NT_STATUS_ACCESS_DENIED; + } + + /* Get the user's SID */ + sid_copy(&sid, pdb_get_user_sid(sam_pass)); + + samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); + se_map_generic(&des_access, &usr_generic_mapping); + if (!NT_STATUS_IS_OK(nt_status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_create_user"))) { + return nt_status; + } + + /* associate the user's SID with the new handle. */ + if ((info = get_samr_info_by_sid(&sid)) == NULL) { + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_MEMORY; + } + + ZERO_STRUCTP(info); + info->sid = sid; + info->acc_granted = acc_granted; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + + r_u->user_rid=pdb_get_user_rid(sam_pass); + + r_u->access_granted = acc_granted; + + pdb_free_sam(&sam_pass); + + return NT_STATUS_OK; +} + +/******************************************************************* + samr_reply_connect_anon + ********************************************************************/ + +NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CONNECT_ANON *r_u) +{ + struct samr_info *info = NULL; + + /* Access check */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect_anon\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + + /* set up the SAMR connect_anon response */ + + r_u->status = NT_STATUS_OK; + + /* associate the user's SID with the new handle. */ + if ((info = get_samr_info_by_sid(NULL)) == NULL) + return NT_STATUS_NO_MEMORY; + + info->status = q_u->unknown_0; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return r_u->status; +} + +/******************************************************************* + samr_reply_connect + ********************************************************************/ + +NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u) +{ + struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + size_t sd_size; + NTSTATUS nt_status; + + + DEBUG(5,("_samr_connect: %d\n", __LINE__)); + + /* Access check */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + + samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access, &sam_generic_mapping); + if (!NT_STATUS_IS_OK(nt_status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_connect"))) { + return nt_status; + } + + r_u->status = NT_STATUS_OK; + + /* associate the user's SID and access granted with the new handle. */ + if ((info = get_samr_info_by_sid(NULL)) == NULL) + return NT_STATUS_NO_MEMORY; + + info->acc_granted = acc_granted; + info->status = q_u->access_mask; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + DEBUG(5,("_samr_connect: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + samr_connect4 + ********************************************************************/ + +NTSTATUS _samr_connect4(pipes_struct *p, SAMR_Q_CONNECT4 *q_u, SAMR_R_CONNECT4 *r_u) +{ + struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + size_t sd_size; + NTSTATUS nt_status; + + + DEBUG(5,("_samr_connect4: %d\n", __LINE__)); + + /* Access check */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_connect4\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + + samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access, &sam_generic_mapping); + if (!NT_STATUS_IS_OK(nt_status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_connect"))) { + return nt_status; + } + + r_u->status = NT_STATUS_OK; + + /* associate the user's SID and access granted with the new handle. */ + if ((info = get_samr_info_by_sid(NULL)) == NULL) + return NT_STATUS_NO_MEMORY; + + info->acc_granted = acc_granted; + info->status = q_u->access_mask; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + DEBUG(5,("_samr_connect: %d\n", __LINE__)); + + return r_u->status; +} + +/********************************************************************** + api_samr_lookup_domain + **********************************************************************/ + +NTSTATUS _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_LOOKUP_DOMAIN *r_u) +{ + struct samr_info *info; + fstring domain_name; + DOM_SID sid; + + r_u->status = NT_STATUS_OK; + + if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_lookup_domain"))) { + return r_u->status; + } + + rpcstr_pull(domain_name, q_u->uni_domain.buffer, sizeof(domain_name), q_u->uni_domain.uni_str_len*2, 0); + + ZERO_STRUCT(sid); + + if (!secrets_fetch_domain_sid(domain_name, &sid)) { + r_u->status = NT_STATUS_NO_SUCH_DOMAIN; + } + + DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name, sid_string_static(&sid))); + + init_samr_r_lookup_domain(r_u, &sid, r_u->status); + + return r_u->status; +} + +/****************************************************************** +makes a SAMR_R_ENUM_DOMAINS structure. +********************************************************************/ + +static BOOL make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam, + UNISTR2 **pp_uni_name, uint32 num_sam_entries, fstring doms[]) +{ + uint32 i; + SAM_ENTRY *sam; + UNISTR2 *uni_name; + + DEBUG(5, ("make_enum_domains\n")); + + *pp_sam = NULL; + *pp_uni_name = NULL; + + if (num_sam_entries == 0) + return True; + + sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries); + uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries); + + if (sam == NULL || uni_name == NULL) + return False; + + for (i = 0; i < num_sam_entries; i++) { + int len = doms[i] != NULL ? strlen(doms[i]) : 0; + + init_sam_entry(&sam[i], len, 0); + init_unistr2(&uni_name[i], doms[i], len); + } + + *pp_sam = sam; + *pp_uni_name = uni_name; + + return True; +} + +/********************************************************************** + api_samr_enum_domains + **********************************************************************/ + +NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_ENUM_DOMAINS *r_u) +{ + struct samr_info *info; + uint32 num_entries = 2; + fstring dom[2]; + const char *name; + + r_u->status = NT_STATUS_OK; + + if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) { + return r_u->status; + } + + switch (lp_server_role()) { + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + name = lp_workgroup(); + break; + default: + name = lp_netbios_name(); + } + + fstrcpy(dom[0],name); + strupper(dom[0]); + fstrcpy(dom[1],"Builtin"); + + if (!make_enum_domains(p->mem_ctx, &r_u->sam, &r_u->uni_dom_name, num_entries, dom)) + return NT_STATUS_NO_MEMORY; + + init_samr_r_enum_domains(r_u, q_u->start_idx + num_entries, num_entries); + + return r_u->status; +} + +/******************************************************************* + api_samr_open_alias + ********************************************************************/ + +NTSTATUS _api_samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_ALIAS *r_u) +{ + DOM_SID sid; + POLICY_HND domain_pol = q_u->dom_pol; + uint32 alias_rid = q_u->rid_alias; + POLICY_HND *alias_pol = &r_u->pol; + struct samr_info *info = NULL; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access = q_u->access_mask; + size_t sd_size; + NTSTATUS status; + + r_u->status = NT_STATUS_OK; + + /* find the domain policy and get the SID / access bits stored in the domain policy */ + if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias"))) { + return status; + } + + /* append the alias' RID to it */ + if (!sid_append_rid(&sid, alias_rid)) + return NT_STATUS_NO_SUCH_USER; + + /*check if access can be granted as requested by client. */ + samr_make_ali_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access,&ali_generic_mapping); + if (!NT_STATUS_IS_OK(status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_alias"))) { + return status; + } + + /* + * we should check if the rid really exist !!! + * JFM. + */ + + /* associate the user's SID with the new handle. */ + if ((info = get_samr_info_by_sid(&sid)) == NULL) + return NT_STATUS_NO_MEMORY; + + info->acc_granted = acc_granted; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, alias_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return r_u->status; +} + +/******************************************************************* + set_user_info_10 + ********************************************************************/ + +static BOOL set_user_info_10(const SAM_USER_INFO_10 *id10, DOM_SID *sid) +{ + SAM_ACCOUNT *pwd =NULL; + BOOL ret; + + pdb_init_sam(&pwd); + + ret = pdb_getsampwsid(pwd, sid); + + if(ret==False) { + pdb_free_sam(&pwd); + return False; + } + + if (id10 == NULL) { + DEBUG(5, ("set_user_info_10: NULL id10\n")); + pdb_free_sam(&pwd); + return False; + } + + /* FIX ME: check if the value is really changed --metze */ + if (!pdb_set_acct_ctrl(pwd, id10->acb_info, PDB_CHANGED)) { + pdb_free_sam(&pwd); + return False; + } + + if(!pdb_update_sam_account(pwd)) { + pdb_free_sam(&pwd); + return False; + } + + pdb_free_sam(&pwd); + + return True; +} + +/******************************************************************* + set_user_info_12 + ********************************************************************/ + +static BOOL set_user_info_12(SAM_USER_INFO_12 *id12, DOM_SID *sid) +{ + SAM_ACCOUNT *pwd = NULL; + + pdb_init_sam(&pwd); + + if(!pdb_getsampwsid(pwd, sid)) { + pdb_free_sam(&pwd); + return False; + } + + if (id12 == NULL) { + DEBUG(2, ("set_user_info_12: id12 is NULL\n")); + pdb_free_sam(&pwd); + return False; + } + + if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd, PDB_CHANGED)) { + pdb_free_sam(&pwd); + return False; + } + if (!pdb_set_nt_passwd (pwd, id12->nt_pwd, PDB_CHANGED)) { + pdb_free_sam(&pwd); + return False; + } + if (!pdb_set_pass_changed_now (pwd)) { + pdb_free_sam(&pwd); + return False; + } + + if(!pdb_update_sam_account(pwd)) { + pdb_free_sam(&pwd); + return False; + } + + pdb_free_sam(&pwd); + return True; +} + +/******************************************************************* + set_user_info_21 + ********************************************************************/ + +static BOOL set_user_info_21(SAM_USER_INFO_21 *id21, DOM_SID *sid) +{ + SAM_ACCOUNT *pwd = NULL; + + if (id21 == NULL) { + DEBUG(5, ("set_user_info_21: NULL id21\n")); + return False; + } + + pdb_init_sam(&pwd); + + if (!pdb_getsampwsid(pwd, sid)) { + pdb_free_sam(&pwd); + return False; + } + + copy_id21_to_sam_passwd(pwd, id21); + + /* + * The funny part about the previous two calls is + * that pwd still has the password hashes from the + * passdb entry. These have not been updated from + * id21. I don't know if they need to be set. --jerry + */ + + /* write the change out */ + if(!pdb_update_sam_account(pwd)) { + pdb_free_sam(&pwd); + return False; + } + + pdb_free_sam(&pwd); + + return True; +} + +/******************************************************************* + set_user_info_23 + ********************************************************************/ + +static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid) +{ + SAM_ACCOUNT *pwd = NULL; + pstring plaintext_buf; + uint32 len; + uint16 acct_ctrl; + + if (id23 == NULL) { + DEBUG(5, ("set_user_info_23: NULL id23\n")); + return False; + } + + pdb_init_sam(&pwd); + + if (!pdb_getsampwsid(pwd, sid)) { + pdb_free_sam(&pwd); + return False; + } + + DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n", + pdb_get_username(pwd))); + + acct_ctrl = pdb_get_acct_ctrl(pwd); + + if (!decode_pw_buffer((char*)id23->pass, plaintext_buf, 256, &len)) { + pdb_free_sam(&pwd); + return False; + } + + if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { + pdb_free_sam(&pwd); + return False; + } + + copy_id23_to_sam_passwd(pwd, id23); + + /* if it's a trust account, don't update /etc/passwd */ + if ( (!IS_SAM_UNIX_USER(pwd)) || + ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || + ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { + DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); + } else { + /* update the UNIX password */ + if (lp_unix_password_sync() ) + if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) { + pdb_free_sam(&pwd); + return False; + } + } + + ZERO_STRUCT(plaintext_buf); + + if(!pdb_update_sam_account(pwd)) { + pdb_free_sam(&pwd); + return False; + } + + pdb_free_sam(&pwd); + + return True; +} + +/******************************************************************* + set_user_info_pw + ********************************************************************/ + +static BOOL set_user_info_pw(char *pass, DOM_SID *sid) +{ + SAM_ACCOUNT *pwd = NULL; + uint32 len; + pstring plaintext_buf; + uint16 acct_ctrl; + + pdb_init_sam(&pwd); + + if (!pdb_getsampwsid(pwd, sid)) { + pdb_free_sam(&pwd); + return False; + } + + DEBUG(5, ("Attempting administrator password change for user %s\n", + pdb_get_username(pwd))); + + acct_ctrl = pdb_get_acct_ctrl(pwd); + + ZERO_STRUCT(plaintext_buf); + + if (!decode_pw_buffer(pass, plaintext_buf, 256, &len)) { + pdb_free_sam(&pwd); + return False; + } + + if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { + pdb_free_sam(&pwd); + return False; + } + + /* if it's a trust account, don't update /etc/passwd */ + if ( (!IS_SAM_UNIX_USER(pwd)) || + ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || + ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { + DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); + } else { + /* update the UNIX password */ + if (lp_unix_password_sync()) { + if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) { + pdb_free_sam(&pwd); + return False; + } + } + } + + ZERO_STRUCT(plaintext_buf); + + DEBUG(5,("set_user_info_pw: pdb_update_pwd()\n")); + + /* update the SAMBA password */ + if(!pdb_update_sam_account(pwd)) { + pdb_free_sam(&pwd); + return False; + } + + pdb_free_sam(&pwd); + + return True; +} + +/******************************************************************* + samr_reply_set_userinfo + ********************************************************************/ + +NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u) +{ + DOM_SID sid; + POLICY_HND *pol = &q_u->pol; + uint16 switch_value = q_u->switch_value; + SAM_USERINFO_CTR *ctr = q_u->ctr; + uint32 acc_granted; + uint32 acc_required; + + DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__)); + + r_u->status = NT_STATUS_OK; + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */ + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) { + return r_u->status; + } + + DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value)); + + if (ctr == NULL) { + DEBUG(5, ("_samr_set_userinfo: NULL info level\n")); + return NT_STATUS_INVALID_INFO_CLASS; + } + + /* ok! user info levels (lots: see MSDEV help), off we go... */ + switch (switch_value) { + case 0x12: + if (!set_user_info_12(ctr->info.id12, &sid)) + return NT_STATUS_ACCESS_DENIED; + break; + + case 24: + SamOEMhash(ctr->info.id24->pass, p->session_key, 516); + + dump_data(100, (char *)ctr->info.id24->pass, 516); + + if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid)) + return NT_STATUS_ACCESS_DENIED; + break; + + case 25: +#if 0 + /* + * Currently we don't really know how to unmarshall + * the level 25 struct, and the password encryption + * is different. This is a placeholder for when we + * do understand it. In the meantime just return INVALID + * info level and W2K SP2 drops down to level 23... JRA. + */ + + SamOEMhash(ctr->info.id25->pass, p->session_key, 532); + + dump_data(100, (char *)ctr->info.id25->pass, 532); + + if (!set_user_info_pw(ctr->info.id25->pass, &sid)) + return NT_STATUS_ACCESS_DENIED; + break; +#endif + return NT_STATUS_INVALID_INFO_CLASS; + + case 23: + SamOEMhash(ctr->info.id23->pass, p->session_key, 516); + + dump_data(100, (char *)ctr->info.id23->pass, 516); + + if (!set_user_info_23(ctr->info.id23, &sid)) + return NT_STATUS_ACCESS_DENIED; + break; + + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + return r_u->status; +} + +/******************************************************************* + samr_reply_set_userinfo2 + ********************************************************************/ + +NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u) +{ + DOM_SID sid; + SAM_USERINFO_CTR *ctr = q_u->ctr; + POLICY_HND *pol = &q_u->pol; + uint16 switch_value = q_u->switch_value; + uint32 acc_granted; + uint32 acc_required; + + DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__)); + + r_u->status = NT_STATUS_OK; + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */ + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) { + return r_u->status; + } + + DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid))); + + if (ctr == NULL) { + DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n")); + return NT_STATUS_INVALID_INFO_CLASS; + } + + switch_value=ctr->switch_value; + + /* ok! user info levels (lots: see MSDEV help), off we go... */ + switch (switch_value) { + case 21: + if (!set_user_info_21(ctr->info.id21, &sid)) + return NT_STATUS_ACCESS_DENIED; + break; + case 16: + if (!set_user_info_10(ctr->info.id10, &sid)) + return NT_STATUS_ACCESS_DENIED; + break; + case 18: + /* Used by AS/U JRA. */ + if (!set_user_info_12(ctr->info.id12, &sid)) + return NT_STATUS_ACCESS_DENIED; + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + return r_u->status; +} + +/********************************************************************* + _samr_query_aliasmem +*********************************************************************/ + +NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u) +{ + int num_groups = 0, tmp_num_groups=0; + uint32 *rids=NULL, *new_rids=NULL, *tmp_rids=NULL; + struct samr_info *info = NULL; + int i,j; + + NTSTATUS ntstatus1; + NTSTATUS ntstatus2; + + /* until i see a real useraliases query, we fack one up */ + + /* I have seen one, JFM 2/12/2001 */ + /* + * Explanation of what this call does: + * for all the SID given in the request: + * return a list of alias (local groups) + * that have those SID as members. + * + * and that's the alias in the domain specified + * in the policy_handle + * + * if the policy handle is on an incorrect sid + * for example a user's sid + * we should reply NT_STATUS_OBJECT_TYPE_MISMATCH + */ + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_query_useraliases: %d\n", __LINE__)); + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases"); + ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_query_useraliases"); + + if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) { + if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) && + !(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus1))) { + return (NT_STATUS_IS_OK(ntstatus1)) ? ntstatus2 : ntstatus1; + } + } + + if (!sid_check_is_domain(&info->sid) && + !sid_check_is_builtin(&info->sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + + for (i=0; i<q_u->num_sids1; i++) { + + r_u->status=get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid)); + + /* + * if there is an error, we just continue as + * it can be an unfound user or group + */ + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(10,("_samr_query_useraliases: an error occured while getting groups\n")); + continue; + } + + if (tmp_num_groups==0) { + DEBUG(10,("_samr_query_useraliases: no groups found\n")); + continue; + } + + new_rids=(uint32 *)talloc_realloc(p->mem_ctx, rids, (num_groups+tmp_num_groups)*sizeof(uint32)); + if (new_rids==NULL) { + DEBUG(0,("_samr_query_useraliases: could not realloc memory\n")); + return NT_STATUS_NO_MEMORY; + } + rids=new_rids; + + for (j=0; j<tmp_num_groups; j++) + rids[j+num_groups]=tmp_rids[j]; + + safe_free(tmp_rids); + + num_groups+=tmp_num_groups; + } + + init_samr_r_query_useraliases(r_u, num_groups, rids, NT_STATUS_OK); + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_query_aliasmem +*********************************************************************/ + +NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_QUERY_ALIASMEM *r_u) +{ + int i; + + GROUP_MAP map; + int num_uids = 0; + DOM_SID2 *sid; + uid_t *uid=NULL; + + DOM_SID alias_sid; + DOM_SID als_sid; + uint32 alias_rid; + fstring alias_sid_str; + DOM_SID temp_sid; + + SAM_ACCOUNT *sam_user = NULL; + BOOL check; + uint32 acc_granted; + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = + access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) { + return r_u->status; + } + + sid_copy(&als_sid, &alias_sid); + sid_to_string(alias_sid_str, &alias_sid); + sid_split_rid(&alias_sid, &alias_rid); + + DEBUG(10, ("sid is %s\n", alias_sid_str)); + + if (sid_equal(&alias_sid, &global_sid_Builtin)) { + DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n")); + if(!get_builtin_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_ALIAS; + } else { + if (sid_equal(&alias_sid, get_global_sam_sid())) { + DEBUG(10, ("lookup on Server SID\n")); + if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_ALIAS; + } + } + + if(!get_uid_list_of_group(map.gid, &uid, &num_uids)) + return NT_STATUS_NO_SUCH_ALIAS; + + DEBUG(10, ("sid is %s\n", alias_sid_str)); + sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_SID2) * num_uids); + if (num_uids!=0 && sid == NULL) + return NT_STATUS_NO_MEMORY; + + for (i = 0; i < num_uids; i++) { + struct passwd *pass; + uint32 rid; + + sid_copy(&temp_sid, get_global_sam_sid()); + + pass = getpwuid_alloc(uid[i]); + if (!pass) continue; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_user))) { + passwd_free(&pass); + continue; + } + + become_root(); + check = pdb_getsampwnam(sam_user, pass->pw_name); + unbecome_root(); + + if (check != True) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + rid = pdb_get_user_rid(sam_user); + if (rid == 0) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + pdb_free_sam(&sam_user); + passwd_free(&pass); + + sid_append_rid(&temp_sid, rid); + + init_dom_sid2(&sid[i], &temp_sid); + } + + DEBUG(10, ("sid is %s\n", alias_sid_str)); + init_samr_r_query_aliasmem(r_u, num_uids, sid, NT_STATUS_OK); + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_query_groupmem +*********************************************************************/ + +NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u) +{ + int num_uids = 0; + int i; + DOM_SID group_sid; + uint32 group_rid; + fstring group_sid_str; + uid_t *uid=NULL; + + GROUP_MAP map; + + uint32 *rid=NULL; + uint32 *attr=NULL; + + SAM_ACCOUNT *sam_user = NULL; + BOOL check; + uint32 acc_granted; + + /* find the policy handle. open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_query_groupmem"))) { + return r_u->status; + } + + /* todo: change to use sid_compare_front */ + + sid_split_rid(&group_sid, &group_rid); + sid_to_string(group_sid_str, &group_sid); + DEBUG(10, ("sid is %s\n", group_sid_str)); + + /* can we get a query for an SID outside our domain ? */ + if (!sid_equal(&group_sid, get_global_sam_sid())) + return NT_STATUS_NO_SUCH_GROUP; + + sid_append_rid(&group_sid, group_rid); + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + if(!get_uid_list_of_group(map.gid, &uid, &num_uids)) + return NT_STATUS_NO_SUCH_GROUP; + + rid=talloc_zero(p->mem_ctx, sizeof(uint32)*num_uids); + attr=talloc_zero(p->mem_ctx, sizeof(uint32)*num_uids); + + if (num_uids!=0 && (rid==NULL || attr==NULL)) + return NT_STATUS_NO_MEMORY; + + for (i=0; i<num_uids; i++) { + struct passwd *pass; + uint32 urid; + + pass = getpwuid_alloc(uid[i]); + if (!pass) continue; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_user))) { + passwd_free(&pass); + continue; + } + + become_root(); + check = pdb_getsampwnam(sam_user, pass->pw_name); + unbecome_root(); + + if (check != True) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + urid = pdb_get_user_rid(sam_user); + if (urid == 0) { + pdb_free_sam(&sam_user); + passwd_free(&pass); + continue; + } + + pdb_free_sam(&sam_user); + passwd_free(&pass); + + rid[i] = urid; + attr[i] = SID_NAME_USER; + } + + init_samr_r_query_groupmem(r_u, num_uids, rid, attr, NT_STATUS_OK); + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_add_aliasmem +*********************************************************************/ + +NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u) +{ + DOM_SID alias_sid; + fstring alias_sid_str; + uid_t uid; + struct passwd *pwd; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + NTSTATUS ret; + SAM_ACCOUNT *sam_user = NULL; + BOOL check; + uint32 acc_granted; + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_add_aliasmem"))) { + return r_u->status; + } + + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("sid is %s\n", alias_sid_str)); + + if (sid_compare(&alias_sid, get_global_sam_sid())>0) { + DEBUG(10, ("adding member on Server SID\n")); + if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else { + if (sid_compare(&alias_sid, &global_sid_Builtin)>0) { + DEBUG(10, ("adding member on BUILTIN SID\n")); + if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else + return NT_STATUS_NO_SUCH_ALIAS; + } + + ret = pdb_init_sam(&sam_user); + if (!NT_STATUS_IS_OK(ret)) + return ret; + + check = pdb_getsampwsid(sam_user, &q_u->sid.sid); + + if (check != True) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + uid = pdb_get_uid(sam_user); + if (uid == -1) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { + return NT_STATUS_NO_SUCH_USER; + } + + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); + return NT_STATUS_NO_SUCH_ALIAS; + } + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* if the user is already in the group */ + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_IN_ALIAS; + } + + /* + * ok, the group exist, the user exist, the user is not in the group, + * we can (finally) add it to the group ! + */ + smb_add_user_group(grp_name, pwd->pw_name); + + /* check if the user has been added then ... */ + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + passwd_free(&pwd); + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_del_aliasmem +*********************************************************************/ + +NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u) +{ + DOM_SID alias_sid; + fstring alias_sid_str; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + SAM_ACCOUNT *sam_pass=NULL; + uint32 acc_granted; + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_del_aliasmem"))) { + return r_u->status; + } + + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", alias_sid_str)); + + if (!sid_check_is_in_our_domain(&alias_sid) && + !sid_check_is_in_builtin(&alias_sid)) { + DEBUG(10, ("_samr_del_aliasmem:invalid alias group\n")); + return NT_STATUS_NO_SUCH_ALIAS; + } + + if( !get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_ALIAS; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* check if the user exists before trying to remove it from the group */ + pdb_init_sam(&sam_pass); + if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) { + DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + /* if the user is not in the group */ + if(!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_IN_ALIAS; + } + + smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); + + /* check if the user has been removed then ... */ + if(user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + pdb_free_sam(&sam_pass); + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_add_groupmem +*********************************************************************/ + +NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u) +{ + DOM_SID group_sid; + DOM_SID user_sid; + fstring group_sid_str; + struct passwd *pwd; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + uid_t uid; + NTSTATUS ret; + SAM_ACCOUNT *sam_user=NULL; + BOOL check; + uint32 acc_granted; + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_add_groupmem"))) { + return r_u->status; + } + + sid_to_string(group_sid_str, &group_sid); + DEBUG(10, ("sid is %s\n", group_sid_str)); + + if (sid_compare(&group_sid, get_global_sam_sid())<=0) + return NT_STATUS_NO_SUCH_GROUP; + + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + sid_copy(&user_sid, get_global_sam_sid()); + sid_append_rid(&user_sid, q_u->rid); + + ret = pdb_init_sam(&sam_user); + if (!NT_STATUS_IS_OK(ret)) + return ret; + + check = pdb_getsampwsid(sam_user, &user_sid); + + if (check != True) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + uid = pdb_get_uid(sam_user); + if (uid == -1) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { + return NT_STATUS_NO_SUCH_USER; + } + + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); + return NT_STATUS_NO_SUCH_GROUP; + } + + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* if the user is already in the group */ + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_IN_GROUP; + } + + /* + * ok, the group exist, the user exist, the user is not in the group, + * + * we can (finally) add it to the group ! + */ + + smb_add_user_group(grp_name, pwd->pw_name); + + /* check if the user has been added then ... */ + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */ + } + + passwd_free(&pwd); + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_del_groupmem +*********************************************************************/ + +NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DEL_GROUPMEM *r_u) +{ + DOM_SID group_sid; + DOM_SID user_sid; + SAM_ACCOUNT *sam_pass=NULL; + GROUP_MAP map; + fstring grp_name; + struct group *grp; + uint32 acc_granted; + + /* + * delete the group member named q_u->rid + * who is a member of the sid associated with the handle + * the rid is a user's rid as the group is a domain group. + */ + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_del_groupmem"))) { + return r_u->status; + } + + if (!sid_check_is_in_our_domain(&group_sid)) + return NT_STATUS_NO_SUCH_GROUP; + + sid_copy(&user_sid, get_global_sam_sid()); + sid_append_rid(&user_sid, q_u->rid); + + if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_GROUP; + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* check if the user exists before trying to remove it from the group */ + pdb_init_sam(&sam_pass); + if (!pdb_getsampwsid(sam_pass, &user_sid)) { + DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + /* if the user is not in the group */ + if (!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_GROUP; + } + + smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); + + /* check if the user has been removed then ... */ + if (user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_ACCESS_DENIED; /* don't know what to reply else */ + } + + pdb_free_sam(&sam_pass); + return NT_STATUS_OK; + +} + +/**************************************************************************** + Delete a UNIX user on demand. +****************************************************************************/ + +static int smb_delete_user(const char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluser_script()); + if (! *del_script) + return -1; + all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + +/********************************************************************* + _samr_delete_dom_user +*********************************************************************/ + +NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAMR_R_DELETE_DOM_USER *r_u ) +{ + DOM_SID user_sid; + SAM_ACCOUNT *sam_pass=NULL; + uint32 acc_granted; + + DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__)); + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) { + return r_u->status; + } + + if (!sid_check_is_in_our_domain(&user_sid)) + return NT_STATUS_CANNOT_DELETE; + + /* check if the user exists before trying to delete */ + pdb_init_sam(&sam_pass); + if(!pdb_getsampwsid(sam_pass, &user_sid)) { + DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + /* delete the unix side */ + /* + * note: we don't check if the delete really happened + * as the script is not necessary present + * and maybe the sysadmin doesn't want to delete the unix side + */ + smb_delete_user(pdb_get_username(sam_pass)); + + /* and delete the samba side */ + if (!pdb_delete_sam_account(sam_pass)) { + DEBUG(5,("_samr_delete_dom_user:Failed to delete entry for user %s.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_CANNOT_DELETE; + } + + pdb_free_sam(&sam_pass); + + if (!close_policy_hnd(p, &q_u->user_pol)) + return NT_STATUS_OBJECT_NAME_INVALID; + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_delete_dom_group +*********************************************************************/ + +NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, SAMR_R_DELETE_DOM_GROUP *r_u) +{ + DOM_SID group_sid; + DOM_SID dom_sid; + uint32 group_rid; + fstring group_sid_str; + gid_t gid; + struct group *grp; + GROUP_MAP map; + uint32 acc_granted; + + DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__)); + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) { + return r_u->status; + } + + sid_copy(&dom_sid, &group_sid); + sid_to_string(group_sid_str, &dom_sid); + sid_split_rid(&dom_sid, &group_rid); + + DEBUG(10, ("sid is %s\n", group_sid_str)); + + /* we check if it's our SID before deleting */ + if (!sid_equal(&dom_sid, get_global_sam_sid())) + return NT_STATUS_NO_SUCH_GROUP; + + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + gid=map.gid; + + /* check if group really exists */ + if ( (grp=getgrgid(gid)) == NULL) + return NT_STATUS_NO_SUCH_GROUP; + + /* we can delete the UNIX group */ + smb_delete_group(grp->gr_name); + + /* check if the group has been successfully deleted */ + if ( (grp=getgrgid(gid)) != NULL) + return NT_STATUS_ACCESS_DENIED; + + if(!pdb_delete_group_mapping_entry(group_sid)) + return NT_STATUS_ACCESS_DENIED; + + if (!close_policy_hnd(p, &q_u->group_pol)) + return NT_STATUS_OBJECT_NAME_INVALID; + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_delete_dom_alias +*********************************************************************/ + +NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u) +{ + DOM_SID alias_sid; + DOM_SID dom_sid; + uint32 alias_rid; + fstring alias_sid_str; + gid_t gid; + struct group *grp; + GROUP_MAP map; + uint32 acc_granted; + + DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__)); + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) { + return r_u->status; + } + + sid_copy(&dom_sid, &alias_sid); + sid_to_string(alias_sid_str, &dom_sid); + sid_split_rid(&dom_sid, &alias_rid); + + DEBUG(10, ("sid is %s\n", alias_sid_str)); + + /* we check if it's our SID before deleting */ + if (!sid_equal(&dom_sid, get_global_sam_sid())) + return NT_STATUS_NO_SUCH_ALIAS; + + DEBUG(10, ("lookup on Local SID\n")); + + if(!get_local_group_from_sid(alias_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_ALIAS; + + gid=map.gid; + + /* check if group really exists */ + if ( (grp=getgrgid(gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we can delete the UNIX group */ + smb_delete_group(grp->gr_name); + + /* check if the group has been successfully deleted */ + if ( (grp=getgrgid(gid)) != NULL) + return NT_STATUS_ACCESS_DENIED; + + /* don't check if we removed it as it could be an un-mapped group */ + pdb_delete_group_mapping_entry(alias_sid); + + if (!close_policy_hnd(p, &q_u->alias_pol)) + return NT_STATUS_OBJECT_NAME_INVALID; + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_create_dom_group +*********************************************************************/ + +NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAMR_R_CREATE_DOM_GROUP *r_u) +{ + DOM_SID dom_sid; + DOM_SID info_sid; + fstring name; + fstring sid_string; + struct group *grp; + struct samr_info *info; + PRIVILEGE_SET priv_set; + uint32 acc_granted; + gid_t gid; + + init_privilege(&priv_set); + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) { + return r_u->status; + } + + if (!sid_equal(&dom_sid, get_global_sam_sid())) + return NT_STATUS_ACCESS_DENIED; + + /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ + + unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); + + /* check if group already exist */ + if ((grp=getgrnam(name)) != NULL) + return NT_STATUS_GROUP_EXISTS; + + /* we can create the UNIX group */ + if (smb_create_group(name, &gid) != 0) + return NT_STATUS_ACCESS_DENIED; + + /* check if the group has been successfully created */ + if ((grp=getgrgid(gid)) == NULL) + return NT_STATUS_ACCESS_DENIED; + + r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); + + /* add the group to the mapping table */ + sid_copy(&info_sid, get_global_sam_sid()); + sid_append_rid(&info_sid, r_u->rid); + sid_to_string(sid_string, &info_sid); + + if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_DOM_GRP, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK)) + return NT_STATUS_ACCESS_DENIED; + + if ((info = get_samr_info_by_sid(&info_sid)) == NULL) + return NT_STATUS_NO_MEMORY; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_create_dom_alias +*********************************************************************/ + +NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u) +{ + DOM_SID dom_sid; + DOM_SID info_sid; + fstring name; + fstring sid_string; + struct group *grp; + struct samr_info *info; + PRIVILEGE_SET priv_set; + uint32 acc_granted; + gid_t gid; + + init_privilege(&priv_set); + + /* Find the policy handle. Open a policy on it. */ + if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) { + return r_u->status; + } + + if (!sid_equal(&dom_sid, get_global_sam_sid())) + return NT_STATUS_ACCESS_DENIED; + + /* TODO: check if allowed to create group and add a become_root/unbecome_root pair.*/ + + unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); + + /* check if group already exists */ + if ( (grp=getgrnam(name)) != NULL) + return NT_STATUS_GROUP_EXISTS; + + /* we can create the UNIX group */ + if (smb_create_group(name, &gid) != 0) + return NT_STATUS_ACCESS_DENIED; + + /* check if the group has been successfully created */ + if ((grp=getgrgid(gid)) == NULL) + return NT_STATUS_ACCESS_DENIED; + + r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); + + sid_copy(&info_sid, get_global_sam_sid()); + sid_append_rid(&info_sid, r_u->rid); + sid_to_string(sid_string, &info_sid); + + /* add the group to the mapping table */ + if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL, priv_set, PR_ACCESS_FROM_NETWORK)) + return NT_STATUS_ACCESS_DENIED; + + if ((info = get_samr_info_by_sid(&info_sid)) == NULL) + return NT_STATUS_NO_MEMORY; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_query_groupinfo + +sends the name/comment pair of a domain group +level 1 send also the number of users of that group +*********************************************************************/ + +NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u) +{ + DOM_SID group_sid; + GROUP_MAP map; + uid_t *uid=NULL; + int num_uids=0; + GROUP_INFO_CTR *ctr; + uint32 acc_granted; + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) { + return r_u->status; + } + + if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_INVALID_HANDLE; + + ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR)); + if (ctr==NULL) + return NT_STATUS_NO_MEMORY; + + switch (q_u->switch_level) { + case 1: + ctr->switch_value1 = 1; + if(!get_uid_list_of_group(map.gid, &uid, &num_uids)) + return NT_STATUS_NO_SUCH_GROUP; + init_samr_group_info1(&ctr->group.info1, map.nt_name, map.comment, num_uids); + SAFE_FREE(uid); + break; + case 3: + ctr->switch_value1 = 3; + init_samr_group_info3(&ctr->group.info3); + break; + case 4: + ctr->switch_value1 = 4; + init_samr_group_info4(&ctr->group.info4, map.comment); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + init_samr_r_query_groupinfo(r_u, ctr, NT_STATUS_OK); + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_set_groupinfo + + update a domain group's comment. +*********************************************************************/ + +NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u) +{ + DOM_SID group_sid; + GROUP_MAP map; + GROUP_INFO_CTR *ctr; + uint32 acc_granted; + + if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) { + return r_u->status; + } + + if (!get_domain_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + ctr=q_u->ctr; + + switch (ctr->switch_value1) { + case 1: + unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1); + break; + case 4: + unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1); + break; + default: + free_privilege(&map.priv_set); + return NT_STATUS_INVALID_INFO_CLASS; + } + + if(!pdb_update_group_mapping_entry(&map)) { + free_privilege(&map.priv_set); + return NT_STATUS_NO_SUCH_GROUP; + } + + free_privilege(&map.priv_set); + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_set_aliasinfo + + update an alias's comment. +*********************************************************************/ + +NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u) +{ + DOM_SID group_sid; + GROUP_MAP map; + ALIAS_INFO_CTR *ctr; + uint32 acc_granted; + + if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) { + return r_u->status; + } + + if (!get_local_group_from_sid(group_sid, &map, MAPPING_WITH_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + ctr=&q_u->ctr; + + switch (ctr->switch_value1) { + case 3: + unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1); + break; + default: + free_privilege(&map.priv_set); + return NT_STATUS_INVALID_INFO_CLASS; + } + + if(!pdb_update_group_mapping_entry(&map)) { + free_privilege(&map.priv_set); + return NT_STATUS_NO_SUCH_GROUP; + } + + free_privilege(&map.priv_set); + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_get_dom_pwinfo +*********************************************************************/ + +NTSTATUS _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u) +{ + /* Perform access check. Since this rpc does not require a + policy handle it will not be caught by the access checks on + SAMR_CONNECT or SAMR_CONNECT_ANON. */ + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to samr_get_dom_pwinfo\n")); + r_u->status = NT_STATUS_ACCESS_DENIED; + return r_u->status; + } + + /* Actually, returning zeros here works quite well :-). */ + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_open_group +*********************************************************************/ + +NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u) +{ + DOM_SID sid; + DOM_SID info_sid; + GROUP_MAP map; + struct samr_info *info; + SEC_DESC *psd = NULL; + uint32 acc_granted; + uint32 des_access; + size_t sd_size; + NTSTATUS status; + fstring sid_string; + + if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted)) + return NT_STATUS_INVALID_HANDLE; + + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group"))) { + return status; + } + + /*check if access can be granted as requested by client. */ + samr_make_grp_obj_sd(p->mem_ctx, &psd, &sd_size); + se_map_generic(&des_access,&grp_generic_mapping); + if (!NT_STATUS_IS_OK(status = + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_group"))) { + return status; + } + + + /* this should not be hard-coded like this */ + if (!sid_equal(&sid, get_global_sam_sid())) + return NT_STATUS_ACCESS_DENIED; + + sid_copy(&info_sid, get_global_sam_sid()); + sid_append_rid(&info_sid, q_u->rid_group); + sid_to_string(sid_string, &info_sid); + + if ((info = get_samr_info_by_sid(&info_sid)) == NULL) + return NT_STATUS_NO_MEMORY; + + info->acc_granted = acc_granted; + + DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string)); + + /* check if that group really exists */ + if (!get_domain_group_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV)) + return NT_STATUS_NO_SUCH_GROUP; + + /* get a (unique) handle. open a policy on it. */ + if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info)) + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + + return NT_STATUS_OK; +} + +/********************************************************************* + _samr_unknown_2d +*********************************************************************/ + +NTSTATUS _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOWN_2D *r_u) +{ + DEBUG(0,("_samr_unknown_2d: Not yet implemented.\n")); + return NT_STATUS_NOT_IMPLEMENTED; +} + +/******************************************************************* + _samr_unknown_2e + ********************************************************************/ + +NTSTATUS _samr_unknown_2e(pipes_struct *p, SAMR_Q_UNKNOWN_2E *q_u, SAMR_R_UNKNOWN_2E *r_u) +{ + struct samr_info *info = NULL; + SAM_UNK_CTR *ctr; + uint32 min_pass_len,pass_hist,flag; + time_t u_expire, u_min_age; + NTTIME nt_expire, nt_min_age; + + time_t u_lock_duration, u_reset_time; + NTTIME nt_lock_duration, nt_reset_time; + uint32 lockout; + + time_t u_logout; + NTTIME nt_logout; + + uint32 num_users=0, num_groups=0, num_aliases=0; + + uint32 account_policy_temp; + + if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(ctr); + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__)); + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)&info)) + return NT_STATUS_INVALID_HANDLE; + + switch (q_u->switch_value) { + case 0x01: + account_policy_get(AP_MIN_PASSWORD_LEN, &account_policy_temp); + min_pass_len = account_policy_temp; + + account_policy_get(AP_PASSWORD_HISTORY, &account_policy_temp); + pass_hist = account_policy_temp; + + account_policy_get(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp); + flag = account_policy_temp; + + account_policy_get(AP_MAX_PASSWORD_AGE, &account_policy_temp); + u_expire = account_policy_temp; + + account_policy_get(AP_MIN_PASSWORD_AGE, &account_policy_temp); + u_min_age = account_policy_temp; + + unix_to_nt_time_abs(&nt_expire, u_expire); + unix_to_nt_time_abs(&nt_min_age, u_min_age); + + init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist, + flag, nt_expire, nt_min_age); + break; + case 0x02: + become_root(); + r_u->status=load_sampwd_entries(info, ACB_NORMAL, False); + unbecome_root(); + if (!NT_STATUS_IS_OK(r_u->status)) { + DEBUG(5, ("_samr_unknown_2e: load_sampwd_entries failed\n")); + return r_u->status; + } + num_users=info->disp_info.num_user_account; + free_samr_db(info); + + r_u->status=load_group_domain_entries(info, get_global_sam_sid()); + if (NT_STATUS_IS_ERR(r_u->status)) { + DEBUG(5, ("_samr_unknown_2e: load_group_domain_entries failed\n")); + return r_u->status; + } + num_groups=info->disp_info.num_group_account; + free_samr_db(info); + + /* The time call below is to get a sequence number for the sam. FIXME !!! JRA. */ + init_unk_info2(&ctr->info.inf2, lp_workgroup(), lp_netbios_name(), (uint32) time(NULL), + num_users, num_groups, num_aliases); + break; + case 0x03: + account_policy_get(AP_TIME_TO_LOGOUT, &account_policy_temp); + u_logout = account_policy_temp; + + unix_to_nt_time_abs(&nt_logout, u_logout); + + init_unk_info3(&ctr->info.inf3, nt_logout); + break; + case 0x05: + init_unk_info5(&ctr->info.inf5, lp_netbios_name()); + break; + case 0x06: + init_unk_info6(&ctr->info.inf6); + break; + case 0x07: + init_unk_info7(&ctr->info.inf7); + break; + case 0x0c: + account_policy_get(AP_LOCK_ACCOUNT_DURATION, &account_policy_temp); + u_lock_duration = account_policy_temp; + + account_policy_get(AP_RESET_COUNT_TIME, &account_policy_temp); + u_reset_time = account_policy_temp; + + account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, &account_policy_temp); + lockout = account_policy_temp; + + unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration); + unix_to_nt_time_abs(&nt_reset_time, u_reset_time); + + init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + init_samr_r_samr_unknown_2e(r_u, q_u->switch_value, ctr, NT_STATUS_OK); + + DEBUG(5,("_samr_unknown_2e: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + _samr_ + ********************************************************************/ + +NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R_SET_DOMAIN_INFO *r_u) +{ + time_t u_expire, u_min_age; + time_t u_logout; + time_t u_lock_duration, u_reset_time; + + r_u->status = NT_STATUS_OK; + + DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__)); + + /* find the policy handle. open a policy on it. */ + if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL)) + return NT_STATUS_INVALID_HANDLE; + + DEBUG(5,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value)); + + switch (q_u->switch_value) { + case 0x01: + u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire); + u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage); + + account_policy_set(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password); + account_policy_set(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history); + account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.flag); + account_policy_set(AP_MAX_PASSWORD_AGE, (int)u_expire); + account_policy_set(AP_MIN_PASSWORD_AGE, (int)u_min_age); + break; + case 0x02: + break; + case 0x03: + u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout); + account_policy_set(AP_TIME_TO_LOGOUT, (int)u_logout); + break; + case 0x05: + break; + case 0x06: + break; + case 0x07: + break; + case 0x0c: + u_lock_duration=nt_time_to_unix_abs(&q_u->ctr->info.inf12.duration); + u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count); + + account_policy_set(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration); + account_policy_set(AP_RESET_COUNT_TIME, (int)u_reset_time); + account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout); + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + init_samr_r_set_domain_info(r_u, NT_STATUS_OK); + + DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__)); + + return r_u->status; +} + diff --git a/source4/rpc_server/srv_samr_util.c b/source4/rpc_server/srv_samr_util.c new file mode 100644 index 0000000000..d7ead0d15f --- /dev/null +++ b/source4/rpc_server/srv_samr_util.c @@ -0,0 +1,437 @@ +/* + Unix SMB/CIFS implementation. + SAMR Pipe utility functions. + + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Gerald (Jerry) Carter 2000-2001 + Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Stefan (metze) Metzmacher 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +#define STRING_CHANGED (old_string && !new_string) ||\ + (!old_string && new_string) ||\ + (old_string && new_string && (strcmp(old_string, new_string) != 0)) + +/************************************************************* + Copies a SAM_USER_INFO_21 to a SAM_ACCOUNT +**************************************************************/ + +void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) +{ + time_t unix_time, stored_time; + const char *old_string, *new_string; + + if (from == NULL || to == NULL) + return; + if (!nt_time_is_zero(&from->logon_time)) { + unix_time=nt_time_to_unix(&from->logon_time); + stored_time = pdb_get_logon_time(to); + DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_logon_time(to, unix_time, PDB_CHANGED); + } + if (!nt_time_is_zero(&from->logoff_time)) { + unix_time=nt_time_to_unix(&from->logoff_time); + stored_time = pdb_get_logoff_time(to); + DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_logoff_time(to, unix_time, PDB_CHANGED); + } + + if (!nt_time_is_zero(&from->kickoff_time)) { + unix_time=nt_time_to_unix(&from->kickoff_time); + stored_time = pdb_get_kickoff_time(to); + DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); + } + + if (!nt_time_is_zero(&from->pass_can_change_time)) { + unix_time=nt_time_to_unix(&from->pass_can_change_time); + stored_time = pdb_get_pass_can_change_time(to); + DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); + } + if (!nt_time_is_zero(&from->pass_last_set_time)) { + unix_time=nt_time_to_unix(&from->pass_last_set_time); + stored_time = pdb_get_pass_last_set_time(to); + DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); + } + + if (!nt_time_is_zero(&from->pass_must_change_time)) { + unix_time=nt_time_to_unix(&from->pass_must_change_time); + stored_time=pdb_get_pass_must_change_time(to); + DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); + } + + /* Backend should check this for sainity */ + if (from->hdr_user_name.buffer) { + old_string = pdb_get_username(to); + new_string = unistr2_static(&from->uni_user_name); + DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string)); + if (STRING_CHANGED) + pdb_set_username(to , new_string, PDB_CHANGED); + } + + if (from->hdr_full_name.buffer) { + old_string = pdb_get_fullname(to); + new_string = unistr2_static(&from->uni_full_name); + DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_fullname(to , new_string, PDB_CHANGED); + } + + if (from->hdr_home_dir.buffer) { + old_string = pdb_get_homedir(to); + new_string = unistr2_static(&from->uni_home_dir); + DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_homedir(to , new_string, PDB_CHANGED); + } + + if (from->hdr_dir_drive.buffer) { + old_string = pdb_get_dir_drive(to); + new_string = unistr2_static(&from->uni_dir_drive); + DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_dir_drive(to , new_string, PDB_CHANGED); + } + + if (from->hdr_logon_script.buffer) { + old_string = pdb_get_logon_script(to); + new_string = unistr2_static(&from->uni_logon_script); + DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_logon_script(to , new_string, PDB_CHANGED); + } + + if (from->hdr_profile_path.buffer) { + old_string = pdb_get_profile_path(to); + new_string = unistr2_static(&from->uni_profile_path); + DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_profile_path(to , new_string, PDB_CHANGED); + } + + if (from->hdr_acct_desc.buffer) { + old_string = pdb_get_acct_desc(to); + new_string = unistr2_static(&from->uni_acct_desc); + DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_acct_desc(to , new_string, PDB_CHANGED); + } + + if (from->hdr_workstations.buffer) { + old_string = pdb_get_workstations(to); + new_string = unistr2_static(&from->uni_workstations); + DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_workstations(to , new_string, PDB_CHANGED); + } + + if (from->hdr_unknown_str.buffer) { + old_string = pdb_get_unknown_str(to); + new_string = unistr2_static(&from->uni_unknown_str); + DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_unknown_str(to , new_string, PDB_CHANGED); + } + + if (from->hdr_munged_dial.buffer) { + old_string = pdb_get_munged_dial(to); + new_string = unistr2_static(&from->uni_munged_dial); + DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_munged_dial(to , new_string, PDB_CHANGED); + } + + if (from->user_rid != pdb_get_user_rid(to)) { + DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid)); + /* we really allow this ??? metze */ + /* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/ + } + + if (from->group_rid != pdb_get_group_rid(to)) { + DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid)); + pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED); + } + + DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info)); + if (from->acb_info != pdb_get_acct_ctrl(to)) { + pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED); + } + + DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3)); + if (from->unknown_3 != pdb_get_unknown_3(to)) { + pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED); + } + + DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs)); + if (from->logon_divs != pdb_get_logon_divs(to)) { + pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED); + } + + DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len)); + if (from->logon_hrs.len != pdb_get_hours_len(to)) { + pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED); + } + + DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours)); +/* Fix me: only update if it changes --metze */ + pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED); + + DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5)); + if (from->unknown_5 != pdb_get_unknown_5(to)) { + pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED); + } + + DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6)); + if (from->unknown_6 != pdb_get_unknown_6(to)) { + pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED); + } + + DEBUG(10,("INFO_21 PADDING1 %02X %02X %02X %02X %02X %02X\n", + from->padding1[0], + from->padding1[1], + from->padding1[2], + from->padding1[3], + from->padding1[4], + from->padding1[5])); + + DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); + if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { + pdb_set_pass_must_change_time(to,0, PDB_CHANGED); + } + + DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2)); + + DEBUG(10,("INFO_21 PADDING_4: %08X\n",from->padding4)); +} + + +/************************************************************* + Copies a SAM_USER_INFO_23 to a SAM_ACCOUNT +**************************************************************/ + +void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) +{ + time_t unix_time, stored_time; + const char *old_string, *new_string; + + if (from == NULL || to == NULL) + return; + if (!nt_time_is_zero(&from->logon_time)) { + unix_time=nt_time_to_unix(&from->logon_time); + stored_time = pdb_get_logon_time(to); + DEBUG(10,("INFO_23 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_logon_time(to, unix_time, PDB_CHANGED); + } + if (!nt_time_is_zero(&from->logoff_time)) { + unix_time=nt_time_to_unix(&from->logoff_time); + stored_time = pdb_get_logoff_time(to); + DEBUG(10,("INFO_23 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_logoff_time(to, unix_time, PDB_CHANGED); + } + + if (!nt_time_is_zero(&from->kickoff_time)) { + unix_time=nt_time_to_unix(&from->kickoff_time); + stored_time = pdb_get_kickoff_time(to); + DEBUG(10,("INFO_23 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_kickoff_time(to, unix_time , PDB_CHANGED); + } + + if (!nt_time_is_zero(&from->pass_can_change_time)) { + unix_time=nt_time_to_unix(&from->pass_can_change_time); + stored_time = pdb_get_pass_can_change_time(to); + DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED); + } + if (!nt_time_is_zero(&from->pass_last_set_time)) { + unix_time=nt_time_to_unix(&from->pass_last_set_time); + stored_time = pdb_get_pass_last_set_time(to); + DEBUG(10,("INFO_23 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED); + } + + if (!nt_time_is_zero(&from->pass_must_change_time)) { + unix_time=nt_time_to_unix(&from->pass_must_change_time); + stored_time=pdb_get_pass_must_change_time(to); + DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time)); + if (stored_time != unix_time) + pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED); + } + + /* Backend should check this for sainity */ + if (from->hdr_user_name.buffer) { + old_string = pdb_get_username(to); + new_string = unistr2_static(&from->uni_user_name); + DEBUG(10,("INFO_23 UNI_USER_NAME: %s -> %s\n", old_string, new_string)); + if (STRING_CHANGED) + pdb_set_username(to , new_string, PDB_CHANGED); + } + + if (from->hdr_full_name.buffer) { + old_string = pdb_get_fullname(to); + new_string = unistr2_static(&from->uni_full_name); + DEBUG(10,("INFO_23 UNI_FULL_NAME: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_fullname(to , new_string, PDB_CHANGED); + } + + if (from->hdr_home_dir.buffer) { + old_string = pdb_get_homedir(to); + new_string = unistr2_static(&from->uni_home_dir); + DEBUG(10,("INFO_23 UNI_HOME_DIR: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_homedir(to , new_string, PDB_CHANGED); + } + + if (from->hdr_dir_drive.buffer) { + old_string = pdb_get_dir_drive(to); + new_string = unistr2_static(&from->uni_dir_drive); + DEBUG(10,("INFO_23 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_dir_drive(to , new_string, PDB_CHANGED); + } + + if (from->hdr_logon_script.buffer) { + old_string = pdb_get_logon_script(to); + new_string = unistr2_static(&from->uni_logon_script); + DEBUG(10,("INFO_23 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_logon_script(to , new_string, PDB_CHANGED); + } + + if (from->hdr_profile_path.buffer) { + old_string = pdb_get_profile_path(to); + new_string = unistr2_static(&from->uni_profile_path); + DEBUG(10,("INFO_23 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_profile_path(to , new_string, PDB_CHANGED); + } + + if (from->hdr_acct_desc.buffer) { + old_string = pdb_get_acct_desc(to); + new_string = unistr2_static(&from->uni_acct_desc); + DEBUG(10,("INFO_23 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string)); + if (STRING_CHANGED) + pdb_set_acct_desc(to , new_string, PDB_CHANGED); + } + + if (from->hdr_workstations.buffer) { + old_string = pdb_get_workstations(to); + new_string = unistr2_static(&from->uni_workstations); + DEBUG(10,("INFO_23 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_workstations(to , new_string, PDB_CHANGED); + } + + if (from->hdr_unknown_str.buffer) { + old_string = pdb_get_unknown_str(to); + new_string = unistr2_static(&from->uni_unknown_str); + DEBUG(10,("INFO_23 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_unknown_str(to , new_string, PDB_CHANGED); + } + + if (from->hdr_munged_dial.buffer) { + old_string = pdb_get_munged_dial(to); + new_string = unistr2_static(&from->uni_munged_dial); + DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string)); + if (STRING_CHANGED) + pdb_set_munged_dial(to , new_string, PDB_CHANGED); + } + + if (from->user_rid != pdb_get_user_rid(to)) { + DEBUG(10,("INFO_23 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid)); + /* we really allow this ??? metze */ + /* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/ + } + + if (from->group_rid != pdb_get_group_rid(to)) { + DEBUG(10,("INFO_23 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid)); + pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED); + } + + DEBUG(10,("INFO_23 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info)); + if (from->acb_info != pdb_get_acct_ctrl(to)) { + pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED); + } + + DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3)); + if (from->unknown_3 != pdb_get_unknown_3(to)) { + pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED); + } + + DEBUG(15,("INFO_23 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs)); + if (from->logon_divs != pdb_get_logon_divs(to)) { + pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED); + } + + DEBUG(15,("INFO_23 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len)); + if (from->logon_hrs.len != pdb_get_hours_len(to)) { + pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED); + } + + DEBUG(15,("INFO_23 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours)); +/* Fix me: only update if it changes --metze */ + pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED); + + DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5)); + if (from->unknown_5 != pdb_get_unknown_5(to)) { + pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED); + } + + DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6)); + if (from->unknown_6 != pdb_get_unknown_6(to)) { + pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED); + } + + DEBUG(10,("INFO_23 PADDING1 %02X %02X %02X %02X %02X %02X\n", + from->padding1[0], + from->padding1[1], + from->padding1[2], + from->padding1[3], + from->padding1[4], + from->padding1[5])); + + DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); + if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { + pdb_set_pass_must_change_time(to,0, PDB_CHANGED); + } + + DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2)); + + DEBUG(10,("INFO_23 PADDING_4: %08X\n",from->padding4)); +} + + diff --git a/source4/rpc_server/srv_spoolss.c b/source4/rpc_server/srv_spoolss.c new file mode 100755 index 0000000000..3023922a5b --- /dev/null +++ b/source4/rpc_server/srv_spoolss.c @@ -0,0 +1,1649 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, + * Copyright (C) Jean François Micouleau 1998-2000, + * Copyright (C) Jeremy Allison 2001, + * Copyright (C) Gerald Carter 2001-2002, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/******************************************************************** + * api_spoolss_open_printer_ex (rarely seen - older call) + ********************************************************************/ + +static BOOL api_spoolss_open_printer(pipes_struct *p) +{ + SPOOL_Q_OPEN_PRINTER q_u; + SPOOL_R_OPEN_PRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_open_printer("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_open_printer: unable to unmarshall SPOOL_Q_OPEN_PRINTER.\n")); + return False; + } + + r_u.status = _spoolss_open_printer( p, &q_u, &r_u); + + if (!spoolss_io_r_open_printer("",&r_u,rdata,0)){ + DEBUG(0,("spoolss_io_r_open_printer: unable to marshall SPOOL_R_OPEN_PRINTER.\n")); + return False; + } + + return True; +} + + +/******************************************************************** + * api_spoolss_open_printer_ex + ********************************************************************/ + +static BOOL api_spoolss_open_printer_ex(pipes_struct *p) +{ + SPOOL_Q_OPEN_PRINTER_EX q_u; + SPOOL_R_OPEN_PRINTER_EX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_open_printer_ex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_open_printer_ex: unable to unmarshall SPOOL_Q_OPEN_PRINTER_EX.\n")); + return False; + } + + r_u.status = _spoolss_open_printer_ex( p, &q_u, &r_u); + + if (!spoolss_io_r_open_printer_ex("",&r_u,rdata,0)){ + DEBUG(0,("spoolss_io_r_open_printer_ex: unable to marshall SPOOL_R_OPEN_PRINTER_EX.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_getprinterdata + * + * called from the spoolss dispatcher + ********************************************************************/ + +static BOOL api_spoolss_getprinterdata(pipes_struct *p) +{ + SPOOL_Q_GETPRINTERDATA q_u; + SPOOL_R_GETPRINTERDATA r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* read the stream and fill the struct */ + if (!spoolss_io_q_getprinterdata("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getprinterdata: unable to unmarshall SPOOL_Q_GETPRINTERDATA.\n")); + return False; + } + + r_u.status = _spoolss_getprinterdata( p, &q_u, &r_u); + + if (!spoolss_io_r_getprinterdata("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_getprinterdata: unable to marshall SPOOL_R_GETPRINTERDATA.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_deleteprinterdata + * + * called from the spoolss dispatcher + ********************************************************************/ + +static BOOL api_spoolss_deleteprinterdata(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERDATA q_u; + SPOOL_R_DELETEPRINTERDATA r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* read the stream and fill the struct */ + if (!spoolss_io_q_deleteprinterdata("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterdata: unable to unmarshall SPOOL_Q_DELETEPRINTERDATA.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterdata( p, &q_u, &r_u); + + if (!spoolss_io_r_deleteprinterdata("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteprinterdata: unable to marshall SPOOL_R_DELETEPRINTERDATA.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_closeprinter + * + * called from the spoolss dispatcher + ********************************************************************/ + +static BOOL api_spoolss_closeprinter(pipes_struct *p) +{ + SPOOL_Q_CLOSEPRINTER q_u; + SPOOL_R_CLOSEPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_closeprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_closeprinter: unable to unmarshall SPOOL_Q_CLOSEPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_closeprinter(p, &q_u, &r_u); + + if (!spoolss_io_r_closeprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_closeprinter: unable to marshall SPOOL_R_CLOSEPRINTER.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_abortprinter + * + * called from the spoolss dispatcher + ********************************************************************/ + +static BOOL api_spoolss_abortprinter(pipes_struct *p) +{ + SPOOL_Q_ABORTPRINTER q_u; + SPOOL_R_ABORTPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_abortprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_abortprinter: unable to unmarshall SPOOL_Q_ABORTPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_abortprinter(p, &q_u, &r_u); + + if (!spoolss_io_r_abortprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_abortprinter: unable to marshall SPOOL_R_ABORTPRINTER.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_deleteprinter + * + * called from the spoolss dispatcher + ********************************************************************/ + +static BOOL api_spoolss_deleteprinter(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTER q_u; + SPOOL_R_DELETEPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_deleteprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinter: unable to unmarshall SPOOL_Q_DELETEPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinter(p, &q_u, &r_u); + + if (!spoolss_io_r_deleteprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_deleteprinter: unable to marshall SPOOL_R_DELETEPRINTER.\n")); + return False; + } + + return True; +} + + +/******************************************************************** + * api_spoolss_deleteprinterdriver + * + * called from the spoolss dispatcher + ********************************************************************/ + +static BOOL api_spoolss_deleteprinterdriver(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERDRIVER q_u; + SPOOL_R_DELETEPRINTERDRIVER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_deleteprinterdriver("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterdriver: unable to unmarshall SPOOL_Q_DELETEPRINTERDRIVER.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterdriver(p, &q_u, &r_u); + + if (!spoolss_io_r_deleteprinterdriver("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_deleteprinter: unable to marshall SPOOL_R_DELETEPRINTER.\n")); + return False; + } + + return True; +} + + +/******************************************************************** + * api_spoolss_rffpcnex + * ReplyFindFirstPrinterChangeNotifyEx + ********************************************************************/ + +static BOOL api_spoolss_rffpcnex(pipes_struct *p) +{ + SPOOL_Q_RFFPCNEX q_u; + SPOOL_R_RFFPCNEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_rffpcnex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_rffpcnex: unable to unmarshall SPOOL_Q_RFFPCNEX.\n")); + return False; + } + + r_u.status = _spoolss_rffpcnex(p, &q_u, &r_u); + + if (!spoolss_io_r_rffpcnex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_rffpcnex: unable to marshall SPOOL_R_RFFPCNEX.\n")); + return False; + } + + return True; +} + + +/******************************************************************** + * api_spoolss_rfnpcnex + * ReplyFindNextPrinterChangeNotifyEx + * called from the spoolss dispatcher + + * Note - this is the *ONLY* function that breaks the RPC call + * symmetry in all the other calls. We need to do this to fix + * the massive memory allocation problem with thousands of jobs... + * JRA. + ********************************************************************/ + +static BOOL api_spoolss_rfnpcnex(pipes_struct *p) +{ + SPOOL_Q_RFNPCNEX q_u; + SPOOL_R_RFNPCNEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_rfnpcnex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_rfnpcnex: unable to unmarshall SPOOL_Q_RFNPCNEX.\n")); + return False; + } + + r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u); + + if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) { + SAFE_FREE(r_u.info.data); + DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n")); + return False; + } + + SAFE_FREE(r_u.info.data); + + return True; +} + + +/******************************************************************** + * api_spoolss_enumprinters + * called from the spoolss dispatcher + * + ********************************************************************/ + +static BOOL api_spoolss_enumprinters(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTERS q_u; + SPOOL_R_ENUMPRINTERS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_enumprinters("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumprinters: unable to unmarshall SPOOL_Q_ENUMPRINTERS.\n")); + return False; + } + + r_u.status = _spoolss_enumprinters( p, &q_u, &r_u); + + if (!spoolss_io_r_enumprinters("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_enumprinters: unable to marshall SPOOL_R_ENUMPRINTERS.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_getprinter + * called from the spoolss dispatcher + * + ********************************************************************/ + +static BOOL api_spoolss_getprinter(pipes_struct *p) +{ + SPOOL_Q_GETPRINTER q_u; + SPOOL_R_GETPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_getprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getprinter: unable to unmarshall SPOOL_Q_GETPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_getprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_getprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_getprinter: unable to marshall SPOOL_R_GETPRINTER.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_getprinter + * called from the spoolss dispatcher + * + ********************************************************************/ + +static BOOL api_spoolss_getprinterdriver2(pipes_struct *p) +{ + SPOOL_Q_GETPRINTERDRIVER2 q_u; + SPOOL_R_GETPRINTERDRIVER2 r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_getprinterdriver2("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getprinterdriver2: unable to unmarshall SPOOL_Q_GETPRINTERDRIVER2.\n")); + return False; + } + + r_u.status = _spoolss_getprinterdriver2(p, &q_u, &r_u); + + if(!spoolss_io_r_getprinterdriver2("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_getprinterdriver2: unable to marshall SPOOL_R_GETPRINTERDRIVER2.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_getprinter + * called from the spoolss dispatcher + * + ********************************************************************/ + +static BOOL api_spoolss_startpageprinter(pipes_struct *p) +{ + SPOOL_Q_STARTPAGEPRINTER q_u; + SPOOL_R_STARTPAGEPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_startpageprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_startpageprinter: unable to unmarshall SPOOL_Q_STARTPAGEPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_startpageprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_startpageprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_startpageprinter: unable to marshall SPOOL_R_STARTPAGEPRINTER.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_getprinter + * called from the spoolss dispatcher + * + ********************************************************************/ + +static BOOL api_spoolss_endpageprinter(pipes_struct *p) +{ + SPOOL_Q_ENDPAGEPRINTER q_u; + SPOOL_R_ENDPAGEPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_endpageprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_endpageprinter: unable to unmarshall SPOOL_Q_ENDPAGEPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_endpageprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_endpageprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_endpageprinter: unable to marshall SPOOL_R_ENDPAGEPRINTER.\n")); + return False; + } + + return True; +} + +/******************************************************************** +********************************************************************/ + +static BOOL api_spoolss_startdocprinter(pipes_struct *p) +{ + SPOOL_Q_STARTDOCPRINTER q_u; + SPOOL_R_STARTDOCPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_startdocprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_startdocprinter: unable to unmarshall SPOOL_Q_STARTDOCPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_startdocprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_startdocprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_startdocprinter: unable to marshall SPOOL_R_STARTDOCPRINTER.\n")); + return False; + } + + return True; +} + +/******************************************************************** +********************************************************************/ + +static BOOL api_spoolss_enddocprinter(pipes_struct *p) +{ + SPOOL_Q_ENDDOCPRINTER q_u; + SPOOL_R_ENDDOCPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_enddocprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enddocprinter: unable to unmarshall SPOOL_Q_ENDDOCPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_enddocprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_enddocprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_enddocprinter: unable to marshall SPOOL_R_ENDDOCPRINTER.\n")); + return False; + } + + return True; +} + +/******************************************************************** +********************************************************************/ + +static BOOL api_spoolss_writeprinter(pipes_struct *p) +{ + SPOOL_Q_WRITEPRINTER q_u; + SPOOL_R_WRITEPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_writeprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_writeprinter: unable to unmarshall SPOOL_Q_WRITEPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_writeprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_writeprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_writeprinter: unable to marshall SPOOL_R_WRITEPRINTER.\n")); + return False; + } + + return True; +} + +/**************************************************************************** + +****************************************************************************/ + +static BOOL api_spoolss_setprinter(pipes_struct *p) +{ + SPOOL_Q_SETPRINTER q_u; + SPOOL_R_SETPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_setprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_setprinter: unable to unmarshall SPOOL_Q_SETPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_setprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_setprinter("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_setprinter: unable to marshall SPOOL_R_SETPRINTER.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_fcpn(pipes_struct *p) +{ + SPOOL_Q_FCPN q_u; + SPOOL_R_FCPN r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_fcpn("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_fcpn: unable to unmarshall SPOOL_Q_FCPN.\n")); + return False; + } + + r_u.status = _spoolss_fcpn(p, &q_u, &r_u); + + if(!spoolss_io_r_fcpn("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_fcpn: unable to marshall SPOOL_R_FCPN.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_addjob(pipes_struct *p) +{ + SPOOL_Q_ADDJOB q_u; + SPOOL_R_ADDJOB r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_addjob("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_addjob: unable to unmarshall SPOOL_Q_ADDJOB.\n")); + return False; + } + + r_u.status = _spoolss_addjob(p, &q_u, &r_u); + + if(!spoolss_io_r_addjob("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_addjob: unable to marshall SPOOL_R_ADDJOB.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumjobs(pipes_struct *p) +{ + SPOOL_Q_ENUMJOBS q_u; + SPOOL_R_ENUMJOBS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_enumjobs("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumjobs: unable to unmarshall SPOOL_Q_ENUMJOBS.\n")); + return False; + } + + r_u.status = _spoolss_enumjobs(p, &q_u, &r_u); + + if (!spoolss_io_r_enumjobs("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_enumjobs: unable to marshall SPOOL_R_ENUMJOBS.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_schedulejob(pipes_struct *p) +{ + SPOOL_Q_SCHEDULEJOB q_u; + SPOOL_R_SCHEDULEJOB r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_schedulejob("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_schedulejob: unable to unmarshall SPOOL_Q_SCHEDULEJOB.\n")); + return False; + } + + r_u.status = _spoolss_schedulejob(p, &q_u, &r_u); + + if(!spoolss_io_r_schedulejob("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_schedulejob: unable to marshall SPOOL_R_SCHEDULEJOB.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_setjob(pipes_struct *p) +{ + SPOOL_Q_SETJOB q_u; + SPOOL_R_SETJOB r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_setjob("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_setjob: unable to unmarshall SPOOL_Q_SETJOB.\n")); + return False; + } + + r_u.status = _spoolss_setjob(p, &q_u, &r_u); + + if(!spoolss_io_r_setjob("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_setjob: unable to marshall SPOOL_R_SETJOB.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumprinterdrivers(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTERDRIVERS q_u; + SPOOL_R_ENUMPRINTERDRIVERS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_enumprinterdrivers("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumprinterdrivers: unable to unmarshall SPOOL_Q_ENUMPRINTERDRIVERS.\n")); + return False; + } + + r_u.status = _spoolss_enumprinterdrivers(p, &q_u, &r_u); + + if (!spoolss_io_r_enumprinterdrivers("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_enumprinterdrivers: unable to marshall SPOOL_R_ENUMPRINTERDRIVERS.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_getform(pipes_struct *p) +{ + SPOOL_Q_GETFORM q_u; + SPOOL_R_GETFORM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_getform("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getform: unable to unmarshall SPOOL_Q_GETFORM.\n")); + return False; + } + + r_u.status = _spoolss_getform(p, &q_u, &r_u); + + if (!spoolss_io_r_getform("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_getform: unable to marshall SPOOL_R_GETFORM.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumforms(pipes_struct *p) +{ + SPOOL_Q_ENUMFORMS q_u; + SPOOL_R_ENUMFORMS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_enumforms("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumforms: unable to unmarshall SPOOL_Q_ENUMFORMS.\n")); + return False; + } + + r_u.status = _spoolss_enumforms(p, &q_u, &r_u); + + if (!spoolss_io_r_enumforms("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_enumforms: unable to marshall SPOOL_R_ENUMFORMS.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumports(pipes_struct *p) +{ + SPOOL_Q_ENUMPORTS q_u; + SPOOL_R_ENUMPORTS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_enumports("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumports: unable to unmarshall SPOOL_Q_ENUMPORTS.\n")); + return False; + } + + r_u.status = _spoolss_enumports(p, &q_u, &r_u); + + if (!spoolss_io_r_enumports("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_enumports: unable to marshall SPOOL_R_ENUMPORTS.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_addprinterex(pipes_struct *p) +{ + SPOOL_Q_ADDPRINTEREX q_u; + SPOOL_R_ADDPRINTEREX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_addprinterex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_addprinterex: unable to unmarshall SPOOL_Q_ADDPRINTEREX.\n")); + return False; + } + + r_u.status = _spoolss_addprinterex(p, &q_u, &r_u); + + if(!spoolss_io_r_addprinterex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_addprinterex: unable to marshall SPOOL_R_ADDPRINTEREX.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_addprinterdriver(pipes_struct *p) +{ + SPOOL_Q_ADDPRINTERDRIVER q_u; + SPOOL_R_ADDPRINTERDRIVER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_addprinterdriver("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_addprinterdriver: unable to unmarshall SPOOL_Q_ADDPRINTERDRIVER.\n")); + return False; + } + + r_u.status = _spoolss_addprinterdriver(p, &q_u, &r_u); + + if(!spoolss_io_r_addprinterdriver("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_addprinterdriver: unable to marshall SPOOL_R_ADDPRINTERDRIVER.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_getprinterdriverdirectory(pipes_struct *p) +{ + SPOOL_Q_GETPRINTERDRIVERDIR q_u; + SPOOL_R_GETPRINTERDRIVERDIR r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_getprinterdriverdir("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getprinterdriverdir: unable to unmarshall SPOOL_Q_GETPRINTERDRIVERDIR.\n")); + return False; + } + + r_u.status = _spoolss_getprinterdriverdirectory(p, &q_u, &r_u); + + if(!spoolss_io_r_getprinterdriverdir("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_getprinterdriverdir: unable to marshall SPOOL_R_GETPRINTERDRIVERDIR.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumprinterdata(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTERDATA q_u; + SPOOL_R_ENUMPRINTERDATA r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_enumprinterdata("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumprinterdata: unable to unmarshall SPOOL_Q_ENUMPRINTERDATA.\n")); + return False; + } + + r_u.status = _spoolss_enumprinterdata(p, &q_u, &r_u); + + if(!spoolss_io_r_enumprinterdata("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_enumprinterdata: unable to marshall SPOOL_R_ENUMPRINTERDATA.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_setprinterdata(pipes_struct *p) +{ + SPOOL_Q_SETPRINTERDATA q_u; + SPOOL_R_SETPRINTERDATA r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_setprinterdata("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_setprinterdata: unable to unmarshall SPOOL_Q_SETPRINTERDATA.\n")); + return False; + } + + r_u.status = _spoolss_setprinterdata(p, &q_u, &r_u); + + if(!spoolss_io_r_setprinterdata("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_setprinterdata: unable to marshall SPOOL_R_SETPRINTERDATA.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ +static BOOL api_spoolss_reset_printer(pipes_struct *p) +{ + SPOOL_Q_RESETPRINTER q_u; + SPOOL_R_RESETPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_resetprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_setprinterdata: unable to unmarshall SPOOL_Q_SETPRINTERDATA.\n")); + return False; + } + + r_u.status = _spoolss_resetprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_resetprinter("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_setprinterdata: unable to marshall SPOOL_R_RESETPRINTER.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ +static BOOL api_spoolss_addform(pipes_struct *p) +{ + SPOOL_Q_ADDFORM q_u; + SPOOL_R_ADDFORM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_addform("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_addform: unable to unmarshall SPOOL_Q_ADDFORM.\n")); + return False; + } + + r_u.status = _spoolss_addform(p, &q_u, &r_u); + + if(!spoolss_io_r_addform("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_addform: unable to marshall SPOOL_R_ADDFORM.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_deleteform(pipes_struct *p) +{ + SPOOL_Q_DELETEFORM q_u; + SPOOL_R_DELETEFORM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_deleteform("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteform: unable to unmarshall SPOOL_Q_DELETEFORM.\n")); + return False; + } + + r_u.status = _spoolss_deleteform(p, &q_u, &r_u); + + if(!spoolss_io_r_deleteform("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteform: unable to marshall SPOOL_R_DELETEFORM.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_setform(pipes_struct *p) +{ + SPOOL_Q_SETFORM q_u; + SPOOL_R_SETFORM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_setform("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_setform: unable to unmarshall SPOOL_Q_SETFORM.\n")); + return False; + } + + r_u.status = _spoolss_setform(p, &q_u, &r_u); + + if(!spoolss_io_r_setform("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_setform: unable to marshall SPOOL_R_SETFORM.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumprintprocessors(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTPROCESSORS q_u; + SPOOL_R_ENUMPRINTPROCESSORS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_enumprintprocessors("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumprintprocessors: unable to unmarshall SPOOL_Q_ENUMPRINTPROCESSORS.\n")); + return False; + } + + r_u.status = _spoolss_enumprintprocessors(p, &q_u, &r_u); + + if(!spoolss_io_r_enumprintprocessors("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_enumprintprocessors: unable to marshall SPOOL_R_ENUMPRINTPROCESSORS.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_addprintprocessor(pipes_struct *p) +{ + SPOOL_Q_ADDPRINTPROCESSOR q_u; + SPOOL_R_ADDPRINTPROCESSOR r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_addprintprocessor("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_addprintprocessor: unable to unmarshall SPOOL_Q_ADDPRINTPROCESSOR.\n")); + return False; + } + + /* for now, just indicate success and ignore the add. We'll + automatically set the winprint processor for printer + entries later. Used to debug the LexMark Optra S 1855 PCL + driver --jerry */ + r_u.status = WERR_OK; + + if(!spoolss_io_r_addprintprocessor("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_addprintprocessor: unable to marshall SPOOL_R_ADDPRINTPROCESSOR.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumprintprocdatatypes(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTPROCDATATYPES q_u; + SPOOL_R_ENUMPRINTPROCDATATYPES r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_enumprintprocdatatypes("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumprintprocdatatypes: unable to unmarshall SPOOL_Q_ENUMPRINTPROCDATATYPES.\n")); + return False; + } + + r_u.status = _spoolss_enumprintprocdatatypes(p, &q_u, &r_u); + + if(!spoolss_io_r_enumprintprocdatatypes("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_enumprintprocdatatypes: unable to marshall SPOOL_R_ENUMPRINTPROCDATATYPES.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumprintmonitors(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTMONITORS q_u; + SPOOL_R_ENUMPRINTMONITORS r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if (!spoolss_io_q_enumprintmonitors("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumprintmonitors: unable to unmarshall SPOOL_Q_ENUMPRINTMONITORS.\n")); + return False; + } + + r_u.status = _spoolss_enumprintmonitors(p, &q_u, &r_u); + + if (!spoolss_io_r_enumprintmonitors("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_enumprintmonitors: unable to marshall SPOOL_R_ENUMPRINTMONITORS.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_getjob(pipes_struct *p) +{ + SPOOL_Q_GETJOB q_u; + SPOOL_R_GETJOB r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + if(!spoolss_io_q_getjob("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getjob: unable to unmarshall SPOOL_Q_GETJOB.\n")); + return False; + } + + r_u.status = _spoolss_getjob(p, &q_u, &r_u); + + if(!spoolss_io_r_getjob("",&r_u,rdata,0)) { + DEBUG(0,("spoolss_io_r_getjob: unable to marshall SPOOL_R_GETJOB.\n")); + return False; + } + + return True; +} + +/******************************************************************** + * api_spoolss_getprinterdataex + * + * called from the spoolss dispatcher + ********************************************************************/ + +static BOOL api_spoolss_getprinterdataex(pipes_struct *p) +{ + SPOOL_Q_GETPRINTERDATAEX q_u; + SPOOL_R_GETPRINTERDATAEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* read the stream and fill the struct */ + if (!spoolss_io_q_getprinterdataex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getprinterdataex: unable to unmarshall SPOOL_Q_GETPRINTERDATAEX.\n")); + return False; + } + + r_u.status = _spoolss_getprinterdataex( p, &q_u, &r_u); + + if (!spoolss_io_r_getprinterdataex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_getprinterdataex: unable to marshall SPOOL_R_GETPRINTERDATAEX.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_setprinterdataex(pipes_struct *p) +{ + SPOOL_Q_SETPRINTERDATAEX q_u; + SPOOL_R_SETPRINTERDATAEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_setprinterdataex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_setprinterdataex: unable to unmarshall SPOOL_Q_SETPRINTERDATAEX.\n")); + return False; + } + + r_u.status = _spoolss_setprinterdataex(p, &q_u, &r_u); + + if(!spoolss_io_r_setprinterdataex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_setprinterdataex: unable to marshall SPOOL_R_SETPRINTERDATAEX.\n")); + return False; + } + + return True; +} + + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumprinterkey(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTERKEY q_u; + SPOOL_R_ENUMPRINTERKEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_enumprinterkey("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_setprinterkey: unable to unmarshall SPOOL_Q_ENUMPRINTERKEY.\n")); + return False; + } + + r_u.status = _spoolss_enumprinterkey(p, &q_u, &r_u); + + if(!spoolss_io_r_enumprinterkey("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_enumprinterkey: unable to marshall SPOOL_R_ENUMPRINTERKEY.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_enumprinterdataex(pipes_struct *p) +{ + SPOOL_Q_ENUMPRINTERDATAEX q_u; + SPOOL_R_ENUMPRINTERDATAEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_enumprinterdataex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_enumprinterdataex: unable to unmarshall SPOOL_Q_ENUMPRINTERDATAEX.\n")); + return False; + } + + r_u.status = _spoolss_enumprinterdataex(p, &q_u, &r_u); + + if(!spoolss_io_r_enumprinterdataex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_enumprinterdataex: unable to marshall SPOOL_R_ENUMPRINTERDATAEX.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_getprintprocessordirectory(pipes_struct *p) +{ + SPOOL_Q_GETPRINTPROCESSORDIRECTORY q_u; + SPOOL_R_GETPRINTPROCESSORDIRECTORY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_getprintprocessordirectory("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_getprintprocessordirectory: unable to unmarshall SPOOL_Q_GETPRINTPROCESSORDIRECTORY.\n")); + return False; + } + + r_u.status = _spoolss_getprintprocessordirectory(p, &q_u, &r_u); + + if(!spoolss_io_r_getprintprocessordirectory("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_getprintprocessordirectory: unable to marshall SPOOL_R_GETPRINTPROCESSORDIRECTORY.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_deleteprinterdataex(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERDATAEX q_u; + SPOOL_R_DELETEPRINTERDATAEX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_deleteprinterdataex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterdataex: unable to unmarshall SPOOL_Q_DELETEPRINTERDATAEX.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterdataex(p, &q_u, &r_u); + + if(!spoolss_io_r_deleteprinterdataex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteprinterdataex: unable to marshall SPOOL_R_DELETEPRINTERDATAEX.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_deleteprinterkey(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERKEY q_u; + SPOOL_R_DELETEPRINTERKEY r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_deleteprinterkey("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterkey: unable to unmarshall SPOOL_Q_DELETEPRINTERKEY.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterkey(p, &q_u, &r_u); + + if(!spoolss_io_r_deleteprinterkey("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteprinterkey: unable to marshall SPOOL_R_DELETEPRINTERKEY.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_addprinterdriverex(pipes_struct *p) +{ + SPOOL_Q_ADDPRINTERDRIVEREX q_u; + SPOOL_R_ADDPRINTERDRIVEREX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_addprinterdriverex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_addprinterdriverex: unable to unmarshall SPOOL_Q_ADDPRINTERDRIVEREX.\n")); + return False; + } + + r_u.status = _spoolss_addprinterdriverex(p, &q_u, &r_u); + + if(!spoolss_io_r_addprinterdriverex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_addprinterdriverex: unable to marshall SPOOL_R_ADDPRINTERDRIVEREX.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_deleteprinterdriverex(pipes_struct *p) +{ + SPOOL_Q_DELETEPRINTERDRIVEREX q_u; + SPOOL_R_DELETEPRINTERDRIVEREX r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_deleteprinterdriverex("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_deleteprinterdriverex: unable to unmarshall SPOOL_Q_DELETEPRINTERDRIVEREX.\n")); + return False; + } + + r_u.status = _spoolss_deleteprinterdriverex(p, &q_u, &r_u); + + if(!spoolss_io_r_deleteprinterdriverex("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_deleteprinterdriverex: unable to marshall SPOOL_R_DELETEPRINTERDRIVEREX.\n")); + return False; + } + + return True; +} + +#if 0 + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_replyopenprinter(pipes_struct *p) +{ + SPOOL_Q_REPLYOPENPRINTER q_u; + SPOOL_R_REPLYOPENPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_replyopenprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_replyopenprinter: unable to unmarshall SPOOL_Q_REPLYOPENPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_replyopenprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_replyopenprinter("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_replyopenprinter: unable to marshall SPOOL_R_REPLYOPENPRINTER.\n")); + return False; + } + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL api_spoolss_replycloseprinter(pipes_struct *p) +{ + SPOOL_Q_REPLYCLOSEPRINTER q_u; + SPOOL_R_REPLYCLOSEPRINTER r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + if(!spoolss_io_q_replycloseprinter("", &q_u, data, 0)) { + DEBUG(0,("spoolss_io_q_replycloseprinter: unable to unmarshall SPOOL_Q_REPLYCLOSEPRINTER.\n")); + return False; + } + + r_u.status = _spoolss_replycloseprinter(p, &q_u, &r_u); + + if(!spoolss_io_r_replycloseprinter("", &r_u, rdata, 0)) { + DEBUG(0,("spoolss_io_r_replycloseprinter: unable to marshall SPOOL_R_REPLYCLOSEPRINTER.\n")); + return False; + } + + return True; +} + +#endif + +/******************************************************************* +\pipe\spoolss commands +********************************************************************/ + +#ifdef RPC_SPOOLSS_DYNAMIC +int init_module(void) +#else +int rpc_spoolss_init(void) +#endif +{ + struct api_struct api_spoolss_cmds[] = + { + {"SPOOLSS_OPENPRINTER", SPOOLSS_OPENPRINTER, api_spoolss_open_printer }, + {"SPOOLSS_OPENPRINTEREX", SPOOLSS_OPENPRINTEREX, api_spoolss_open_printer_ex }, + {"SPOOLSS_GETPRINTERDATA", SPOOLSS_GETPRINTERDATA, api_spoolss_getprinterdata }, + {"SPOOLSS_CLOSEPRINTER", SPOOLSS_CLOSEPRINTER, api_spoolss_closeprinter }, + {"SPOOLSS_DELETEPRINTER", SPOOLSS_DELETEPRINTER, api_spoolss_deleteprinter }, + {"SPOOLSS_ABORTPRINTER", SPOOLSS_ABORTPRINTER, api_spoolss_abortprinter }, + {"SPOOLSS_RFFPCNEX", SPOOLSS_RFFPCNEX, api_spoolss_rffpcnex }, + {"SPOOLSS_RFNPCNEX", SPOOLSS_RFNPCNEX, api_spoolss_rfnpcnex }, + {"SPOOLSS_ENUMPRINTERS", SPOOLSS_ENUMPRINTERS, api_spoolss_enumprinters }, + {"SPOOLSS_GETPRINTER", SPOOLSS_GETPRINTER, api_spoolss_getprinter }, + {"SPOOLSS_GETPRINTERDRIVER2", SPOOLSS_GETPRINTERDRIVER2, api_spoolss_getprinterdriver2 }, + {"SPOOLSS_STARTPAGEPRINTER", SPOOLSS_STARTPAGEPRINTER, api_spoolss_startpageprinter }, + {"SPOOLSS_ENDPAGEPRINTER", SPOOLSS_ENDPAGEPRINTER, api_spoolss_endpageprinter }, + {"SPOOLSS_STARTDOCPRINTER", SPOOLSS_STARTDOCPRINTER, api_spoolss_startdocprinter }, + {"SPOOLSS_ENDDOCPRINTER", SPOOLSS_ENDDOCPRINTER, api_spoolss_enddocprinter }, + {"SPOOLSS_WRITEPRINTER", SPOOLSS_WRITEPRINTER, api_spoolss_writeprinter }, + {"SPOOLSS_SETPRINTER", SPOOLSS_SETPRINTER, api_spoolss_setprinter }, + {"SPOOLSS_FCPN", SPOOLSS_FCPN, api_spoolss_fcpn }, + {"SPOOLSS_ADDJOB", SPOOLSS_ADDJOB, api_spoolss_addjob }, + {"SPOOLSS_ENUMJOBS", SPOOLSS_ENUMJOBS, api_spoolss_enumjobs }, + {"SPOOLSS_SCHEDULEJOB", SPOOLSS_SCHEDULEJOB, api_spoolss_schedulejob }, + {"SPOOLSS_SETJOB", SPOOLSS_SETJOB, api_spoolss_setjob }, + {"SPOOLSS_ENUMFORMS", SPOOLSS_ENUMFORMS, api_spoolss_enumforms }, + {"SPOOLSS_ENUMPORTS", SPOOLSS_ENUMPORTS, api_spoolss_enumports }, + {"SPOOLSS_ENUMPRINTERDRIVERS", SPOOLSS_ENUMPRINTERDRIVERS, api_spoolss_enumprinterdrivers }, + {"SPOOLSS_ADDPRINTEREX", SPOOLSS_ADDPRINTEREX, api_spoolss_addprinterex }, + {"SPOOLSS_ADDPRINTERDRIVER", SPOOLSS_ADDPRINTERDRIVER, api_spoolss_addprinterdriver }, + {"SPOOLSS_DELETEPRINTERDRIVER", SPOOLSS_DELETEPRINTERDRIVER, api_spoolss_deleteprinterdriver }, + {"SPOOLSS_GETPRINTERDRIVERDIRECTORY", SPOOLSS_GETPRINTERDRIVERDIRECTORY, api_spoolss_getprinterdriverdirectory }, + {"SPOOLSS_ENUMPRINTERDATA", SPOOLSS_ENUMPRINTERDATA, api_spoolss_enumprinterdata }, + {"SPOOLSS_SETPRINTERDATA", SPOOLSS_SETPRINTERDATA, api_spoolss_setprinterdata }, + {"SPOOLSS_RESETPRINTER", SPOOLSS_RESETPRINTER, api_spoolss_reset_printer }, + {"SPOOLSS_DELETEPRINTERDATA", SPOOLSS_DELETEPRINTERDATA, api_spoolss_deleteprinterdata }, + {"SPOOLSS_ADDFORM", SPOOLSS_ADDFORM, api_spoolss_addform }, + {"SPOOLSS_DELETEFORM", SPOOLSS_DELETEFORM, api_spoolss_deleteform }, + {"SPOOLSS_GETFORM", SPOOLSS_GETFORM, api_spoolss_getform }, + {"SPOOLSS_SETFORM", SPOOLSS_SETFORM, api_spoolss_setform }, + {"SPOOLSS_ADDPRINTPROCESSOR", SPOOLSS_ADDPRINTPROCESSOR, api_spoolss_addprintprocessor }, + {"SPOOLSS_ENUMPRINTPROCESSORS", SPOOLSS_ENUMPRINTPROCESSORS, api_spoolss_enumprintprocessors }, + {"SPOOLSS_ENUMMONITORS", SPOOLSS_ENUMMONITORS, api_spoolss_enumprintmonitors }, + {"SPOOLSS_GETJOB", SPOOLSS_GETJOB, api_spoolss_getjob }, + {"SPOOLSS_ENUMPRINTPROCDATATYPES", SPOOLSS_ENUMPRINTPROCDATATYPES, api_spoolss_enumprintprocdatatypes }, + {"SPOOLSS_GETPRINTERDATAEX", SPOOLSS_GETPRINTERDATAEX, api_spoolss_getprinterdataex }, + {"SPOOLSS_SETPRINTERDATAEX", SPOOLSS_SETPRINTERDATAEX, api_spoolss_setprinterdataex }, + {"SPOOLSS_DELETEPRINTERDATAEX", SPOOLSS_DELETEPRINTERDATAEX, api_spoolss_deleteprinterdataex }, + {"SPOOLSS_ENUMPRINTERDATAEX", SPOOLSS_ENUMPRINTERDATAEX, api_spoolss_enumprinterdataex }, + {"SPOOLSS_ENUMPRINTERKEY", SPOOLSS_ENUMPRINTERKEY, api_spoolss_enumprinterkey }, + {"SPOOLSS_DELETEPRINTERKEY", SPOOLSS_DELETEPRINTERKEY, api_spoolss_deleteprinterkey }, + {"SPOOLSS_GETPRINTPROCESSORDIRECTORY",SPOOLSS_GETPRINTPROCESSORDIRECTORY,api_spoolss_getprintprocessordirectory}, + {"SPOOLSS_ADDPRINTERDRIVEREX", SPOOLSS_ADDPRINTERDRIVEREX, api_spoolss_addprinterdriverex }, + {"SPOOLSS_DELETEPRINTERDRIVEREX", SPOOLSS_DELETEPRINTERDRIVEREX, api_spoolss_deleteprinterdriverex }, +#if 0 + {"SPOOLSS_REPLYOPENPRINTER", SPOOLSS_REPLYOPENPRINTER, api_spoolss_replyopenprinter }, + {"SPOOLSS_REPLYCLOSEPRINTER", SPOOLSS_REPLYCLOSEPRINTER, api_spoolss_replycloseprinter } +#endif + }; + return rpc_pipe_register_commands("spoolss", "spoolss", api_spoolss_cmds, + sizeof(api_spoolss_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_spoolss_nt.c b/source4/rpc_server/srv_spoolss_nt.c new file mode 100644 index 0000000000..0c29962008 --- /dev/null +++ b/source4/rpc_server/srv_spoolss_nt.c @@ -0,0 +1,9079 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Luke Kenneth Casson Leighton 1996-2000, + * Copyright (C) Jean François Micouleau 1998-2000, + * Copyright (C) Jeremy Allison 2001-2002, + * Copyright (C) Gerald Carter 2000-2003, + * Copyright (C) Tim Potter 2001-2002. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* Since the SPOOLSS rpc routines are basically DOS 16-bit calls wrapped + up, all the errors returned are DOS errors, not NT status codes. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +#ifndef MAX_OPEN_PRINTER_EXS +#define MAX_OPEN_PRINTER_EXS 50 +#endif + +#define MAGIC_DISPLAY_FREQUENCY 0xfade2bad +#define PHANTOM_DEVMODE_KEY "_p_f_a_n_t_0_m_" + + +/* Table to map the driver version */ +/* to OS */ +static const char * drv_ver_to_os[] = { + "WIN9X", /* driver version/cversion 0 */ + "", /* unused ? */ + "WINNT", /* driver version/cversion 2 */ + "WIN2K", /* driver version/cversion 3 */ +}; + +struct table_node { + const char *long_archi; + const char *short_archi; + int version; +}; + +static Printer_entry *printers_list; + +typedef struct _counter_printer_0 { + ubi_dlNode Next; + ubi_dlNode Prev; + + int snum; + uint32 counter; +} counter_printer_0; + +static ubi_dlList counter_list; + +static struct cli_state notify_cli; /* print notify back-channel */ +static uint32 smb_connections=0; + + +/* in printing/nt_printing.c */ + +extern STANDARD_MAPPING printer_std_mapping, printserver_std_mapping; + +#define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \ +((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid()) + +/* translate between internal status numbers and NT status numbers */ +static int nt_printj_status(int v) +{ + switch (v) { + case LPQ_QUEUED: + return 0; + case LPQ_PAUSED: + return JOB_STATUS_PAUSED; + case LPQ_SPOOLING: + return JOB_STATUS_SPOOLING; + case LPQ_PRINTING: + return JOB_STATUS_PRINTING; + case LPQ_ERROR: + return JOB_STATUS_ERROR; + case LPQ_DELETING: + return JOB_STATUS_DELETING; + case LPQ_OFFLINE: + return JOB_STATUS_OFFLINE; + case LPQ_PAPEROUT: + return JOB_STATUS_PAPEROUT; + case LPQ_PRINTED: + return JOB_STATUS_PRINTED; + case LPQ_DELETED: + return JOB_STATUS_DELETED; + case LPQ_BLOCKED: + return JOB_STATUS_BLOCKED; + case LPQ_USER_INTERVENTION: + return JOB_STATUS_USER_INTERVENTION; + } + return 0; +} + +static int nt_printq_status(int v) +{ + switch (v) { + case LPQ_PAUSED: + return PRINTER_STATUS_PAUSED; + case LPQ_QUEUED: + case LPQ_SPOOLING: + case LPQ_PRINTING: + return 0; + } + return 0; +} + +/**************************************************************************** + Functions to handle SPOOL_NOTIFY_OPTION struct stored in Printer_entry. +****************************************************************************/ + +static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp) +{ + if (*pp == NULL) + return; + + SAFE_FREE((*pp)->ctr.type); + SAFE_FREE(*pp); +} + +/*************************************************************************** + Disconnect from the client +****************************************************************************/ + +static void srv_spoolss_replycloseprinter(int snum, POLICY_HND *handle) +{ + WERROR result; + + /* + * Tell the specific printing tdb we no longer want messages for this printer + * by deregistering our PID. + */ + + if (!print_notify_deregister_pid(snum)) + DEBUG(0,("print_notify_register_pid: Failed to register our pid for printer %s\n", lp_const_servicename(snum) )); + + /* weird if the test succeds !!! */ + if (smb_connections==0) { + DEBUG(0,("srv_spoolss_replycloseprinter:Trying to close non-existant notify backchannel !\n")); + return; + } + + result = cli_spoolss_reply_close_printer(¬ify_cli, notify_cli.mem_ctx, handle); + + if (!W_ERROR_IS_OK(result)) + DEBUG(0,("srv_spoolss_replycloseprinter: reply_close_printer failed [%s].\n", + dos_errstr(result))); + + /* if it's the last connection, deconnect the IPC$ share */ + if (smb_connections==1) { + cli_nt_session_close(¬ify_cli); + cli_ulogoff(¬ify_cli); + cli_shutdown(¬ify_cli); + message_deregister(MSG_PRINTER_NOTIFY2); + + /* Tell the connections db we're no longer interested in + * printer notify messages. */ + + register_message_flags( False, FLAG_MSG_PRINTING ); + } + + smb_connections--; +} + +/**************************************************************************** + Functions to free a printer entry datastruct. +****************************************************************************/ + +static void free_printer_entry(void *ptr) +{ + Printer_entry *Printer = (Printer_entry *)ptr; + + if (Printer->notify.client_connected==True) { + int snum = -1; + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) { + snum = -1; + srv_spoolss_replycloseprinter(snum, &Printer->notify.client_hnd); + } else if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTER) { + snum = print_queue_snum(Printer->dev.handlename); + if (snum != -1) + srv_spoolss_replycloseprinter(snum, + &Printer->notify.client_hnd); + } + } + + Printer->notify.flags=0; + Printer->notify.options=0; + Printer->notify.localmachine[0]='\0'; + Printer->notify.printerlocal=0; + free_spool_notify_option(&Printer->notify.option); + Printer->notify.option=NULL; + Printer->notify.client_connected=False; + + free_nt_devicemode( &Printer->nt_devmode ); + free_a_printer( &Printer->printer_info, 2 ); + + talloc_destroy( Printer->ctx ); + + /* Remove from the internal list. */ + DLIST_REMOVE(printers_list, Printer); + + SAFE_FREE(Printer); +} + +/**************************************************************************** + Functions to duplicate a SPOOL_NOTIFY_OPTION struct stored in Printer_entry. +****************************************************************************/ + +static SPOOL_NOTIFY_OPTION *dup_spool_notify_option(SPOOL_NOTIFY_OPTION *sp) +{ + SPOOL_NOTIFY_OPTION *new_sp = NULL; + + if (!sp) + return NULL; + + new_sp = (SPOOL_NOTIFY_OPTION *)malloc(sizeof(SPOOL_NOTIFY_OPTION)); + if (!new_sp) + return NULL; + + *new_sp = *sp; + + if (sp->ctr.count) { + new_sp->ctr.type = (SPOOL_NOTIFY_OPTION_TYPE *)memdup(sp->ctr.type, sizeof(SPOOL_NOTIFY_OPTION_TYPE) * sp->ctr.count); + + if (!new_sp->ctr.type) { + SAFE_FREE(new_sp); + return NULL; + } + } + + return new_sp; +} + +/**************************************************************************** + find printer index by handle +****************************************************************************/ + +static Printer_entry *find_printer_index_by_hnd(pipes_struct *p, POLICY_HND *hnd) +{ + Printer_entry *find_printer = NULL; + + if(!find_policy_by_hnd(p,hnd,(void **)&find_printer)) { + DEBUG(2,("find_printer_index_by_hnd: Printer handle not found: ")); + return NULL; + } + + return find_printer; +} + +/**************************************************************************** + find printer index by handle +****************************************************************************/ + +void invalidate_printer_hnd_cache( char *printername ) +{ + Printer_entry *p; + + DEBUG(10,("invalidate_printer_hnd_cache: printer [%s]\n", printername)); + + for ( p=printers_list; p; p=p->next ) + { + if ( p->printer_type==PRINTER_HANDLE_IS_PRINTER + && StrCaseCmp(p->dev.handlename, printername)==0) + { + DEBUG(10,("invalidating printer_info cache for handl:\n")); + free_a_printer( &p->printer_info, 2 ); + p->printer_info = NULL; + } + } + + return; +} +/**************************************************************************** + Close printer index by handle. +****************************************************************************/ + +static BOOL close_printer_handle(pipes_struct *p, POLICY_HND *hnd) +{ + Printer_entry *Printer = find_printer_index_by_hnd(p, hnd); + + if (!Printer) { + DEBUG(2,("close_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd))); + return False; + } + + close_policy_hnd(p, hnd); + + return True; +} + +/**************************************************************************** + Delete a printer given a handle. +****************************************************************************/ + +static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) +{ + Printer_entry *Printer = find_printer_index_by_hnd(p, hnd); + + if (!Printer) { + DEBUG(2,("delete_printer_handle: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd))); + return WERR_BADFID; + } + + /* + * It turns out that Windows allows delete printer on a handle + * opened by an admin user, then used on a pipe handle created + * by an anonymous user..... but they're working on security.... riiight ! + * JRA. + */ + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) { + DEBUG(3, ("delete_printer_handle: denied by handle\n")); + return WERR_ACCESS_DENIED; + } + +#if 0 + /* Check calling user has permission to delete printer. Note that + since we set the snum parameter to -1 only administrators can + delete the printer. This stops people with the Full Control + permission from deleting the printer. */ + + if (!print_access_check(NULL, -1, PRINTER_ACCESS_ADMINISTER)) { + DEBUG(3, ("printer delete denied by security descriptor\n")); + return WERR_ACCESS_DENIED; + } +#endif + + if (del_a_printer(Printer->dev.handlename) != 0) { + DEBUG(3,("Error deleting printer %s\n", Printer->dev.handlename)); + return WERR_BADFID; + } + + if (*lp_deleteprinter_cmd()) { + + char *cmd = lp_deleteprinter_cmd(); + pstring command; + int ret; + int i; + + /* Printer->dev.handlename equals portname equals sharename */ + slprintf(command, sizeof(command)-1, "%s \"%s\"", cmd, + Printer->dev.handlename); + + DEBUG(10,("Running [%s]\n", command)); + ret = smbrun(command, NULL); + if (ret != 0) { + return WERR_BADFID; /* What to return here? */ + } + DEBUGADD(10,("returned [%d]\n", ret)); + + /* Send SIGHUP to process group... is there a better way? */ + kill(0, SIGHUP); + + /* go ahead and re-read the services immediately */ + reload_services( False ); + + if ( ( i = lp_servicenumber( Printer->dev.handlename ) ) < 0 ) + return WERR_ACCESS_DENIED; + } + + return WERR_OK; +} + +/**************************************************************************** + Return the snum of a printer corresponding to an handle. +****************************************************************************/ + +static BOOL get_printer_snum(pipes_struct *p, POLICY_HND *hnd, int *number) +{ + Printer_entry *Printer = find_printer_index_by_hnd(p, hnd); + + if (!Printer) { + DEBUG(2,("get_printer_snum: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(hnd))); + return False; + } + + switch (Printer->printer_type) { + case PRINTER_HANDLE_IS_PRINTER: + DEBUG(4,("short name:%s\n", Printer->dev.handlename)); + *number = print_queue_snum(Printer->dev.handlename); + return (*number != -1); + case PRINTER_HANDLE_IS_PRINTSERVER: + return False; + default: + return False; + } +} + +/**************************************************************************** + Set printer handle type. + Check if it's \\server or \\server\printer +****************************************************************************/ + +static BOOL set_printer_hnd_printertype(Printer_entry *Printer, char *handlename) +{ + DEBUG(3,("Setting printer type=%s\n", handlename)); + + if ( strlen(handlename) < 3 ) { + DEBUGADD(4,("A print server must have at least 1 char ! %s\n", handlename)); + return False; + } + + /* it's a print server */ + if (*handlename=='\\' && *(handlename+1)=='\\' && !strchr_m(handlename+2, '\\')) { + DEBUGADD(4,("Printer is a print server\n")); + Printer->printer_type = PRINTER_HANDLE_IS_PRINTSERVER; + } + /* it's a printer */ + else { + DEBUGADD(4,("Printer is a printer\n")); + Printer->printer_type = PRINTER_HANDLE_IS_PRINTER; + } + + return True; +} + +/**************************************************************************** + Set printer handle name. +****************************************************************************/ + +static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename) +{ + int snum; + int n_services=lp_numservices(); + char *aprinter; + fstring sname; + BOOL found=False; + + DEBUG(4,("Setting printer name=%s (len=%d)\n", handlename, strlen(handlename))); + + if (Printer->printer_type==PRINTER_HANDLE_IS_PRINTSERVER) { + ZERO_STRUCT(Printer->dev.printerservername); + strncpy(Printer->dev.printerservername, handlename, strlen(handlename)); + return True; + } + + if (Printer->printer_type!=PRINTER_HANDLE_IS_PRINTER) + return False; + + if (*handlename=='\\') { + aprinter=strchr_m(handlename+2, '\\'); + aprinter++; + } + else { + aprinter=handlename; + } + + DEBUGADD(5,("searching for [%s] (len=%d)\n", aprinter, strlen(aprinter))); + + /* + * The original code allowed smbd to store a printer name that + * was different from the share name. This is not possible + * anymore, so I've simplified this loop greatly. Here + * we are just verifying that the printer name is a valid + * printer service defined in smb.conf + * --jerry [Fri Feb 15 11:17:46 CST 2002] + */ + + for (snum=0; snum<n_services; snum++) { + + if ( !(lp_snum_ok(snum) && lp_print_ok(snum) ) ) + continue; + + fstrcpy(sname, lp_servicename(snum)); + + DEBUGADD(5,("share:%s\n",sname)); + + if (! StrCaseCmp(sname, aprinter)) { + found = True; + break; + } + + } + + + if (!found) { + DEBUGADD(4,("Printer not found\n")); + return False; + } + + DEBUGADD(4,("set_printer_hnd_name: Printer found: %s -> %s\n", aprinter, sname)); + + ZERO_STRUCT(Printer->dev.handlename); + fstrcpy(Printer->dev.handlename, sname); + + return True; +} + +/**************************************************************************** + Find first available printer slot. creates a printer handle for you. + ****************************************************************************/ + +static BOOL open_printer_hnd(pipes_struct *p, POLICY_HND *hnd, char *name, uint32 access_granted) +{ + Printer_entry *new_printer; + + DEBUG(10,("open_printer_hnd: name [%s]\n", name)); + + if((new_printer=(Printer_entry *)malloc(sizeof(Printer_entry))) == NULL) + return False; + + ZERO_STRUCTP(new_printer); + + if ( !(new_printer->ctx = talloc_init("Printer Entry [0x%x]", (uint32)hnd)) ) { + DEBUG(0,("open_printer_hnd: talloc_init() failed!\n")); + return False; + } + + new_printer->notify.option=NULL; + + /* Add to the internal list. */ + DLIST_ADD(printers_list, new_printer); + + if (!create_policy_hnd(p, hnd, free_printer_entry, new_printer)) { + SAFE_FREE(new_printer); + return False; + } + + if (!set_printer_hnd_printertype(new_printer, name)) { + close_printer_handle(p, hnd); + return False; + } + + if (!set_printer_hnd_name(new_printer, name)) { + close_printer_handle(p, hnd); + return False; + } + + new_printer->access_granted = access_granted; + + DEBUG(5, ("%d printer handles active\n", (int)p->pipe_handles->count )); + + return True; +} + +/**************************************************************************** + Allocate more memory for a BUFFER. +****************************************************************************/ + +static BOOL alloc_buffer_size(NEW_BUFFER *buffer, uint32 buffer_size) +{ + prs_struct *ps; + uint32 extra_space; + uint32 old_offset; + + ps= &buffer->prs; + + /* damn, I'm doing the reverse operation of prs_grow() :) */ + if (buffer_size < prs_data_size(ps)) + extra_space=0; + else + extra_space = buffer_size - prs_data_size(ps); + + /* + * save the offset and move to the end of the buffer + * prs_grow() checks the extra_space against the offset + */ + old_offset=prs_offset(ps); + prs_set_offset(ps, prs_data_size(ps)); + + if (!prs_grow(ps, extra_space)) + return False; + + prs_set_offset(ps, old_offset); + + buffer->string_at_end=prs_data_size(ps); + + return True; +} + +/*************************************************************************** + check to see if the client motify handle is monitoring the notification + given by (notify_type, notify_field). + **************************************************************************/ + +static BOOL is_monitoring_event_flags(uint32 flags, uint16 notify_type, + uint16 notify_field) +{ + return True; +} + +static BOOL is_monitoring_event(Printer_entry *p, uint16 notify_type, + uint16 notify_field) +{ + SPOOL_NOTIFY_OPTION *option = p->notify.option; + uint32 i, j; + + /* + * Flags should always be zero when the change notify + * is registered by the client's spooler. A user Win32 app + * might use the flags though instead of the NOTIFY_OPTION_INFO + * --jerry + */ + + if (p->notify.flags) + return is_monitoring_event_flags( + p->notify.flags, notify_type, notify_field); + + for (i = 0; i < option->count; i++) { + + /* Check match for notify_type */ + + if (option->ctr.type[i].type != notify_type) + continue; + + /* Check match for field */ + + for (j = 0; j < option->ctr.type[i].count; j++) { + if (option->ctr.type[i].fields[j] == notify_field) { + return True; + } + } + } + + DEBUG(10, ("%s is not monitoring 0x%02x/0x%02x\n", + (p->printer_type == PRINTER_HANDLE_IS_PRINTER) ? + p->dev.handlename : p->dev.printerservername, + notify_type, notify_field)); + + return False; +} + +/* Convert a notification message to a SPOOL_NOTIFY_INFO_DATA struct */ + +static void notify_one_value(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = msg->notify.value[0]; + data->notify_data.value[1] = 0; +} + +static void notify_string(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, + TALLOC_CTX *mem_ctx) +{ + UNISTR2 unistr; + + /* The length of the message includes the trailing \0 */ + + init_unistr2(&unistr, msg->notify.data, msg->len); + + data->notify_data.data.length = msg->len * 2; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, msg->len * 2); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, unistr.buffer, msg->len * 2); +} + +static void notify_system_time(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, + TALLOC_CTX *mem_ctx) +{ + SYSTEMTIME systime; + prs_struct ps; + + if (msg->len != sizeof(time_t)) { + DEBUG(5, ("notify_system_time: received wrong sized message (%d)\n", + msg->len)); + return; + } + + if (!prs_init(&ps, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) { + DEBUG(5, ("notify_system_time: prs_init() failed\n")); + return; + } + + if (!make_systemtime(&systime, gmtime((time_t *)msg->notify.data))) { + DEBUG(5, ("notify_system_time: unable to make systemtime\n")); + return; + } + + if (!spoolss_io_system_time("", &ps, 0, &systime)) + return; + + data->notify_data.data.length = prs_offset(&ps); + data->notify_data.data.string = talloc(mem_ctx, prs_offset(&ps)); + + prs_copy_all_data_out((char *)data->notify_data.data.string, &ps); + + prs_mem_free(&ps); +} + +struct notify2_message_table { + const char *name; + void (*fn)(struct spoolss_notify_msg *msg, + SPOOL_NOTIFY_INFO_DATA *data, TALLOC_CTX *mem_ctx); +}; + +static struct notify2_message_table printer_notify_table[] = { + /* 0x00 */ { "PRINTER_NOTIFY_SERVER_NAME", notify_string }, + /* 0x01 */ { "PRINTER_NOTIFY_PRINTER_NAME", notify_string }, + /* 0x02 */ { "PRINTER_NOTIFY_SHARE_NAME", notify_string }, + /* 0x03 */ { "PRINTER_NOTIFY_PORT_NAME", notify_string }, + /* 0x04 */ { "PRINTER_NOTIFY_DRIVER_NAME", notify_string }, + /* 0x05 */ { "PRINTER_NOTIFY_COMMENT", notify_string }, + /* 0x06 */ { "PRINTER_NOTIFY_LOCATION", notify_string }, + /* 0x07 */ { "PRINTER_NOTIFY_DEVMODE", NULL }, + /* 0x08 */ { "PRINTER_NOTIFY_SEPFILE", notify_string }, + /* 0x09 */ { "PRINTER_NOTIFY_PRINT_PROCESSOR", notify_string }, + /* 0x0a */ { "PRINTER_NOTIFY_PARAMETERS", NULL }, + /* 0x0b */ { "PRINTER_NOTIFY_DATATYPE", notify_string }, + /* 0x0c */ { "PRINTER_NOTIFY_SECURITY_DESCRIPTOR", NULL }, + /* 0x0d */ { "PRINTER_NOTIFY_ATTRIBUTES", notify_one_value }, + /* 0x0e */ { "PRINTER_NOTIFY_PRIORITY", notify_one_value }, + /* 0x0f */ { "PRINTER_NOTIFY_DEFAULT_PRIORITY", NULL }, + /* 0x10 */ { "PRINTER_NOTIFY_START_TIME", NULL }, + /* 0x11 */ { "PRINTER_NOTIFY_UNTIL_TIME", NULL }, + /* 0x12 */ { "PRINTER_NOTIFY_STATUS", notify_one_value }, +}; + +static struct notify2_message_table job_notify_table[] = { + /* 0x00 */ { "JOB_NOTIFY_PRINTER_NAME", NULL }, + /* 0x01 */ { "JOB_NOTIFY_MACHINE_NAME", NULL }, + /* 0x02 */ { "JOB_NOTIFY_PORT_NAME", NULL }, + /* 0x03 */ { "JOB_NOTIFY_USER_NAME", notify_string }, + /* 0x04 */ { "JOB_NOTIFY_NOTIFY_NAME", NULL }, + /* 0x05 */ { "JOB_NOTIFY_DATATYPE", NULL }, + /* 0x06 */ { "JOB_NOTIFY_PRINT_PROCESSOR", NULL }, + /* 0x07 */ { "JOB_NOTIFY_PARAMETERS", NULL }, + /* 0x08 */ { "JOB_NOTIFY_DRIVER_NAME", NULL }, + /* 0x09 */ { "JOB_NOTIFY_DEVMODE", NULL }, + /* 0x0a */ { "JOB_NOTIFY_STATUS", notify_one_value }, + /* 0x0b */ { "JOB_NOTIFY_STATUS_STRING", NULL }, + /* 0x0c */ { "JOB_NOTIFY_SECURITY_DESCRIPTOR", NULL }, + /* 0x0d */ { "JOB_NOTIFY_DOCUMENT", notify_string }, + /* 0x0e */ { "JOB_NOTIFY_PRIORITY", NULL }, + /* 0x0f */ { "JOB_NOTIFY_POSITION", NULL }, + /* 0x10 */ { "JOB_NOTIFY_SUBMITTED", notify_system_time }, + /* 0x11 */ { "JOB_NOTIFY_START_TIME", NULL }, + /* 0x12 */ { "JOB_NOTIFY_UNTIL_TIME", NULL }, + /* 0x13 */ { "JOB_NOTIFY_TIME", NULL }, + /* 0x14 */ { "JOB_NOTIFY_TOTAL_PAGES", notify_one_value }, + /* 0x15 */ { "JOB_NOTIFY_PAGES_PRINTED", NULL }, + /* 0x16 */ { "JOB_NOTIFY_TOTAL_BYTES", notify_one_value }, + /* 0x17 */ { "JOB_NOTIFY_BYTES_PRINTED", NULL }, +}; + + +/*********************************************************************** + Allocate talloc context for container object + **********************************************************************/ + +static void notify_msg_ctr_init( SPOOLSS_NOTIFY_MSG_CTR *ctr ) +{ + if ( !ctr ) + return; + + ctr->ctx = talloc_init("notify_msg_ctr_init %p", ctr); + + return; +} + +/*********************************************************************** + release all allocated memory and zero out structure + **********************************************************************/ + +static void notify_msg_ctr_destroy( SPOOLSS_NOTIFY_MSG_CTR *ctr ) +{ + if ( !ctr ) + return; + + if ( ctr->ctx ) + talloc_destroy(ctr->ctx); + + ZERO_STRUCTP(ctr); + + return; +} + +/*********************************************************************** + **********************************************************************/ + +static TALLOC_CTX* notify_ctr_getctx( SPOOLSS_NOTIFY_MSG_CTR *ctr ) +{ + if ( !ctr ) + return NULL; + + return ctr->ctx; +} + +/*********************************************************************** + **********************************************************************/ + +static SPOOLSS_NOTIFY_MSG_GROUP* notify_ctr_getgroup( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx ) +{ + if ( !ctr || !ctr->msg_groups ) + return NULL; + + if ( idx >= ctr->num_groups ) + return NULL; + + return &ctr->msg_groups[idx]; + +} + +/*********************************************************************** + How many groups of change messages do we have ? + **********************************************************************/ + +static int notify_msg_ctr_numgroups( SPOOLSS_NOTIFY_MSG_CTR *ctr ) +{ + if ( !ctr ) + return 0; + + return ctr->num_groups; +} + +/*********************************************************************** + Add a SPOOLSS_NOTIFY_MSG_CTR to the correct group + **********************************************************************/ + +static int notify_msg_ctr_addmsg( SPOOLSS_NOTIFY_MSG_CTR *ctr, SPOOLSS_NOTIFY_MSG *msg ) +{ + SPOOLSS_NOTIFY_MSG_GROUP *groups = NULL; + SPOOLSS_NOTIFY_MSG_GROUP *msg_grp = NULL; + SPOOLSS_NOTIFY_MSG *msg_list = NULL; + int i, new_slot; + + if ( !ctr || !msg ) + return 0; + + /* loop over all groups looking for a matching printer name */ + + for ( i=0; i<ctr->num_groups; i++ ) { + if ( strcmp(ctr->msg_groups[i].printername, msg->printer) == 0 ) + break; + } + + /* add a new group? */ + + if ( i == ctr->num_groups ) { + ctr->num_groups++; + + if ( !(groups = talloc_realloc( ctr->ctx, ctr->msg_groups, sizeof(SPOOLSS_NOTIFY_MSG_GROUP)*ctr->num_groups)) ) { + DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed!\n")); + return 0; + } + ctr->msg_groups = groups; + + /* clear the new entry and set the printer name */ + + ZERO_STRUCT( ctr->msg_groups[ctr->num_groups-1] ); + fstrcpy( ctr->msg_groups[ctr->num_groups-1].printername, msg->printer ); + } + + /* add the change messages; 'i' is the correct index now regardless */ + + msg_grp = &ctr->msg_groups[i]; + + msg_grp->num_msgs++; + + if ( !(msg_list = talloc_realloc( ctr->ctx, msg_grp->msgs, sizeof(SPOOLSS_NOTIFY_MSG)*msg_grp->num_msgs )) ) { + DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed for new message [%d]!\n", msg_grp->num_msgs)); + return 0; + } + msg_grp->msgs = msg_list; + + new_slot = msg_grp->num_msgs-1; + memcpy( &msg_grp->msgs[new_slot], msg, sizeof(SPOOLSS_NOTIFY_MSG) ); + + /* need to allocate own copy of data */ + + if ( msg->len != 0 ) + msg_grp->msgs[new_slot].notify.data = talloc_memdup( ctr->ctx, msg->notify.data, msg->len ); + + return ctr->num_groups; +} + +/*********************************************************************** + Send a change notication message on all handles which have a call + back registered + **********************************************************************/ + +static void send_notify2_changes( SPOOLSS_NOTIFY_MSG_CTR *ctr, uint32 idx ) +{ + Printer_entry *p; + TALLOC_CTX *mem_ctx = notify_ctr_getctx( ctr ); + SPOOLSS_NOTIFY_MSG_GROUP *msg_group = notify_ctr_getgroup( ctr, idx ); + SPOOLSS_NOTIFY_MSG *messages; + + + if ( !msg_group ) { + DEBUG(5,("send_notify2_changes() called with no msg group!\n")); + return; + } + + messages = msg_group->msgs; + + if ( !messages ) { + DEBUG(5,("send_notify2_changes() called with no messages!\n")); + return; + } + + DEBUG(8,("send_notify2_changes: Enter...[%s]\n", msg_group->printername)); + + /* loop over all printers */ + + for (p = printers_list; p; p = p->next) { + SPOOL_NOTIFY_INFO_DATA *data; + uint32 data_len = 0; + uint32 id; + int i, event_index; + + /* Is there notification on this handle? */ + + if ( !p->notify.client_connected ) + continue; + + DEBUG(10,("Client connected! [%s]\n", p->dev.handlename)); + + /* For this printer? Print servers always receive + notifications. */ + + if ( ( p->printer_type == PRINTER_HANDLE_IS_PRINTER ) && + ( !strequal(msg_group->printername, p->dev.handlename) ) ) + continue; + + DEBUG(10,("Our printer\n")); + + /* allocate the max entries possible */ + + data = talloc( mem_ctx, msg_group->num_msgs*sizeof(SPOOL_NOTIFY_INFO_DATA) ); + ZERO_STRUCTP(data); + + event_index = 0; + + /* build the array of change notifications */ + + for ( i=0; i<msg_group->num_msgs; i++ ) { + SPOOLSS_NOTIFY_MSG *msg = &messages[i]; + + /* Are we monitoring this event? */ + + if (!is_monitoring_event(p, msg->type, msg->field)) + continue; + + + DEBUG(10,("process_notify2_message: Sending message type [%x] field [%x] for printer [%s]\n", + msg->type, msg->field, p->dev.handlename)); + + /* + * if the is a printer notification handle and not a job notification + * type, then set the id to 0. Other wise just use what was specified + * in the message. + * + * When registering change notification on a print server handle + * we always need to send back the id (snum) matching the printer + * for which the change took place. For change notify registered + * on a printer handle, this does not matter and the id should be 0. + * + * --jerry + */ + + if ( ( p->printer_type == PRINTER_HANDLE_IS_PRINTER ) && ( msg->type == PRINTER_NOTIFY_TYPE ) ) + id = 0; + else + id = msg->id; + + + /* Convert unix jobid to smb jobid */ + + if (msg->flags & SPOOLSS_NOTIFY_MSG_UNIX_JOBID) { + id = sysjob_to_jobid(msg->id); + + if (id == -1) { + DEBUG(3, ("no such unix jobid %d\n", msg->id)); + goto done; + } + } + + construct_info_data( &data[data_len], msg->type, msg->field, id ); + + switch(msg->type) { + case PRINTER_NOTIFY_TYPE: + if ( printer_notify_table[msg->field].fn ) + printer_notify_table[msg->field].fn(msg, &data[data_len], mem_ctx); + break; + + case JOB_NOTIFY_TYPE: + if ( job_notify_table[msg->field].fn ) + job_notify_table[msg->field].fn(msg, &data[data_len], mem_ctx); + break; + + default: + DEBUG(5, ("Unknown notification type %d\n", msg->type)); + goto done; + } + + data_len++; + } + + cli_spoolss_rrpcn( ¬ify_cli, mem_ctx, &p->notify.client_hnd, + data_len, data, p->notify.change, 0 ); + } + +done: + DEBUG(8,("send_notify2_changes: Exit...\n")); + return; +} + +/*********************************************************************** + **********************************************************************/ + +static BOOL notify2_unpack_msg( SPOOLSS_NOTIFY_MSG *msg, void *buf, size_t len ) +{ + + size_t offset = 0; + + /* Unpack message */ + + offset += tdb_unpack((char *)buf + offset, len - offset, "f", + msg->printer); + + offset += tdb_unpack((char *)buf + offset, len - offset, "ddddd", + &msg->type, &msg->field, &msg->id, &msg->len, &msg->flags); + + if (msg->len == 0) + tdb_unpack((char *)buf + offset, len - offset, "dd", + &msg->notify.value[0], &msg->notify.value[1]); + else + tdb_unpack((char *)buf + offset, len - offset, "B", + &msg->len, &msg->notify.data); + + DEBUG(3, ("notify2_unpack_msg: got NOTIFY2 message, type %d, field 0x%02x, flags 0x%04x\n", + msg->type, msg->field, msg->flags)); + + if (msg->len == 0) + DEBUG(3, ("notify2_unpack_msg: value1 = %d, value2 = %d\n", msg->notify.value[0], + msg->notify.value[1])); + else + dump_data(3, msg->notify.data, msg->len); + + return True; +} + +/******************************************************************** + Receive a notify2 message list + ********************************************************************/ + +static void receive_notify2_message_list(int msg_type, pid_t src, void *msg, size_t len) +{ + size_t msg_count, i; + char *buf = (char *)msg; + char *msg_ptr; + size_t msg_len; + SPOOLSS_NOTIFY_MSG notify; + SPOOLSS_NOTIFY_MSG_CTR messages; + int num_groups; + + if (len < 4) { + DEBUG(0,("receive_notify2_message_list: bad message format (len < 4)!\n")); + return; + } + + msg_count = IVAL(buf, 0); + msg_ptr = buf + 4; + + DEBUG(5, ("receive_notify2_message_list: got %d messages in list\n", msg_count)); + + if (msg_count == 0) { + DEBUG(0,("receive_notify2_message_list: bad message format (msg_count == 0) !\n")); + return; + } + + /* initialize the container */ + + ZERO_STRUCT( messages ); + notify_msg_ctr_init( &messages ); + + /* + * build message groups for each printer identified + * in a change_notify msg. Remember that a PCN message + * includes the handle returned for the srv_spoolss_replyopenprinter() + * call. Therefore messages are grouped according to printer handle. + */ + + for ( i=0; i<msg_count; i++ ) + { + if (msg_ptr + 4 - buf > len) { + DEBUG(0,("receive_notify2_message_list: bad message format (len > buf_size) !\n")); + return; + } + + msg_len = IVAL(msg_ptr,0); + msg_ptr += 4; + + if (msg_ptr + msg_len - buf > len) { + DEBUG(0,("receive_notify2_message_list: bad message format (bad len) !\n")); + return; + } + + /* unpack messages */ + + ZERO_STRUCT( notify ); + notify2_unpack_msg( ¬ify, msg_ptr, msg_len ); + msg_ptr += msg_len; + + /* add to correct list in container */ + + notify_msg_ctr_addmsg( &messages, ¬ify ); + + /* free memory that might have been allocated by notify2_unpack_msg() */ + + if ( notify.len != 0 ) + SAFE_FREE( notify.notify.data ); + } + + /* process each group of messages */ + + num_groups = notify_msg_ctr_numgroups( &messages ); + for ( i=0; i<num_groups; i++ ) + send_notify2_changes( &messages, i ); + + + /* cleanup */ + + DEBUG(10,("receive_notify2_message_list: processed %u messages\n", (uint32)msg_count )); + + notify_msg_ctr_destroy( &messages ); + + return; +} + +/******************************************************************** + Send a message to ourself about new driver being installed + so we can upgrade the information for each printer bound to this + driver + ********************************************************************/ + +static BOOL srv_spoolss_drv_upgrade_printer(char* drivername) +{ + int len = strlen(drivername); + + if (!len) + return False; + + DEBUG(10,("srv_spoolss_drv_upgrade_printer: Sending message about driver upgrade [%s]\n", + drivername)); + + message_send_pid(sys_getpid(), MSG_PRINTER_DRVUPGRADE, drivername, len+1, False); + + return True; +} + +/********************************************************************** + callback to receive a MSG_PRINTER_DRVUPGRADE message and interate + over all printers, upgrading ones as neessary + **********************************************************************/ + +void do_drv_upgrade_printer(int msg_type, pid_t src, void *buf, size_t len) +{ + fstring drivername; + int snum; + int n_services = lp_numservices(); + + len = MIN(len,sizeof(drivername)-1); + strncpy(drivername, buf, len); + + DEBUG(10,("do_drv_upgrade_printer: Got message for new driver [%s]\n", drivername )); + + /* Iterate the printer list */ + + for (snum=0; snum<n_services; snum++) + { + if (lp_snum_ok(snum) && lp_print_ok(snum) ) + { + WERROR result; + NT_PRINTER_INFO_LEVEL *printer = NULL; + + result = get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(result)) + continue; + + if (printer && printer->info_2 && !strcmp(drivername, printer->info_2->drivername)) + { + DEBUG(6,("Updating printer [%s]\n", printer->info_2->printername)); + + /* all we care about currently is the change_id */ + + result = mod_a_printer(*printer, 2); + if (!W_ERROR_IS_OK(result)) { + DEBUG(3,("do_drv_upgrade_printer: mod_a_printer() failed with status [%s]\n", + dos_errstr(result))); + } + } + + free_a_printer(&printer, 2); + } + } + + /* all done */ +} + +/******************************************************************** + Update the cahce for all printq's with a registered client + connection + ********************************************************************/ + +void update_monitored_printq_cache( void ) +{ + Printer_entry *printer = printers_list; + int snum; + + /* loop through all printers and update the cache where + client_connected == True */ + while ( printer ) + { + if ( (printer->printer_type == PRINTER_HANDLE_IS_PRINTER) + && printer->notify.client_connected ) + { + snum = print_queue_snum(printer->dev.handlename); + print_queue_status( snum, NULL, NULL ); + } + + printer = printer->next; + } + + return; +} +/******************************************************************** + Send a message to ourself about new driver being installed + so we can upgrade the information for each printer bound to this + driver + ********************************************************************/ + +static BOOL srv_spoolss_reset_printerdata(char* drivername) +{ + int len = strlen(drivername); + + if (!len) + return False; + + DEBUG(10,("srv_spoolss_reset_printerdata: Sending message about resetting printerdata [%s]\n", + drivername)); + + message_send_pid(sys_getpid(), MSG_PRINTERDATA_INIT_RESET, drivername, len+1, False); + + return True; +} + +/********************************************************************** + callback to receive a MSG_PRINTERDATA_INIT_RESET message and interate + over all printers, resetting printer data as neessary + **********************************************************************/ + +void reset_all_printerdata(int msg_type, pid_t src, void *buf, size_t len) +{ + fstring drivername; + int snum; + int n_services = lp_numservices(); + + len = MIN( len, sizeof(drivername)-1 ); + strncpy( drivername, buf, len ); + + DEBUG(10,("reset_all_printerdata: Got message for new driver [%s]\n", drivername )); + + /* Iterate the printer list */ + + for ( snum=0; snum<n_services; snum++ ) + { + if ( lp_snum_ok(snum) && lp_print_ok(snum) ) + { + WERROR result; + NT_PRINTER_INFO_LEVEL *printer = NULL; + + result = get_a_printer( NULL, &printer, 2, lp_const_servicename(snum) ); + if ( !W_ERROR_IS_OK(result) ) + continue; + + /* + * if the printer is bound to the driver, + * then reset to the new driver initdata + */ + + if ( printer && printer->info_2 && !strcmp(drivername, printer->info_2->drivername) ) + { + DEBUG(6,("reset_all_printerdata: Updating printer [%s]\n", printer->info_2->printername)); + + if ( !set_driver_init(printer, 2) ) { + DEBUG(5,("reset_all_printerdata: Error resetting printer data for printer [%s], driver [%s]!\n", + printer->info_2->printername, printer->info_2->drivername)); + } + + result = mod_a_printer( *printer, 2 ); + if ( !W_ERROR_IS_OK(result) ) { + DEBUG(3,("reset_all_printerdata: mod_a_printer() failed! (%s)\n", + get_dos_error_msg(result))); + } + } + + free_a_printer( &printer, 2 ); + } + } + + /* all done */ + + return; +} + +/******************************************************************** + Copy routines used by convert_to_openprinterex() + *******************************************************************/ + +static DEVICEMODE* dup_devicemode(TALLOC_CTX *ctx, DEVICEMODE *devmode) +{ + DEVICEMODE *d; + int len; + + if (!devmode) + return NULL; + + DEBUG (8,("dup_devmode\n")); + + /* bulk copy first */ + + d = talloc_memdup(ctx, devmode, sizeof(DEVICEMODE)); + if (!d) + return NULL; + + /* dup the pointer members separately */ + + len = unistrlen(devmode->devicename.buffer); + if (len != -1) { + d->devicename.buffer = talloc(ctx, len*2); + if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len) + return NULL; + } + + + len = unistrlen(devmode->formname.buffer); + if (len != -1) { + d->devicename.buffer = talloc(ctx, len*2); + if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len) + return NULL; + } + + d->private = talloc_memdup(ctx, devmode->private, devmode->driverextra); + + return d; +} + +static void copy_devmode_ctr(TALLOC_CTX *ctx, DEVMODE_CTR *new_ctr, DEVMODE_CTR *ctr) +{ + if (!new_ctr || !ctr) + return; + + DEBUG(8,("copy_devmode_ctr\n")); + + new_ctr->size = ctr->size; + new_ctr->devmode_ptr = ctr->devmode_ptr; + + if(ctr->devmode_ptr) + new_ctr->devmode = dup_devicemode(ctx, ctr->devmode); +} + +static void copy_printer_default(TALLOC_CTX *ctx, PRINTER_DEFAULT *new_def, PRINTER_DEFAULT *def) +{ + if (!new_def || !def) + return; + + DEBUG(8,("copy_printer_defaults\n")); + + new_def->datatype_ptr = def->datatype_ptr; + + if (def->datatype_ptr) + copy_unistr2(&new_def->datatype, &def->datatype); + + copy_devmode_ctr(ctx, &new_def->devmode_cont, &def->devmode_cont); + + new_def->access_required = def->access_required; +} + +/******************************************************************** + * Convert a SPOOL_Q_OPEN_PRINTER structure to a + * SPOOL_Q_OPEN_PRINTER_EX structure + ********************************************************************/ + +static void convert_to_openprinterex(TALLOC_CTX *ctx, SPOOL_Q_OPEN_PRINTER_EX *q_u_ex, SPOOL_Q_OPEN_PRINTER *q_u) +{ + if (!q_u_ex || !q_u) + return; + + DEBUG(8,("convert_to_openprinterex\n")); + + q_u_ex->printername_ptr = q_u->printername_ptr; + + if (q_u->printername_ptr) + copy_unistr2(&q_u_ex->printername, &q_u->printername); + + copy_printer_default(ctx, &q_u_ex->printer_default, &q_u->printer_default); +} + +/******************************************************************** + * spoolss_open_printer + * + * called from the spoolss dispatcher + ********************************************************************/ + +WERROR _spoolss_open_printer(pipes_struct *p, SPOOL_Q_OPEN_PRINTER *q_u, SPOOL_R_OPEN_PRINTER *r_u) +{ + SPOOL_Q_OPEN_PRINTER_EX q_u_ex; + SPOOL_R_OPEN_PRINTER_EX r_u_ex; + + if (!q_u || !r_u) + return WERR_NOMEM; + + ZERO_STRUCT(q_u_ex); + ZERO_STRUCT(r_u_ex); + + /* convert the OpenPrinter() call to OpenPrinterEx() */ + + convert_to_openprinterex(p->mem_ctx, &q_u_ex, q_u); + + r_u_ex.status = _spoolss_open_printer_ex(p, &q_u_ex, &r_u_ex); + + /* convert back to OpenPrinter() */ + + memcpy(r_u, &r_u_ex, sizeof(*r_u)); + + return r_u->status; +} + +/******************************************************************** + * spoolss_open_printer + * + * If the openprinterex rpc call contains a devmode, + * it's a per-user one. This per-user devmode is derivated + * from the global devmode. Openprinterex() contains a per-user + * devmode for when you do EMF printing and spooling. + * In the EMF case, the NT workstation is only doing half the job + * of rendering the page. The other half is done by running the printer + * driver on the server. + * The EMF file doesn't contain the page description (paper size, orientation, ...). + * The EMF file only contains what is to be printed on the page. + * So in order for the server to know how to print, the NT client sends + * a devicemode attached to the openprinterex call. + * But this devicemode is short lived, it's only valid for the current print job. + * + * If Samba would have supported EMF spooling, this devicemode would + * have been attached to the handle, to sent it to the driver to correctly + * rasterize the EMF file. + * + * As Samba only supports RAW spooling, we only receive a ready-to-print file, + * we just act as a pass-thru between windows and the printer. + * + * In order to know that Samba supports only RAW spooling, NT has to call + * getprinter() at level 2 (attribute field) or NT has to call startdoc() + * and until NT sends a RAW job, we refuse it. + * + * But to call getprinter() or startdoc(), you first need a valid handle, + * and to get an handle you have to call openprintex(). Hence why you have + * a devicemode in the openprinterex() call. + * + * + * Differences between NT4 and NT 2000. + * NT4: + * --- + * On NT4, you only have a global devicemode. This global devicemode can be changed + * by the administrator (or by a user with enough privs). Everytime a user + * wants to print, the devicemode is resetted to the default. In Word, everytime + * you print, the printer's characteristics are always reset to the global devicemode. + * + * NT 2000: + * ------- + * In W2K, there is the notion of per-user devicemode. The first time you use + * a printer, a per-user devicemode is build from the global devicemode. + * If you change your per-user devicemode, it is saved in the registry, under the + * H_KEY_CURRENT_KEY sub_tree. So that everytime you print, you have your default + * printer preferences available. + * + * To change the per-user devicemode: it's the "Printing Preferences ..." button + * on the General Tab of the printer properties windows. + * + * To change the global devicemode: it's the "Printing Defaults..." button + * on the Advanced Tab of the printer properties window. + * + * JFM. + ********************************************************************/ + +WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, SPOOL_R_OPEN_PRINTER_EX *r_u) +{ + UNISTR2 *printername = NULL; + PRINTER_DEFAULT *printer_default = &q_u->printer_default; + POLICY_HND *handle = &r_u->handle; + + fstring name; + int snum; + struct current_user user; + Printer_entry *Printer=NULL; + + if (q_u->printername_ptr != 0) + printername = &q_u->printername; + + if (printername == NULL) + return WERR_INVALID_PRINTER_NAME; + + /* some sanity check because you can open a printer or a print server */ + /* aka: \\server\printer or \\server */ + unistr2_to_ascii(name, printername, sizeof(name)-1); + + DEBUGADD(3,("checking name: %s\n",name)); + + if (!open_printer_hnd(p, handle, name, 0)) + return WERR_INVALID_PRINTER_NAME; + + Printer=find_printer_index_by_hnd(p, handle); + if (!Printer) { + DEBUG(0,(" _spoolss_open_printer_ex: logic error. \ +Can't find printer handle we created for printer %s\n", name )); + close_printer_handle(p,handle); + return WERR_INVALID_PRINTER_NAME; + } + + get_current_user(&user, p); + + /* + * First case: the user is opening the print server: + * + * Disallow MS AddPrinterWizard if parameter disables it. A Win2k + * client 1st tries an OpenPrinterEx with access==0, MUST be allowed. + * + * Then both Win2k and WinNT clients try an OpenPrinterEx with + * SERVER_ALL_ACCESS, which we allow only if the user is root (uid=0) + * or if the user is listed in the smb.conf printer admin parameter. + * + * Then they try OpenPrinterEx with SERVER_READ which we allow. This lets the + * client view printer folder, but does not show the MSAPW. + * + * Note: this test needs code to check access rights here too. Jeremy + * could you look at this? + * + * Second case: the user is opening a printer: + * NT doesn't let us connect to a printer if the connecting user + * doesn't have print permission. + */ + + if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) + { + /* Printserver handles use global struct... */ + + snum = -1; + + /* Map standard access rights to object specific access rights */ + + se_map_standard(&printer_default->access_required, + &printserver_std_mapping); + + /* Deny any object specific bits that don't apply to print + servers (i.e printer and job specific bits) */ + + printer_default->access_required &= SPECIFIC_RIGHTS_MASK; + + if (printer_default->access_required & + ~(SERVER_ACCESS_ADMINISTER | SERVER_ACCESS_ENUMERATE)) { + DEBUG(3, ("access DENIED for non-printserver bits")); + close_printer_handle(p, handle); + return WERR_ACCESS_DENIED; + } + + /* Allow admin access */ + + if ( printer_default->access_required & SERVER_ACCESS_ADMINISTER ) + { + if (!lp_ms_add_printer_wizard()) { + close_printer_handle(p, handle); + return WERR_ACCESS_DENIED; + } + + /* if the user is not root and not a printer admin, then fail */ + + if ( user.uid != 0 + && !user_in_list(uidtoname(user.uid), lp_printer_admin(snum), user.groups, user.ngroups) ) + { + close_printer_handle(p, handle); + return WERR_ACCESS_DENIED; + } + + printer_default->access_required = SERVER_ACCESS_ADMINISTER; + } + else + { + printer_default->access_required = SERVER_ACCESS_ENUMERATE; + } + + DEBUG(4,("Setting print server access = %s\n", (printer_default->access_required == SERVER_ACCESS_ADMINISTER) + ? "SERVER_ACCESS_ADMINISTER" : "SERVER_ACCESS_ENUMERATE" )); + + /* We fall through to return WERR_OK */ + + } + else + { + /* NT doesn't let us connect to a printer if the connecting user + doesn't have print permission. */ + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + se_map_standard(&printer_default->access_required, &printer_std_mapping); + + /* map an empty access mask to the minimum access mask */ + if (printer_default->access_required == 0x0) + printer_default->access_required = PRINTER_ACCESS_USE; + + /* + * If we are not serving the printer driver for this printer, + * map PRINTER_ACCESS_ADMINISTER to PRINTER_ACCESS_USE. This + * will keep NT clients happy --jerry + */ + + if (lp_use_client_driver(snum) + && (printer_default->access_required & PRINTER_ACCESS_ADMINISTER)) + { + printer_default->access_required = PRINTER_ACCESS_USE; + } + + /* check smb.conf parameters and the the sec_desc */ + + if (!user_ok(uidtoname(user.uid), snum, user.groups, user.ngroups) || !print_access_check(&user, snum, printer_default->access_required)) { + DEBUG(3, ("access DENIED for printer open\n")); + close_printer_handle(p, handle); + return WERR_ACCESS_DENIED; + } + + if ((printer_default->access_required & SPECIFIC_RIGHTS_MASK)& ~(PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE)) { + DEBUG(3, ("access DENIED for printer open - unknown bits\n")); + close_printer_handle(p, handle); + return WERR_ACCESS_DENIED; + } + + if (printer_default->access_required & PRINTER_ACCESS_ADMINISTER) + printer_default->access_required = PRINTER_ACCESS_ADMINISTER; + else + printer_default->access_required = PRINTER_ACCESS_USE; + + DEBUG(4,("Setting printer access = %s\n", (printer_default->access_required == PRINTER_ACCESS_ADMINISTER) + ? "PRINTER_ACCESS_ADMINISTER" : "PRINTER_ACCESS_USE" )); + + } + + Printer->access_granted = printer_default->access_required; + + /* + * If the client sent a devmode in the OpenPrinter() call, then + * save it here in case we get a job submission on this handle + */ + + if ( (Printer->printer_type != PRINTER_HANDLE_IS_PRINTSERVER) + && q_u->printer_default.devmode_cont.devmode_ptr ) + { + convert_devicemode( Printer->dev.handlename, q_u->printer_default.devmode_cont.devmode, + &Printer->nt_devmode ); + } + + /* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN + optimization in Windows 2000 clients --jerry */ + + if ( RA_WIN2K == get_remote_arch() ) + usleep( 384000 ); + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL convert_printer_info(const SPOOL_PRINTER_INFO_LEVEL *uni, + NT_PRINTER_INFO_LEVEL *printer, uint32 level) +{ + BOOL ret = True; + + switch (level) { + case 2: + ret = uni_2_asc_printer_info_2(uni->info_2, &printer->info_2); + break; + default: + break; + } + + return ret; +} + +static BOOL convert_printer_driver_info(const SPOOL_PRINTER_DRIVER_INFO_LEVEL *uni, + NT_PRINTER_DRIVER_INFO_LEVEL *printer, uint32 level) +{ + BOOL result = True; + + switch (level) { + case 3: + printer->info_3=NULL; + if (!uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3)) + result = False; + break; + case 6: + printer->info_6=NULL; + if (!uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6)) + result = False; + break; + default: + break; + } + + return result; +} + +BOOL convert_devicemode(const char *printername, const DEVICEMODE *devmode, + NT_DEVICEMODE **pp_nt_devmode) +{ + NT_DEVICEMODE *nt_devmode = *pp_nt_devmode; + + /* + * Ensure nt_devmode is a valid pointer + * as we will be overwriting it. + */ + + if (nt_devmode == NULL) { + DEBUG(5, ("convert_devicemode: allocating a generic devmode\n")); + if ((nt_devmode = construct_nt_devicemode(printername)) == NULL) + return False; + } + + rpcstr_pull(nt_devmode->devicename,devmode->devicename.buffer, 31, -1, 0); + rpcstr_pull(nt_devmode->formname,devmode->formname.buffer, 31, -1, 0); + + nt_devmode->specversion=devmode->specversion; + nt_devmode->driverversion=devmode->driverversion; + nt_devmode->size=devmode->size; + nt_devmode->fields=devmode->fields; + nt_devmode->orientation=devmode->orientation; + nt_devmode->papersize=devmode->papersize; + nt_devmode->paperlength=devmode->paperlength; + nt_devmode->paperwidth=devmode->paperwidth; + nt_devmode->scale=devmode->scale; + nt_devmode->copies=devmode->copies; + nt_devmode->defaultsource=devmode->defaultsource; + nt_devmode->printquality=devmode->printquality; + nt_devmode->color=devmode->color; + nt_devmode->duplex=devmode->duplex; + nt_devmode->yresolution=devmode->yresolution; + nt_devmode->ttoption=devmode->ttoption; + nt_devmode->collate=devmode->collate; + + nt_devmode->logpixels=devmode->logpixels; + nt_devmode->bitsperpel=devmode->bitsperpel; + nt_devmode->pelswidth=devmode->pelswidth; + nt_devmode->pelsheight=devmode->pelsheight; + nt_devmode->displayflags=devmode->displayflags; + nt_devmode->displayfrequency=devmode->displayfrequency; + nt_devmode->icmmethod=devmode->icmmethod; + nt_devmode->icmintent=devmode->icmintent; + nt_devmode->mediatype=devmode->mediatype; + nt_devmode->dithertype=devmode->dithertype; + nt_devmode->reserved1=devmode->reserved1; + nt_devmode->reserved2=devmode->reserved2; + nt_devmode->panningwidth=devmode->panningwidth; + nt_devmode->panningheight=devmode->panningheight; + + /* + * Only change private and driverextra if the incoming devmode + * has a new one. JRA. + */ + + if ((devmode->driverextra != 0) && (devmode->private != NULL)) { + SAFE_FREE(nt_devmode->private); + nt_devmode->driverextra=devmode->driverextra; + if((nt_devmode->private=(uint8 *)malloc(nt_devmode->driverextra * sizeof(uint8))) == NULL) + return False; + memcpy(nt_devmode->private, devmode->private, nt_devmode->driverextra); + } + + *pp_nt_devmode = nt_devmode; + + return True; +} + +/******************************************************************** + * _spoolss_enddocprinter_internal. + ********************************************************************/ + +static WERROR _spoolss_enddocprinter_internal(pipes_struct *p, POLICY_HND *handle) +{ + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + int snum; + + if (!Printer) { + DEBUG(2,("_spoolss_enddocprinter_internal: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + Printer->document_started=False; + print_job_end(snum, Printer->jobid,True); + /* error codes unhandled so far ... */ + + return WERR_OK; +} + +/******************************************************************** + * api_spoolss_closeprinter + ********************************************************************/ + +WERROR _spoolss_closeprinter(pipes_struct *p, SPOOL_Q_CLOSEPRINTER *q_u, SPOOL_R_CLOSEPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + + if (Printer && Printer->document_started) + _spoolss_enddocprinter_internal(p, handle); /* print job was not closed */ + + if (!close_printer_handle(p, handle)) + return WERR_BADFID; + + /* clear the returned printer handle. Observed behavior + from Win2k server. Don't think this really matters. + Previous code just copied the value of the closed + handle. --jerry */ + + memset(&r_u->handle, '\0', sizeof(r_u->handle)); + + return WERR_OK; +} + +/******************************************************************** + * api_spoolss_deleteprinter + + ********************************************************************/ + +WERROR _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL_R_DELETEPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + WERROR result; + + if (Printer && Printer->document_started) + _spoolss_enddocprinter_internal(p, handle); /* print job was not closed */ + + memcpy(&r_u->handle, &q_u->handle, sizeof(r_u->handle)); + + result = delete_printer_handle(p, handle); + + update_c_setprinter(False); + + return result; +} + +/******************************************************************* + * static function to lookup the version id corresponding to an + * long architecture string + ******************************************************************/ + +static int get_version_id (char * arch) +{ + int i; + struct table_node archi_table[]= { + + {"Windows 4.0", "WIN40", 0 }, + {"Windows NT x86", "W32X86", 2 }, + {"Windows NT R4000", "W32MIPS", 2 }, + {"Windows NT Alpha_AXP", "W32ALPHA", 2 }, + {"Windows NT PowerPC", "W32PPC", 2 }, + {NULL, "", -1 } + }; + + for (i=0; archi_table[i].long_archi != NULL; i++) + { + if (strcmp(arch, archi_table[i].long_archi) == 0) + return (archi_table[i].version); + } + + return -1; +} + +/******************************************************************** + * _spoolss_deleteprinterdriver + ********************************************************************/ + +WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER *q_u, SPOOL_R_DELETEPRINTERDRIVER *r_u) +{ + fstring driver; + fstring arch; + NT_PRINTER_DRIVER_INFO_LEVEL info; + NT_PRINTER_DRIVER_INFO_LEVEL info_win2k; + int version; + struct current_user user; + WERROR status; + WERROR status_win2k = WERR_ACCESS_DENIED; + + get_current_user(&user, p); + + unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); + unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); + + /* check that we have a valid driver name first */ + + if ((version=get_version_id(arch)) == -1) + return WERR_INVALID_ENVIRONMENT; + + ZERO_STRUCT(info); + ZERO_STRUCT(info_win2k); + + if (!W_ERROR_IS_OK(get_a_printer_driver(&info, 3, driver, arch, version))) + { + /* try for Win2k driver if "Windows NT x86" */ + + if ( version == 2 ) { + version = 3; + if (!W_ERROR_IS_OK(get_a_printer_driver(&info, 3, driver, arch, version))) { + status = WERR_UNKNOWN_PRINTER_DRIVER; + goto done; + } + } + /* otherwise it was a failure */ + else { + status = WERR_UNKNOWN_PRINTER_DRIVER; + goto done; + } + + } + + if (printer_driver_in_use(info.info_3)) { + status = WERR_PRINTER_DRIVER_IN_USE; + goto done; + } + + if ( version == 2 ) + { + if (W_ERROR_IS_OK(get_a_printer_driver(&info_win2k, 3, driver, arch, 3))) + { + /* if we get to here, we now have 2 driver info structures to remove */ + /* remove the Win2k driver first*/ + + status_win2k = delete_printer_driver(info_win2k.info_3, &user, 3, False ); + free_a_printer_driver( info_win2k, 3 ); + + /* this should not have failed---if it did, report to client */ + if ( !W_ERROR_IS_OK(status_win2k) ) + goto done; + } + } + + status = delete_printer_driver(info.info_3, &user, version, False); + + /* if at least one of the deletes succeeded return OK */ + + if ( W_ERROR_IS_OK(status) || W_ERROR_IS_OK(status_win2k) ) + status = WERR_OK; + +done: + free_a_printer_driver( info, 3 ); + + return status; +} + +/******************************************************************** + * spoolss_deleteprinterdriverex + ********************************************************************/ + +WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVEREX *q_u, SPOOL_R_DELETEPRINTERDRIVEREX *r_u) +{ + fstring driver; + fstring arch; + NT_PRINTER_DRIVER_INFO_LEVEL info; + NT_PRINTER_DRIVER_INFO_LEVEL info_win2k; + int version; + uint32 flags = q_u->delete_flags; + BOOL delete_files; + struct current_user user; + WERROR status; + WERROR status_win2k = WERR_ACCESS_DENIED; + + get_current_user(&user, p); + + unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 ); + unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 ); + + /* check that we have a valid driver name first */ + if ((version=get_version_id(arch)) == -1) { + /* this is what NT returns */ + return WERR_INVALID_ENVIRONMENT; + } + + if ( flags & DPD_DELETE_SPECIFIC_VERSION ) + version = q_u->version; + + ZERO_STRUCT(info); + ZERO_STRUCT(info_win2k); + + status = get_a_printer_driver(&info, 3, driver, arch, version); + + if ( !W_ERROR_IS_OK(status) ) + { + /* + * if the client asked for a specific version, + * or this is something other than Windows NT x86, + * then we've failed + */ + + if ( (flags&DPD_DELETE_SPECIFIC_VERSION) || (version !=2) ) + goto done; + + /* try for Win2k driver if "Windows NT x86" */ + + version = 3; + if (!W_ERROR_IS_OK(get_a_printer_driver(&info, 3, driver, arch, version))) { + status = WERR_UNKNOWN_PRINTER_DRIVER; + goto done; + } + } + + if ( printer_driver_in_use(info.info_3) ) { + status = WERR_PRINTER_DRIVER_IN_USE; + goto done; + } + + /* + * we have a couple of cases to consider. + * (1) Are any files in use? If so and DPD_DELTE_ALL_FILE is set, + * then the delete should fail if **any** files overlap with + * other drivers + * (2) If DPD_DELTE_UNUSED_FILES is sert, then delete all + * non-overlapping files + * (3) If neither DPD_DELTE_ALL_FILE nor DPD_DELTE_ALL_FILES + * is set, the do not delete any files + * Refer to MSDN docs on DeletePrinterDriverEx() for details. + */ + + delete_files = flags & (DPD_DELETE_ALL_FILES|DPD_DELETE_UNUSED_FILES); + + /* fail if any files are in use and DPD_DELETE_ALL_FILES is set */ + + if ( delete_files && printer_driver_files_in_use(info.info_3) & (flags&DPD_DELETE_ALL_FILES) ) { + /* no idea of the correct error here */ + status = WERR_ACCESS_DENIED; + goto done; + } + + + /* also check for W32X86/3 if necessary; maybe we already have? */ + + if ( (version == 2) && ((flags&DPD_DELETE_SPECIFIC_VERSION) != DPD_DELETE_SPECIFIC_VERSION) ) { + if (W_ERROR_IS_OK(get_a_printer_driver(&info_win2k, 3, driver, arch, 3))) + { + + if ( delete_files && printer_driver_files_in_use(info_win2k.info_3) & (flags&DPD_DELETE_ALL_FILES) ) { + /* no idea of the correct error here */ + free_a_printer_driver( info_win2k, 3 ); + status = WERR_ACCESS_DENIED; + goto done; + } + + /* if we get to here, we now have 2 driver info structures to remove */ + /* remove the Win2k driver first*/ + + status_win2k = delete_printer_driver(info_win2k.info_3, &user, 3, delete_files); + free_a_printer_driver( info_win2k, 3 ); + + /* this should not have failed---if it did, report to client */ + + if ( !W_ERROR_IS_OK(status_win2k) ) + goto done; + } + } + + status = delete_printer_driver(info.info_3, &user, version, delete_files); + + if ( W_ERROR_IS_OK(status) || W_ERROR_IS_OK(status_win2k) ) + status = WERR_OK; +done: + free_a_printer_driver( info, 3 ); + + return status; +} + + +/**************************************************************************** + Internal routine for retreiving printerdata + ***************************************************************************/ + +static WERROR get_printer_dataex( TALLOC_CTX *ctx, NT_PRINTER_INFO_LEVEL *printer, + const char *key, const char *value, uint32 *type, uint8 **data, + uint32 *needed, uint32 in_size ) +{ + REGISTRY_VALUE *val; + int size, data_len; + + if ( !(val = get_printer_data( printer->info_2, key, value)) ) + return WERR_BADFILE; + + *type = regval_type( val ); + + DEBUG(5,("get_printer_dataex: allocating %d\n", in_size)); + + size = regval_size( val ); + + /* copy the min(in_size, len) */ + + if ( in_size ) { + data_len = (size > in_size) ? in_size : size*sizeof(uint8); + + /* special case for 0 length values */ + if ( data_len ) { + if ( (*data = (uint8 *)talloc_memdup(ctx, regval_data_p(val), data_len)) == NULL ) + return WERR_NOMEM; + } + else { + if ( (*data = (uint8 *)talloc_zero(ctx, in_size)) == NULL ) + return WERR_NOMEM; + } + } + else + *data = NULL; + + *needed = size; + + DEBUG(5,("get_printer_dataex: copy done\n")); + + return WERR_OK; +} + +/**************************************************************************** + Internal routine for removing printerdata + ***************************************************************************/ + +static WERROR delete_printer_dataex( NT_PRINTER_INFO_LEVEL *printer, const char *key, const char *value ) +{ + return delete_printer_data( printer->info_2, key, value ); +} + +/**************************************************************************** + Internal routine for storing printerdata + ***************************************************************************/ + +static WERROR set_printer_dataex( NT_PRINTER_INFO_LEVEL *printer, const char *key, const char *value, + uint32 type, uint8 *data, int real_len ) +{ + delete_printer_data( printer->info_2, key, value ); + + return add_printer_data( printer->info_2, key, value, type, data, real_len ); +} + +/******************************************************************** + GetPrinterData on a printer server Handle. +********************************************************************/ + +static WERROR getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size) +{ + int i; + + DEBUG(8,("getprinterdata_printer_server:%s\n", value)); + + if (!StrCaseCmp(value, "W3SvcInstalled")) { + *type = 0x4; + if((*data = (uint8 *)talloc_zero(ctx, 4*sizeof(uint8) )) == NULL) + return WERR_NOMEM; + *needed = 0x4; + return WERR_OK; + } + + if (!StrCaseCmp(value, "BeepEnabled")) { + *type = 0x4; + if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL) + return WERR_NOMEM; + SIVAL(*data, 0, 0x00); + *needed = 0x4; + return WERR_OK; + } + + if (!StrCaseCmp(value, "EventLog")) { + *type = 0x4; + if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL) + return WERR_NOMEM; + /* formally was 0x1b */ + SIVAL(*data, 0, 0x0); + *needed = 0x4; + return WERR_OK; + } + + if (!StrCaseCmp(value, "NetPopup")) { + *type = 0x4; + if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL) + return WERR_NOMEM; + SIVAL(*data, 0, 0x00); + *needed = 0x4; + return WERR_OK; + } + + if (!StrCaseCmp(value, "MajorVersion")) { + *type = 0x4; + if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL) + return WERR_NOMEM; +#ifdef HAVE_ADS + SIVAL(*data, 0, 3); +#else + SIVAL(*data, 0, 2); +#endif + *needed = 0x4; + return WERR_OK; + } + + if (!StrCaseCmp(value, "DefaultSpoolDirectory")) { + fstring string; + + fstrcpy(string, string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH)); + *type = 0x1; + *needed = 2*(strlen(string)+1); + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + return WERR_NOMEM; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); + + /* it's done by hand ready to go on the wire */ + for (i=0; i<strlen(string); i++) { + (*data)[2*i]=string[i]; + (*data)[2*i+1]='\0'; + } + return WERR_OK; + } + + if (!StrCaseCmp(value, "Architecture")) { + pstring string="Windows NT x86"; + *type = 0x1; + *needed = 2*(strlen(string)+1); + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + return WERR_NOMEM; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); + for (i=0; i<strlen(string); i++) { + (*data)[2*i]=string[i]; + (*data)[2*i+1]='\0'; + } + return WERR_OK; + } + + if (!StrCaseCmp(value, "DsPresent")) { + *type = 0x4; + if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL) + return WERR_NOMEM; + SIVAL(*data, 0, 0x01); + *needed = 0x4; + return WERR_OK; + } + + if (!StrCaseCmp(value, "DNSMachineName")) { + pstring hostname; + + if (!get_myfullname(hostname)) + return WERR_BADFILE; + *type = 0x1; + *needed = 2*(strlen(hostname)+1); + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + return WERR_NOMEM; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); + for (i=0; i<strlen(hostname); i++) { + (*data)[2*i]=hostname[i]; + (*data)[2*i+1]='\0'; + } + return WERR_OK; + } + + + return WERR_BADFILE; +} + +/******************************************************************** + * spoolss_getprinterdata + ********************************************************************/ + +WERROR _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPOOL_R_GETPRINTERDATA *r_u) +{ + POLICY_HND *handle = &q_u->handle; + UNISTR2 *valuename = &q_u->valuename; + uint32 in_size = q_u->size; + uint32 *type = &r_u->type; + uint32 *out_size = &r_u->size; + uint8 **data = &r_u->data; + uint32 *needed = &r_u->needed; + WERROR status; + fstring value; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum = 0; + + /* + * Reminder: when it's a string, the length is in BYTES + * even if UNICODE is negociated. + * + * JFM, 4/19/1999 + */ + + *out_size = in_size; + + /* in case of problem, return some default values */ + + *needed = 0; + *type = 0; + + DEBUG(4,("_spoolss_getprinterdata\n")); + + if ( !Printer ) { + DEBUG(2,("_spoolss_getprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + status = WERR_BADFID; + goto done; + } + + unistr2_to_ascii(value, valuename, sizeof(value)-1); + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER ) + status = getprinterdata_printer_server( p->mem_ctx, value, type, data, needed, *out_size ); + else + { + if ( !get_printer_snum(p,handle, &snum) ) { + status = WERR_BADFID; + goto done; + } + + status = get_a_printer(Printer, &printer, 2, lp_servicename(snum)); + if ( !W_ERROR_IS_OK(status) ) + goto done; + + /* XP sends this and wants to change id value from the PRINTER_INFO_0 */ + + if ( strequal(value, "ChangeId") ) { + *type = REG_DWORD; + *needed = sizeof(uint32); + if ( (*data = (uint8*)talloc(p->mem_ctx, sizeof(uint32))) == NULL) { + status = WERR_NOMEM; + goto done; + } + **data = printer->info_2->changeid; + status = WERR_OK; + } + else + status = get_printer_dataex( p->mem_ctx, printer, SPOOL_PRINTERDATA_KEY, value, type, data, needed, *out_size ); + } + + if (*needed > *out_size) + status = WERR_MORE_DATA; + +done: + if ( !W_ERROR_IS_OK(status) ) + { + DEBUG(5, ("error %d: allocating %d\n", W_ERROR_V(status),*out_size)); + + /* reply this param doesn't exist */ + + if ( *out_size ) { + if((*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL) { + if ( printer ) + free_a_printer( &printer, 2 ); + return WERR_NOMEM; + } + } + else { + *data = NULL; + } + } + + /* cleanup & exit */ + + if ( printer ) + free_a_printer( &printer, 2 ); + + return status; +} + +/********************************************************* + Connect to the client machine. +**********************************************************/ + +static BOOL spoolss_connect_to_client(struct cli_state *the_cli, const char *remote_machine) +{ + ZERO_STRUCTP(the_cli); + if(cli_initialise(the_cli) == NULL) { + DEBUG(0,("connect_to_client: unable to initialize client connection.\n")); + return False; + } + + if(!resolve_name( remote_machine, &the_cli->dest_ip, 0x20)) { + DEBUG(0,("connect_to_client: Can't resolve address for %s\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + if (ismyip(the_cli->dest_ip)) { + DEBUG(0,("connect_to_client: Machine %s is one of our addresses. Cannot add to ourselves.\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + if (!cli_connect(the_cli, remote_machine, &the_cli->dest_ip)) { + DEBUG(0,("connect_to_client: unable to connect to SMB server on machine %s. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } + + if (!attempt_netbios_session_request(the_cli, lp_netbios_name(), remote_machine, &the_cli->dest_ip)) { + DEBUG(0,("connect_to_client: machine %s rejected the NetBIOS session request.\n", + remote_machine)); + cli_shutdown(the_cli); + return False; + } + + the_cli->protocol = PROTOCOL_NT1; + + if (!cli_negprot(the_cli)) { + DEBUG(0,("connect_to_client: machine %s rejected the negotiate protocol. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } + + if (the_cli->protocol != PROTOCOL_NT1) { + DEBUG(0,("connect_to_client: machine %s didn't negotiate NT protocol.\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + /* + * Do an anonymous session setup. + */ + + if (!cli_session_setup(the_cli, "", "", 0, "", 0, "")) { + DEBUG(0,("connect_to_client: machine %s rejected the session setup. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } + + if (!(the_cli->sec_mode & 1)) { + DEBUG(0,("connect_to_client: machine %s isn't in user level security mode\n", remote_machine)); + cli_shutdown(the_cli); + return False; + } + + if (!cli_send_tconX(the_cli, "IPC$", "IPC", "", 1)) { + DEBUG(0,("connect_to_client: machine %s rejected the tconX on the IPC$ share. Error was : %s.\n", remote_machine, cli_errstr(the_cli) )); + cli_shutdown(the_cli); + return False; + } + + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + if(cli_nt_session_open(the_cli, PI_SPOOLSS) == False) { + DEBUG(0,("connect_to_client: unable to open the domain client session to machine %s. Error was : %s.\n", remote_machine, cli_errstr(the_cli))); + cli_nt_session_close(the_cli); + cli_ulogoff(the_cli); + cli_shutdown(the_cli); + return False; + } + + return True; +} + +/*************************************************************************** + Connect to the client. +****************************************************************************/ + +static BOOL srv_spoolss_replyopenprinter(int snum, const char *printer, uint32 localprinter, uint32 type, POLICY_HND *handle) +{ + WERROR result; + + /* + * If it's the first connection, contact the client + * and connect to the IPC$ share anonumously + */ + if (smb_connections==0) { + fstring unix_printer; + + fstrcpy(unix_printer, printer+2); /* the +2 is to strip the leading 2 backslashs */ + + if(!spoolss_connect_to_client(¬ify_cli, unix_printer)) + return False; + + message_register(MSG_PRINTER_NOTIFY2, receive_notify2_message_list); + /* Tell the connections db we're now interested in printer + * notify messages. */ + register_message_flags( True, FLAG_MSG_PRINTING ); + } + + /* + * Tell the specific printing tdb we want messages for this printer + * by registering our PID. + */ + + if (!print_notify_register_pid(snum)) + DEBUG(0,("print_notify_register_pid: Failed to register our pid for printer %s\n", printer )); + + smb_connections++; + + result = cli_spoolss_reply_open_printer(¬ify_cli, notify_cli.mem_ctx, printer, localprinter, + type, handle); + + if (!W_ERROR_IS_OK(result)) + DEBUG(5,("srv_spoolss_reply_open_printer: Client RPC returned [%s]\n", + dos_errstr(result))); + + return (W_ERROR_IS_OK(result)); +} + +/******************************************************************** + * _spoolss_rffpcnex + * ReplyFindFirstPrinterChangeNotifyEx + * + * before replying OK: status=0 a rpc call is made to the workstation + * asking ReplyOpenPrinter + * + * in fact ReplyOpenPrinter is the changenotify equivalent on the spoolss pipe + * called from api_spoolss_rffpcnex + ********************************************************************/ + +WERROR _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNEX *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 flags = q_u->flags; + uint32 options = q_u->options; + UNISTR2 *localmachine = &q_u->localmachine; + uint32 printerlocal = q_u->printerlocal; + int snum = -1; + SPOOL_NOTIFY_OPTION *option = q_u->option; + + /* store the notify value in the printer struct */ + + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + + if (!Printer) { + DEBUG(2,("_spoolss_rffpcnex: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + Printer->notify.flags=flags; + Printer->notify.options=options; + Printer->notify.printerlocal=printerlocal; + + if (Printer->notify.option) + free_spool_notify_option(&Printer->notify.option); + + Printer->notify.option=dup_spool_notify_option(option); + + unistr2_to_ascii(Printer->notify.localmachine, localmachine, + sizeof(Printer->notify.localmachine)-1); + + /* Connect to the client machine and send a ReplyOpenPrinter */ + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) + snum = -1; + else if ( (Printer->printer_type == PRINTER_HANDLE_IS_PRINTER) && + !get_printer_snum(p, handle, &snum) ) + return WERR_BADFID; + + if(!srv_spoolss_replyopenprinter(snum, Printer->notify.localmachine, + Printer->notify.printerlocal, 1, + &Printer->notify.client_hnd)) + return WERR_SERVER_UNAVAILABLE; + + Printer->notify.client_connected=True; + + return WERR_OK; +} + +/******************************************************************* + * fill a notify_info_data with the servername + ********************************************************************/ + +void spoolss_notify_server_name(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp_name, temp; + uint32 len; + + slprintf(temp_name, sizeof(temp_name)-1, "\\\\%s", get_called_name()); + + len = rpcstr_push(temp, temp_name, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the printername (not including the servername). + ********************************************************************/ + +void spoolss_notify_printer_name(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + /* the notify name should not contain the \\server\ part */ + char *p = strrchr(printer->info_2->printername, '\\'); + + if (!p) { + p = printer->info_2->printername; + } else { + p++; + } + + len = rpcstr_push(temp, p, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the servicename + ********************************************************************/ + +void spoolss_notify_share_name(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, lp_servicename(snum), sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the port name + ********************************************************************/ + +void spoolss_notify_port_name(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + /* even if it's strange, that's consistant in all the code */ + + len = rpcstr_push(temp, printer->info_2->portname, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the printername + * but it doesn't exist, have to see what to do + ********************************************************************/ + +void spoolss_notify_driver_name(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, printer->info_2->drivername, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the comment + ********************************************************************/ + +void spoolss_notify_comment(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + if (*printer->info_2->comment == '\0') + len = rpcstr_push(temp, lp_comment(snum), sizeof(temp)-2, STR_TERMINATE); + else + len = rpcstr_push(temp, printer->info_2->comment, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the comment + * location = "Room 1, floor 2, building 3" + ********************************************************************/ + +void spoolss_notify_location(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, printer->info_2->location,sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the device mode + * jfm:xxxx don't to it for know but that's a real problem !!! + ********************************************************************/ + +static void spoolss_notify_devmode(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ +} + +/******************************************************************* + * fill a notify_info_data with the separator file name + ********************************************************************/ + +void spoolss_notify_sepfile(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, printer->info_2->sepfile, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the print processor + * jfm:xxxx return always winprint to indicate we don't do anything to it + ********************************************************************/ + +void spoolss_notify_print_processor(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, printer->info_2->printprocessor, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the print processor options + * jfm:xxxx send an empty string + ********************************************************************/ + +void spoolss_notify_parameters(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, printer->info_2->parameters, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the data type + * jfm:xxxx always send RAW as data type + ********************************************************************/ + +void spoolss_notify_datatype(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, printer->info_2->datatype, sizeof(pstring)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with the security descriptor + * jfm:xxxx send an null pointer to say no security desc + * have to implement security before ! + ********************************************************************/ + +static void spoolss_notify_security_desc(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.sd.size = printer->info_2->secdesc_buf->len; + data->notify_data.sd.desc = dup_sec_desc( mem_ctx, printer->info_2->secdesc_buf->sec ) ; +} + +/******************************************************************* + * fill a notify_info_data with the attributes + * jfm:xxxx a samba printer is always shared + ********************************************************************/ + +void spoolss_notify_attributes(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = printer->info_2->attributes; + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with the priority + ********************************************************************/ + +static void spoolss_notify_priority(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = printer->info_2->priority; + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with the default priority + ********************************************************************/ + +static void spoolss_notify_default_priority(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = printer->info_2->default_priority; + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with the start time + ********************************************************************/ + +static void spoolss_notify_start_time(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = printer->info_2->starttime; + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with the until time + ********************************************************************/ + +static void spoolss_notify_until_time(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = printer->info_2->untiltime; + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with the status + ********************************************************************/ + +static void spoolss_notify_status(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + print_status_struct status; + + print_queue_length(snum, &status); + data->notify_data.value[0]=(uint32) status.status; + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with the number of jobs queued + ********************************************************************/ + +void spoolss_notify_cjobs(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0] = print_queue_length(snum, NULL); + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with the average ppm + ********************************************************************/ + +static void spoolss_notify_average_ppm(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + /* always respond 8 pages per minutes */ + /* a little hard ! */ + data->notify_data.value[0] = printer->info_2->averageppm; + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with username + ********************************************************************/ + +static void spoolss_notify_username(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, queue->fs_user, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with job status + ********************************************************************/ + +static void spoolss_notify_job_status(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0]=nt_printj_status(queue->status); + data->notify_data.value[1] = 0; +} + +/******************************************************************* + * fill a notify_info_data with job name + ********************************************************************/ + +static void spoolss_notify_job_name(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + pstring temp; + uint32 len; + + len = rpcstr_push(temp, queue->fs_file, sizeof(temp)-2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with job status + ********************************************************************/ + +static void spoolss_notify_job_status_string(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + /* + * Now we're returning job status codes we just return a "" here. JRA. + */ + + const char *p = ""; + pstring temp; + uint32 len; + +#if 0 /* NO LONGER NEEDED - JRA. 02/22/2001 */ + p = "unknown"; + + switch (queue->status) { + case LPQ_QUEUED: + p = "Queued"; + break; + case LPQ_PAUSED: + p = ""; /* NT provides the paused string */ + break; + case LPQ_SPOOLING: + p = "Spooling"; + break; + case LPQ_PRINTING: + p = "Printing"; + break; + } +#endif /* NO LONGER NEEDED. */ + + len = rpcstr_push(temp, p, sizeof(temp) - 2, STR_TERMINATE); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + memcpy(data->notify_data.data.string, temp, len); +} + +/******************************************************************* + * fill a notify_info_data with job time + ********************************************************************/ + +static void spoolss_notify_job_time(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0]=0x0; + data->notify_data.value[1]=0; +} + +/******************************************************************* + * fill a notify_info_data with job size + ********************************************************************/ + +static void spoolss_notify_job_size(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0]=queue->size; + data->notify_data.value[1]=0; +} + +/******************************************************************* + * fill a notify_info_data with page info + ********************************************************************/ +static void spoolss_notify_total_pages(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0]=queue->page_count; + data->notify_data.value[1]=0; +} + +/******************************************************************* + * fill a notify_info_data with pages printed info. + ********************************************************************/ +static void spoolss_notify_pages_printed(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0]=0; /* Add code when back-end tracks this */ + data->notify_data.value[1]=0; +} + +/******************************************************************* + Fill a notify_info_data with job position. + ********************************************************************/ + +static void spoolss_notify_job_position(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + data->notify_data.value[0]=queue->job; + data->notify_data.value[1]=0; +} + +/******************************************************************* + Fill a notify_info_data with submitted time. + ********************************************************************/ + +static void spoolss_notify_submitted_time(int snum, + SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, + TALLOC_CTX *mem_ctx) +{ + struct tm *t; + uint32 len; + SYSTEMTIME st; + char *p; + + t=gmtime(&queue->time); + + len = sizeof(SYSTEMTIME); + + data->notify_data.data.length = len; + data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len); + + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + + make_systemtime(&st, t); + + /* + * Systemtime must be linearized as a set of UINT16's. + * Fix from Benjamin (Bj) Kuit bj@it.uts.edu.au + */ + + p = (char *)data->notify_data.data.string; + SSVAL(p, 0, st.year); + SSVAL(p, 2, st.month); + SSVAL(p, 4, st.dayofweek); + SSVAL(p, 6, st.day); + SSVAL(p, 8, st.hour); + SSVAL(p, 10, st.minute); + SSVAL(p, 12, st.second); + SSVAL(p, 14, st.milliseconds); +} + +struct s_notify_info_data_table +{ + uint16 type; + uint16 field; + const char *name; + uint32 size; + void (*fn) (int snum, SPOOL_NOTIFY_INFO_DATA *data, + print_queue_struct *queue, + NT_PRINTER_INFO_LEVEL *printer, TALLOC_CTX *mem_ctx); +}; + +/* A table describing the various print notification constants and + whether the notification data is a pointer to a variable sized + buffer, a one value uint32 or a two value uint32. */ + +static const struct s_notify_info_data_table notify_info_data_table[] = +{ +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SERVER_NAME, "PRINTER_NOTIFY_SERVER_NAME", NOTIFY_STRING, spoolss_notify_server_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINTER_NAME, "PRINTER_NOTIFY_PRINTER_NAME", NOTIFY_STRING, spoolss_notify_printer_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SHARE_NAME, "PRINTER_NOTIFY_SHARE_NAME", NOTIFY_STRING, spoolss_notify_share_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PORT_NAME, "PRINTER_NOTIFY_PORT_NAME", NOTIFY_STRING, spoolss_notify_port_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DRIVER_NAME, "PRINTER_NOTIFY_DRIVER_NAME", NOTIFY_STRING, spoolss_notify_driver_name }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_COMMENT, "PRINTER_NOTIFY_COMMENT", NOTIFY_STRING, spoolss_notify_comment }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_LOCATION, "PRINTER_NOTIFY_LOCATION", NOTIFY_STRING, spoolss_notify_location }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEVMODE, "PRINTER_NOTIFY_DEVMODE", NOTIFY_POINTER, spoolss_notify_devmode }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SEPFILE, "PRINTER_NOTIFY_SEPFILE", NOTIFY_STRING, spoolss_notify_sepfile }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRINT_PROCESSOR, "PRINTER_NOTIFY_PRINT_PROCESSOR", NOTIFY_STRING, spoolss_notify_print_processor }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PARAMETERS, "PRINTER_NOTIFY_PARAMETERS", NOTIFY_STRING, spoolss_notify_parameters }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DATATYPE, "PRINTER_NOTIFY_DATATYPE", NOTIFY_STRING, spoolss_notify_datatype }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_SECURITY_DESCRIPTOR, "PRINTER_NOTIFY_SECURITY_DESCRIPTOR", NOTIFY_SECDESC, spoolss_notify_security_desc }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_ATTRIBUTES, "PRINTER_NOTIFY_ATTRIBUTES", NOTIFY_ONE_VALUE, spoolss_notify_attributes }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PRIORITY, "PRINTER_NOTIFY_PRIORITY", NOTIFY_ONE_VALUE, spoolss_notify_priority }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_DEFAULT_PRIORITY, "PRINTER_NOTIFY_DEFAULT_PRIORITY", NOTIFY_ONE_VALUE, spoolss_notify_default_priority }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_START_TIME, "PRINTER_NOTIFY_START_TIME", NOTIFY_ONE_VALUE, spoolss_notify_start_time }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_UNTIL_TIME, "PRINTER_NOTIFY_UNTIL_TIME", NOTIFY_ONE_VALUE, spoolss_notify_until_time }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS, "PRINTER_NOTIFY_STATUS", NOTIFY_ONE_VALUE, spoolss_notify_status }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_STATUS_STRING, "PRINTER_NOTIFY_STATUS_STRING", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_CJOBS, "PRINTER_NOTIFY_CJOBS", NOTIFY_ONE_VALUE, spoolss_notify_cjobs }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_AVERAGE_PPM, "PRINTER_NOTIFY_AVERAGE_PPM", NOTIFY_ONE_VALUE, spoolss_notify_average_ppm }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_PAGES, "PRINTER_NOTIFY_TOTAL_PAGES", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_PAGES_PRINTED, "PRINTER_NOTIFY_PAGES_PRINTED", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_TOTAL_BYTES, "PRINTER_NOTIFY_TOTAL_BYTES", NOTIFY_POINTER, NULL }, +{ PRINTER_NOTIFY_TYPE, PRINTER_NOTIFY_BYTES_PRINTED, "PRINTER_NOTIFY_BYTES_PRINTED", NOTIFY_POINTER, NULL }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRINTER_NAME, "JOB_NOTIFY_PRINTER_NAME", NOTIFY_STRING, spoolss_notify_printer_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_MACHINE_NAME, "JOB_NOTIFY_MACHINE_NAME", NOTIFY_STRING, spoolss_notify_server_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PORT_NAME, "JOB_NOTIFY_PORT_NAME", NOTIFY_STRING, spoolss_notify_port_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_USER_NAME, "JOB_NOTIFY_USER_NAME", NOTIFY_STRING, spoolss_notify_username }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_NOTIFY_NAME, "JOB_NOTIFY_NOTIFY_NAME", NOTIFY_STRING, spoolss_notify_username }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DATATYPE, "JOB_NOTIFY_DATATYPE", NOTIFY_STRING, spoolss_notify_datatype }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRINT_PROCESSOR, "JOB_NOTIFY_PRINT_PROCESSOR", NOTIFY_STRING, spoolss_notify_print_processor }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PARAMETERS, "JOB_NOTIFY_PARAMETERS", NOTIFY_STRING, spoolss_notify_parameters }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DRIVER_NAME, "JOB_NOTIFY_DRIVER_NAME", NOTIFY_STRING, spoolss_notify_driver_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DEVMODE, "JOB_NOTIFY_DEVMODE", NOTIFY_POINTER, spoolss_notify_devmode }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_STATUS, "JOB_NOTIFY_STATUS", NOTIFY_ONE_VALUE, spoolss_notify_job_status }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_STATUS_STRING, "JOB_NOTIFY_STATUS_STRING", NOTIFY_STRING, spoolss_notify_job_status_string }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_SECURITY_DESCRIPTOR, "JOB_NOTIFY_SECURITY_DESCRIPTOR", NOTIFY_POINTER, NULL }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_DOCUMENT, "JOB_NOTIFY_DOCUMENT", NOTIFY_STRING, spoolss_notify_job_name }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PRIORITY, "JOB_NOTIFY_PRIORITY", NOTIFY_ONE_VALUE, spoolss_notify_priority }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_POSITION, "JOB_NOTIFY_POSITION", NOTIFY_ONE_VALUE, spoolss_notify_job_position }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_SUBMITTED, "JOB_NOTIFY_SUBMITTED", NOTIFY_POINTER, spoolss_notify_submitted_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_START_TIME, "JOB_NOTIFY_START_TIME", NOTIFY_ONE_VALUE, spoolss_notify_start_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_UNTIL_TIME, "JOB_NOTIFY_UNTIL_TIME", NOTIFY_ONE_VALUE, spoolss_notify_until_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TIME, "JOB_NOTIFY_TIME", NOTIFY_ONE_VALUE, spoolss_notify_job_time }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_PAGES, "JOB_NOTIFY_TOTAL_PAGES", NOTIFY_ONE_VALUE, spoolss_notify_total_pages }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_PAGES_PRINTED, "JOB_NOTIFY_PAGES_PRINTED", NOTIFY_ONE_VALUE, spoolss_notify_pages_printed }, +{ JOB_NOTIFY_TYPE, JOB_NOTIFY_TOTAL_BYTES, "JOB_NOTIFY_TOTAL_BYTES", NOTIFY_ONE_VALUE, spoolss_notify_job_size }, +}; + +/******************************************************************* + Return the size of info_data structure. +********************************************************************/ + +static uint32 size_of_notify_info_data(uint16 type, uint16 field) +{ + int i=0; + + for (i = 0; i < sizeof(notify_info_data_table); i++) + { + if ( (notify_info_data_table[i].type == type) + && (notify_info_data_table[i].field == field) ) + { + switch(notify_info_data_table[i].size) + { + case NOTIFY_ONE_VALUE: + case NOTIFY_TWO_VALUE: + return 1; + case NOTIFY_STRING: + return 2; + + /* The only pointer notify data I have seen on + the wire is the submitted time and this has + the notify size set to 4. -tpot */ + + case NOTIFY_POINTER: + return 4; + + case NOTIFY_SECDESC: + return 5; + } + } + } + + DEBUG(5, ("invalid notify data type %d/%d\n", type, field)); + + return 0; +} + +/******************************************************************* + Return the type of notify_info_data. +********************************************************************/ + +static int type_of_notify_info_data(uint16 type, uint16 field) +{ + int i=0; + + for (i = 0; i < sizeof(notify_info_data_table); i++) { + if (notify_info_data_table[i].type == type && + notify_info_data_table[i].field == field) + return notify_info_data_table[i].size; + } + + return False; +} + +/**************************************************************************** +****************************************************************************/ + +static int search_notify(uint16 type, uint16 field, int *value) +{ + int i; + + for (i = 0; i < sizeof(notify_info_data_table); i++) { + if (notify_info_data_table[i].type == type && + notify_info_data_table[i].field == field && + notify_info_data_table[i].fn != NULL) { + *value = i; + return True; + } + } + + return False; +} + +/**************************************************************************** +****************************************************************************/ + +void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type, uint16 field, int id) +{ + info_data->type = type; + info_data->field = field; + info_data->reserved = 0; + + info_data->size = size_of_notify_info_data(type, field); + info_data->enc_type = type_of_notify_info_data(type, field); + + info_data->id = id; + +} + + +/******************************************************************* + * + * fill a notify_info struct with info asked + * + ********************************************************************/ + +static BOOL construct_notify_printer_info(Printer_entry *print_hnd, SPOOL_NOTIFY_INFO *info, int + snum, SPOOL_NOTIFY_OPTION_TYPE + *option_type, uint32 id, + TALLOC_CTX *mem_ctx) +{ + int field_num,j; + uint16 type; + uint16 field; + + SPOOL_NOTIFY_INFO_DATA *current_data, *tid; + NT_PRINTER_INFO_LEVEL *printer = NULL; + print_queue_struct *queue=NULL; + + type=option_type->type; + + DEBUG(4,("construct_notify_printer_info: Notify type: [%s], number of notify info: [%d] on printer: [%s]\n", + (option_type->type==PRINTER_NOTIFY_TYPE?"PRINTER_NOTIFY_TYPE":"JOB_NOTIFY_TYPE"), + option_type->count, lp_servicename(snum))); + + if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &printer, 2, lp_const_servicename(snum)))) + return False; + + for(field_num=0; field_num<option_type->count; field_num++) { + field = option_type->fields[field_num]; + + DEBUG(4,("construct_notify_printer_info: notify [%d]: type [%x], field [%x]\n", field_num, type, field)); + + if (!search_notify(type, field, &j) ) + continue; + + if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n")); + return False; + } else + info->data = tid; + + current_data = &info->data[info->count]; + + construct_info_data(current_data, type, field, id); + + DEBUG(10,("construct_notify_printer_info: calling [%s] snum=%d printername=[%s])\n", + notify_info_data_table[j].name, snum, printer->info_2->printername )); + + notify_info_data_table[j].fn(snum, current_data, queue, + printer, mem_ctx); + + info->count++; + } + + free_a_printer(&printer, 2); + return True; +} + +/******************************************************************* + * + * fill a notify_info struct with info asked + * + ********************************************************************/ + +static BOOL construct_notify_jobs_info(print_queue_struct *queue, + SPOOL_NOTIFY_INFO *info, + NT_PRINTER_INFO_LEVEL *printer, + int snum, SPOOL_NOTIFY_OPTION_TYPE + *option_type, uint32 id, + TALLOC_CTX *mem_ctx) +{ + int field_num,j; + uint16 type; + uint16 field; + + SPOOL_NOTIFY_INFO_DATA *current_data, *tid; + + DEBUG(4,("construct_notify_jobs_info\n")); + + type = option_type->type; + + DEBUGADD(4,("Notify type: [%s], number of notify info: [%d]\n", + (option_type->type==PRINTER_NOTIFY_TYPE?"PRINTER_NOTIFY_TYPE":"JOB_NOTIFY_TYPE"), + option_type->count)); + + for(field_num=0; field_num<option_type->count; field_num++) { + field = option_type->fields[field_num]; + + if (!search_notify(type, field, &j) ) + continue; + + if((tid=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + DEBUG(2,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n")); + return False; + } + else info->data = tid; + + current_data=&(info->data[info->count]); + + construct_info_data(current_data, type, field, id); + notify_info_data_table[j].fn(snum, current_data, queue, + printer, mem_ctx); + info->count++; + } + + return True; +} + +/* + * JFM: The enumeration is not that simple, it's even non obvious. + * + * let's take an example: I want to monitor the PRINTER SERVER for + * the printer's name and the number of jobs currently queued. + * So in the NOTIFY_OPTION, I have one NOTIFY_OPTION_TYPE structure. + * Its type is PRINTER_NOTIFY_TYPE and it has 2 fields NAME and CJOBS. + * + * I have 3 printers on the back of my server. + * + * Now the response is a NOTIFY_INFO structure, with 6 NOTIFY_INFO_DATA + * structures. + * Number Data Id + * 1 printer 1 name 1 + * 2 printer 1 cjob 1 + * 3 printer 2 name 2 + * 4 printer 2 cjob 2 + * 5 printer 3 name 3 + * 6 printer 3 name 3 + * + * that's the print server case, the printer case is even worse. + */ + +/******************************************************************* + * + * enumerate all printers on the printserver + * fill a notify_info struct with info asked + * + ********************************************************************/ + +static WERROR printserver_notify_info(pipes_struct *p, POLICY_HND *hnd, + SPOOL_NOTIFY_INFO *info, + TALLOC_CTX *mem_ctx) +{ + int snum; + Printer_entry *Printer=find_printer_index_by_hnd(p, hnd); + int n_services=lp_numservices(); + int i; + uint32 id; + SPOOL_NOTIFY_OPTION *option; + SPOOL_NOTIFY_OPTION_TYPE *option_type; + + DEBUG(4,("printserver_notify_info\n")); + + if (!Printer) + return WERR_BADFID; + + option=Printer->notify.option; + id=1; + info->version=2; + info->data=NULL; + info->count=0; + + for (i=0; i<option->count; i++) { + option_type=&(option->ctr.type[i]); + + if (option_type->type!=PRINTER_NOTIFY_TYPE) + continue; + + for (snum=0; snum<n_services; snum++) + { + if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) + construct_notify_printer_info ( Printer, info, snum, option_type, snum, mem_ctx ); + } + } + +#if 0 + /* + * Debugging information, don't delete. + */ + + DEBUG(1,("dumping the NOTIFY_INFO\n")); + DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); + DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); + + for (i=0; i<info->count; i++) { + DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", + i, info->data[i].type, info->data[i].field, info->data[i].reserved, + info->data[i].id, info->data[i].size, info->data[i].enc_type)); + } +#endif + + return WERR_OK; +} + +/******************************************************************* + * + * fill a notify_info struct with info asked + * + ********************************************************************/ + +static WERROR printer_notify_info(pipes_struct *p, POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, + TALLOC_CTX *mem_ctx) +{ + int snum; + Printer_entry *Printer=find_printer_index_by_hnd(p, hnd); + int i; + uint32 id; + SPOOL_NOTIFY_OPTION *option; + SPOOL_NOTIFY_OPTION_TYPE *option_type; + int count,j; + print_queue_struct *queue=NULL; + print_status_struct status; + + DEBUG(4,("printer_notify_info\n")); + + if (!Printer) + return WERR_BADFID; + + option=Printer->notify.option; + id = 0x0; + info->version=2; + info->data=NULL; + info->count=0; + + get_printer_snum(p, hnd, &snum); + + for (i=0; i<option->count; i++) { + option_type=&option->ctr.type[i]; + + switch ( option_type->type ) { + case PRINTER_NOTIFY_TYPE: + if(construct_notify_printer_info(Printer, info, snum, + option_type, id, + mem_ctx)) + id--; + break; + + case JOB_NOTIFY_TYPE: { + NT_PRINTER_INFO_LEVEL *printer = NULL; + + count = print_queue_status(snum, &queue, &status); + + if (!W_ERROR_IS_OK(get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)))) + goto done; + + for (j=0; j<count; j++) { + construct_notify_jobs_info(&queue[j], info, + printer, snum, + option_type, + queue[j].job, + mem_ctx); + } + + free_a_printer(&printer, 2); + + done: + SAFE_FREE(queue); + break; + } + } + } + + /* + * Debugging information, don't delete. + */ + /* + DEBUG(1,("dumping the NOTIFY_INFO\n")); + DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); + DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); + + for (i=0; i<info->count; i++) { + DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", + i, info->data[i].type, info->data[i].field, info->data[i].reserved, + info->data[i].id, info->data[i].size, info->data[i].enc_type)); + } + */ + return WERR_OK; +} + +/******************************************************************** + * spoolss_rfnpcnex + ********************************************************************/ + +WERROR _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCNEX *r_u) +{ + POLICY_HND *handle = &q_u->handle; + SPOOL_NOTIFY_INFO *info = &r_u->info; + + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + WERROR result = WERR_BADFID; + + /* we always have a NOTIFY_INFO struct */ + r_u->info_ptr=0x1; + + if (!Printer) { + DEBUG(2,("_spoolss_rfnpcnex: Invalid handle (%s:%u:%u).\n", + OUR_HANDLE(handle))); + goto done; + } + + DEBUG(4,("Printer type %x\n",Printer->printer_type)); + + /* + * We are now using the change value, and + * I should check for PRINTER_NOTIFY_OPTIONS_REFRESH but as + * I don't have a global notification system, I'm sending back all the + * informations even when _NOTHING_ has changed. + */ + + /* We need to keep track of the change value to send back in + RRPCN replies otherwise our updates are ignored. */ + + Printer->notify.fnpcn = True; + + if (Printer->notify.client_connected) { + DEBUG(10,("_spoolss_rfnpcnex: Saving change value in request [%x]\n", q_u->change)); + Printer->notify.change = q_u->change; + } + + /* just ignore the SPOOL_NOTIFY_OPTION */ + + switch (Printer->printer_type) { + case PRINTER_HANDLE_IS_PRINTSERVER: + result = printserver_notify_info(p, handle, info, p->mem_ctx); + break; + + case PRINTER_HANDLE_IS_PRINTER: + result = printer_notify_info(p, handle, info, p->mem_ctx); + break; + } + + Printer->notify.fnpcn = False; + +done: + return result; +} + +/******************************************************************** + * construct_printer_info_0 + * fill a printer_info_0 struct + ********************************************************************/ + +static BOOL construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *printer, int snum) +{ + pstring chaine; + int count; + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + counter_printer_0 *session_counter; + uint32 global_counter; + struct tm *t; + time_t setuptime; + print_status_struct status; + + if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum)))) + return False; + + count = print_queue_length(snum, &status); + + /* check if we already have a counter for this printer */ + session_counter = (counter_printer_0 *)ubi_dlFirst(&counter_list); + + for(; session_counter; session_counter = (counter_printer_0 *)ubi_dlNext(session_counter)) { + if (session_counter->snum == snum) + break; + } + + /* it's the first time, add it to the list */ + if (session_counter==NULL) { + if((session_counter=(counter_printer_0 *)malloc(sizeof(counter_printer_0))) == NULL) { + free_a_printer(&ntprinter, 2); + return False; + } + ZERO_STRUCTP(session_counter); + session_counter->snum=snum; + session_counter->counter=0; + ubi_dlAddHead( &counter_list, (ubi_dlNode *)session_counter); + } + + /* increment it */ + session_counter->counter++; + + /* JFM: + * the global_counter should be stored in a TDB as it's common to all the clients + * and should be zeroed on samba startup + */ + global_counter=session_counter->counter; + + pstrcpy(chaine,ntprinter->info_2->printername); + + init_unistr(&printer->printername, chaine); + + slprintf(chaine,sizeof(chaine)-1,"\\\\%s", get_called_name()); + init_unistr(&printer->servername, chaine); + + printer->cjobs = count; + printer->total_jobs = 0; + printer->total_bytes = 0; + + setuptime = (time_t)ntprinter->info_2->setuptime; + t=gmtime(&setuptime); + + printer->year = t->tm_year+1900; + printer->month = t->tm_mon+1; + printer->dayofweek = t->tm_wday; + printer->day = t->tm_mday; + printer->hour = t->tm_hour; + printer->minute = t->tm_min; + printer->second = t->tm_sec; + printer->milliseconds = 0; + + printer->global_counter = global_counter; + printer->total_pages = 0; +#ifdef HAVE_ADS + printer->major_version = 0x0005; /* NT 5 */ + printer->build_version = 0x0893; /* build 2195 */ +#else + printer->major_version = 0x0004; /* NT 4 */ + printer->build_version = 0x0565; /* build 1381 */ +#endif + printer->unknown7 = 0x1; + printer->unknown8 = 0x0; + printer->unknown9 = 0x0; + printer->session_counter = session_counter->counter; + printer->unknown11 = 0x0; + printer->printer_errors = 0x0; /* number of print failure */ + printer->unknown13 = 0x0; + printer->unknown14 = 0x1; + printer->unknown15 = 0x024a; /* 586 Pentium ? */ + printer->unknown16 = 0x0; + printer->change_id = ntprinter->info_2->changeid; /* ChangeID in milliseconds*/ + printer->unknown18 = 0x0; + printer->status = nt_printq_status(status.status); + printer->unknown20 = 0x0; + printer->c_setprinter = get_c_setprinter(); /* monotonically increasing sum of delta printer counts */ + printer->unknown22 = 0x0; + printer->unknown23 = 0x6; /* 6 ???*/ + printer->unknown24 = 0; /* unknown 24 to 26 are always 0 */ + printer->unknown25 = 0; + printer->unknown26 = 0; + printer->unknown27 = 0; + printer->unknown28 = 0; + printer->unknown29 = 0; + + free_a_printer(&ntprinter,2); + return (True); +} + +/******************************************************************** + * construct_printer_info_1 + * fill a printer_info_1 struct + ********************************************************************/ +static BOOL construct_printer_info_1(Printer_entry *print_hnd, uint32 flags, PRINTER_INFO_1 *printer, int snum) +{ + pstring chaine; + pstring chaine2; + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + + if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum)))) + return False; + + printer->flags=flags; + + if (*ntprinter->info_2->comment == '\0') { + init_unistr(&printer->comment, lp_comment(snum)); + slprintf(chaine,sizeof(chaine)-1,"%s,%s,%s", ntprinter->info_2->printername, + ntprinter->info_2->drivername, lp_comment(snum)); + } + else { + init_unistr(&printer->comment, ntprinter->info_2->comment); /* saved comment. */ + slprintf(chaine,sizeof(chaine)-1,"%s,%s,%s", ntprinter->info_2->printername, + ntprinter->info_2->drivername, ntprinter->info_2->comment); + } + + slprintf(chaine2,sizeof(chaine)-1,"%s", ntprinter->info_2->printername); + + init_unistr(&printer->description, chaine); + init_unistr(&printer->name, chaine2); + + free_a_printer(&ntprinter,2); + + return True; +} + +/**************************************************************************** + Free a DEVMODE struct. +****************************************************************************/ + +static void free_dev_mode(DEVICEMODE *dev) +{ + if (dev == NULL) + return; + + SAFE_FREE(dev->private); + SAFE_FREE(dev); +} + + +/**************************************************************************** + Convert an NT_DEVICEMODE to a DEVICEMODE structure. Both pointers + should be valid upon entry +****************************************************************************/ + +static BOOL convert_nt_devicemode( DEVICEMODE *devmode, NT_DEVICEMODE *ntdevmode ) +{ + if ( !devmode || !ntdevmode ) + return False; + + init_unistr(&devmode->devicename, ntdevmode->devicename); + + init_unistr(&devmode->formname, ntdevmode->formname); + + devmode->specversion = ntdevmode->specversion; + devmode->driverversion = ntdevmode->driverversion; + devmode->size = ntdevmode->size; + devmode->driverextra = ntdevmode->driverextra; + devmode->fields = ntdevmode->fields; + + devmode->orientation = ntdevmode->orientation; + devmode->papersize = ntdevmode->papersize; + devmode->paperlength = ntdevmode->paperlength; + devmode->paperwidth = ntdevmode->paperwidth; + devmode->scale = ntdevmode->scale; + devmode->copies = ntdevmode->copies; + devmode->defaultsource = ntdevmode->defaultsource; + devmode->printquality = ntdevmode->printquality; + devmode->color = ntdevmode->color; + devmode->duplex = ntdevmode->duplex; + devmode->yresolution = ntdevmode->yresolution; + devmode->ttoption = ntdevmode->ttoption; + devmode->collate = ntdevmode->collate; + devmode->icmmethod = ntdevmode->icmmethod; + devmode->icmintent = ntdevmode->icmintent; + devmode->mediatype = ntdevmode->mediatype; + devmode->dithertype = ntdevmode->dithertype; + + if (ntdevmode->private != NULL) { + if ((devmode->private=(uint8 *)memdup(ntdevmode->private, ntdevmode->driverextra)) == NULL) + return False; + } + + return True; +} + +/**************************************************************************** + Create a DEVMODE struct. Returns malloced memory. +****************************************************************************/ + +DEVICEMODE *construct_dev_mode(int snum) +{ + NT_PRINTER_INFO_LEVEL *printer = NULL; + DEVICEMODE *devmode = NULL; + + DEBUG(7,("construct_dev_mode\n")); + + DEBUGADD(8,("getting printer characteristics\n")); + + if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) + return NULL; + + if ( !printer->info_2->devmode ) { + DEBUG(5, ("BONG! There was no device mode!\n")); + goto done; + } + + if ((devmode = (DEVICEMODE *)malloc(sizeof(DEVICEMODE))) == NULL) { + DEBUG(2,("construct_dev_mode: malloc fail.\n")); + goto done; + } + + ZERO_STRUCTP(devmode); + + DEBUGADD(8,("loading DEVICEMODE\n")); + + if ( !convert_nt_devicemode( devmode, printer->info_2->devmode ) ) { + free_dev_mode( devmode ); + devmode = NULL; + } + +done: + free_a_printer(&printer,2); + + return devmode; +} + +/******************************************************************** + * construct_printer_info_2 + * fill a printer_info_2 struct + ********************************************************************/ + +static BOOL construct_printer_info_2(Printer_entry *print_hnd, PRINTER_INFO_2 *printer, int snum) +{ + int count; + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + + print_status_struct status; + + if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum)))) + return False; + + count = print_queue_length(snum, &status); + + init_unistr(&printer->servername, ntprinter->info_2->servername); /* servername*/ + init_unistr(&printer->printername, ntprinter->info_2->printername); /* printername*/ + init_unistr(&printer->sharename, lp_servicename(snum)); /* sharename */ + init_unistr(&printer->portname, ntprinter->info_2->portname); /* port */ + init_unistr(&printer->drivername, ntprinter->info_2->drivername); /* drivername */ + + if (*ntprinter->info_2->comment == '\0') + init_unistr(&printer->comment, lp_comment(snum)); /* comment */ + else + init_unistr(&printer->comment, ntprinter->info_2->comment); /* saved comment. */ + + init_unistr(&printer->location, ntprinter->info_2->location); /* location */ + init_unistr(&printer->sepfile, ntprinter->info_2->sepfile); /* separator file */ + init_unistr(&printer->printprocessor, ntprinter->info_2->printprocessor);/* print processor */ + init_unistr(&printer->datatype, ntprinter->info_2->datatype); /* datatype */ + init_unistr(&printer->parameters, ntprinter->info_2->parameters); /* parameters (of print processor) */ + + printer->attributes = ntprinter->info_2->attributes; + + printer->priority = ntprinter->info_2->priority; /* priority */ + printer->defaultpriority = ntprinter->info_2->default_priority; /* default priority */ + printer->starttime = ntprinter->info_2->starttime; /* starttime */ + printer->untiltime = ntprinter->info_2->untiltime; /* untiltime */ + printer->status = nt_printq_status(status.status); /* status */ + printer->cjobs = count; /* jobs */ + printer->averageppm = ntprinter->info_2->averageppm; /* average pages per minute */ + + if((printer->devmode = construct_dev_mode(snum)) == NULL) { + DEBUG(8, ("Returning NULL Devicemode!\n")); + } + + if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->len != 0) { + /* steal the printer info sec_desc structure. [badly done]. */ + printer->secdesc = ntprinter->info_2->secdesc_buf->sec; + ntprinter->info_2->secdesc_buf->sec = NULL; /* Stolen memory. */ + ntprinter->info_2->secdesc_buf->len = 0; /* Stolen memory. */ + ntprinter->info_2->secdesc_buf->max_len = 0; /* Stolen memory. */ + } + else { + printer->secdesc = NULL; + } + + free_a_printer(&ntprinter, 2); + return True; +} + +/******************************************************************** + * construct_printer_info_3 + * fill a printer_info_3 struct + ********************************************************************/ + +static BOOL construct_printer_info_3(Printer_entry *print_hnd, PRINTER_INFO_3 **pp_printer, int snum) +{ + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + PRINTER_INFO_3 *printer = NULL; + + if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum)))) + return False; + + *pp_printer = NULL; + if ((printer = (PRINTER_INFO_3 *)malloc(sizeof(PRINTER_INFO_3))) == NULL) { + DEBUG(2,("construct_printer_info_3: malloc fail.\n")); + return False; + } + + ZERO_STRUCTP(printer); + + printer->flags = 4; /* These are the components of the SD we are returning. */ + if (ntprinter->info_2->secdesc_buf && ntprinter->info_2->secdesc_buf->len != 0) { + /* steal the printer info sec_desc structure. [badly done]. */ + printer->secdesc = ntprinter->info_2->secdesc_buf->sec; + +#if 0 + /* + * Set the flags for the components we are returning. + */ + + if (printer->secdesc->owner_sid) + printer->flags |= OWNER_SECURITY_INFORMATION; + + if (printer->secdesc->grp_sid) + printer->flags |= GROUP_SECURITY_INFORMATION; + + if (printer->secdesc->dacl) + printer->flags |= DACL_SECURITY_INFORMATION; + + if (printer->secdesc->sacl) + printer->flags |= SACL_SECURITY_INFORMATION; +#endif + + ntprinter->info_2->secdesc_buf->sec = NULL; /* Stolen the malloced memory. */ + ntprinter->info_2->secdesc_buf->len = 0; /* Stolen the malloced memory. */ + ntprinter->info_2->secdesc_buf->max_len = 0; /* Stolen the malloced memory. */ + } + + free_a_printer(&ntprinter, 2); + + *pp_printer = printer; + return True; +} + +/******************************************************************** + * construct_printer_info_4 + * fill a printer_info_4 struct + ********************************************************************/ + +static BOOL construct_printer_info_4(Printer_entry *print_hnd, PRINTER_INFO_4 *printer, int snum) +{ + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + + if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum)))) + return False; + + init_unistr(&printer->printername, ntprinter->info_2->printername); /* printername*/ + init_unistr(&printer->servername, ntprinter->info_2->servername); /* servername*/ + printer->attributes = ntprinter->info_2->attributes; + + free_a_printer(&ntprinter, 2); + return True; +} + +/******************************************************************** + * construct_printer_info_5 + * fill a printer_info_5 struct + ********************************************************************/ + +static BOOL construct_printer_info_5(Printer_entry *print_hnd, PRINTER_INFO_5 *printer, int snum) +{ + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + + if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum)))) + return False; + + init_unistr(&printer->printername, ntprinter->info_2->printername); + init_unistr(&printer->portname, ntprinter->info_2->portname); + printer->attributes = ntprinter->info_2->attributes; + + /* these two are not used by NT+ according to MSDN */ + + printer->device_not_selected_timeout = 0x0; /* have seen 0x3a98 */ + printer->transmission_retry_timeout = 0x0; /* have seen 0xafc8 */ + + free_a_printer(&ntprinter, 2); + + return True; +} + +/******************************************************************** + * construct_printer_info_7 + * fill a printer_info_7 struct + ********************************************************************/ + +static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *printer, int snum) +{ + char *guid_str = NULL; + GUID guid; + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_init("dump_guid"); + if (!mem_ctx) return; + + if (is_printer_published(print_hnd, snum, &guid)) { + asprintf(&guid_str, "{%s}", uuid_string(mem_ctx, guid)); + strupper(guid_str); + init_unistr(&printer->guid, guid_str); + printer->action = SPOOL_DS_PUBLISH; + } else { + init_unistr(&printer->guid, ""); + printer->action = SPOOL_DS_UNPUBLISH; + } + talloc_destroy(mem_ctx); + + return True; +} + +/******************************************************************** + Spoolss_enumprinters. +********************************************************************/ + +static WERROR enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + int snum; + int i; + int n_services=lp_numservices(); + PRINTER_INFO_1 *tp, *printers=NULL; + PRINTER_INFO_1 current_prt; + + DEBUG(4,("enum_all_printers_info_1\n")); + + for (snum=0; snum<n_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) { + DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum)); + + if (construct_printer_info_1(NULL, flags, ¤t_prt, snum)) { + if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) { + DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n")); + SAFE_FREE(printers); + *returned=0; + return WERR_NOMEM; + } + else printers = tp; + DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned)); + + memcpy(&printers[*returned], ¤t_prt, sizeof(PRINTER_INFO_1)); + (*returned)++; + } + } + } + + /* check the required size. */ + for (i=0; i<*returned; i++) + (*needed) += spoolss_size_printer_info_1(&printers[i]); + + if (!alloc_buffer_size(buffer, *needed)) + return WERR_INSUFFICIENT_BUFFER; + + /* fill the buffer with the structures */ + for (i=0; i<*returned; i++) + smb_io_printer_info_1("", buffer, &printers[i], 0); + + /* clear memory */ + SAFE_FREE(printers); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + else + return WERR_OK; +} + +/******************************************************************** + enum_all_printers_info_1_local. +*********************************************************************/ + +static WERROR enum_all_printers_info_1_local(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + DEBUG(4,("enum_all_printers_info_1_local\n")); + + return enum_all_printers_info_1(PRINTER_ENUM_ICON8, buffer, offered, needed, returned); +} + +/******************************************************************** + enum_all_printers_info_1_name. +*********************************************************************/ + +static WERROR enum_all_printers_info_1_name(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + char *s = name; + + DEBUG(4,("enum_all_printers_info_1_name\n")); + + if ((name[0] == '\\') && (name[1] == '\\')) + s = name + 2; + + if (is_myname_or_ipaddr(s)) { + return enum_all_printers_info_1(PRINTER_ENUM_ICON8, buffer, offered, needed, returned); + } + else + return WERR_INVALID_NAME; +} + +/******************************************************************** + enum_all_printers_info_1_remote. +*********************************************************************/ + +static WERROR enum_all_printers_info_1_remote(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + PRINTER_INFO_1 *printer; + fstring printername; + fstring desc; + fstring comment; + DEBUG(4,("enum_all_printers_info_1_remote\n")); + + /* JFM: currently it's more a place holder than anything else. + * In the spooler world there is a notion of server registration. + * the print servers are registring (sp ?) on the PDC (in the same domain) + * + * We should have a TDB here. The registration is done thru an undocumented RPC call. + */ + + if((printer=(PRINTER_INFO_1 *)malloc(sizeof(PRINTER_INFO_1))) == NULL) + return WERR_NOMEM; + + *returned=1; + + slprintf(printername, sizeof(printername)-1,"Windows NT Remote Printers!!\\\\%s", get_called_name()); + slprintf(desc, sizeof(desc)-1,"%s", get_called_name()); + slprintf(comment, sizeof(comment)-1, "Logged on Domain"); + + init_unistr(&printer->description, desc); + init_unistr(&printer->name, printername); + init_unistr(&printer->comment, comment); + printer->flags=PRINTER_ENUM_ICON3|PRINTER_ENUM_CONTAINER; + + /* check the required size. */ + *needed += spoolss_size_printer_info_1(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_info_1("", buffer, printer, 0); + + /* clear memory */ + SAFE_FREE(printer); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + else + return WERR_OK; +} + +/******************************************************************** + enum_all_printers_info_1_network. +*********************************************************************/ + +static WERROR enum_all_printers_info_1_network(fstring name, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + char *s = name; + + DEBUG(4,("enum_all_printers_info_1_network\n")); + + /* If we respond to a enum_printers level 1 on our name with flags + set to PRINTER_ENUM_REMOTE with a list of printers then these + printers incorrectly appear in the APW browse list. + Specifically the printers for the server appear at the workgroup + level where all the other servers in the domain are + listed. Windows responds to this call with a + WERR_CAN_NOT_COMPLETE so we should do the same. */ + + if (name[0] == '\\' && name[1] == '\\') + s = name + 2; + + if (is_myname_or_ipaddr(s)) + return WERR_CAN_NOT_COMPLETE; + + return enum_all_printers_info_1(PRINTER_ENUM_UNKNOWN_8, buffer, offered, needed, returned); +} + +/******************************************************************** + * api_spoolss_enumprinters + * + * called from api_spoolss_enumprinters (see this to understand) + ********************************************************************/ + +static WERROR enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + int snum; + int i; + int n_services=lp_numservices(); + PRINTER_INFO_2 *tp, *printers=NULL; + PRINTER_INFO_2 current_prt; + + for (snum=0; snum<n_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) { + DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum)); + + if (construct_printer_info_2(NULL, ¤t_prt, snum)) { + if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) { + DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n")); + SAFE_FREE(printers); + *returned = 0; + return WERR_NOMEM; + } + else printers = tp; + DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned)); + memcpy(&printers[*returned], ¤t_prt, sizeof(PRINTER_INFO_2)); + (*returned)++; + } + } + } + + /* check the required size. */ + for (i=0; i<*returned; i++) + (*needed) += spoolss_size_printer_info_2(&printers[i]); + + if (!alloc_buffer_size(buffer, *needed)) { + for (i=0; i<*returned; i++) { + free_devmode(printers[i].devmode); + } + SAFE_FREE(printers); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + for (i=0; i<*returned; i++) + smb_io_printer_info_2("", buffer, &(printers[i]), 0); + + /* clear memory */ + for (i=0; i<*returned; i++) { + free_devmode(printers[i].devmode); + } + SAFE_FREE(printers); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + else + return WERR_OK; +} + +/******************************************************************** + * handle enumeration of printers at level 1 + ********************************************************************/ + +static WERROR enumprinters_level1( uint32 flags, fstring name, + NEW_BUFFER *buffer, uint32 offered, + uint32 *needed, uint32 *returned) +{ + /* Not all the flags are equals */ + + if (flags & PRINTER_ENUM_LOCAL) + return enum_all_printers_info_1_local(buffer, offered, needed, returned); + + if (flags & PRINTER_ENUM_NAME) + return enum_all_printers_info_1_name(name, buffer, offered, needed, returned); + + if (flags & PRINTER_ENUM_REMOTE) + return enum_all_printers_info_1_remote(name, buffer, offered, needed, returned); + + if (flags & PRINTER_ENUM_NETWORK) + return enum_all_printers_info_1_network(name, buffer, offered, needed, returned); + + return WERR_OK; /* NT4sp5 does that */ +} + +/******************************************************************** + * handle enumeration of printers at level 2 + ********************************************************************/ + +static WERROR enumprinters_level2( uint32 flags, fstring servername, + NEW_BUFFER *buffer, uint32 offered, + uint32 *needed, uint32 *returned) +{ + char *s = servername; + + if (flags & PRINTER_ENUM_LOCAL) { + return enum_all_printers_info_2(buffer, offered, needed, returned); + } + + if (flags & PRINTER_ENUM_NAME) { + if ((servername[0] == '\\') && (servername[1] == '\\')) + s = servername + 2; + if (is_myname_or_ipaddr(s)) + return enum_all_printers_info_2(buffer, offered, needed, returned); + else + return WERR_INVALID_NAME; + } + + if (flags & PRINTER_ENUM_REMOTE) + return WERR_UNKNOWN_LEVEL; + + return WERR_OK; +} + +/******************************************************************** + * handle enumeration of printers at level 5 + ********************************************************************/ + +static WERROR enumprinters_level5( uint32 flags, fstring servername, + NEW_BUFFER *buffer, uint32 offered, + uint32 *needed, uint32 *returned) +{ +/* return enum_all_printers_info_5(buffer, offered, needed, returned);*/ + return WERR_OK; +} + +/******************************************************************** + * api_spoolss_enumprinters + * + * called from api_spoolss_enumprinters (see this to understand) + ********************************************************************/ + +WERROR _spoolss_enumprinters( pipes_struct *p, SPOOL_Q_ENUMPRINTERS *q_u, SPOOL_R_ENUMPRINTERS *r_u) +{ + uint32 flags = q_u->flags; + UNISTR2 *servername = &q_u->servername; + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *returned = &r_u->returned; + + fstring name; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(4,("_spoolss_enumprinters\n")); + + *needed=0; + *returned=0; + + /* + * Level 1: + * flags==PRINTER_ENUM_NAME + * if name=="" then enumerates all printers + * if name!="" then enumerate the printer + * flags==PRINTER_ENUM_REMOTE + * name is NULL, enumerate printers + * Level 2: name!="" enumerates printers, name can't be NULL + * Level 3: doesn't exist + * Level 4: does a local registry lookup + * Level 5: same as Level 2 + */ + + unistr2_to_ascii(name, servername, sizeof(name)-1); + strupper(name); + + switch (level) { + case 1: + return enumprinters_level1(flags, name, buffer, offered, needed, returned); + case 2: + return enumprinters_level2(flags, name, buffer, offered, needed, returned); + case 5: + return enumprinters_level5(flags, name, buffer, offered, needed, returned); + case 3: + case 4: + break; + } + return WERR_UNKNOWN_LEVEL; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinter_level_0(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + PRINTER_INFO_0 *printer=NULL; + + if((printer=(PRINTER_INFO_0*)malloc(sizeof(PRINTER_INFO_0))) == NULL) + return WERR_NOMEM; + + construct_printer_info_0(print_hnd, printer, snum); + + /* check the required size. */ + *needed += spoolss_size_printer_info_0(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_info_0("", buffer, printer, 0); + + /* clear memory */ + SAFE_FREE(printer); + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinter_level_1(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + PRINTER_INFO_1 *printer=NULL; + + if((printer=(PRINTER_INFO_1*)malloc(sizeof(PRINTER_INFO_1))) == NULL) + return WERR_NOMEM; + + construct_printer_info_1(print_hnd, PRINTER_ENUM_ICON8, printer, snum); + + /* check the required size. */ + *needed += spoolss_size_printer_info_1(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_info_1("", buffer, printer, 0); + + /* clear memory */ + SAFE_FREE(printer); + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinter_level_2(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + PRINTER_INFO_2 *printer=NULL; + + if((printer=(PRINTER_INFO_2*)malloc(sizeof(PRINTER_INFO_2)))==NULL) + return WERR_NOMEM; + + construct_printer_info_2(print_hnd, printer, snum); + + /* check the required size. */ + *needed += spoolss_size_printer_info_2(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + free_printer_info_2(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + if (!smb_io_printer_info_2("", buffer, printer, 0)) { + free_printer_info_2(printer); + return WERR_NOMEM; + } + + /* clear memory */ + free_printer_info_2(printer); + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinter_level_3(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + PRINTER_INFO_3 *printer=NULL; + + if (!construct_printer_info_3(print_hnd, &printer, snum)) + return WERR_NOMEM; + + /* check the required size. */ + *needed += spoolss_size_printer_info_3(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + free_printer_info_3(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_info_3("", buffer, printer, 0); + + /* clear memory */ + free_printer_info_3(printer); + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinter_level_4(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + PRINTER_INFO_4 *printer=NULL; + + if((printer=(PRINTER_INFO_4*)malloc(sizeof(PRINTER_INFO_4)))==NULL) + return WERR_NOMEM; + + if (!construct_printer_info_4(print_hnd, printer, snum)) + return WERR_NOMEM; + + /* check the required size. */ + *needed += spoolss_size_printer_info_4(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + free_printer_info_4(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_info_4("", buffer, printer, 0); + + /* clear memory */ + free_printer_info_4(printer); + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinter_level_5(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + PRINTER_INFO_5 *printer=NULL; + + if((printer=(PRINTER_INFO_5*)malloc(sizeof(PRINTER_INFO_5)))==NULL) + return WERR_NOMEM; + + if (!construct_printer_info_5(print_hnd, printer, snum)) + return WERR_NOMEM; + + /* check the required size. */ + *needed += spoolss_size_printer_info_5(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + free_printer_info_5(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_info_5("", buffer, printer, 0); + + /* clear memory */ + free_printer_info_5(printer); + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +static WERROR getprinter_level_7(Printer_entry *print_hnd, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + PRINTER_INFO_7 *printer=NULL; + + if((printer=(PRINTER_INFO_7*)malloc(sizeof(PRINTER_INFO_7)))==NULL) + return WERR_NOMEM; + + if (!construct_printer_info_7(print_hnd, printer, snum)) + return WERR_NOMEM; + + /* check the required size. */ + *needed += spoolss_size_printer_info_7(printer); + + if (!alloc_buffer_size(buffer, *needed)) { + free_printer_info_7(printer); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_info_7("", buffer, printer, 0); + + /* clear memory */ + free_printer_info_7(printer); + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_getprinter(pipes_struct *p, SPOOL_Q_GETPRINTER *q_u, SPOOL_R_GETPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + + int snum; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + *needed=0; + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + switch (level) { + case 0: + return getprinter_level_0(Printer, snum, buffer, offered, needed); + case 1: + return getprinter_level_1(Printer, snum, buffer, offered, needed); + case 2: + return getprinter_level_2(Printer, snum, buffer, offered, needed); + case 3: + return getprinter_level_3(Printer, snum, buffer, offered, needed); + case 4: + return getprinter_level_4(Printer, snum, buffer, offered, needed); + case 5: + return getprinter_level_5(Printer, snum, buffer, offered, needed); + case 7: + return getprinter_level_7(Printer, snum, buffer, offered, needed); + } + return WERR_UNKNOWN_LEVEL; +} + +/******************************************************************** + * fill a DRIVER_INFO_1 struct + ********************************************************************/ + +static void fill_printer_driver_info_1(DRIVER_INFO_1 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername, fstring architecture) +{ + init_unistr( &info->name, driver.info_3->name); +} + +/******************************************************************** + * construct_printer_driver_info_1 + ********************************************************************/ + +static WERROR construct_printer_driver_info_1(DRIVER_INFO_1 *info, int snum, fstring servername, fstring architecture, uint32 version) +{ + NT_PRINTER_INFO_LEVEL *printer = NULL; + NT_PRINTER_DRIVER_INFO_LEVEL driver; + + ZERO_STRUCT(driver); + + if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) + return WERR_INVALID_PRINTER_NAME; + + if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) + return WERR_UNKNOWN_PRINTER_DRIVER; + + fill_printer_driver_info_1(info, driver, servername, architecture); + + free_a_printer(&printer,2); + + return WERR_OK; +} + +/******************************************************************** + * construct_printer_driver_info_2 + * fill a printer_info_2 struct + ********************************************************************/ + +static void fill_printer_driver_info_2(DRIVER_INFO_2 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername) +{ + pstring temp; + + info->version=driver.info_3->cversion; + + init_unistr( &info->name, driver.info_3->name ); + init_unistr( &info->architecture, driver.info_3->environment ); + + + if (strlen(driver.info_3->driverpath)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath); + init_unistr( &info->driverpath, temp ); + } else + init_unistr( &info->driverpath, "" ); + + if (strlen(driver.info_3->datafile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile); + init_unistr( &info->datafile, temp ); + } else + init_unistr( &info->datafile, "" ); + + if (strlen(driver.info_3->configfile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile); + init_unistr( &info->configfile, temp ); + } else + init_unistr( &info->configfile, "" ); +} + +/******************************************************************** + * construct_printer_driver_info_2 + * fill a printer_info_2 struct + ********************************************************************/ + +static WERROR construct_printer_driver_info_2(DRIVER_INFO_2 *info, int snum, fstring servername, fstring architecture, uint32 version) +{ + NT_PRINTER_INFO_LEVEL *printer = NULL; + NT_PRINTER_DRIVER_INFO_LEVEL driver; + + ZERO_STRUCT(printer); + ZERO_STRUCT(driver); + + if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum)))) + return WERR_INVALID_PRINTER_NAME; + + if (!W_ERROR_IS_OK(get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version))) + return WERR_UNKNOWN_PRINTER_DRIVER; + + fill_printer_driver_info_2(info, driver, servername); + + free_a_printer(&printer,2); + + return WERR_OK; +} + +/******************************************************************** + * copy a strings array and convert to UNICODE + * + * convert an array of ascii string to a UNICODE string + ********************************************************************/ + +static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const char *servername) +{ + int i=0; + int j=0; + const char *v; + pstring line; + uint16 *tuary; + + DEBUG(6,("init_unistr_array\n")); + *uni_array=NULL; + + while (True) + { + if ( !char_array ) + v = ""; + else + { + v = char_array[i]; + if (!v) + v = ""; /* hack to handle null lists */ + } + + /* hack to allow this to be used in places other than when generating + the list of dependent files */ + + if ( servername ) + slprintf( line, sizeof(line)-1, "\\\\%s%s", servername, v ); + else + pstrcpy( line, v ); + + DEBUGADD(6,("%d:%s:%d\n", i, line, strlen(line))); + + /* add one extra unit16 for the second terminating NULL */ + + if ( (tuary=Realloc(*uni_array, (j+1+strlen(line)+2)*sizeof(uint16))) == NULL ) { + DEBUG(2,("init_unistr_array: Realloc error\n" )); + return 0; + } else + *uni_array = tuary; + + if ( !strlen(v) ) + break; + + j += (rpcstr_push((*uni_array+j), line, sizeof(uint16)*strlen(line)+2, STR_TERMINATE) / sizeof(uint16)); + i++; + } + + if (*uni_array) { + /* special case for ""; we need to add both NULL's here */ + if (!j) + (*uni_array)[j++]=0x0000; + (*uni_array)[j]=0x0000; + } + + DEBUGADD(6,("last one:done\n")); + + /* return size of array in uint16's */ + + return j+1; +} + +/******************************************************************** + * construct_printer_info_3 + * fill a printer_info_3 struct + ********************************************************************/ + +static void fill_printer_driver_info_3(DRIVER_INFO_3 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername) +{ + pstring temp; + + ZERO_STRUCTP(info); + + info->version=driver.info_3->cversion; + + init_unistr( &info->name, driver.info_3->name ); + init_unistr( &info->architecture, driver.info_3->environment ); + + if (strlen(driver.info_3->driverpath)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath); + init_unistr( &info->driverpath, temp ); + } else + init_unistr( &info->driverpath, "" ); + + if (strlen(driver.info_3->datafile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile); + init_unistr( &info->datafile, temp ); + } else + init_unistr( &info->datafile, "" ); + + if (strlen(driver.info_3->configfile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile); + init_unistr( &info->configfile, temp ); + } else + init_unistr( &info->configfile, "" ); + + if (strlen(driver.info_3->helpfile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->helpfile); + init_unistr( &info->helpfile, temp ); + } else + init_unistr( &info->helpfile, "" ); + + init_unistr( &info->monitorname, driver.info_3->monitorname ); + init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype ); + + info->dependentfiles=NULL; + init_unistr_array(&info->dependentfiles, driver.info_3->dependentfiles, servername); +} + +/******************************************************************** + * construct_printer_info_3 + * fill a printer_info_3 struct + ********************************************************************/ + +static WERROR construct_printer_driver_info_3(DRIVER_INFO_3 *info, int snum, fstring servername, fstring architecture, uint32 version) +{ + NT_PRINTER_INFO_LEVEL *printer = NULL; + NT_PRINTER_DRIVER_INFO_LEVEL driver; + WERROR status; + ZERO_STRUCT(driver); + + status=get_a_printer(NULL, &printer, 2, lp_const_servicename(snum) ); + DEBUG(8,("construct_printer_driver_info_3: status: %s\n", dos_errstr(status))); + if (!W_ERROR_IS_OK(status)) + return WERR_INVALID_PRINTER_NAME; + + status=get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version); + DEBUG(8,("construct_printer_driver_info_3: status: %s\n", dos_errstr(status))); + +#if 0 /* JERRY */ + + /* + * I put this code in during testing. Helpful when commenting out the + * support for DRIVER_INFO_6 in regards to win2k. Not needed in general + * as win2k always queries the driver using an infor level of 6. + * I've left it in (but ifdef'd out) because I'll probably + * use it in experimentation again in the future. --jerry 22/01/2002 + */ + + if (!W_ERROR_IS_OK(status)) { + /* + * Is this a W2k client ? + */ + if (version == 3) { + /* Yes - try again with a WinNT driver. */ + version = 2; + status=get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version); + DEBUG(8,("construct_printer_driver_info_3: status: %s\n", dos_errstr(status))); + } +#endif + + if (!W_ERROR_IS_OK(status)) { + free_a_printer(&printer,2); + return WERR_UNKNOWN_PRINTER_DRIVER; + } + +#if 0 /* JERRY */ + } +#endif + + + fill_printer_driver_info_3(info, driver, servername); + + free_a_printer(&printer,2); + + return WERR_OK; +} + +/******************************************************************** + * construct_printer_info_6 + * fill a printer_info_6 struct - we know that driver is really level 3. This sucks. JRA. + ********************************************************************/ + +static void fill_printer_driver_info_6(DRIVER_INFO_6 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername) +{ + pstring temp; + fstring nullstr; + + ZERO_STRUCTP(info); + memset(&nullstr, '\0', sizeof(fstring)); + + info->version=driver.info_3->cversion; + + init_unistr( &info->name, driver.info_3->name ); + init_unistr( &info->architecture, driver.info_3->environment ); + + if (strlen(driver.info_3->driverpath)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath); + init_unistr( &info->driverpath, temp ); + } else + init_unistr( &info->driverpath, "" ); + + if (strlen(driver.info_3->datafile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile); + init_unistr( &info->datafile, temp ); + } else + init_unistr( &info->datafile, "" ); + + if (strlen(driver.info_3->configfile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile); + init_unistr( &info->configfile, temp ); + } else + init_unistr( &info->configfile, "" ); + + if (strlen(driver.info_3->helpfile)) { + slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->helpfile); + init_unistr( &info->helpfile, temp ); + } else + init_unistr( &info->helpfile, "" ); + + init_unistr( &info->monitorname, driver.info_3->monitorname ); + init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype ); + + info->dependentfiles = NULL; + init_unistr_array( &info->dependentfiles, driver.info_3->dependentfiles, servername ); + + info->previousdrivernames=NULL; + init_unistr_array(&info->previousdrivernames, &nullstr, servername); + + info->driver_date.low=0; + info->driver_date.high=0; + + info->padding=0; + info->driver_version_low=0; + info->driver_version_high=0; + + init_unistr( &info->mfgname, ""); + init_unistr( &info->oem_url, ""); + init_unistr( &info->hardware_id, ""); + init_unistr( &info->provider, ""); +} + +/******************************************************************** + * construct_printer_info_6 + * fill a printer_info_6 struct + ********************************************************************/ + +static WERROR construct_printer_driver_info_6(DRIVER_INFO_6 *info, int snum, + fstring servername, fstring architecture, uint32 version) +{ + NT_PRINTER_INFO_LEVEL *printer = NULL; + NT_PRINTER_DRIVER_INFO_LEVEL driver; + WERROR status; + + ZERO_STRUCT(driver); + + status=get_a_printer(NULL, &printer, 2, lp_const_servicename(snum) ); + + DEBUG(8,("construct_printer_driver_info_6: status: %s\n", dos_errstr(status))); + + if (!W_ERROR_IS_OK(status)) + return WERR_INVALID_PRINTER_NAME; + + status = get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version); + + DEBUG(8,("construct_printer_driver_info_6: status: %s\n", dos_errstr(status))); + + if (!W_ERROR_IS_OK(status)) + { + /* + * Is this a W2k client ? + */ + + if (version < 3) { + free_a_printer(&printer,2); + return WERR_UNKNOWN_PRINTER_DRIVER; + } + + /* Yes - try again with a WinNT driver. */ + version = 2; + status=get_a_printer_driver(&driver, 3, printer->info_2->drivername, architecture, version); + DEBUG(8,("construct_printer_driver_info_6: status: %s\n", dos_errstr(status))); + if (!W_ERROR_IS_OK(status)) { + free_a_printer(&printer,2); + return WERR_UNKNOWN_PRINTER_DRIVER; + } + } + + fill_printer_driver_info_6(info, driver, servername); + + free_a_printer(&printer,2); + free_a_printer_driver(driver, 3); + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static void free_printer_driver_info_3(DRIVER_INFO_3 *info) +{ + SAFE_FREE(info->dependentfiles); +} + +/**************************************************************************** +****************************************************************************/ + +static void free_printer_driver_info_6(DRIVER_INFO_6 *info) +{ + SAFE_FREE(info->dependentfiles); + +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinterdriver2_level1(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + DRIVER_INFO_1 *info=NULL; + WERROR status; + + if((info=(DRIVER_INFO_1 *)malloc(sizeof(DRIVER_INFO_1))) == NULL) + return WERR_NOMEM; + + status=construct_printer_driver_info_1(info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(status)) { + SAFE_FREE(info); + return status; + } + + /* check the required size. */ + *needed += spoolss_size_printer_driver_info_1(info); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(info); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_driver_info_1("", buffer, info, 0); + + /* clear memory */ + SAFE_FREE(info); + + if (*needed > offered) + return WERR_INSUFFICIENT_BUFFER; + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinterdriver2_level2(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + DRIVER_INFO_2 *info=NULL; + WERROR status; + + if((info=(DRIVER_INFO_2 *)malloc(sizeof(DRIVER_INFO_2))) == NULL) + return WERR_NOMEM; + + status=construct_printer_driver_info_2(info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(status)) { + SAFE_FREE(info); + return status; + } + + /* check the required size. */ + *needed += spoolss_size_printer_driver_info_2(info); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(info); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_driver_info_2("", buffer, info, 0); + + /* clear memory */ + SAFE_FREE(info); + + if (*needed > offered) + return WERR_INSUFFICIENT_BUFFER; + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinterdriver2_level3(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + DRIVER_INFO_3 info; + WERROR status; + + ZERO_STRUCT(info); + + status=construct_printer_driver_info_3(&info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(status)) { + return status; + } + + /* check the required size. */ + *needed += spoolss_size_printer_driver_info_3(&info); + + if (!alloc_buffer_size(buffer, *needed)) { + free_printer_driver_info_3(&info); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_driver_info_3("", buffer, &info, 0); + + free_printer_driver_info_3(&info); + + if (*needed > offered) + return WERR_INSUFFICIENT_BUFFER; + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinterdriver2_level6(fstring servername, fstring architecture, uint32 version, int snum, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + DRIVER_INFO_6 info; + WERROR status; + + ZERO_STRUCT(info); + + status=construct_printer_driver_info_6(&info, snum, servername, architecture, version); + if (!W_ERROR_IS_OK(status)) { + return status; + } + + /* check the required size. */ + *needed += spoolss_size_printer_driver_info_6(&info); + + if (!alloc_buffer_size(buffer, *needed)) { + free_printer_driver_info_6(&info); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + smb_io_printer_driver_info_6("", buffer, &info, 0); + + free_printer_driver_info_6(&info); + + if (*needed > offered) + return WERR_INSUFFICIENT_BUFFER; + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_getprinterdriver2(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVER2 *q_u, SPOOL_R_GETPRINTERDRIVER2 *r_u) +{ + POLICY_HND *handle = &q_u->handle; + UNISTR2 *uni_arch = &q_u->architecture; + uint32 level = q_u->level; + uint32 clientmajorversion = q_u->clientmajorversion; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *servermajorversion = &r_u->servermajorversion; + uint32 *serverminorversion = &r_u->serverminorversion; + + fstring servername; + fstring architecture; + int snum; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(4,("_spoolss_getprinterdriver2\n")); + + *needed = 0; + *servermajorversion = 0; + *serverminorversion = 0; + + fstrcpy(servername, get_called_name()); + unistr2_to_ascii(architecture, uni_arch, sizeof(architecture)-1); + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + switch (level) { + case 1: + return getprinterdriver2_level1(servername, architecture, clientmajorversion, snum, buffer, offered, needed); + case 2: + return getprinterdriver2_level2(servername, architecture, clientmajorversion, snum, buffer, offered, needed); + case 3: + return getprinterdriver2_level3(servername, architecture, clientmajorversion, snum, buffer, offered, needed); + case 6: + return getprinterdriver2_level6(servername, architecture, clientmajorversion, snum, buffer, offered, needed); + } + + return WERR_UNKNOWN_LEVEL; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_startpageprinter(pipes_struct *p, SPOOL_Q_STARTPAGEPRINTER *q_u, SPOOL_R_STARTPAGEPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + if (!Printer) { + DEBUG(3,("Error in startpageprinter printer handle\n")); + return WERR_BADFID; + } + + Printer->page_started=True; + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_endpageprinter(pipes_struct *p, SPOOL_Q_ENDPAGEPRINTER *q_u, SPOOL_R_ENDPAGEPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + int snum; + + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + if (!Printer) { + DEBUG(2,("_spoolss_endpageprinter: Invalid handle (%s:%u:%u).\n",OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + Printer->page_started=False; + print_job_endpage(snum, Printer->jobid); + + return WERR_OK; +} + +/******************************************************************** + * api_spoolss_getprinter + * called from the spoolss dispatcher + * + ********************************************************************/ + +WERROR _spoolss_startdocprinter(pipes_struct *p, SPOOL_Q_STARTDOCPRINTER *q_u, SPOOL_R_STARTDOCPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + DOC_INFO *docinfo = &q_u->doc_info_container.docinfo; + uint32 *jobid = &r_u->jobid; + + DOC_INFO_1 *info_1 = &docinfo->doc_info_1; + int snum; + pstring jobname; + fstring datatype; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + struct current_user user; + + if (!Printer) { + DEBUG(2,("_spoolss_startdocprinter: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + get_current_user(&user, p); + + /* + * a nice thing with NT is it doesn't listen to what you tell it. + * when asked to send _only_ RAW datas, it tries to send datas + * in EMF format. + * + * So I add checks like in NT Server ... + */ + + if (info_1->p_datatype != 0) { + unistr2_to_ascii(datatype, &info_1->datatype, sizeof(datatype)); + if (strcmp(datatype, "RAW") != 0) { + (*jobid)=0; + return WERR_INVALID_DATATYPE; + } + } + + /* get the share number of the printer */ + if (!get_printer_snum(p, handle, &snum)) { + return WERR_BADFID; + } + + unistr2_to_ascii(jobname, &info_1->docname, sizeof(jobname)); + + Printer->jobid = print_job_start(&user, snum, jobname, Printer->nt_devmode); + + /* An error occured in print_job_start() so return an appropriate + NT error code. */ + + if (Printer->jobid == -1) { + return map_werror_from_unix(errno); + } + + Printer->document_started=True; + (*jobid) = Printer->jobid; + + return WERR_OK; +} + +/******************************************************************** + * api_spoolss_getprinter + * called from the spoolss dispatcher + * + ********************************************************************/ + +WERROR _spoolss_enddocprinter(pipes_struct *p, SPOOL_Q_ENDDOCPRINTER *q_u, SPOOL_R_ENDDOCPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + + return _spoolss_enddocprinter_internal(p, handle); +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_writeprinter(pipes_struct *p, SPOOL_Q_WRITEPRINTER *q_u, SPOOL_R_WRITEPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 buffer_size = q_u->buffer_size; + uint8 *buffer = q_u->buffer; + uint32 *buffer_written = &q_u->buffer_size2; + int snum; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + if (!Printer) { + DEBUG(2,("_spoolss_writeprinter: Invalid handle (%s:%u:%u)\n",OUR_HANDLE(handle))); + r_u->buffer_written = q_u->buffer_size2; + return WERR_BADFID; + } + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + (*buffer_written) = print_job_write(snum, Printer->jobid, (char *)buffer, buffer_size); + if (*buffer_written == -1) { + r_u->buffer_written = 0; + if (errno == ENOSPC) + return WERR_NO_SPOOL_SPACE; + else + return WERR_ACCESS_DENIED; + } + + r_u->buffer_written = q_u->buffer_size2; + + return WERR_OK; +} + +/******************************************************************** + * api_spoolss_getprinter + * called from the spoolss dispatcher + * + ********************************************************************/ + +static WERROR control_printer(POLICY_HND *handle, uint32 command, + pipes_struct *p) +{ + struct current_user user; + int snum; + WERROR errcode = WERR_BADFUNC; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + get_current_user(&user, p); + + if (!Printer) { + DEBUG(2,("control_printer: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + switch (command) { + case PRINTER_CONTROL_PAUSE: + if (print_queue_pause(&user, snum, &errcode)) { + errcode = WERR_OK; + } + break; + case PRINTER_CONTROL_RESUME: + case PRINTER_CONTROL_UNPAUSE: + if (print_queue_resume(&user, snum, &errcode)) { + errcode = WERR_OK; + } + break; + case PRINTER_CONTROL_PURGE: + if (print_queue_purge(&user, snum, &errcode)) { + errcode = WERR_OK; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + + return errcode; +} + +/******************************************************************** + * api_spoolss_abortprinter + * From MSDN: "Deletes printer's spool file if printer is configured + * for spooling" + ********************************************************************/ + +WERROR _spoolss_abortprinter(pipes_struct *p, SPOOL_Q_ABORTPRINTER *q_u, SPOOL_R_ABORTPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + int snum; + struct current_user user; + WERROR errcode = WERR_OK; + + if (!Printer) { + DEBUG(2,("_spoolss_abortprinter: Invalid handle (%s:%u:%u)\n",OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + get_current_user( &user, p ); + + print_job_delete( &user, snum, Printer->jobid, &errcode ); + + return errcode; +} + +/******************************************************************** + * called by spoolss_api_setprinter + * when updating a printer description + ********************************************************************/ + +static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, + const SPOOL_PRINTER_INFO_LEVEL *info, + pipes_struct *p, SEC_DESC_BUF *secdesc_ctr) +{ + SEC_DESC_BUF *new_secdesc_ctr = NULL, *old_secdesc_ctr = NULL; + struct current_user user; + WERROR result; + int snum; + + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + if (!Printer || !get_printer_snum(p, handle, &snum)) { + DEBUG(2,("update_printer_sec: Invalid handle (%s:%u:%u)\n", + OUR_HANDLE(handle))); + + result = WERR_BADFID; + goto done; + } + + /* NT seems to like setting the security descriptor even though + nothing may have actually changed. This causes annoying + dialog boxes when the user doesn't have permission to change + the security descriptor. */ + + nt_printing_getsec(p->mem_ctx, Printer->dev.handlename, &old_secdesc_ctr); + + if (DEBUGLEVEL >= 10) { + SEC_ACL *the_acl; + int i; + + the_acl = old_secdesc_ctr->sec->dacl; + DEBUG(10, ("old_secdesc_ctr for %s has %d aces:\n", + PRINTERNAME(snum), the_acl->num_aces)); + + for (i = 0; i < the_acl->num_aces; i++) { + fstring sid_str; + + sid_to_string(sid_str, &the_acl->ace[i].trustee); + + DEBUG(10, ("%s 0x%08x\n", sid_str, + the_acl->ace[i].info.mask)); + } + + the_acl = secdesc_ctr->sec->dacl; + + if (the_acl) { + DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", + PRINTERNAME(snum), the_acl->num_aces)); + + for (i = 0; i < the_acl->num_aces; i++) { + fstring sid_str; + + sid_to_string(sid_str, &the_acl->ace[i].trustee); + + DEBUG(10, ("%s 0x%08x\n", sid_str, + the_acl->ace[i].info.mask)); + } + } else { + DEBUG(10, ("dacl for secdesc_ctr is NULL\n")); + } + } + + new_secdesc_ctr = sec_desc_merge(p->mem_ctx, secdesc_ctr, old_secdesc_ctr); + + if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) { + result = WERR_OK; + goto done; + } + + /* Work out which user is performing the operation */ + + get_current_user(&user, p); + + /* Check the user has permissions to change the security + descriptor. By experimentation with two NT machines, the user + requires Full Access to the printer to change security + information. */ + + if (!print_access_check(&user, snum, PRINTER_ACCESS_ADMINISTER)) { + result = WERR_ACCESS_DENIED; + goto done; + } + + result = nt_printing_setsec(Printer->dev.handlename, new_secdesc_ctr); + + done: + + return result; +} + +/******************************************************************** + Do Samba sanity checks on a printer info struct. + this has changed purpose: it now "canonicalises" printer + info from a client rather than just checking it is correct + ********************************************************************/ + +static BOOL check_printer_ok(NT_PRINTER_INFO_LEVEL_2 *info, int snum) +{ + DEBUG(5,("check_printer_ok: servername=%s printername=%s sharename=%s portname=%s drivername=%s comment=%s location=%s\n", + info->servername, info->printername, info->sharename, info->portname, info->drivername, info->comment, info->location)); + + /* we force some elements to "correct" values */ + slprintf(info->servername, sizeof(info->servername)-1, "\\\\%s", get_called_name()); + fstrcpy(info->sharename, lp_servicename(snum)); + slprintf(info->printername, sizeof(info->printername)-1, "\\\\%s\\%s", + get_called_name(), info->sharename); + info->attributes = PRINTER_ATTRIBUTE_SAMBA; + + + return True; +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer) +{ + extern userdom_struct current_user_info; + char *cmd = lp_addprinter_cmd(); + char **qlines; + pstring command; + int numlines; + int ret; + int fd; + fstring remote_machine = "%m"; + + standard_sub_basic(current_user_info.smb_name, remote_machine,sizeof(remote_machine)); + + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"", + cmd, printer->info_2->printername, printer->info_2->sharename, + printer->info_2->portname, printer->info_2->drivername, + printer->info_2->location, printer->info_2->comment, remote_machine); + + DEBUG(10,("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUGADD(10,("returned [%d]\n", ret)); + + if ( ret != 0 ) { + if (fd != -1) + close(fd); + return False; + } + + numlines = 0; + /* Get lines and convert them back to dos-codepage */ + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10,("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) { + /* Set the portname to what the script says the portname should be. */ + strncpy(printer->info_2->portname, qlines[0], sizeof(printer->info_2->portname)); + DEBUGADD(6,("Line[0] = [%s]\n", qlines[0])); + + /* Send SIGHUP to process group... is there a better way? */ + kill(0, SIGHUP); + + /* reload our services immediately */ + reload_services( False ); + } + + file_lines_free(qlines); + return True; +} + +/******************************************************************** + * Called by spoolss_api_setprinter + * when updating a printer description. + ********************************************************************/ + +static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, + const SPOOL_PRINTER_INFO_LEVEL *info, + DEVICEMODE *devmode) +{ + int snum; + NT_PRINTER_INFO_LEVEL *printer = NULL, *old_printer = NULL; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + WERROR result; + UNISTR2 buffer; + fstring asc_buffer; + + DEBUG(8,("update_printer\n")); + + result = WERR_OK; + + if (!Printer) { + result = WERR_BADFID; + goto done; + } + + if (!get_printer_snum(p, handle, &snum)) { + result = WERR_BADFID; + goto done; + } + + if (!W_ERROR_IS_OK(get_a_printer(Printer, &printer, 2, lp_const_servicename(snum))) || + (!W_ERROR_IS_OK(get_a_printer(Printer, &old_printer, 2, lp_const_servicename(snum))))) { + result = WERR_BADFID; + goto done; + } + + DEBUGADD(8,("Converting info_2 struct\n")); + + /* + * convert_printer_info converts the incoming + * info from the client and overwrites the info + * just read from the tdb in the pointer 'printer'. + */ + + if (!convert_printer_info(info, printer, level)) { + result = WERR_NOMEM; + goto done; + } + + if (devmode) { + /* we have a valid devmode + convert it and link it*/ + + DEBUGADD(8,("update_printer: Converting the devicemode struct\n")); + if (!convert_devicemode(printer->info_2->printername, devmode, + &printer->info_2->devmode)) { + result = WERR_NOMEM; + goto done; + } + } + + /* Do sanity check on the requested changes for Samba */ + + if (!check_printer_ok(printer->info_2, snum)) { + result = WERR_INVALID_PARAM; + goto done; + } + + /* Check calling user has permission to update printer description */ + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) { + DEBUG(3, ("update_printer: printer property change denied by handle\n")); + result = WERR_ACCESS_DENIED; + goto done; + } + + /* Call addprinter hook */ + /* Check changes to see if this is really needed */ + + if ( *lp_addprinter_cmd() + && (!strequal(printer->info_2->drivername, old_printer->info_2->drivername) + || !strequal(printer->info_2->comment, old_printer->info_2->comment) + || !strequal(printer->info_2->portname, old_printer->info_2->portname) + || !strequal(printer->info_2->location, old_printer->info_2->location)) ) + { + if ( !add_printer_hook(printer) ) { + result = WERR_ACCESS_DENIED; + goto done; + } + + /* + * make sure we actually reload the services after + * this as smb.conf could have a new section in it + * .... shouldn't .... but could + */ + reload_services(False); + } + + /* + * When a *new* driver is bound to a printer, the drivername is used to + * lookup previously saved driver initialization info, which is then + * bound to the printer, simulating what happens in the Windows arch. + */ + if (!strequal(printer->info_2->drivername, old_printer->info_2->drivername)) + { + if (!set_driver_init(printer, 2)) + { + DEBUG(5,("update_printer: Error restoring driver initialization data for driver [%s]!\n", + printer->info_2->drivername)); + } + + DEBUG(10,("update_printer: changing driver [%s]! Sending event!\n", + printer->info_2->drivername)); + + notify_printer_driver(snum, printer->info_2->drivername); + } + + /* + * flag which changes actually occured. This is a small subset of + * all the possible changes. We also have to update things in the + * DsSpooler key. + */ + + if (!strequal(printer->info_2->comment, old_printer->info_2->comment)) { + init_unistr2( &buffer, printer->info_2->comment, strlen(printer->info_2->comment)+1 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "description", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + + notify_printer_comment(snum, printer->info_2->comment); + } + + if (!strequal(printer->info_2->sharename, old_printer->info_2->sharename)) { + init_unistr2( &buffer, printer->info_2->sharename, strlen(printer->info_2->sharename)+1 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "printerName", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shareName", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + + notify_printer_sharename(snum, printer->info_2->sharename); + } + + if (!strequal(printer->info_2->portname, old_printer->info_2->portname)) { + init_unistr2( &buffer, printer->info_2->portname, strlen(printer->info_2->portname)+1 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "portName", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + + notify_printer_port(snum, printer->info_2->portname); + } + + if (!strequal(printer->info_2->location, old_printer->info_2->location)) { + init_unistr2( &buffer, printer->info_2->location, strlen(printer->info_2->location)+1 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "location", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + + notify_printer_location(snum, printer->info_2->location); + } + + /* here we need to update some more DsSpooler keys */ + /* uNCName, serverName, shortServerName */ + + init_unistr2( &buffer, lp_netbios_name(), strlen(lp_netbios_name())+1 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "serverName", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "shortServerName", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + + slprintf( asc_buffer, sizeof(asc_buffer)-1, "\\\\%s\\%s", + lp_netbios_name(), printer->info_2->sharename ); + init_unistr2( &buffer, asc_buffer, strlen(asc_buffer)+1 ); + set_printer_dataex( printer, SPOOL_DSSPOOLER_KEY, "uNCName", + REG_SZ, (uint8*)buffer.buffer, buffer.uni_str_len*2 ); + + /* Update printer info */ + result = mod_a_printer(*printer, 2); + +done: + free_a_printer(&printer, 2); + free_a_printer(&old_printer, 2); + + + return result; +} + +/**************************************************************************** +****************************************************************************/ +static WERROR publish_or_unpublish_printer(pipes_struct *p, POLICY_HND *handle, + const SPOOL_PRINTER_INFO_LEVEL *info) +{ +#ifdef HAVE_ADS + SPOOL_PRINTER_INFO_LEVEL_7 *info7 = info->info_7; + int snum; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + WERROR result; + + DEBUG(5,("publish_or_unpublish_printer, action = %d\n",info7->action)); + + result = WERR_OK; + + if (!Printer) + return WERR_BADFID; + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + nt_printer_publish(Printer, snum, info7->action); + + return WERR_OK; +#else + return WERR_UNKNOWN_LEVEL; +#endif +} +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_setprinter(pipes_struct *p, SPOOL_Q_SETPRINTER *q_u, SPOOL_R_SETPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 level = q_u->level; + SPOOL_PRINTER_INFO_LEVEL *info = &q_u->info; + DEVMODE_CTR devmode_ctr = q_u->devmode_ctr; + SEC_DESC_BUF *secdesc_ctr = q_u->secdesc_ctr; + uint32 command = q_u->command; + + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + if (!Printer) { + DEBUG(2,("_spoolss_setprinter: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + /* check the level */ + switch (level) { + case 0: + return control_printer(handle, command, p); + case 2: + return update_printer(p, handle, level, info, devmode_ctr.devmode); + case 3: + return update_printer_sec(handle, level, info, p, + secdesc_ctr); + case 7: + return publish_or_unpublish_printer(p, handle, info); + default: + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_fcpn(pipes_struct *p, SPOOL_Q_FCPN *q_u, SPOOL_R_FCPN *r_u) +{ + POLICY_HND *handle = &q_u->handle; + Printer_entry *Printer= find_printer_index_by_hnd(p, handle); + + if (!Printer) { + DEBUG(2,("_spoolss_fcpn: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (Printer->notify.client_connected==True) { + int snum = -1; + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) + snum = -1; + else if ( (Printer->printer_type == PRINTER_HANDLE_IS_PRINTER) && + !get_printer_snum(p, handle, &snum) ) + return WERR_BADFID; + + srv_spoolss_replycloseprinter(snum, &Printer->notify.client_hnd); + } + + Printer->notify.flags=0; + Printer->notify.options=0; + Printer->notify.localmachine[0]='\0'; + Printer->notify.printerlocal=0; + if (Printer->notify.option) + free_spool_notify_option(&Printer->notify.option); + Printer->notify.client_connected=False; + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_addjob(pipes_struct *p, SPOOL_Q_ADDJOB *q_u, SPOOL_R_ADDJOB *r_u) +{ + /* that's an [in out] buffer (despite appearences to the contrary) */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + + r_u->needed = 0; + return WERR_INVALID_PARAM; /* this is what a NT server + returns for AddJob. AddJob + must fail on non-local + printers */ +} + +/**************************************************************************** +****************************************************************************/ + +static void fill_job_info_1(JOB_INFO_1 *job_info, print_queue_struct *queue, + int position, int snum) +{ + pstring temp_name; + + struct tm *t; + + t=gmtime(&queue->time); + slprintf(temp_name, sizeof(temp_name)-1, "\\\\%s", get_called_name()); + + job_info->jobid=queue->job; + init_unistr(&job_info->printername, lp_servicename(snum)); + init_unistr(&job_info->machinename, temp_name); + init_unistr(&job_info->username, queue->fs_user); + init_unistr(&job_info->document, queue->fs_file); + init_unistr(&job_info->datatype, "RAW"); + init_unistr(&job_info->text_status, ""); + job_info->status=nt_printj_status(queue->status); + job_info->priority=queue->priority; + job_info->position=position; + job_info->totalpages=queue->page_count; + job_info->pagesprinted=0; + + make_systemtime(&job_info->submitted, t); +} + +/**************************************************************************** +****************************************************************************/ + +static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, + int position, int snum, + NT_PRINTER_INFO_LEVEL *ntprinter, + DEVICEMODE *devmode) +{ + pstring temp_name; + struct tm *t; + + t=gmtime(&queue->time); + slprintf(temp_name, sizeof(temp_name)-1, "\\\\%s", get_called_name()); + + job_info->jobid=queue->job; + + init_unistr(&job_info->printername, ntprinter->info_2->printername); + + init_unistr(&job_info->machinename, temp_name); + init_unistr(&job_info->username, queue->fs_user); + init_unistr(&job_info->document, queue->fs_file); + init_unistr(&job_info->notifyname, queue->fs_user); + init_unistr(&job_info->datatype, "RAW"); + init_unistr(&job_info->printprocessor, "winprint"); + init_unistr(&job_info->parameters, ""); + init_unistr(&job_info->drivername, ntprinter->info_2->drivername); + init_unistr(&job_info->text_status, ""); + +/* and here the security descriptor */ + + job_info->status=nt_printj_status(queue->status); + job_info->priority=queue->priority; + job_info->position=position; + job_info->starttime=0; + job_info->untiltime=0; + job_info->totalpages=queue->page_count; + job_info->size=queue->size; + make_systemtime(&(job_info->submitted), t); + job_info->timeelapsed=0; + job_info->pagesprinted=0; + + job_info->devmode = devmode; + + return (True); +} + +/**************************************************************************** + Enumjobs at level 1. +****************************************************************************/ + +static WERROR enumjobs_level1(print_queue_struct *queue, int snum, + NEW_BUFFER *buffer, uint32 offered, + uint32 *needed, uint32 *returned) +{ + JOB_INFO_1 *info; + int i; + + info=(JOB_INFO_1 *)malloc(*returned*sizeof(JOB_INFO_1)); + if (info==NULL) { + SAFE_FREE(queue); + *returned=0; + return WERR_NOMEM; + } + + for (i=0; i<*returned; i++) + fill_job_info_1(&info[i], &queue[i], i, snum); + + SAFE_FREE(queue); + + /* check the required size. */ + for (i=0; i<*returned; i++) + (*needed) += spoolss_size_job_info_1(&info[i]); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(info); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the structures */ + for (i=0; i<*returned; i++) + smb_io_job_info_1("", buffer, &info[i], 0); + + /* clear memory */ + SAFE_FREE(info); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** + Enumjobs at level 2. +****************************************************************************/ + +static WERROR enumjobs_level2(print_queue_struct *queue, int snum, + NEW_BUFFER *buffer, uint32 offered, + uint32 *needed, uint32 *returned) +{ + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + JOB_INFO_2 *info = NULL; + int i; + WERROR result; + DEVICEMODE *devmode = NULL; + + info=(JOB_INFO_2 *)malloc(*returned*sizeof(JOB_INFO_2)); + if (info==NULL) { + *returned=0; + result = WERR_NOMEM; + goto done; + } + + result = get_a_printer(NULL, &ntprinter, 2, lp_servicename(snum)); + if (!W_ERROR_IS_OK(result)) { + *returned = 0; + goto done; + } + + /* this should not be a failure condition if the devmode is NULL */ + + devmode = construct_dev_mode(snum); + + for (i=0; i<*returned; i++) + fill_job_info_2(&(info[i]), &queue[i], i, snum, ntprinter, + devmode); + + free_a_printer(&ntprinter, 2); + SAFE_FREE(queue); + + /* check the required size. */ + for (i=0; i<*returned; i++) + (*needed) += spoolss_size_job_info_2(&info[i]); + + if (*needed > offered) { + *returned=0; + result = WERR_INSUFFICIENT_BUFFER; + goto done; + } + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(info); + result = WERR_INSUFFICIENT_BUFFER; + goto done; + } + + /* fill the buffer with the structures */ + for (i=0; i<*returned; i++) + smb_io_job_info_2("", buffer, &info[i], 0); + + result = WERR_OK; + + done: + free_a_printer(&ntprinter, 2); + free_devmode(devmode); + SAFE_FREE(queue); + SAFE_FREE(info); + + return result; + +} + +/**************************************************************************** + Enumjobs. +****************************************************************************/ + +WERROR _spoolss_enumjobs( pipes_struct *p, SPOOL_Q_ENUMJOBS *q_u, SPOOL_R_ENUMJOBS *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *returned = &r_u->returned; + + int snum; + print_status_struct prt_status; + print_queue_struct *queue=NULL; + int max_rep_jobs; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(4,("_spoolss_enumjobs\n")); + + *needed=0; + *returned=0; + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + max_rep_jobs = lp_max_reported_jobs(snum); + + *returned = print_queue_status(snum, &queue, &prt_status); + DEBUGADD(4,("count:[%d], status:[%d], [%s]\n", *returned, prt_status.status, prt_status.message)); + + if (*returned == 0) { + SAFE_FREE(queue); + return WERR_OK; + } + + if (max_rep_jobs && (*returned > max_rep_jobs)) + *returned = max_rep_jobs; + + switch (level) { + case 1: + return enumjobs_level1(queue, snum, buffer, offered, needed, returned); + case 2: + return enumjobs_level2(queue, snum, buffer, offered, needed, returned); + default: + SAFE_FREE(queue); + *returned=0; + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_schedulejob( pipes_struct *p, SPOOL_Q_SCHEDULEJOB *q_u, SPOOL_R_SCHEDULEJOB *r_u) +{ + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_setjob(pipes_struct *p, SPOOL_Q_SETJOB *q_u, SPOOL_R_SETJOB *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 jobid = q_u->jobid; + uint32 command = q_u->command; + + struct current_user user; + int snum; + WERROR errcode = WERR_BADFUNC; + + if (!get_printer_snum(p, handle, &snum)) { + return WERR_BADFID; + } + + if (!print_job_exists(snum, jobid)) { + return WERR_INVALID_PRINTER_NAME; + } + + get_current_user(&user, p); + + switch (command) { + case JOB_CONTROL_CANCEL: + case JOB_CONTROL_DELETE: + if (print_job_delete(&user, snum, jobid, &errcode)) { + errcode = WERR_OK; + } + break; + case JOB_CONTROL_PAUSE: + if (print_job_pause(&user, snum, jobid, &errcode)) { + errcode = WERR_OK; + } + break; + case JOB_CONTROL_RESTART: + case JOB_CONTROL_RESUME: + if (print_job_resume(&user, snum, jobid, &errcode)) { + errcode = WERR_OK; + } + break; + default: + return WERR_UNKNOWN_LEVEL; + } + + return errcode; +} + +/**************************************************************************** + Enumerates all printer drivers at level 1. +****************************************************************************/ + +static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + int i; + int ndrivers; + uint32 version; + fstring *list = NULL; + + NT_PRINTER_DRIVER_INFO_LEVEL driver; + DRIVER_INFO_1 *tdi1, *driver_info_1=NULL; + + *returned=0; + + for (version=0; version<DRIVER_MAX_VERSION; version++) { + list=NULL; + ndrivers=get_ntdrivers(&list, architecture, version); + DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version)); + + if(ndrivers == -1) + return WERR_NOMEM; + + if(ndrivers != 0) { + if((tdi1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) { + DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n")); + SAFE_FREE(driver_info_1); + SAFE_FREE(list); + return WERR_NOMEM; + } + else driver_info_1 = tdi1; + } + + for (i=0; i<ndrivers; i++) { + WERROR status; + DEBUGADD(5,("\tdriver: [%s]\n", list[i])); + ZERO_STRUCT(driver); + status = get_a_printer_driver(&driver, 3, list[i], + architecture, version); + if (!W_ERROR_IS_OK(status)) { + SAFE_FREE(list); + return status; + } + fill_printer_driver_info_1(&driver_info_1[*returned+i], driver, servername, architecture ); + free_a_printer_driver(driver, 3); + } + + *returned+=ndrivers; + SAFE_FREE(list); + } + + /* check the required size. */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding driver [%d]'s size\n",i)); + *needed += spoolss_size_printer_driver_info_1(&driver_info_1[i]); + } + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(driver_info_1); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the driver structures */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding driver [%d] to buffer\n",i)); + smb_io_printer_driver_info_1("", buffer, &driver_info_1[i], 0); + } + + SAFE_FREE(driver_info_1); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** + Enumerates all printer drivers at level 2. +****************************************************************************/ + +static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + int i; + int ndrivers; + uint32 version; + fstring *list = NULL; + + NT_PRINTER_DRIVER_INFO_LEVEL driver; + DRIVER_INFO_2 *tdi2, *driver_info_2=NULL; + + *returned=0; + + for (version=0; version<DRIVER_MAX_VERSION; version++) { + list=NULL; + ndrivers=get_ntdrivers(&list, architecture, version); + DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version)); + + if(ndrivers == -1) + return WERR_NOMEM; + + if(ndrivers != 0) { + if((tdi2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) { + DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n")); + SAFE_FREE(driver_info_2); + SAFE_FREE(list); + return WERR_NOMEM; + } + else driver_info_2 = tdi2; + } + + for (i=0; i<ndrivers; i++) { + WERROR status; + + DEBUGADD(5,("\tdriver: [%s]\n", list[i])); + ZERO_STRUCT(driver); + status = get_a_printer_driver(&driver, 3, list[i], + architecture, version); + if (!W_ERROR_IS_OK(status)) { + SAFE_FREE(list); + return status; + } + fill_printer_driver_info_2(&driver_info_2[*returned+i], driver, servername); + free_a_printer_driver(driver, 3); + } + + *returned+=ndrivers; + SAFE_FREE(list); + } + + /* check the required size. */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding driver [%d]'s size\n",i)); + *needed += spoolss_size_printer_driver_info_2(&(driver_info_2[i])); + } + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(driver_info_2); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the form structures */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding driver [%d] to buffer\n",i)); + smb_io_printer_driver_info_2("", buffer, &(driver_info_2[i]), 0); + } + + SAFE_FREE(driver_info_2); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** + Enumerates all printer drivers at level 3. +****************************************************************************/ + +static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture, NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + int i; + int ndrivers; + uint32 version; + fstring *list = NULL; + + NT_PRINTER_DRIVER_INFO_LEVEL driver; + DRIVER_INFO_3 *tdi3, *driver_info_3=NULL; + + *returned=0; + + for (version=0; version<DRIVER_MAX_VERSION; version++) { + list=NULL; + ndrivers=get_ntdrivers(&list, architecture, version); + DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version)); + + if(ndrivers == -1) + return WERR_NOMEM; + + if(ndrivers != 0) { + if((tdi3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) { + DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n")); + SAFE_FREE(driver_info_3); + SAFE_FREE(list); + return WERR_NOMEM; + } + else driver_info_3 = tdi3; + } + + for (i=0; i<ndrivers; i++) { + WERROR status; + + DEBUGADD(5,("\tdriver: [%s]\n", list[i])); + ZERO_STRUCT(driver); + status = get_a_printer_driver(&driver, 3, list[i], + architecture, version); + if (!W_ERROR_IS_OK(status)) { + SAFE_FREE(list); + return status; + } + fill_printer_driver_info_3(&driver_info_3[*returned+i], driver, servername); + free_a_printer_driver(driver, 3); + } + + *returned+=ndrivers; + SAFE_FREE(list); + } + + /* check the required size. */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding driver [%d]'s size\n",i)); + *needed += spoolss_size_printer_driver_info_3(&driver_info_3[i]); + } + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(driver_info_3); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the driver structures */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding driver [%d] to buffer\n",i)); + smb_io_printer_driver_info_3("", buffer, &driver_info_3[i], 0); + } + + for (i=0; i<*returned; i++) + SAFE_FREE(driver_info_3[i].dependentfiles); + + SAFE_FREE(driver_info_3); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** + Enumerates all printer drivers. +****************************************************************************/ + +WERROR _spoolss_enumprinterdrivers( pipes_struct *p, SPOOL_Q_ENUMPRINTERDRIVERS *q_u, SPOOL_R_ENUMPRINTERDRIVERS *r_u) +{ + UNISTR2 *environment = &q_u->environment; + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *returned = &r_u->returned; + + fstring *list = NULL; + fstring servername; + fstring architecture; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(4,("_spoolss_enumprinterdrivers\n")); + fstrcpy(servername, get_called_name()); + *needed=0; + *returned=0; + + unistr2_to_ascii(architecture, environment, sizeof(architecture)-1); + + switch (level) { + case 1: + return enumprinterdrivers_level1(servername, architecture, buffer, offered, needed, returned); + case 2: + return enumprinterdrivers_level2(servername, architecture, buffer, offered, needed, returned); + case 3: + return enumprinterdrivers_level3(servername, architecture, buffer, offered, needed, returned); + default: + *returned=0; + SAFE_FREE(list); + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +static void fill_form_1(FORM_1 *form, nt_forms_struct *list) +{ + form->flag=list->flag; + init_unistr(&form->name, list->name); + form->width=list->width; + form->length=list->length; + form->left=list->left; + form->top=list->top; + form->right=list->right; + form->bottom=list->bottom; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_ENUMFORMS *r_u) +{ + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *numofforms = &r_u->numofforms; + uint32 numbuiltinforms; + + nt_forms_struct *list=NULL; + nt_forms_struct *builtinlist=NULL; + FORM_1 *forms_1; + int buffer_size=0; + int i; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(4,("_spoolss_enumforms\n")); + DEBUGADD(5,("Offered buffer size [%d]\n", offered)); + DEBUGADD(5,("Info level [%d]\n", level)); + + numbuiltinforms = get_builtin_ntforms(&builtinlist); + DEBUGADD(5,("Number of builtin forms [%d]\n", numbuiltinforms)); + *numofforms = get_ntforms(&list); + DEBUGADD(5,("Number of user forms [%d]\n", *numofforms)); + *numofforms += numbuiltinforms; + + if (*numofforms == 0) return WERR_NO_MORE_ITEMS; + + switch (level) { + case 1: + if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) { + *numofforms=0; + return WERR_NOMEM; + } + + /* construct the list of form structures */ + for (i=0; i<numbuiltinforms; i++) { + DEBUGADD(6,("Filling form number [%d]\n",i)); + fill_form_1(&forms_1[i], &builtinlist[i]); + } + + SAFE_FREE(builtinlist); + + for (; i<*numofforms; i++) { + DEBUGADD(6,("Filling form number [%d]\n",i)); + fill_form_1(&forms_1[i], &list[i-numbuiltinforms]); + } + + SAFE_FREE(list); + + /* check the required size. */ + for (i=0; i<numbuiltinforms; i++) { + DEBUGADD(6,("adding form [%d]'s size\n",i)); + buffer_size += spoolss_size_form_1(&forms_1[i]); + } + for (; i<*numofforms; i++) { + DEBUGADD(6,("adding form [%d]'s size\n",i)); + buffer_size += spoolss_size_form_1(&forms_1[i]); + } + + *needed=buffer_size; + + if (!alloc_buffer_size(buffer, buffer_size)){ + SAFE_FREE(forms_1); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the form structures */ + for (i=0; i<numbuiltinforms; i++) { + DEBUGADD(6,("adding form [%d] to buffer\n",i)); + smb_io_form_1("", buffer, &forms_1[i], 0); + } + for (; i<*numofforms; i++) { + DEBUGADD(6,("adding form [%d] to buffer\n",i)); + smb_io_form_1("", buffer, &forms_1[i], 0); + } + + SAFE_FREE(forms_1); + + if (*needed > offered) { + *numofforms=0; + return WERR_INSUFFICIENT_BUFFER; + } + else + return WERR_OK; + + default: + SAFE_FREE(list); + SAFE_FREE(builtinlist); + return WERR_UNKNOWN_LEVEL; + } + +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *r_u) +{ + uint32 level = q_u->level; + UNISTR2 *uni_formname = &q_u->formname; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + + nt_forms_struct *list=NULL; + nt_forms_struct builtin_form; + BOOL foundBuiltin; + FORM_1 form_1; + fstring form_name; + int buffer_size=0; + int numofforms=0, i=0; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + unistr2_to_ascii(form_name, uni_formname, sizeof(form_name)-1); + + DEBUG(4,("_spoolss_getform\n")); + DEBUGADD(5,("Offered buffer size [%d]\n", offered)); + DEBUGADD(5,("Info level [%d]\n", level)); + + foundBuiltin = get_a_builtin_ntform(uni_formname,&builtin_form); + if (!foundBuiltin) { + numofforms = get_ntforms(&list); + DEBUGADD(5,("Number of forms [%d]\n", numofforms)); + + if (numofforms == 0) + return WERR_BADFID; + } + + switch (level) { + case 1: + if (foundBuiltin) { + fill_form_1(&form_1, &builtin_form); + } else { + + /* Check if the requested name is in the list of form structures */ + for (i=0; i<numofforms; i++) { + + DEBUG(4,("_spoolss_getform: checking form %s (want %s)\n", list[i].name, form_name)); + + if (strequal(form_name, list[i].name)) { + DEBUGADD(6,("Found form %s number [%d]\n", form_name, i)); + fill_form_1(&form_1, &list[i]); + break; + } + } + + SAFE_FREE(list); + if (i == numofforms) { + return WERR_BADFID; + } + } + /* check the required size. */ + + *needed=spoolss_size_form_1(&form_1); + + if (!alloc_buffer_size(buffer, buffer_size)){ + return WERR_INSUFFICIENT_BUFFER; + } + + if (*needed > offered) { + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the form structures */ + DEBUGADD(6,("adding form %s [%d] to buffer\n", form_name, i)); + smb_io_form_1("", buffer, &form_1, 0); + + return WERR_OK; + + default: + SAFE_FREE(list); + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +static void fill_port_1(PORT_INFO_1 *port, const char *name) +{ + init_unistr(&port->port_name, name); +} + +/**************************************************************************** +****************************************************************************/ + +static void fill_port_2(PORT_INFO_2 *port, const char *name) +{ + init_unistr(&port->port_name, name); + init_unistr(&port->monitor_name, "Local Monitor"); + init_unistr(&port->description, "Local Port"); +#define PORT_TYPE_WRITE 1 + port->port_type=PORT_TYPE_WRITE; + port->reserved=0x0; +} + +/**************************************************************************** + enumports level 1. +****************************************************************************/ + +static WERROR enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + PORT_INFO_1 *ports=NULL; + int i=0; + + if (*lp_enumports_cmd()) { + char *cmd = lp_enumports_cmd(); + char **qlines; + pstring command; + int numlines; + int ret; + int fd; + + slprintf(command, sizeof(command)-1, "%s \"%d\"", cmd, 1); + + DEBUG(10,("Running [%s]\n", command)); + ret = smbrun(command, &fd); + DEBUG(10,("Returned [%d]\n", ret)); + if (ret != 0) { + if (fd != -1) + close(fd); + /* Is this the best error to return here? */ + return WERR_ACCESS_DENIED; + } + + numlines = 0; + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10,("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) { + if((ports=(PORT_INFO_1 *)malloc( numlines * sizeof(PORT_INFO_1) )) == NULL) { + DEBUG(10,("Returning WERR_NOMEM [%s]\n", + dos_errstr(WERR_NOMEM))); + file_lines_free(qlines); + return WERR_NOMEM; + } + + for (i=0; i<numlines; i++) { + DEBUG(6,("Filling port number [%d] with port [%s]\n", i, qlines[i])); + fill_port_1(&ports[i], qlines[i]); + } + + file_lines_free(qlines); + } + + *returned = numlines; + + } else { + *returned = 1; /* Sole Samba port returned. */ + + if((ports=(PORT_INFO_1 *)malloc( sizeof(PORT_INFO_1) )) == NULL) + return WERR_NOMEM; + + DEBUG(10,("enumports_level_1: port name %s\n", SAMBA_PRINTER_PORT_NAME)); + + fill_port_1(&ports[0], SAMBA_PRINTER_PORT_NAME); + } + + /* check the required size. */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding port [%d]'s size\n", i)); + *needed += spoolss_size_port_info_1(&ports[i]); + } + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(ports); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the ports structures */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding port [%d] to buffer\n", i)); + smb_io_port_1("", buffer, &ports[i], 0); + } + + SAFE_FREE(ports); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** + enumports level 2. +****************************************************************************/ + +static WERROR enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + PORT_INFO_2 *ports=NULL; + int i=0; + + if (*lp_enumports_cmd()) { + char *cmd = lp_enumports_cmd(); + char *path; + char **qlines; + pstring tmp_file; + pstring command; + int numlines; + int ret; + int fd; + + if (*lp_pathname(lp_servicenumber(PRINTERS_NAME))) + path = lp_pathname(lp_servicenumber(PRINTERS_NAME)); + else + path = lp_lockdir(); + + slprintf(tmp_file, sizeof(tmp_file)-1, "%s/smbcmd.%u.", path, (unsigned int)sys_getpid()); + slprintf(command, sizeof(command)-1, "%s \"%d\"", cmd, 2); + + unlink(tmp_file); + DEBUG(10,("Running [%s > %s]\n", command,tmp_file)); + ret = smbrun(command, &fd); + DEBUGADD(10,("returned [%d]\n", ret)); + if (ret != 0) { + if (fd != -1) + close(fd); + /* Is this the best error to return here? */ + return WERR_ACCESS_DENIED; + } + + numlines = 0; + qlines = fd_lines_load(fd, &numlines); + DEBUGADD(10,("Lines returned = [%d]\n", numlines)); + close(fd); + + if(numlines) { + if((ports=(PORT_INFO_2 *)malloc( numlines * sizeof(PORT_INFO_2) )) == NULL) { + file_lines_free(qlines); + return WERR_NOMEM; + } + + for (i=0; i<numlines; i++) { + DEBUG(6,("Filling port number [%d] with port [%s]\n", i, qlines[i])); + fill_port_2(&(ports[i]), qlines[i]); + } + + file_lines_free(qlines); + } + + *returned = numlines; + + } else { + + *returned = 1; + + if((ports=(PORT_INFO_2 *)malloc( sizeof(PORT_INFO_2) )) == NULL) + return WERR_NOMEM; + + DEBUG(10,("enumports_level_2: port name %s\n", SAMBA_PRINTER_PORT_NAME)); + + fill_port_2(&ports[0], SAMBA_PRINTER_PORT_NAME); + } + + /* check the required size. */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding port [%d]'s size\n", i)); + *needed += spoolss_size_port_info_2(&ports[i]); + } + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(ports); + return WERR_INSUFFICIENT_BUFFER; + } + + /* fill the buffer with the ports structures */ + for (i=0; i<*returned; i++) { + DEBUGADD(6,("adding port [%d] to buffer\n", i)); + smb_io_port_2("", buffer, &ports[i], 0); + } + + SAFE_FREE(ports); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** + enumports. +****************************************************************************/ + +WERROR _spoolss_enumports( pipes_struct *p, SPOOL_Q_ENUMPORTS *q_u, SPOOL_R_ENUMPORTS *r_u) +{ + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *returned = &r_u->returned; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(4,("_spoolss_enumports\n")); + + *returned=0; + *needed=0; + + switch (level) { + case 1: + return enumports_level_1(buffer, offered, needed, returned); + case 2: + return enumports_level_2(buffer, offered, needed, returned); + default: + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_srv_name, + const SPOOL_PRINTER_INFO_LEVEL *info, + DEVICEMODE *devmode, SEC_DESC_BUF *sec_desc_buf, + uint32 user_switch, const SPOOL_USER_CTR *user, + POLICY_HND *handle) +{ + NT_PRINTER_INFO_LEVEL *printer = NULL; + fstring name; + int snum; + WERROR err = WERR_OK; + + if ((printer = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL))) == NULL) { + DEBUG(0,("spoolss_addprinterex_level_2: malloc fail.\n")); + return WERR_NOMEM; + } + + ZERO_STRUCTP(printer); + + /* convert from UNICODE to ASCII - this allocates the info_2 struct inside *printer.*/ + if (!convert_printer_info(info, printer, 2)) { + free_a_printer(&printer, 2); + return WERR_NOMEM; + } + + /* check to see if the printer already exists */ + + if ((snum = print_queue_snum(printer->info_2->sharename)) != -1) { + DEBUG(5, ("_spoolss_addprinterex: Attempted to add a printer named [%s] when one already existed!\n", + printer->info_2->sharename)); + free_a_printer(&printer, 2); + return WERR_PRINTER_ALREADY_EXISTS; + } + + if (*lp_addprinter_cmd() ) { + if ( !add_printer_hook(printer) ) { + free_a_printer(&printer,2); + return WERR_ACCESS_DENIED; + } + } + + slprintf(name, sizeof(name)-1, "\\\\%s\\%s", get_called_name(), + printer->info_2->sharename); + + + if ((snum = print_queue_snum(printer->info_2->sharename)) == -1) { + free_a_printer(&printer,2); + return WERR_ACCESS_DENIED; + } + + /* you must be a printer admin to add a new printer */ + if (!print_access_check(NULL, snum, PRINTER_ACCESS_ADMINISTER)) { + free_a_printer(&printer,2); + return WERR_ACCESS_DENIED; + } + + /* + * Do sanity check on the requested changes for Samba. + */ + + if (!check_printer_ok(printer->info_2, snum)) { + free_a_printer(&printer,2); + return WERR_INVALID_PARAM; + } + + /* + * When a printer is created, the drivername bound to the printer is used + * to lookup previously saved driver initialization info, which is then + * bound to the new printer, simulating what happens in the Windows arch. + */ + + if (!devmode) + { + set_driver_init(printer, 2); + } + else + { + /* A valid devmode was included, convert and link it + */ + DEBUGADD(10, ("spoolss_addprinterex_level_2: devmode included, converting\n")); + + if (!convert_devicemode(printer->info_2->printername, devmode, + &printer->info_2->devmode)) + return WERR_NOMEM; + } + + /* write the ASCII on disk */ + err = mod_a_printer(*printer, 2); + if (!W_ERROR_IS_OK(err)) { + free_a_printer(&printer,2); + return err; + } + + if (!open_printer_hnd(p, handle, name, PRINTER_ACCESS_ADMINISTER)) { + /* Handle open failed - remove addition. */ + del_a_printer(printer->info_2->sharename); + free_a_printer(&printer,2); + return WERR_ACCESS_DENIED; + } + + update_c_setprinter(False); + free_a_printer(&printer,2); + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_addprinterex( pipes_struct *p, SPOOL_Q_ADDPRINTEREX *q_u, SPOOL_R_ADDPRINTEREX *r_u) +{ + UNISTR2 *uni_srv_name = &q_u->server_name; + uint32 level = q_u->level; + SPOOL_PRINTER_INFO_LEVEL *info = &q_u->info; + DEVICEMODE *devmode = q_u->devmode_ctr.devmode; + SEC_DESC_BUF *sdb = q_u->secdesc_ctr; + uint32 user_switch = q_u->user_switch; + SPOOL_USER_CTR *user = &q_u->user_ctr; + POLICY_HND *handle = &r_u->handle; + + switch (level) { + case 1: + /* we don't handle yet */ + /* but I know what to do ... */ + return WERR_UNKNOWN_LEVEL; + case 2: + return spoolss_addprinterex_level_2(p, uni_srv_name, info, + devmode, sdb, + user_switch, user, handle); + default: + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, SPOOL_R_ADDPRINTERDRIVER *r_u) +{ + uint32 level = q_u->level; + SPOOL_PRINTER_DRIVER_INFO_LEVEL *info = &q_u->info; + WERROR err = WERR_OK; + NT_PRINTER_DRIVER_INFO_LEVEL driver; + struct current_user user; + fstring driver_name; + uint32 version; + + ZERO_STRUCT(driver); + + get_current_user(&user, p); + + if (!convert_printer_driver_info(info, &driver, level)) { + err = WERR_NOMEM; + goto done; + } + + DEBUG(5,("Cleaning driver's information\n")); + err = clean_up_driver_struct(driver, level, &user); + if (!W_ERROR_IS_OK(err)) + goto done; + + DEBUG(5,("Moving driver to final destination\n")); + if(!move_driver_to_download_area(driver, level, &user, &err)) { + if (W_ERROR_IS_OK(err)) + err = WERR_ACCESS_DENIED; + goto done; + } + + if (add_a_printer_driver(driver, level)!=0) { + err = WERR_ACCESS_DENIED; + goto done; + } + + /* BEGIN_ADMIN_LOG */ + switch(level) { + case 3: + sys_adminlog(LOG_INFO,"Added printer driver. Print driver name: %s. Print driver OS: %s. Administrator name: %s.", + driver.info_3->name,drv_ver_to_os[driver.info_3->cversion],uidtoname(user.uid)); + fstrcpy(driver_name, driver.info_3->name); + break; + case 6: + sys_adminlog(LOG_INFO,"Added printer driver. Print driver name: %s. Print driver OS: %s. Administrator name: %s.", + driver.info_6->name,drv_ver_to_os[driver.info_6->version],uidtoname(user.uid)); + fstrcpy(driver_name, driver.info_6->name); + break; + } + /* END_ADMIN_LOG */ + + /* + * I think this is where he DrvUpgradePrinter() hook would be + * be called in a driver's interface DLL on a Windows NT 4.0/2k + * server. Right now, we just need to send ourselves a message + * to update each printer bound to this driver. --jerry + */ + + if (!srv_spoolss_drv_upgrade_printer(driver_name)) { + DEBUG(0,("_spoolss_addprinterdriver: Failed to send message about upgrading driver [%s]!\n", + driver_name)); + } + + /* + * Based on the version (e.g. driver destination dir: 0=9x,2=Nt/2k,3=2k/Xp), + * decide if the driver init data should be deleted. The rules are: + * 1) never delete init data if it is a 9x driver, they don't use it anyway + * 2) delete init data only if there is no 2k/Xp driver + * 3) always delete init data + * The generalized rule is always use init data from the highest order driver. + * It is necessary to follow the driver install by an initialization step to + * finish off this process. + */ + if (level == 3) + version = driver.info_3->cversion; + else if (level == 6) + version = driver.info_6->version; + else + version = -1; + switch (version) { + /* + * 9x printer driver - never delete init data + */ + case 0: + DEBUG(10,("_spoolss_addprinterdriver: init data not deleted for 9x driver [%s]\n", + driver_name)); + break; + + /* + * Nt or 2k (compatiblity mode) printer driver - only delete init data if + * there is no 2k/Xp driver init data for this driver name. + */ + case 2: + { + NT_PRINTER_DRIVER_INFO_LEVEL driver1; + + if (!W_ERROR_IS_OK(get_a_printer_driver(&driver1, 3, driver_name, "Windows NT x86", 3))) { + /* + * No 2k/Xp driver found, delete init data (if any) for the new Nt driver. + */ + if (!del_driver_init(driver_name)) + DEBUG(6,("_spoolss_addprinterdriver: del_driver_init(%s) Nt failed!\n", driver_name)); + } else { + /* + * a 2k/Xp driver was found, don't delete init data because Nt driver will use it. + */ + free_a_printer_driver(driver1,3); + DEBUG(10,("_spoolss_addprinterdriver: init data not deleted for Nt driver [%s]\n", + driver_name)); + } + } + break; + + /* + * 2k or Xp printer driver - always delete init data + */ + case 3: + if (!del_driver_init(driver_name)) + DEBUG(6,("_spoolss_addprinterdriver: del_driver_init(%s) 2k/Xp failed!\n", driver_name)); + break; + + default: + DEBUG(0,("_spoolss_addprinterdriver: invalid level=%d\n", level)); + break; + } + + +done: + free_a_printer_driver(driver, level); + return err; +} + +/******************************************************************** + * spoolss_addprinterdriverex + ********************************************************************/ + +WERROR _spoolss_addprinterdriverex(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVEREX *q_u, SPOOL_R_ADDPRINTERDRIVEREX *r_u) +{ + SPOOL_Q_ADDPRINTERDRIVER q_u_local; + SPOOL_R_ADDPRINTERDRIVER r_u_local; + + /* + * we only support the semantics of AddPrinterDriver() + * i.e. only copy files that are newer than existing ones + */ + + if ( q_u->copy_flags != APD_COPY_NEW_FILES ) + return WERR_ACCESS_DENIED; + + ZERO_STRUCT(q_u_local); + ZERO_STRUCT(r_u_local); + + /* just pass the information off to _spoolss_addprinterdriver() */ + q_u_local.server_name_ptr = q_u->server_name_ptr; + copy_unistr2(&q_u_local.server_name, &q_u->server_name); + q_u_local.level = q_u->level; + memcpy( &q_u_local.info, &q_u->info, sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL) ); + + return _spoolss_addprinterdriver( p, &q_u_local, &r_u_local ); +} + +/**************************************************************************** +****************************************************************************/ + +static void fill_driverdir_1(DRIVER_DIRECTORY_1 *info, char *name) +{ + init_unistr(&info->name, name); +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environment, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + pstring path; + pstring long_archi; + pstring short_archi; + DRIVER_DIRECTORY_1 *info=NULL; + + unistr2_to_ascii(long_archi, uni_environment, sizeof(long_archi)-1); + + if (get_short_archi(short_archi, long_archi)==False) + return WERR_INVALID_ENVIRONMENT; + + if((info=(DRIVER_DIRECTORY_1 *)malloc(sizeof(DRIVER_DIRECTORY_1))) == NULL) + return WERR_NOMEM; + + slprintf(path, sizeof(path)-1, "\\\\%s\\print$\\%s", get_called_name(), short_archi); + + DEBUG(4,("printer driver directory: [%s]\n", path)); + + fill_driverdir_1(info, path); + + *needed += spoolss_size_driverdir_info_1(info); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(info); + return WERR_INSUFFICIENT_BUFFER; + } + + smb_io_driverdir_1("", buffer, info, 0); + + SAFE_FREE(info); + + if (*needed > offered) + return WERR_INSUFFICIENT_BUFFER; + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_getprinterdriverdirectory(pipes_struct *p, SPOOL_Q_GETPRINTERDRIVERDIR *q_u, SPOOL_R_GETPRINTERDRIVERDIR *r_u) +{ + UNISTR2 *name = &q_u->name; + UNISTR2 *uni_environment = &q_u->environment; + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(4,("_spoolss_getprinterdriverdirectory\n")); + + *needed=0; + + switch(level) { + case 1: + return getprinterdriverdir_level_1(name, uni_environment, buffer, offered, needed); + default: + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, SPOOL_R_ENUMPRINTERDATA *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 idx = q_u->index; + uint32 in_value_len = q_u->valuesize; + uint32 in_data_len = q_u->datasize; + uint32 *out_max_value_len = &r_u->valuesize; + uint16 **out_value = &r_u->value; + uint32 *out_value_len = &r_u->realvaluesize; + uint32 *out_type = &r_u->type; + uint32 *out_max_data_len = &r_u->datasize; + uint8 **data_out = &r_u->data; + uint32 *out_data_len = &r_u->realdatasize; + + NT_PRINTER_INFO_LEVEL *printer = NULL; + + uint32 param_index; + uint32 biggest_valuesize; + uint32 biggest_datasize; + uint32 data_len; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + int snum; + WERROR result; + REGISTRY_VALUE *val; + NT_PRINTER_DATA *p_data; + int i, key_index, num_values; + int name_length; + + ZERO_STRUCT( printer ); + + *out_type = 0; + + *out_max_data_len = 0; + *data_out = NULL; + *out_data_len = 0; + + DEBUG(5,("spoolss_enumprinterdata\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_enumprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p,handle, &snum)) + return WERR_BADFID; + + result = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(result)) + return result; + + p_data = &printer->info_2->data; + key_index = lookup_printerkey( p_data, SPOOL_PRINTERDATA_KEY ); + + result = WERR_OK; + + /* + * The NT machine wants to know the biggest size of value and data + * + * cf: MSDN EnumPrinterData remark section + */ + + if ( !in_value_len && !in_data_len ) + { + DEBUGADD(6,("Activating NT mega-hack to find sizes\n")); + + param_index = 0; + biggest_valuesize = 0; + biggest_datasize = 0; + + num_values = regval_ctr_numvals( &p_data->keys[key_index].values ); + + for ( i=0; i<num_values; i++ ) + { + val = regval_ctr_specific_value( &p_data->keys[key_index].values, i ); + + name_length = strlen(val->valuename); + if ( strlen(val->valuename) > biggest_valuesize ) + biggest_valuesize = name_length; + + if ( val->size > biggest_datasize ) + biggest_datasize = val->size; + + DEBUG(6,("current values: [%d], [%d]\n", biggest_valuesize, + biggest_datasize)); + } + + /* the value is an UNICODE string but real_value_size is the length + in bytes including the trailing 0 */ + + *out_value_len = 2 * (1+biggest_valuesize); + *out_data_len = biggest_datasize; + + DEBUG(6,("final values: [%d], [%d]\n", *out_value_len, *out_data_len)); + + goto done; + } + + /* + * the value len is wrong in NT sp3 + * that's the number of bytes not the number of unicode chars + */ + + val = regval_ctr_specific_value( &p_data->keys[key_index].values, idx ); + + if ( !val ) + { + + /* out_value should default to "" or else NT4 has + problems unmarshalling the response */ + + *out_max_value_len=(in_value_len/sizeof(uint16)); + + if((*out_value=(uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL) + { + result = WERR_NOMEM; + goto done; + } + + *out_value_len = (uint32)rpcstr_push((char *)*out_value, "", in_value_len, 0); + + /* the data is counted in bytes */ + + *out_max_data_len = in_data_len; + *out_data_len = in_data_len; + + /* only allocate when given a non-zero data_len */ + + if ( in_data_len && ((*data_out=(uint8 *)talloc_zero(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) ) + { + result = WERR_NOMEM; + goto done; + } + + result = WERR_NO_MORE_ITEMS; + } + else + { + /* + * the value is: + * - counted in bytes in the request + * - counted in UNICODE chars in the max reply + * - counted in bytes in the real size + * + * take a pause *before* coding not *during* coding + */ + + /* name */ + *out_max_value_len=(in_value_len/sizeof(uint16)); + if ( (*out_value = (uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL ) + { + result = WERR_NOMEM; + goto done; + } + + *out_value_len = (uint32)rpcstr_push((char *)*out_value, regval_name(val), in_value_len, 0); + + /* type */ + + *out_type = regval_type( val ); + + /* data - counted in bytes */ + + *out_max_data_len = in_data_len; + if ( (*data_out = (uint8 *)talloc_zero(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) + { + result = WERR_NOMEM; + goto done; + } + data_len = (size_t)regval_size(val); + memcpy( *data_out, regval_data_p(val), data_len ); + *out_data_len = data_len; + } + +done: + free_a_printer(&printer, 2); + return result; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_setprinterdata( pipes_struct *p, SPOOL_Q_SETPRINTERDATA *q_u, SPOOL_R_SETPRINTERDATA *r_u) +{ + POLICY_HND *handle = &q_u->handle; + UNISTR2 *value = &q_u->value; + uint32 type = q_u->type; + uint8 *data = q_u->data; + uint32 real_len = q_u->real_len; + + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum=0; + WERROR status = WERR_OK; + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + fstring valuename; + + DEBUG(5,("spoolss_setprinterdata\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_setprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p,handle, &snum)) + return WERR_BADFID; + + /* + * Access check : NT returns "access denied" if you make a + * SetPrinterData call without the necessary privildge. + * we were originally returning OK if nothing changed + * which made Win2k issue **a lot** of SetPrinterData + * when connecting to a printer --jerry + */ + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) + { + DEBUG(3, ("_spoolss_setprinterdata: change denied by handle access permissions\n")); + status = WERR_ACCESS_DENIED; + goto done; + } + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + return status; + + unistr2_to_ascii( valuename, value, sizeof(valuename)-1 ); + + /* + * When client side code sets a magic printer data key, detect it and save + * the current printer data and the magic key's data (its the DEVMODE) for + * future printer/driver initializations. + */ + if ( (type == REG_BINARY) && strequal( valuename, PHANTOM_DEVMODE_KEY)) + { + /* Set devmode and printer initialization info */ + status = save_driver_init( printer, 2, data, real_len ); + + srv_spoolss_reset_printerdata( printer->info_2->drivername ); + } + else + { + status = set_printer_dataex( printer, SPOOL_PRINTERDATA_KEY, valuename, + type, data, real_len ); + if ( W_ERROR_IS_OK(status) ) + status = mod_a_printer(*printer, 2); + } + +done: + free_a_printer(&printer, 2); + + return status; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_resetprinter(pipes_struct *p, SPOOL_Q_RESETPRINTER *q_u, SPOOL_R_RESETPRINTER *r_u) +{ + POLICY_HND *handle = &q_u->handle; + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + int snum; + + DEBUG(5,("_spoolss_resetprinter\n")); + + /* + * All we do is to check to see if the handle and queue is valid. + * This call really doesn't mean anything to us because we only + * support RAW printing. --jerry + */ + + if (!Printer) { + DEBUG(2,("_spoolss_resetprinter: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p,handle, &snum)) + return WERR_BADFID; + + + /* blindly return success */ + return WERR_OK; +} + + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_deleteprinterdata(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATA *q_u, SPOOL_R_DELETEPRINTERDATA *r_u) +{ + POLICY_HND *handle = &q_u->handle; + UNISTR2 *value = &q_u->valuename; + + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum=0; + WERROR status = WERR_OK; + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + pstring valuename; + + DEBUG(5,("spoolss_deleteprinterdata\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_deleteprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) { + DEBUG(3, ("_spoolss_deleteprinterdata: printer properties change denied by handle\n")); + return WERR_ACCESS_DENIED; + } + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + return status; + + unistr2_to_ascii( valuename, value, sizeof(valuename)-1 ); + + status = delete_printer_dataex( printer, SPOOL_PRINTERDATA_KEY, valuename ); + + free_a_printer(&printer, 2); + + return status; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM *r_u) +{ + POLICY_HND *handle = &q_u->handle; + FORM *form = &q_u->form; + nt_forms_struct tmpForm; + int snum; + WERROR status = WERR_OK; + NT_PRINTER_INFO_LEVEL *printer = NULL; + + int count=0; + nt_forms_struct *list=NULL; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + DEBUG(5,("spoolss_addform\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_addform: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + + /* forms can be added on printer of on the print server handle */ + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTER ) + { + if (!get_printer_snum(p,handle, &snum)) + return WERR_BADFID; + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + goto done; + } + + if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) { + DEBUG(2,("_spoolss_addform: denied by handle permissions.\n")); + status = WERR_ACCESS_DENIED; + goto done; + } + + /* can't add if builtin */ + + if (get_a_builtin_ntform(&form->name,&tmpForm)) { + status = WERR_ALREADY_EXISTS; + goto done; + } + + count = get_ntforms(&list); + + if(!add_a_form(&list, form, &count)) { + status = WERR_NOMEM; + goto done; + } + + write_ntforms(&list, count); + + /* + * ChangeID must always be set if this is a printer + */ + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTER ) + status = mod_a_printer(*printer, 2); + +done: + if ( printer ) + free_a_printer(&printer, 2); + SAFE_FREE(list); + + return status; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DELETEFORM *r_u) +{ + POLICY_HND *handle = &q_u->handle; + UNISTR2 *form_name = &q_u->name; + nt_forms_struct tmpForm; + int count=0; + nt_forms_struct *list=NULL; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + int snum; + WERROR status = WERR_OK; + NT_PRINTER_INFO_LEVEL *printer = NULL; + + DEBUG(5,("spoolss_deleteform\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_deleteform: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + /* forms can be deleted on printer of on the print server handle */ + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTER ) + { + if (!get_printer_snum(p,handle, &snum)) + return WERR_BADFID; + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + goto done; + } + + if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) { + DEBUG(2,("_spoolss_deleteform: denied by handle permissions.\n")); + status = WERR_ACCESS_DENIED; + goto done; + } + + /* can't delete if builtin */ + + if (get_a_builtin_ntform(form_name,&tmpForm)) { + status = WERR_INVALID_PARAM; + goto done; + } + + count = get_ntforms(&list); + + if ( !delete_a_form(&list, form_name, &count, &status )) + goto done; + + /* + * ChangeID must always be set if this is a printer + */ + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTER ) + status = mod_a_printer(*printer, 2); + +done: + if ( printer ) + free_a_printer(&printer, 2); + SAFE_FREE(list); + + return status; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM *r_u) +{ + POLICY_HND *handle = &q_u->handle; + FORM *form = &q_u->form; + nt_forms_struct tmpForm; + int snum; + WERROR status = WERR_OK; + NT_PRINTER_INFO_LEVEL *printer = NULL; + + int count=0; + nt_forms_struct *list=NULL; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + DEBUG(5,("spoolss_setform\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_setform: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + /* forms can be modified on printer of on the print server handle */ + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTER ) + { + if (!get_printer_snum(p,handle, &snum)) + return WERR_BADFID; + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + goto done; + } + + if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) { + DEBUG(2,("_spoolss_setform: denied by handle permissions\n")); + status = WERR_ACCESS_DENIED; + goto done; + } + + /* can't set if builtin */ + if (get_a_builtin_ntform(&form->name,&tmpForm)) { + status = WERR_INVALID_PARAM; + goto done; + } + + count = get_ntforms(&list); + update_a_form(&list, form, count); + write_ntforms(&list, count); + + /* + * ChangeID must always be set if this is a printer + */ + + if ( Printer->printer_type == PRINTER_HANDLE_IS_PRINTER ) + status = mod_a_printer(*printer, 2); + + +done: + if ( printer ) + free_a_printer(&printer, 2); + SAFE_FREE(list); + + return status; +} + +/**************************************************************************** + enumprintprocessors level 1. +****************************************************************************/ + +static WERROR enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + PRINTPROCESSOR_1 *info_1=NULL; + + if((info_1 = (PRINTPROCESSOR_1 *)malloc(sizeof(PRINTPROCESSOR_1))) == NULL) + return WERR_NOMEM; + + (*returned) = 0x1; + + init_unistr(&info_1->name, "winprint"); + + *needed += spoolss_size_printprocessor_info_1(info_1); + + if (!alloc_buffer_size(buffer, *needed)) + return WERR_INSUFFICIENT_BUFFER; + + smb_io_printprocessor_info_1("", buffer, info_1, 0); + + SAFE_FREE(info_1); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_enumprintprocessors(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCESSORS *q_u, SPOOL_R_ENUMPRINTPROCESSORS *r_u) +{ + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *returned = &r_u->returned; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(5,("spoolss_enumprintprocessors\n")); + + /* + * Enumerate the print processors ... + * + * Just reply with "winprint", to keep NT happy + * and I can use my nice printer checker. + */ + + *returned=0; + *needed=0; + + switch (level) { + case 1: + return enumprintprocessors_level_1(buffer, offered, needed, returned); + default: + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** + enumprintprocdatatypes level 1. +****************************************************************************/ + +static WERROR enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + PRINTPROCDATATYPE_1 *info_1=NULL; + + if((info_1 = (PRINTPROCDATATYPE_1 *)malloc(sizeof(PRINTPROCDATATYPE_1))) == NULL) + return WERR_NOMEM; + + (*returned) = 0x1; + + init_unistr(&info_1->name, "RAW"); + + *needed += spoolss_size_printprocdatatype_info_1(info_1); + + if (!alloc_buffer_size(buffer, *needed)) + return WERR_INSUFFICIENT_BUFFER; + + smb_io_printprocdatatype_info_1("", buffer, info_1, 0); + + SAFE_FREE(info_1); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_enumprintprocdatatypes(pipes_struct *p, SPOOL_Q_ENUMPRINTPROCDATATYPES *q_u, SPOOL_R_ENUMPRINTPROCDATATYPES *r_u) +{ + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *returned = &r_u->returned; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(5,("_spoolss_enumprintprocdatatypes\n")); + + *returned=0; + *needed=0; + + switch (level) { + case 1: + return enumprintprocdatatypes_level_1(buffer, offered, needed, returned); + default: + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** + enumprintmonitors level 1. +****************************************************************************/ + +static WERROR enumprintmonitors_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + PRINTMONITOR_1 *info_1=NULL; + + if((info_1 = (PRINTMONITOR_1 *)malloc(sizeof(PRINTMONITOR_1))) == NULL) + return WERR_NOMEM; + + (*returned) = 0x1; + + init_unistr(&info_1->name, "Local Port"); + + *needed += spoolss_size_printmonitor_info_1(info_1); + + if (!alloc_buffer_size(buffer, *needed)) + return WERR_INSUFFICIENT_BUFFER; + + smb_io_printmonitor_info_1("", buffer, info_1, 0); + + SAFE_FREE(info_1); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** + enumprintmonitors level 2. +****************************************************************************/ + +static WERROR enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *needed, uint32 *returned) +{ + PRINTMONITOR_2 *info_2=NULL; + + if((info_2 = (PRINTMONITOR_2 *)malloc(sizeof(PRINTMONITOR_2))) == NULL) + return WERR_NOMEM; + + (*returned) = 0x1; + + init_unistr(&info_2->name, "Local Port"); + init_unistr(&info_2->environment, "Windows NT X86"); + init_unistr(&info_2->dll_name, "localmon.dll"); + + *needed += spoolss_size_printmonitor_info_2(info_2); + + if (!alloc_buffer_size(buffer, *needed)) + return WERR_INSUFFICIENT_BUFFER; + + smb_io_printmonitor_info_2("", buffer, info_2, 0); + + SAFE_FREE(info_2); + + if (*needed > offered) { + *returned=0; + return WERR_INSUFFICIENT_BUFFER; + } + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_enumprintmonitors(pipes_struct *p, SPOOL_Q_ENUMPRINTMONITORS *q_u, SPOOL_R_ENUMPRINTMONITORS *r_u) +{ + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + uint32 *returned = &r_u->returned; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(5,("spoolss_enumprintmonitors\n")); + + /* + * Enumerate the print monitors ... + * + * Just reply with "Local Port", to keep NT happy + * and I can use my nice printer checker. + */ + + *returned=0; + *needed=0; + + switch (level) { + case 1: + return enumprintmonitors_level_1(buffer, offered, needed, returned); + case 2: + return enumprintmonitors_level_2(buffer, offered, needed, returned); + default: + return WERR_UNKNOWN_LEVEL; + } +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getjob_level_1(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + int i=0; + BOOL found=False; + JOB_INFO_1 *info_1=NULL; + + info_1=(JOB_INFO_1 *)malloc(sizeof(JOB_INFO_1)); + + if (info_1 == NULL) { + SAFE_FREE(queue); + return WERR_NOMEM; + } + + for (i=0; i<count && found==False; i++) { + if (queue[i].job==(int)jobid) + found=True; + } + + if (found==False) { + SAFE_FREE(queue); + SAFE_FREE(info_1); + /* NT treats not found as bad param... yet another bad choice */ + return WERR_INVALID_PARAM; + } + + fill_job_info_1(info_1, &(queue[i-1]), i, snum); + + *needed += spoolss_size_job_info_1(info_1); + + if (!alloc_buffer_size(buffer, *needed)) { + SAFE_FREE(info_1); + return WERR_INSUFFICIENT_BUFFER; + } + + smb_io_job_info_1("", buffer, info_1, 0); + + SAFE_FREE(info_1); + + if (*needed > offered) + return WERR_INSUFFICIENT_BUFFER; + + return WERR_OK; +} + +/**************************************************************************** +****************************************************************************/ + +static WERROR getjob_level_2(print_queue_struct *queue, int count, int snum, uint32 jobid, NEW_BUFFER *buffer, uint32 offered, uint32 *needed) +{ + int i = 0; + BOOL found = False; + JOB_INFO_2 *info_2; + NT_PRINTER_INFO_LEVEL *ntprinter = NULL; + WERROR ret; + DEVICEMODE *devmode = NULL; + NT_DEVICEMODE *nt_devmode = NULL; + + info_2=(JOB_INFO_2 *)malloc(sizeof(JOB_INFO_2)); + + ZERO_STRUCTP(info_2); + + if (info_2 == NULL) { + ret = WERR_NOMEM; + goto done; + } + + for ( i=0; i<count && found==False; i++ ) + { + if (queue[i].job == (int)jobid) + found = True; + } + + if ( !found ) + { + /* NT treats not found as bad param... yet another bad + choice */ + ret = WERR_INVALID_PARAM; + goto done; + } + + ret = get_a_printer(NULL, &ntprinter, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(ret)) + goto done; + + /* + * if the print job does not have a DEVMODE associated with it, + * just use the one for the printer. A NULL devicemode is not + * a failure condition + */ + + if ( !(nt_devmode=print_job_devmode( snum, jobid )) ) + devmode = construct_dev_mode(snum); + else { + if ((devmode = (DEVICEMODE *)malloc(sizeof(DEVICEMODE))) != NULL) { + ZERO_STRUCTP( devmode ); + convert_nt_devicemode( devmode, nt_devmode ); + } + } + + fill_job_info_2(info_2, &(queue[i-1]), i, snum, ntprinter, devmode); + + *needed += spoolss_size_job_info_2(info_2); + + if (!alloc_buffer_size(buffer, *needed)) { + ret = WERR_INSUFFICIENT_BUFFER; + goto done; + } + + smb_io_job_info_2("", buffer, info_2, 0); + + if (*needed > offered) { + ret = WERR_INSUFFICIENT_BUFFER; + goto done; + } + + ret = WERR_OK; + + done: + /* Cleanup allocated memory */ + + free_job_info_2(info_2); /* Also frees devmode */ + SAFE_FREE(info_2); + free_a_printer(&ntprinter, 2); + + return ret; +} + +/**************************************************************************** +****************************************************************************/ + +WERROR _spoolss_getjob( pipes_struct *p, SPOOL_Q_GETJOB *q_u, SPOOL_R_GETJOB *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 jobid = q_u->jobid; + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + WERROR wstatus = WERR_OK; + + int snum; + int count; + print_queue_struct *queue = NULL; + print_status_struct prt_status; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(5,("spoolss_getjob\n")); + + *needed = 0; + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + count = print_queue_status(snum, &queue, &prt_status); + + DEBUGADD(4,("count:[%d], prt_status:[%d], [%s]\n", + count, prt_status.status, prt_status.message)); + + switch ( level ) { + case 1: + wstatus = getjob_level_1(queue, count, snum, jobid, + buffer, offered, needed); + break; + case 2: + wstatus = getjob_level_2(queue, count, snum, jobid, + buffer, offered, needed); + break; + default: + wstatus = WERR_UNKNOWN_LEVEL; + break; + } + + SAFE_FREE(queue); + return wstatus; +} + +/******************************************************************** + spoolss_getprinterdataex + + From MSDN documentation of GetPrinterDataEx: pass request + to GetPrinterData if key is "PrinterDriverData". + ********************************************************************/ + +WERROR _spoolss_getprinterdataex(pipes_struct *p, SPOOL_Q_GETPRINTERDATAEX *q_u, SPOOL_R_GETPRINTERDATAEX *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 in_size = q_u->size; + uint32 *type = &r_u->type; + uint32 *out_size = &r_u->size; + uint8 **data = &r_u->data; + uint32 *needed = &r_u->needed; + fstring keyname, valuename; + + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum = 0; + WERROR status = WERR_OK; + + DEBUG(4,("_spoolss_getprinterdataex\n")); + + unistr2_to_ascii(keyname, &q_u->keyname, sizeof(keyname) - 1); + unistr2_to_ascii(valuename, &q_u->valuename, sizeof(valuename) - 1); + + DEBUG(10, ("_spoolss_getprinterdataex: key => [%s], value => [%s]\n", + keyname, valuename)); + + /* in case of problem, return some default values */ + + *needed = 0; + *type = 0; + *out_size = in_size; + + if (!Printer) { + DEBUG(2,("_spoolss_getprinterdataex: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + status = WERR_BADFID; + goto done; + } + + /* Is the handle to a printer or to the server? */ + + if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) { + DEBUG(10,("_spoolss_getprinterdatex: Not implemented for server handles yet\n")); + status = WERR_INVALID_PARAM; + goto done; + } + + if ( !get_printer_snum(p,handle, &snum) ) + return WERR_BADFID; + + status = get_a_printer(Printer, &printer, 2, lp_servicename(snum)); + if ( !W_ERROR_IS_OK(status) ) + goto done; + + /* check to see if the keyname is valid */ + if ( !strlen(keyname) ) { + status = WERR_INVALID_PARAM; + goto done; + } + + if ( lookup_printerkey( &printer->info_2->data, keyname ) == -1 ) { + DEBUG(4,("_spoolss_getprinterdataex: Invalid keyname [%s]\n", keyname )); + free_a_printer( &printer, 2 ); + status = WERR_BADFILE; + goto done; + } + + /* When given a new keyname, we should just create it */ + + status = get_printer_dataex( p->mem_ctx, printer, keyname, valuename, type, data, needed, in_size ); + + if (*needed > *out_size) + status = WERR_MORE_DATA; + +done: + if ( !W_ERROR_IS_OK(status) ) + { + DEBUG(5, ("error: allocating %d\n", *out_size)); + + /* reply this param doesn't exist */ + + if ( *out_size ) + { + if( (*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL ) { + status = WERR_NOMEM; + goto done; + } + } + else { + *data = NULL; + } + } + + if ( printer ) + free_a_printer( &printer, 2 ); + + return status; +} + +/******************************************************************** + * spoolss_setprinterdataex + ********************************************************************/ + +WERROR _spoolss_setprinterdataex(pipes_struct *p, SPOOL_Q_SETPRINTERDATAEX *q_u, SPOOL_R_SETPRINTERDATAEX *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 type = q_u->type; + uint8 *data = q_u->data; + uint32 real_len = q_u->real_len; + + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum = 0; + WERROR status = WERR_OK; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + fstring valuename; + fstring keyname; + char *oid_string; + + DEBUG(4,("_spoolss_setprinterdataex\n")); + + /* From MSDN documentation of SetPrinterDataEx: pass request to + SetPrinterData if key is "PrinterDriverData" */ + + if (!Printer) { + DEBUG(2,("_spoolss_setprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if ( !get_printer_snum(p,handle, &snum) ) + return WERR_BADFID; + + /* + * Access check : NT returns "access denied" if you make a + * SetPrinterData call without the necessary privildge. + * we were originally returning OK if nothing changed + * which made Win2k issue **a lot** of SetPrinterData + * when connecting to a printer --jerry + */ + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) + { + DEBUG(3, ("_spoolss_setprinterdataex: change denied by handle access permissions\n")); + return WERR_ACCESS_DENIED; + } + + status = get_a_printer(Printer, &printer, 2, lp_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + return status; + + unistr2_to_ascii( valuename, &q_u->value, sizeof(valuename) - 1); + unistr2_to_ascii( keyname, &q_u->key, sizeof(keyname) - 1); + + /* check for OID in valuename */ + + if ( (oid_string = strchr( valuename, ',' )) != NULL ) + { + *oid_string = '\0'; + oid_string++; + } + + /* save the registry data */ + + status = set_printer_dataex( printer, keyname, valuename, type, data, real_len ); + + if ( W_ERROR_IS_OK(status) ) + { + /* save the OID if one was specified */ + if ( oid_string ) { + fstrcat( keyname, "\\" ); + fstrcat( keyname, SPOOL_OID_KEY ); + + /* + * I'm not checking the status here on purpose. Don't know + * if this is right, but I'm returning the status from the + * previous set_printer_dataex() call. I have no idea if + * this is right. --jerry + */ + + set_printer_dataex( printer, keyname, valuename, + REG_SZ, (void*)oid_string, strlen(oid_string)+1 ); + } + + status = mod_a_printer(*printer, 2); + } + + free_a_printer(&printer, 2); + + return status; +} + + +/******************************************************************** + * spoolss_deleteprinterdataex + ********************************************************************/ + +WERROR _spoolss_deleteprinterdataex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATAEX *q_u, SPOOL_R_DELETEPRINTERDATAEX *r_u) +{ + POLICY_HND *handle = &q_u->handle; + UNISTR2 *value = &q_u->valuename; + UNISTR2 *key = &q_u->keyname; + + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum=0; + WERROR status = WERR_OK; + Printer_entry *Printer=find_printer_index_by_hnd(p, handle); + pstring valuename, keyname; + + DEBUG(5,("spoolss_deleteprinterdataex\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_deleteprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) { + DEBUG(3, ("_spoolss_deleteprinterdataex: printer properties change denied by handle\n")); + return WERR_ACCESS_DENIED; + } + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + return status; + + unistr2_to_ascii( valuename, value, sizeof(valuename)-1 ); + unistr2_to_ascii( keyname, key, sizeof(keyname)-1 ); + + status = delete_printer_dataex( printer, keyname, valuename ); + + free_a_printer(&printer, 2); + + return status; +} + +/******************************************************************** + * spoolss_enumprinterkey + ********************************************************************/ + + +WERROR _spoolss_enumprinterkey(pipes_struct *p, SPOOL_Q_ENUMPRINTERKEY *q_u, SPOOL_R_ENUMPRINTERKEY *r_u) +{ + fstring key; + fstring *keynames = NULL; + uint16 *enumkeys = NULL; + int num_keys; + int printerkey_len; + POLICY_HND *handle = &q_u->handle; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + NT_PRINTER_DATA *data; + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum = 0; + WERROR status = WERR_BADFILE; + + + DEBUG(4,("_spoolss_enumprinterkey\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_enumprinterkey: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + if ( !get_printer_snum(p,handle, &snum) ) + return WERR_BADFID; + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + return status; + + /* get the list of subkey names */ + + unistr2_to_ascii( key, &q_u->key, sizeof(key)-1 ); + data = &printer->info_2->data; + + num_keys = get_printer_subkeys( data, key, &keynames ); + + if ( num_keys == -1 ) { + status = WERR_BADFILE; + goto done; + } + + printerkey_len = init_unistr_array( &enumkeys, keynames, NULL ); + + r_u->needed = printerkey_len*2; + + if ( q_u->size < r_u->needed ) { + status = WERR_MORE_DATA; + goto done; + } + + if (!make_spoolss_buffer5(p->mem_ctx, &r_u->keys, printerkey_len, enumkeys)) { + status = WERR_NOMEM; + goto done; + } + + status = WERR_OK; + + if ( q_u->size < r_u->needed ) + status = WERR_MORE_DATA; + +done: + free_a_printer( &printer, 2 ); + SAFE_FREE( keynames ); + + return status; +} + +/******************************************************************** + * spoolss_deleteprinterkey + ********************************************************************/ + +WERROR _spoolss_deleteprinterkey(pipes_struct *p, SPOOL_Q_DELETEPRINTERKEY *q_u, SPOOL_R_DELETEPRINTERKEY *r_u) +{ + POLICY_HND *handle = &q_u->handle; + Printer_entry *Printer = find_printer_index_by_hnd(p, &q_u->handle); + fstring key; + NT_PRINTER_INFO_LEVEL *printer = NULL; + int snum=0; + WERROR status; + + DEBUG(5,("spoolss_deleteprinterkey\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_deleteprinterkey: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + /* if keyname == NULL, return error */ + + if ( !q_u->keyname.buffer ) + return WERR_INVALID_PARAM; + + if (!get_printer_snum(p, handle, &snum)) + return WERR_BADFID; + + if (Printer->access_granted != PRINTER_ACCESS_ADMINISTER) { + DEBUG(3, ("_spoolss_deleteprinterkey: printer properties change denied by handle\n")); + return WERR_ACCESS_DENIED; + } + + status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(status)) + return status; + + /* delete the key and all subneys */ + + unistr2_to_ascii(key, &q_u->keyname, sizeof(key) - 1); + + status = delete_all_printer_data( printer->info_2, key ); + + if ( W_ERROR_IS_OK(status) ) + status = mod_a_printer(*printer, 2); + + free_a_printer( &printer, 2 ); + + return status; +} + + +/******************************************************************** + * spoolss_enumprinterdataex + ********************************************************************/ + +WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_u, SPOOL_R_ENUMPRINTERDATAEX *r_u) +{ + POLICY_HND *handle = &q_u->handle; + uint32 in_size = q_u->size; + uint32 num_entries, + needed; + NT_PRINTER_INFO_LEVEL *printer = NULL; + PRINTER_ENUM_VALUES *enum_values = NULL; + NT_PRINTER_DATA *p_data; + fstring key; + Printer_entry *Printer = find_printer_index_by_hnd(p, handle); + int snum; + WERROR result; + int key_index; + int i; + REGISTRY_VALUE *val; + char *value_name; + int data_len; + + + DEBUG(4,("_spoolss_enumprinterdataex\n")); + + if (!Printer) { + DEBUG(2,("_spoolss_enumprinterdataex: Invalid handle (%s:%u:%u1<).\n", OUR_HANDLE(handle))); + return WERR_BADFID; + } + + /* + * first check for a keyname of NULL or "". Win2k seems to send + * this a lot and we should send back WERR_INVALID_PARAM + * no need to spend time looking up the printer in this case. + * --jerry + */ + + unistr2_to_ascii(key, &q_u->key, sizeof(key) - 1); + if ( !strlen(key) ) { + result = WERR_INVALID_PARAM; + goto done; + } + + /* get the printer off of disk */ + + if (!get_printer_snum(p,handle, &snum)) + return WERR_BADFID; + + ZERO_STRUCT(printer); + result = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum)); + if (!W_ERROR_IS_OK(result)) + return result; + + /* now look for a match on the key name */ + + p_data = &printer->info_2->data; + + unistr2_to_ascii(key, &q_u->key, sizeof(key) - 1); + if ( (key_index = lookup_printerkey( p_data, key)) == -1 ) + { + DEBUG(10,("_spoolss_enumprinterdataex: Unknown keyname [%s]\n", key)); + result = WERR_INVALID_PARAM; + goto done; + } + + result = WERR_OK; + needed = 0; + + /* allocate the memory for the array of pointers -- if necessary */ + + num_entries = regval_ctr_numvals( &p_data->keys[key_index].values ); + if ( num_entries ) + { + if ( (enum_values=talloc(p->mem_ctx, num_entries*sizeof(PRINTER_ENUM_VALUES))) == NULL ) + { + DEBUG(0,("_spoolss_enumprinterdataex: talloc() failed to allocate memory for [%d] bytes!\n", + num_entries*sizeof(PRINTER_ENUM_VALUES))); + result = WERR_NOMEM; + goto done; + } + + memset( enum_values, 0x0, num_entries*sizeof(PRINTER_ENUM_VALUES) ); + } + + /* + * loop through all params and build the array to pass + * back to the client + */ + + for ( i=0; i<num_entries; i++ ) + { + /* lookup the registry value */ + + val = regval_ctr_specific_value( &p_data->keys[key_index].values, i ); + DEBUG(10,("retrieved value number [%d] [%s]\n", i, regval_name(val) )); + + /* copy the data */ + + value_name = regval_name( val ); + init_unistr( &enum_values[i].valuename, value_name ); + enum_values[i].value_len = (strlen(value_name)+1) * 2; + enum_values[i].type = regval_type( val ); + + data_len = regval_size( val ); + if ( data_len ) { + if ( !(enum_values[i].data = talloc_memdup(p->mem_ctx, regval_data_p(val), data_len)) ) + { + DEBUG(0,("talloc_memdup failed to allocate memory [data_len=%d] for data!\n", + data_len )); + result = WERR_NOMEM; + goto done; + } + } + enum_values[i].data_len = data_len; + + /* keep track of the size of the array in bytes */ + + needed += spoolss_size_printer_enum_values(&enum_values[i]); + } + + /* housekeeping information in the reply */ + + r_u->needed = needed; + r_u->returned = num_entries; + + if (needed > in_size) { + result = WERR_MORE_DATA; + goto done; + } + + /* copy data into the reply */ + + r_u->ctr.size = r_u->needed; + r_u->ctr.size_of_array = r_u->returned; + r_u->ctr.values = enum_values; + + + +done: + if ( printer ) + free_a_printer(&printer, 2); + + return result; +} + +/**************************************************************************** +****************************************************************************/ + +static void fill_printprocessordirectory_1(PRINTPROCESSOR_DIRECTORY_1 *info, char *name) +{ + init_unistr(&info->name, name); +} + +static WERROR getprintprocessordirectory_level_1(UNISTR2 *name, + UNISTR2 *environment, + NEW_BUFFER *buffer, + uint32 offered, + uint32 *needed) +{ + pstring path; + pstring long_archi; + pstring short_archi; + PRINTPROCESSOR_DIRECTORY_1 *info=NULL; + + unistr2_to_ascii(long_archi, environment, sizeof(long_archi)-1); + + if (get_short_archi(short_archi, long_archi)==False) + return WERR_INVALID_ENVIRONMENT; + + if((info=(PRINTPROCESSOR_DIRECTORY_1 *)malloc(sizeof(PRINTPROCESSOR_DIRECTORY_1))) == NULL) + return WERR_NOMEM; + + pstrcpy(path, "C:\\WINNT\\System32\\spool\\PRTPROCS\\W32X86"); + + fill_printprocessordirectory_1(info, path); + + *needed += spoolss_size_printprocessordirectory_info_1(info); + + if (!alloc_buffer_size(buffer, *needed)) { + safe_free(info); + return WERR_INSUFFICIENT_BUFFER; + } + + smb_io_printprocessordirectory_1("", buffer, info, 0); + + safe_free(info); + + if (*needed > offered) + return WERR_INSUFFICIENT_BUFFER; + else + return WERR_OK; +} + +WERROR _spoolss_getprintprocessordirectory(pipes_struct *p, SPOOL_Q_GETPRINTPROCESSORDIRECTORY *q_u, SPOOL_R_GETPRINTPROCESSORDIRECTORY *r_u) +{ + uint32 level = q_u->level; + NEW_BUFFER *buffer = NULL; + uint32 offered = q_u->offered; + uint32 *needed = &r_u->needed; + WERROR result; + + /* that's an [in out] buffer */ + spoolss_move_buffer(q_u->buffer, &r_u->buffer); + buffer = r_u->buffer; + + DEBUG(5,("_spoolss_getprintprocessordirectory\n")); + + *needed=0; + + switch(level) { + case 1: + result = getprintprocessordirectory_level_1 + (&q_u->name, &q_u->environment, buffer, offered, needed); + break; + default: + result = WERR_UNKNOWN_LEVEL; + } + + return result; +} + +#if 0 + +WERROR _spoolss_replyopenprinter(pipes_struct *p, SPOOL_Q_REPLYOPENPRINTER *q_u, + SPOOL_R_REPLYOPENPRINTER *r_u) +{ + DEBUG(5,("_spoolss_replyopenprinter\n")); + + DEBUG(10, ("replyopenprinter for localprinter %d\n", q_u->printer)); + + return WERR_OK; +} + +WERROR _spoolss_replycloseprinter(pipes_struct *p, SPOOL_Q_REPLYCLOSEPRINTER *q_u, + SPOOL_R_REPLYCLOSEPRINTER *r_u) +{ + DEBUG(5,("_spoolss_replycloseprinter\n")); + return WERR_OK; +} + +#endif diff --git a/source4/rpc_server/srv_srvsvc.c b/source4/rpc_server/srv_srvsvc.c new file mode 100644 index 0000000000..7c5e317c87 --- /dev/null +++ b/source4/rpc_server/srv_srvsvc.c @@ -0,0 +1,557 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Jeremy Allison 2001, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface to the srvsvc pipe. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/******************************************************************* + api_srv_net_srv_get_info +********************************************************************/ + +static BOOL api_srv_net_srv_get_info(pipes_struct *p) +{ + SRV_Q_NET_SRV_GET_INFO q_u; + SRV_R_NET_SRV_GET_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the net server get info */ + if (!srv_io_q_net_srv_get_info("", &q_u, data, 0)) + return False; + + r_u.status = _srv_net_srv_get_info(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if (!srv_io_r_net_srv_get_info("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_srv_net_srv_get_info +********************************************************************/ + +static BOOL api_srv_net_srv_set_info(pipes_struct *p) +{ + SRV_Q_NET_SRV_SET_INFO q_u; + SRV_R_NET_SRV_SET_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the net server set info */ + if (!srv_io_q_net_srv_set_info("", &q_u, data, 0)) + return False; + + r_u.status = _srv_net_srv_set_info(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if (!srv_io_r_net_srv_set_info("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_srv_net_file_enum +********************************************************************/ + +static BOOL api_srv_net_file_enum(pipes_struct *p) +{ + SRV_Q_NET_FILE_ENUM q_u; + SRV_R_NET_FILE_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the net file enum */ + if (!srv_io_q_net_file_enum("", &q_u, data, 0)) + return False; + + r_u.status = _srv_net_file_enum(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!srv_io_r_net_file_enum("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + api_srv_net_conn_enum +********************************************************************/ + +static BOOL api_srv_net_conn_enum(pipes_struct *p) +{ + SRV_Q_NET_CONN_ENUM q_u; + SRV_R_NET_CONN_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the net server get enum */ + if (!srv_io_q_net_conn_enum("", &q_u, data, 0)) + return False; + + r_u.status = _srv_net_conn_enum(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if (!srv_io_r_net_conn_enum("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + Enumerate sessions. +********************************************************************/ + +static BOOL api_srv_net_sess_enum(pipes_struct *p) +{ + SRV_Q_NET_SESS_ENUM q_u; + SRV_R_NET_SESS_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the net server get enum */ + if (!srv_io_q_net_sess_enum("", &q_u, data, 0)) + return False; + + /* construct reply. always indicate success */ + r_u.status = _srv_net_sess_enum(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if (!srv_io_r_net_sess_enum("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + RPC to enumerate shares. +********************************************************************/ + +static BOOL api_srv_net_share_enum_all(pipes_struct *p) +{ + SRV_Q_NET_SHARE_ENUM q_u; + SRV_R_NET_SHARE_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server get enum. */ + if(!srv_io_q_net_share_enum("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_share_enum_all: Failed to unmarshall SRV_Q_NET_SHARE_ENUM.\n")); + return False; + } + + r_u.status = _srv_net_share_enum_all(p, &q_u, &r_u); + + if (!srv_io_r_net_share_enum("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_share_enum_all: Failed to marshall SRV_R_NET_SHARE_ENUM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + RPC to enumerate shares. +********************************************************************/ + +static BOOL api_srv_net_share_enum(pipes_struct *p) +{ + SRV_Q_NET_SHARE_ENUM q_u; + SRV_R_NET_SHARE_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server get enum. */ + if(!srv_io_q_net_share_enum("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_share_enum: Failed to unmarshall SRV_Q_NET_SHARE_ENUM.\n")); + return False; + } + + r_u.status = _srv_net_share_enum(p, &q_u, &r_u); + + if (!srv_io_r_net_share_enum("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_share_enum: Failed to marshall SRV_R_NET_SHARE_ENUM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + RPC to return share information. +********************************************************************/ + +static BOOL api_srv_net_share_get_info(pipes_struct *p) +{ + SRV_Q_NET_SHARE_GET_INFO q_u; + SRV_R_NET_SHARE_GET_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server get info. */ + if(!srv_io_q_net_share_get_info("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_share_get_info: Failed to unmarshall SRV_Q_NET_SHARE_GET_INFO.\n")); + return False; + } + + r_u.status = _srv_net_share_get_info(p, &q_u, &r_u); + + if(!srv_io_r_net_share_get_info("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_share_get_info: Failed to marshall SRV_R_NET_SHARE_GET_INFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + RPC to set share information. +********************************************************************/ + +static BOOL api_srv_net_share_set_info(pipes_struct *p) +{ + SRV_Q_NET_SHARE_SET_INFO q_u; + SRV_R_NET_SHARE_SET_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server set info. */ + if(!srv_io_q_net_share_set_info("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_share_set_info: Failed to unmarshall SRV_Q_NET_SHARE_SET_INFO.\n")); + return False; + } + + r_u.status = _srv_net_share_set_info(p, &q_u, &r_u); + + if(!srv_io_r_net_share_set_info("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_share_set_info: Failed to marshall SRV_R_NET_SHARE_SET_INFO.\n")); + return False; + } + + return True; +} + +/******************************************************************* + RPC to add share information. +********************************************************************/ + +static BOOL api_srv_net_share_add(pipes_struct *p) +{ + SRV_Q_NET_SHARE_ADD q_u; + SRV_R_NET_SHARE_ADD r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server add info. */ + if(!srv_io_q_net_share_add("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_share_add: Failed to unmarshall SRV_Q_NET_SHARE_ADD.\n")); + return False; + } + + r_u.status = _srv_net_share_add(p, &q_u, &r_u); + + if(!srv_io_r_net_share_add("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_share_add: Failed to marshall SRV_R_NET_SHARE_ADD.\n")); + return False; + } + + return True; +} + +/******************************************************************* + RPC to delete share information. +********************************************************************/ + +static BOOL api_srv_net_share_del(pipes_struct *p) +{ + SRV_Q_NET_SHARE_DEL q_u; + SRV_R_NET_SHARE_DEL r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server del info. */ + if(!srv_io_q_net_share_del("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_share_del: Failed to unmarshall SRV_Q_NET_SHARE_DEL.\n")); + return False; + } + + r_u.status = _srv_net_share_del(p, &q_u, &r_u); + + if(!srv_io_r_net_share_del("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_share_del: Failed to marshall SRV_R_NET_SHARE_DEL.\n")); + return False; + } + + return True; +} + +/******************************************************************* + RPC to delete share information. +********************************************************************/ + +static BOOL api_srv_net_share_del_sticky(pipes_struct *p) +{ + SRV_Q_NET_SHARE_DEL q_u; + SRV_R_NET_SHARE_DEL r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server del info. */ + if(!srv_io_q_net_share_del("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_share_del_sticky: Failed to unmarshall SRV_Q_NET_SHARE_DEL.\n")); + return False; + } + + r_u.status = _srv_net_share_del_sticky(p, &q_u, &r_u); + + if(!srv_io_r_net_share_del("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_share_del_sticky: Failed to marshall SRV_R_NET_SHARE_DEL.\n")); + return False; + } + + return True; +} + +/******************************************************************* + api_srv_net_remote_tod +********************************************************************/ + +static BOOL api_srv_net_remote_tod(pipes_struct *p) +{ + SRV_Q_NET_REMOTE_TOD q_u; + SRV_R_NET_REMOTE_TOD r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the net server get enum */ + if(!srv_io_q_net_remote_tod("", &q_u, data, 0)) + return False; + + r_u.status = _srv_net_remote_tod(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!srv_io_r_net_remote_tod("", &r_u, rdata, 0)) + return False; + + return True; +} + +/******************************************************************* + RPC to enumerate disks available on a server e.g. C:, D: ... +*******************************************************************/ + +static BOOL api_srv_net_disk_enum(pipes_struct *p) +{ + SRV_Q_NET_DISK_ENUM q_u; + SRV_R_NET_DISK_ENUM r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server disk enum. */ + if(!srv_io_q_net_disk_enum("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_disk_enum: Failed to unmarshall SRV_Q_NET_DISK_ENUM.\n")); + return False; + } + + r_u.status = _srv_net_disk_enum(p, &q_u, &r_u); + + if(!srv_io_r_net_disk_enum("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_disk_enum: Failed to marshall SRV_R_NET_DISK_ENUM.\n")); + return False; + } + + return True; +} + +/******************************************************************* + NetValidateName (opnum 0x21) +*******************************************************************/ + +static BOOL api_srv_net_name_validate(pipes_struct *p) +{ + SRV_Q_NET_NAME_VALIDATE q_u; + SRV_R_NET_NAME_VALIDATE r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net server disk enum. */ + if(!srv_io_q_net_name_validate("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_name_validate: Failed to unmarshall SRV_Q_NET_NAME_VALIDATE.\n")); + return False; + } + + r_u.status = _srv_net_name_validate(p, &q_u, &r_u); + + if(!srv_io_r_net_name_validate("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_name_validate: Failed to marshall SRV_R_NET_NAME_VALIDATE.\n")); + return False; + } + + return True; +} + +/******************************************************************* + NetFileQuerySecdesc (opnum 0x27) +*******************************************************************/ + +static BOOL api_srv_net_file_query_secdesc(pipes_struct *p) +{ + SRV_Q_NET_FILE_QUERY_SECDESC q_u; + SRV_R_NET_FILE_QUERY_SECDESC r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net file get info from Win9x */ + if(!srv_io_q_net_file_query_secdesc("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_file_query_secdesc: Failed to unmarshall SRV_Q_NET_FILE_QUERY_SECDESC.\n")); + return False; + } + + r_u.status = _srv_net_file_query_secdesc(p, &q_u, &r_u); + + if(!srv_io_r_net_file_query_secdesc("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_file_query_secdesc: Failed to marshall SRV_R_NET_FILE_QUERY_SECDESC.\n")); + return False; + } + + return True; +} + +/******************************************************************* + NetFileSetSecdesc (opnum 0x28) +*******************************************************************/ + +static BOOL api_srv_net_file_set_secdesc(pipes_struct *p) +{ + SRV_Q_NET_FILE_SET_SECDESC q_u; + SRV_R_NET_FILE_SET_SECDESC r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* Unmarshall the net file set info from Win9x */ + if(!srv_io_q_net_file_set_secdesc("", &q_u, data, 0)) { + DEBUG(0,("api_srv_net_file_set_secdesc: Failed to unmarshall SRV_Q_NET_FILE_SET_SECDESC.\n")); + return False; + } + + r_u.status = _srv_net_file_set_secdesc(p, &q_u, &r_u); + + if(!srv_io_r_net_file_set_secdesc("", &r_u, rdata, 0)) { + DEBUG(0,("api_srv_net_file_set_secdesc: Failed to marshall SRV_R_NET_FILE_SET_SECDESC.\n")); + return False; + } + + return True; +} + +/******************************************************************* +\PIPE\srvsvc commands +********************************************************************/ + +#ifdef RPC_SVC_DYNAMIC +int init_module(void) +#else +int rpc_srv_init(void) +#endif +{ + static const struct api_struct api_srv_cmds[] = + { + { "SRV_NET_CONN_ENUM" , SRV_NET_CONN_ENUM , api_srv_net_conn_enum }, + { "SRV_NET_SESS_ENUM" , SRV_NET_SESS_ENUM , api_srv_net_sess_enum }, + { "SRV_NET_SHARE_ENUM_ALL" , SRV_NET_SHARE_ENUM_ALL , api_srv_net_share_enum_all }, + { "SRV_NET_SHARE_ENUM" , SRV_NET_SHARE_ENUM , api_srv_net_share_enum }, + { "SRV_NET_SHARE_ADD" , SRV_NET_SHARE_ADD , api_srv_net_share_add }, + { "SRV_NET_SHARE_DEL" , SRV_NET_SHARE_DEL , api_srv_net_share_del }, + { "SRV_NET_SHARE_DEL_STICKY" , SRV_NET_SHARE_DEL_STICKY , api_srv_net_share_del_sticky }, + { "SRV_NET_SHARE_GET_INFO" , SRV_NET_SHARE_GET_INFO , api_srv_net_share_get_info }, + { "SRV_NET_SHARE_SET_INFO" , SRV_NET_SHARE_SET_INFO , api_srv_net_share_set_info }, + { "SRV_NET_FILE_ENUM" , SRV_NET_FILE_ENUM , api_srv_net_file_enum }, + { "SRV_NET_SRV_GET_INFO" , SRV_NET_SRV_GET_INFO , api_srv_net_srv_get_info }, + { "SRV_NET_SRV_SET_INFO" , SRV_NET_SRV_SET_INFO , api_srv_net_srv_set_info }, + { "SRV_NET_REMOTE_TOD" , SRV_NET_REMOTE_TOD , api_srv_net_remote_tod }, + { "SRV_NET_DISK_ENUM" , SRV_NET_DISK_ENUM , api_srv_net_disk_enum }, + { "SRV_NET_NAME_VALIDATE" , SRV_NET_NAME_VALIDATE , api_srv_net_name_validate }, + { "SRV_NET_FILE_QUERY_SECDESC", SRV_NET_FILE_QUERY_SECDESC, api_srv_net_file_query_secdesc }, + { "SRV_NET_FILE_SET_SECDESC" , SRV_NET_FILE_SET_SECDESC , api_srv_net_file_set_secdesc } + }; + return rpc_pipe_register_commands("srvsvc", "ntsvcs", api_srv_cmds, + sizeof(api_srv_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_srvsvc_nt.c b/source4/rpc_server/srv_srvsvc_nt.c new file mode 100644 index 0000000000..44a63f2b85 --- /dev/null +++ b/source4/rpc_server/srv_srvsvc_nt.c @@ -0,0 +1,2138 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Jeremy Allison 2001. + * Copyright (C) Nigel Williams 2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the implementation of the srvsvc pipe. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/******************************************************************* + Utility function to get the 'type' of a share from an snum. + ********************************************************************/ +static uint32 get_share_type(int snum) +{ + char *net_name = lp_servicename(snum); + int len_net_name = strlen(net_name); + + /* work out the share type */ + uint32 type = STYPE_DISKTREE; + + if (lp_print_ok(snum)) + type = STYPE_PRINTQ; + if (strequal(lp_fstype(snum), "IPC")) + type = STYPE_IPC; + if (net_name[len_net_name] == '$') + type |= STYPE_HIDDEN; + + return type; +} + +/******************************************************************* + Fill in a share info level 0 structure. + ********************************************************************/ + +static void init_srv_share_info_0(pipes_struct *p, SRV_SHARE_INFO_0 *sh0, int snum) +{ + pstring net_name; + + pstrcpy(net_name, lp_servicename(snum)); + + init_srv_share_info0(&sh0->info_0, net_name); + init_srv_share_info0_str(&sh0->info_0_str, net_name); +} + +/******************************************************************* + Fill in a share info level 1 structure. + ********************************************************************/ + +static void init_srv_share_info_1(pipes_struct *p, SRV_SHARE_INFO_1 *sh1, int snum) +{ + pstring remark; + + char *net_name = lp_servicename(snum); + pstrcpy(remark, lp_comment(snum)); + standard_sub_conn(p->conn, remark,sizeof(remark)); + + init_srv_share_info1(&sh1->info_1, net_name, get_share_type(snum), remark); + init_srv_share_info1_str(&sh1->info_1_str, net_name, remark); +} + +/******************************************************************* + Fill in a share info level 2 structure. + ********************************************************************/ + +static void init_srv_share_info_2(pipes_struct *p, SRV_SHARE_INFO_2 *sh2, int snum) +{ + pstring remark; + pstring path; + pstring passwd; + + char *net_name = lp_servicename(snum); + pstrcpy(remark, lp_comment(snum)); + standard_sub_conn(p->conn, remark,sizeof(remark)); + pstrcpy(path, "C:"); + pstrcat(path, lp_pathname(snum)); + + /* + * Change / to \\ so that win2k will see it as a valid path. This was added to + * enable use of browsing in win2k add share dialog. + */ + + string_replace(path, '/', '\\'); + + pstrcpy(passwd, ""); + + init_srv_share_info2(&sh2->info_2, net_name, get_share_type(snum), remark, 0, 0xffffffff, 1, path, passwd); + init_srv_share_info2_str(&sh2->info_2_str, net_name, remark, path, passwd); +} + +/******************************************************************* + What to do when smb.conf is updated. + ********************************************************************/ + +static void smb_conf_updated(int msg_type, pid_t src, void *buf, size_t len) +{ + DEBUG(10,("smb_conf_updated: Got message saying smb.conf was updated. Reloading.\n")); + reload_services(False); +} + +/******************************************************************* + Create the share security tdb. + ********************************************************************/ + +static TDB_CONTEXT *share_tdb; /* used for share security descriptors */ +#define SHARE_DATABASE_VERSION_V1 1 +#define SHARE_DATABASE_VERSION_V2 2 /* version id in little endian. */ + +BOOL share_info_db_init(void) +{ + static pid_t local_pid; + const char *vstring = "INFO/version"; + int32 vers_id; + + if (share_tdb && local_pid == sys_getpid()) + return True; + share_tdb = tdb_open_log(lock_path("share_info.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + if (!share_tdb) { + DEBUG(0,("Failed to open share info database %s (%s)\n", + lock_path("share_info.tdb"), strerror(errno) )); + return False; + } + + local_pid = sys_getpid(); + + /* handle a Samba upgrade */ + tdb_lock_bystring(share_tdb, vstring, 0); + + /* Cope with byte-reversed older versions of the db. */ + vers_id = tdb_fetch_int32(share_tdb, vstring); + if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) { + /* Written on a bigendian machine with old fetch_int code. Save as le. */ + tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); + vers_id = SHARE_DATABASE_VERSION_V2; + } + + if (vers_id != SHARE_DATABASE_VERSION_V2) { + tdb_traverse(share_tdb, tdb_traverse_delete_fn, NULL); + tdb_store_int32(share_tdb, vstring, SHARE_DATABASE_VERSION_V2); + } + tdb_unlock_bystring(share_tdb, vstring); + + message_register(MSG_SMB_CONF_UPDATED, smb_conf_updated); + + return True; +} + +/******************************************************************* + Fake up a Everyone, full access as a default. + ********************************************************************/ + +static SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, int snum, size_t *psize) +{ + extern DOM_SID global_sid_World; + extern struct generic_mapping file_generic_mapping; + SEC_ACCESS sa; + SEC_ACE ace; + SEC_ACL *psa = NULL; + SEC_DESC *psd = NULL; + uint32 def_access = GENERIC_ALL_ACCESS; + + se_map_generic(&def_access, &file_generic_mapping); + + init_sec_access(&sa, GENERIC_ALL_ACCESS | def_access ); + init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); + + if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { + psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, psize); + } + + if (!psd) { + DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); + return NULL; + } + + return psd; +} + +/******************************************************************* + Pull a security descriptor from the share tdb. + ********************************************************************/ + +static SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize) +{ + prs_struct ps; + fstring key; + SEC_DESC *psd = NULL; + + *psize = 0; + + /* Fetch security descriptor from tdb */ + + slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); + + if (tdb_prs_fetch(share_tdb, key, &ps, ctx)!=0 || + !sec_io_desc("get_share_security", &psd, &ps, 1)) { + + DEBUG(4,("get_share_security: using default secdesc for %s\n", lp_servicename(snum) )); + + return get_share_security_default(ctx, snum, psize); + } + + if (psd) + *psize = sec_desc_size(psd); + + prs_mem_free(&ps); + return psd; +} + +/******************************************************************* + Store a security descriptor in the share db. + ********************************************************************/ + +static BOOL set_share_security(TALLOC_CTX *ctx, const char *share_name, SEC_DESC *psd) +{ + prs_struct ps; + TALLOC_CTX *mem_ctx = NULL; + fstring key; + BOOL ret = False; + + mem_ctx = talloc_init("set_share_security"); + if (mem_ctx == NULL) + return False; + + prs_init(&ps, (uint32)sec_desc_size(psd), mem_ctx, MARSHALL); + + if (!sec_io_desc("share_security", &psd, &ps, 1)) + goto out; + + slprintf(key, sizeof(key)-1, "SECDESC/%s", share_name); + + if (tdb_prs_store(share_tdb, key, &ps)==0) { + ret = True; + DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name )); + } else { + DEBUG(1,("set_share_security: Failed to store secdesc for %s\n", share_name )); + } + + /* Free malloc'ed memory */ + +out: + + prs_mem_free(&ps); + if (mem_ctx) + talloc_destroy(mem_ctx); + return ret; +} + +/******************************************************************* + Delete a security descriptor. +********************************************************************/ + +static BOOL delete_share_security(int snum) +{ + TDB_DATA kbuf; + fstring key; + + slprintf(key, sizeof(key)-1, "SECDESC/%s", lp_servicename(snum)); + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + if (tdb_delete(share_tdb, kbuf) != 0) { + DEBUG(0,("delete_share_security: Failed to delete entry for share %s\n", + lp_servicename(snum) )); + return False; + } + + return True; +} + +/******************************************************************* + Map any generic bits to file specific bits. +********************************************************************/ + +void map_generic_share_sd_bits(SEC_DESC *psd) +{ + extern struct generic_mapping file_generic_mapping; + int i; + SEC_ACL *ps_dacl = NULL; + + if (!psd) + return; + + ps_dacl = psd->dacl; + if (!ps_dacl) + return; + + for (i = 0; i < ps_dacl->num_aces; i++) { + SEC_ACE *psa = &ps_dacl->ace[i]; + uint32 orig_mask = psa->info.mask; + + se_map_generic(&psa->info.mask, &file_generic_mapping); + psa->info.mask |= orig_mask; + } +} + +/******************************************************************* + Can this user access with share with the required permissions ? +********************************************************************/ + +BOOL share_access_check(struct request_context *req, struct tcon_context *conn, int snum, uint32 desired_access) +{ + uint32 granted; + NTSTATUS status; + SEC_DESC *psd = NULL; + size_t sd_size; + NT_USER_TOKEN *token = NULL; + BOOL ret = True; + struct tcon_context *conn = req->conn; + + psd = get_share_security(req->mem_ctx, snum, &sd_size); + + if (!psd) + goto out; + + if (conn->nt_user_token) + token = conn->nt_user_token; + else + token = req->user_ctx->nt_user_token; + + ret = se_access_check(psd, token, desired_access, &granted, &status); + + return ret; +} + +/******************************************************************* + Fill in a share info level 501 structure. +********************************************************************/ + +static void init_srv_share_info_501(pipes_struct *p, SRV_SHARE_INFO_501 *sh501, int snum) +{ + int len_net_name; + pstring remark; + + char *net_name = lp_servicename(snum); + pstrcpy(remark, lp_comment(snum)); + standard_sub_conn(p->conn, remark, sizeof(remark)); + + len_net_name = strlen(net_name); + + init_srv_share_info501(&sh501->info_501, net_name, get_share_type(snum), remark, (lp_csc_policy(snum) << 4)); + init_srv_share_info501_str(&sh501->info_501_str, net_name, remark); +} + +/******************************************************************* + Fill in a share info level 502 structure. + ********************************************************************/ + +static void init_srv_share_info_502(pipes_struct *p, SRV_SHARE_INFO_502 *sh502, int snum) +{ + int len_net_name; + pstring net_name; + pstring remark; + pstring path; + pstring passwd; + SEC_DESC *sd; + size_t sd_size; + TALLOC_CTX *ctx = p->mem_ctx; + + + ZERO_STRUCTP(sh502); + + pstrcpy(net_name, lp_servicename(snum)); + pstrcpy(remark, lp_comment(snum)); + standard_sub_conn(p->conn, remark,sizeof(remark)); + pstrcpy(path, "C:"); + pstrcat(path, lp_pathname(snum)); + + /* + * Change / to \\ so that win2k will see it as a valid path. This was added to + * enable use of browsing in win2k add share dialog. + */ + + string_replace(path, '/', '\\'); + + pstrcpy(passwd, ""); + len_net_name = strlen(net_name); + + sd = get_share_security(ctx, snum, &sd_size); + + init_srv_share_info502(&sh502->info_502, net_name, get_share_type(snum), remark, 0, 0xffffffff, 1, path, passwd, sd, sd_size); + init_srv_share_info502_str(&sh502->info_502_str, net_name, remark, path, passwd, sd, sd_size); +} + +/*************************************************************************** + Fill in a share info level 1004 structure. + ***************************************************************************/ + +static void init_srv_share_info_1004(pipes_struct *p, SRV_SHARE_INFO_1004* sh1004, int snum) +{ + pstring remark; + + pstrcpy(remark, lp_comment(snum)); + standard_sub_conn(p->conn, remark, sizeof(remark)); + + ZERO_STRUCTP(sh1004); + + init_srv_share_info1004(&sh1004->info_1004, remark); + init_srv_share_info1004_str(&sh1004->info_1004_str, remark); +} + +/*************************************************************************** + Fill in a share info level 1005 structure. + ***************************************************************************/ + +static void init_srv_share_info_1005(pipes_struct *p, SRV_SHARE_INFO_1005* sh1005, int snum) +{ + sh1005->dfs_root_flag = 0; + + if(lp_host_msdfs() && lp_msdfs_root(snum)) + sh1005->dfs_root_flag = 3; +} +/*************************************************************************** + Fill in a share info level 1006 structure. + ***************************************************************************/ + +static void init_srv_share_info_1006(pipes_struct *p, SRV_SHARE_INFO_1006* sh1006, int snum) +{ + sh1006->max_uses = -1; +} + +/*************************************************************************** + Fill in a share info level 1007 structure. + ***************************************************************************/ + +static void init_srv_share_info_1007(pipes_struct *p, SRV_SHARE_INFO_1007* sh1007, int snum) +{ + pstring alternate_directory_name = ""; + uint32 flags = 0; + + ZERO_STRUCTP(sh1007); + + init_srv_share_info1007(&sh1007->info_1007, flags, alternate_directory_name); + init_srv_share_info1007_str(&sh1007->info_1007_str, alternate_directory_name); +} + +/******************************************************************* + Fill in a share info level 1501 structure. + ********************************************************************/ + +static void init_srv_share_info_1501(pipes_struct *p, SRV_SHARE_INFO_1501 *sh1501, int snum) +{ + SEC_DESC *sd; + size_t sd_size; + TALLOC_CTX *ctx = p->mem_ctx; + + ZERO_STRUCTP(sh1501); + + sd = get_share_security(ctx, snum, &sd_size); + + sh1501->sdb = make_sec_desc_buf(p->mem_ctx, sd_size, sd); +} + +/******************************************************************* + True if it ends in '$'. + ********************************************************************/ + +static BOOL is_hidden_share(int snum) +{ + pstring net_name; + + pstrcpy(net_name, lp_servicename(snum)); + return (net_name[strlen(net_name)] == '$') ? True : False; +} + +/******************************************************************* + Fill in a share info structure. + ********************************************************************/ + +static BOOL init_srv_share_info_ctr(pipes_struct *p, SRV_SHARE_INFO_CTR *ctr, + uint32 info_level, uint32 *resume_hnd, uint32 *total_entries, BOOL all_shares) +{ + int num_entries = 0; + int num_services = lp_numservices(); + int snum; + TALLOC_CTX *ctx = p->mem_ctx; + + DEBUG(5,("init_srv_share_info_ctr\n")); + + ZERO_STRUCTPN(ctr); + + ctr->info_level = ctr->switch_value = info_level; + *resume_hnd = 0; + + /* Count the number of entries. */ + for (snum = 0; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) + num_entries++; + } + + *total_entries = num_entries; + ctr->num_entries2 = ctr->num_entries = num_entries; + ctr->ptr_share_info = ctr->ptr_entries = 1; + + if (!num_entries) + return True; + + switch (info_level) { + case 0: + { + SRV_SHARE_INFO_0 *info0; + int i = 0; + + info0 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_0)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_0(p, &info0[i++], snum); + } + } + + ctr->share.info0 = info0; + break; + + } + + case 1: + { + SRV_SHARE_INFO_1 *info1; + int i = 0; + + info1 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_1(p, &info1[i++], snum); + } + } + + ctr->share.info1 = info1; + break; + } + + case 2: + { + SRV_SHARE_INFO_2 *info2; + int i = 0; + + info2 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_2)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_2(p, &info2[i++], snum); + } + } + + ctr->share.info2 = info2; + break; + } + + case 501: + { + SRV_SHARE_INFO_501 *info501; + int i = 0; + + info501 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_501)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_501(p, &info501[i++], snum); + } + } + + ctr->share.info501 = info501; + break; + } + + case 502: + { + SRV_SHARE_INFO_502 *info502; + int i = 0; + + info502 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_502)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_502(p, &info502[i++], snum); + } + } + + ctr->share.info502 = info502; + break; + } + + /* here for completeness but not currently used with enum (1004 - 1501)*/ + + case 1004: + { + SRV_SHARE_INFO_1004 *info1004; + int i = 0; + + info1004 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1004)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_1004(p, &info1004[i++], snum); + } + } + + ctr->share.info1004 = info1004; + break; + } + + case 1005: + { + SRV_SHARE_INFO_1005 *info1005; + int i = 0; + + info1005 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1005)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_1005(p, &info1005[i++], snum); + } + } + + ctr->share.info1005 = info1005; + break; + } + + case 1006: + { + SRV_SHARE_INFO_1006 *info1006; + int i = 0; + + info1006 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1006)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_1006(p, &info1006[i++], snum); + } + } + + ctr->share.info1006 = info1006; + break; + } + + case 1007: + { + SRV_SHARE_INFO_1007 *info1007; + int i = 0; + + info1007 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1007)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_1007(p, &info1007[i++], snum); + } + } + + ctr->share.info1007 = info1007; + break; + } + + case 1501: + { + SRV_SHARE_INFO_1501 *info1501; + int i = 0; + + info1501 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1501)); + + for (snum = *resume_hnd; snum < num_services; snum++) { + if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) { + init_srv_share_info_1501(p, &info1501[i++], snum); + } + } + + ctr->share.info1501 = info1501; + break; + } + default: + DEBUG(5,("init_srv_share_info_ctr: unsupported switch value %d\n", info_level)); + return False; + } + + return True; +} + +/******************************************************************* + Inits a SRV_R_NET_SHARE_ENUM structure. +********************************************************************/ + +static void init_srv_r_net_share_enum(pipes_struct *p, SRV_R_NET_SHARE_ENUM *r_n, + uint32 info_level, uint32 resume_hnd, BOOL all) +{ + DEBUG(5,("init_srv_r_net_share_enum: %d\n", __LINE__)); + + if (init_srv_share_info_ctr(p, &r_n->ctr, info_level, + &resume_hnd, &r_n->total_entries, all)) { + r_n->status = WERR_OK; + } else { + r_n->status = WERR_UNKNOWN_LEVEL; + } + + init_enum_hnd(&r_n->enum_hnd, resume_hnd); +} + +/******************************************************************* + Inits a SRV_R_NET_SHARE_GET_INFO structure. +********************************************************************/ + +static void init_srv_r_net_share_get_info(pipes_struct *p, SRV_R_NET_SHARE_GET_INFO *r_n, + char *share_name, uint32 info_level) +{ + WERROR status = WERR_OK; + int snum; + + DEBUG(5,("init_srv_r_net_share_get_info: %d\n", __LINE__)); + + r_n->info.switch_value = info_level; + + snum = find_service(share_name); + + if (snum >= 0) { + switch (info_level) { + case 0: + init_srv_share_info_0(p, &r_n->info.share.info0, snum); + break; + case 1: + init_srv_share_info_1(p, &r_n->info.share.info1, snum); + break; + case 2: + init_srv_share_info_2(p, &r_n->info.share.info2, snum); + break; + case 501: + init_srv_share_info_501(p, &r_n->info.share.info501, snum); + break; + case 502: + init_srv_share_info_502(p, &r_n->info.share.info502, snum); + break; + + /* here for completeness */ + case 1004: + init_srv_share_info_1004(p, &r_n->info.share.info1004, snum); + break; + case 1005: + init_srv_share_info_1005(p, &r_n->info.share.info1005, snum); + break; + + /* here for completeness 1006 - 1501 */ + case 1006: + init_srv_share_info_1006(p, &r_n->info.share.info1006, snum); + break; + case 1007: + init_srv_share_info_1007(p, &r_n->info.share.info1007, snum); + break; + case 1501: + init_srv_share_info_1501(p, &r_n->info.share.info1501, snum); + break; + default: + DEBUG(5,("init_srv_net_share_get_info: unsupported switch value %d\n", info_level)); + status = WERR_UNKNOWN_LEVEL; + break; + } + } else { + status = WERR_INVALID_NAME; + } + + r_n->info.ptr_share_ctr = W_ERROR_IS_OK(status) ? 1 : 0; + r_n->status = status; +} + +/******************************************************************* + fill in a sess info level 1 structure. + ********************************************************************/ + +static void init_srv_sess_0_info(SESS_INFO_0 *se0, SESS_INFO_0_STR *str0, char *name) +{ + init_srv_sess_info0(se0, name); + init_srv_sess_info0_str(str0, name); +} + +/******************************************************************* + fill in a sess info level 0 structure. + ********************************************************************/ + +static void init_srv_sess_info_0(SRV_SESS_INFO_0 *ss0, uint32 *snum, uint32 *stot) +{ + struct sessionid *session_list; + uint32 num_entries = 0; + (*stot) = list_sessions(&session_list); + + if (ss0 == NULL) { + (*snum) = 0; + SAFE_FREE(session_list); + return; + } + + DEBUG(5,("init_srv_sess_0_ss0\n")); + + if (snum) { + for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) { + init_srv_sess_0_info(&ss0->info_0[num_entries], + &ss0->info_0_str[num_entries], session_list[(*snum)].remote_machine); + + /* move on to creating next session */ + /* move on to creating next sess */ + num_entries++; + } + + ss0->num_entries_read = num_entries; + ss0->ptr_sess_info = num_entries > 0 ? 1 : 0; + ss0->num_entries_read2 = num_entries; + + if ((*snum) >= (*stot)) { + (*snum) = 0; + } + + } else { + ss0->num_entries_read = 0; + ss0->ptr_sess_info = 0; + ss0->num_entries_read2 = 0; + } + SAFE_FREE(session_list); +} + +/******************************************************************* + fill in a sess info level 1 structure. + ********************************************************************/ + +static void init_srv_sess_1_info(SESS_INFO_1 *se1, SESS_INFO_1_STR *str1, + char *name, char *user, + uint32 num_opens, + uint32 open_time, uint32 idle_time, + uint32 usr_flgs) +{ + init_srv_sess_info1(se1 , name, user, num_opens, open_time, idle_time, usr_flgs); + init_srv_sess_info1_str(str1, name, user); +} + +/******************************************************************* + fill in a sess info level 1 structure. + ********************************************************************/ + +static void init_srv_sess_info_1(SRV_SESS_INFO_1 *ss1, uint32 *snum, uint32 *stot) +{ + struct sessionid *session_list; + uint32 num_entries = 0; + (*stot) = list_sessions(&session_list); + + if (ss1 == NULL) { + (*snum) = 0; + SAFE_FREE(session_list); + return; + } + + DEBUG(5,("init_srv_sess_1_ss1\n")); + + if (snum) { + for (; (*snum) < (*stot) && num_entries < MAX_SESS_ENTRIES; (*snum)++) { + init_srv_sess_1_info(&ss1->info_1[num_entries], + &ss1->info_1_str[num_entries], + session_list[*snum].remote_machine, + session_list[*snum].username, + 1, 10, 5, 0); + + /* move on to creating next session */ + /* move on to creating next sess */ + num_entries++; + } + + ss1->num_entries_read = num_entries; + ss1->ptr_sess_info = num_entries > 0 ? 1 : 0; + ss1->num_entries_read2 = num_entries; + + if ((*snum) >= (*stot)) { + (*snum) = 0; + } + + } else { + ss1->num_entries_read = 0; + ss1->ptr_sess_info = 0; + ss1->num_entries_read2 = 0; + + (*stot) = 0; + } +} + +/******************************************************************* + makes a SRV_R_NET_SESS_ENUM structure. +********************************************************************/ + +static WERROR init_srv_sess_info_ctr(SRV_SESS_INFO_CTR *ctr, + int switch_value, uint32 *resume_hnd, uint32 *total_entries) +{ + WERROR status = WERR_OK; + DEBUG(5,("init_srv_sess_info_ctr: %d\n", __LINE__)); + + ctr->switch_value = switch_value; + + switch (switch_value) { + case 0: + init_srv_sess_info_0(&(ctr->sess.info0), resume_hnd, total_entries); + ctr->ptr_sess_ctr = 1; + break; + case 1: + init_srv_sess_info_1(&(ctr->sess.info1), resume_hnd, total_entries); + ctr->ptr_sess_ctr = 1; + break; + default: + DEBUG(5,("init_srv_sess_info_ctr: unsupported switch value %d\n", switch_value)); + (*resume_hnd) = 0; + (*total_entries) = 0; + ctr->ptr_sess_ctr = 0; + status = WERR_UNKNOWN_LEVEL; + break; + } + + return status; +} + +/******************************************************************* + makes a SRV_R_NET_SESS_ENUM structure. +********************************************************************/ + +static void init_srv_r_net_sess_enum(SRV_R_NET_SESS_ENUM *r_n, + uint32 resume_hnd, int sess_level, int switch_value) +{ + DEBUG(5,("init_srv_r_net_sess_enum: %d\n", __LINE__)); + + r_n->sess_level = sess_level; + + if (sess_level == -1) + r_n->status = WERR_UNKNOWN_LEVEL; + else + r_n->status = init_srv_sess_info_ctr(r_n->ctr, switch_value, &resume_hnd, &r_n->total_entries); + + if (!W_ERROR_IS_OK(r_n->status)) + resume_hnd = 0; + + init_enum_hnd(&r_n->enum_hnd, resume_hnd); +} + +/******************************************************************* + fill in a conn info level 0 structure. + ********************************************************************/ + +static void init_srv_conn_info_0(SRV_CONN_INFO_0 *ss0, uint32 *snum, uint32 *stot) +{ + uint32 num_entries = 0; + (*stot) = 1; + + if (ss0 == NULL) { + (*snum) = 0; + return; + } + + DEBUG(5,("init_srv_conn_0_ss0\n")); + + if (snum) { + for (; (*snum) < (*stot) && num_entries < MAX_CONN_ENTRIES; (*snum)++) { + + init_srv_conn_info0(&ss0->info_0[num_entries], (*stot)); + + /* move on to creating next connection */ + /* move on to creating next conn */ + num_entries++; + } + + ss0->num_entries_read = num_entries; + ss0->ptr_conn_info = num_entries > 0 ? 1 : 0; + ss0->num_entries_read2 = num_entries; + + if ((*snum) >= (*stot)) { + (*snum) = 0; + } + + } else { + ss0->num_entries_read = 0; + ss0->ptr_conn_info = 0; + ss0->num_entries_read2 = 0; + + (*stot) = 0; + } +} + +/******************************************************************* + fill in a conn info level 1 structure. + ********************************************************************/ + +static void init_srv_conn_1_info(CONN_INFO_1 *se1, CONN_INFO_1_STR *str1, + uint32 id, uint32 type, + uint32 num_opens, uint32 num_users, uint32 open_time, + const char *usr_name, const char *net_name) +{ + init_srv_conn_info1(se1 , id, type, num_opens, num_users, open_time, usr_name, net_name); + init_srv_conn_info1_str(str1, usr_name, net_name); +} + +/******************************************************************* + fill in a conn info level 1 structure. + ********************************************************************/ + +static void init_srv_conn_info_1(SRV_CONN_INFO_1 *ss1, uint32 *snum, uint32 *stot) +{ + uint32 num_entries = 0; + (*stot) = 1; + + if (ss1 == NULL) { + (*snum) = 0; + return; + } + + DEBUG(5,("init_srv_conn_1_ss1\n")); + + if (snum) { + for (; (*snum) < (*stot) && num_entries < MAX_CONN_ENTRIES; (*snum)++) { + init_srv_conn_1_info(&ss1->info_1[num_entries], + &ss1->info_1_str[num_entries], + (*stot), 0x3, 1, 1, 3,"dummy_user", "IPC$"); + + /* move on to creating next connection */ + /* move on to creating next conn */ + num_entries++; + } + + ss1->num_entries_read = num_entries; + ss1->ptr_conn_info = num_entries > 0 ? 1 : 0; + ss1->num_entries_read2 = num_entries; + + + if ((*snum) >= (*stot)) { + (*snum) = 0; + } + + } else { + ss1->num_entries_read = 0; + ss1->ptr_conn_info = 0; + ss1->num_entries_read2 = 0; + + (*stot) = 0; + } +} + +/******************************************************************* + makes a SRV_R_NET_CONN_ENUM structure. +********************************************************************/ + +static WERROR init_srv_conn_info_ctr(SRV_CONN_INFO_CTR *ctr, + int switch_value, uint32 *resume_hnd, uint32 *total_entries) +{ + WERROR status = WERR_OK; + DEBUG(5,("init_srv_conn_info_ctr: %d\n", __LINE__)); + + ctr->switch_value = switch_value; + + switch (switch_value) { + case 0: + init_srv_conn_info_0(&ctr->conn.info0, resume_hnd, total_entries); + ctr->ptr_conn_ctr = 1; + break; + case 1: + init_srv_conn_info_1(&ctr->conn.info1, resume_hnd, total_entries); + ctr->ptr_conn_ctr = 1; + break; + default: + DEBUG(5,("init_srv_conn_info_ctr: unsupported switch value %d\n", switch_value)); + (*resume_hnd = 0); + (*total_entries) = 0; + ctr->ptr_conn_ctr = 0; + status = WERR_UNKNOWN_LEVEL; + break; + } + + return status; +} + +/******************************************************************* + makes a SRV_R_NET_CONN_ENUM structure. +********************************************************************/ + +static void init_srv_r_net_conn_enum(SRV_R_NET_CONN_ENUM *r_n, + uint32 resume_hnd, int conn_level, int switch_value) +{ + DEBUG(5,("init_srv_r_net_conn_enum: %d\n", __LINE__)); + + r_n->conn_level = conn_level; + if (conn_level == -1) + r_n->status = WERR_UNKNOWN_LEVEL; + else + r_n->status = init_srv_conn_info_ctr(r_n->ctr, switch_value, &resume_hnd, &r_n->total_entries); + + if (!W_ERROR_IS_OK(r_n->status)) + resume_hnd = 0; + + init_enum_hnd(&r_n->enum_hnd, resume_hnd); +} + +/******************************************************************* + makes a SRV_R_NET_FILE_ENUM structure. +********************************************************************/ + +static WERROR init_srv_file_info_ctr(pipes_struct *p, SRV_FILE_INFO_CTR *ctr, + int switch_value, uint32 *resume_hnd, + uint32 *total_entries) +{ + WERROR status = WERR_OK; + TALLOC_CTX *ctx = p->mem_ctx; + DEBUG(5,("init_srv_file_info_ctr: %d\n", __LINE__)); + *total_entries = 1; /* dummy entries only, for */ + + ctr->switch_value = switch_value; + ctr->num_entries = *total_entries - *resume_hnd; + ctr->num_entries2 = ctr->num_entries; + + switch (switch_value) { + case 3: { + int i; + if (*total_entries > 0) { + ctr->ptr_entries = 1; + ctr->file.info3 = talloc(ctx, ctr->num_entries * + sizeof(SRV_FILE_INFO_3)); + } + for (i=0 ;i<ctr->num_entries;i++) { + init_srv_file_info3(&ctr->file.info3[i].info_3, i+*resume_hnd, 0x35, 0, "\\PIPE\\samr", "dummy user"); + init_srv_file_info3_str(&ctr->file.info3[i].info_3_str, "\\PIPE\\samr", "dummy user"); + + } + ctr->ptr_file_info = 1; + *resume_hnd = 0; + break; + } + default: + DEBUG(5,("init_srv_file_info_ctr: unsupported switch value %d\n", switch_value)); + (*resume_hnd = 0); + (*total_entries) = 0; + ctr->ptr_entries = 0; + status = WERR_UNKNOWN_LEVEL; + break; + } + + return status; +} + +/******************************************************************* + makes a SRV_R_NET_FILE_ENUM structure. +********************************************************************/ + +static void init_srv_r_net_file_enum(pipes_struct *p, SRV_R_NET_FILE_ENUM *r_n, + uint32 resume_hnd, int file_level, int switch_value) +{ + DEBUG(5,("init_srv_r_net_file_enum: %d\n", __LINE__)); + + r_n->file_level = file_level; + if (file_level == 0) + r_n->status = WERR_UNKNOWN_LEVEL; + else + r_n->status = init_srv_file_info_ctr(p, &r_n->ctr, switch_value, &resume_hnd, &(r_n->total_entries)); + + if (!W_ERROR_IS_OK(r_n->status)) + resume_hnd = 0; + + init_enum_hnd(&r_n->enum_hnd, resume_hnd); +} + +/******************************************************************* +net server get info +********************************************************************/ + +WERROR _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u) +{ + WERROR status = WERR_OK; + SRV_INFO_CTR *ctr = (SRV_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_INFO_CTR)); + + if (!ctr) + return WERR_NOMEM; + + ZERO_STRUCTP(ctr); + + DEBUG(5,("srv_net_srv_get_info: %d\n", __LINE__)); + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to srv_net_srv_get_info\n")); + return WERR_ACCESS_DENIED; + } + + switch (q_u->switch_value) { + + /* Technically level 102 should only be available to + Administrators but there isn't anything super-secret + here, as most of it is made up. */ + + case 102: + init_srv_info_102(&ctr->srv.sv102, + 500, lp_netbios_name(), + string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH), + lp_major_announce_version(), lp_minor_announce_version(), + lp_default_server_announce(), + 0xffffffff, /* users */ + 0xf, /* disc */ + 0, /* hidden */ + 240, /* announce */ + 3000, /* announce delta */ + 100000, /* licenses */ + "c:\\"); /* user path */ + break; + case 101: + init_srv_info_101(&ctr->srv.sv101, + 500, lp_netbios_name(), + lp_major_announce_version(), lp_minor_announce_version(), + lp_default_server_announce(), + string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH)); + break; + case 100: + init_srv_info_100(&ctr->srv.sv100, 500, lp_netbios_name()); + break; + default: + status = WERR_UNKNOWN_LEVEL; + break; + } + + /* set up the net server get info structure */ + init_srv_r_net_srv_get_info(r_u, q_u->switch_value, ctr, status); + + DEBUG(5,("srv_net_srv_get_info: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* +net server set info +********************************************************************/ + +WERROR _srv_net_srv_set_info(pipes_struct *p, SRV_Q_NET_SRV_SET_INFO *q_u, SRV_R_NET_SRV_SET_INFO *r_u) +{ + WERROR status = WERR_OK; + + DEBUG(5,("srv_net_srv_set_info: %d\n", __LINE__)); + + /* Set up the net server set info structure. */ + + init_srv_r_net_srv_set_info(r_u, 0x0, status); + + DEBUG(5,("srv_net_srv_set_info: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* +net file enum +********************************************************************/ + +WERROR _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u) +{ + DEBUG(5,("srv_net_file_enum: %d\n", __LINE__)); + + /* set up the */ + init_srv_r_net_file_enum(p, r_u, + get_enum_hnd(&q_u->enum_hnd), + q_u->file_level, + q_u->ctr.switch_value); + + DEBUG(5,("srv_net_file_enum: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* +net conn enum +********************************************************************/ + +WERROR _srv_net_conn_enum(pipes_struct *p, SRV_Q_NET_CONN_ENUM *q_u, SRV_R_NET_CONN_ENUM *r_u) +{ + DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__)); + + r_u->ctr = (SRV_CONN_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_CONN_INFO_CTR)); + if (!r_u->ctr) + return WERR_NOMEM; + + ZERO_STRUCTP(r_u->ctr); + + /* set up the */ + init_srv_r_net_conn_enum(r_u, + get_enum_hnd(&q_u->enum_hnd), + q_u->conn_level, + q_u->ctr->switch_value); + + DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* +net sess enum +********************************************************************/ + +WERROR _srv_net_sess_enum(pipes_struct *p, SRV_Q_NET_SESS_ENUM *q_u, SRV_R_NET_SESS_ENUM *r_u) +{ + DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__)); + + r_u->ctr = (SRV_SESS_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_SESS_INFO_CTR)); + if (!r_u->ctr) + return WERR_NOMEM; + + ZERO_STRUCTP(r_u->ctr); + + /* set up the */ + init_srv_r_net_sess_enum(r_u, + get_enum_hnd(&q_u->enum_hnd), + q_u->sess_level, + q_u->ctr->switch_value); + + DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + Net share enum all. +********************************************************************/ + +WERROR _srv_net_share_enum_all(pipes_struct *p, SRV_Q_NET_SHARE_ENUM *q_u, SRV_R_NET_SHARE_ENUM *r_u) +{ + DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__)); + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to srv_net_share_enum_all\n")); + return WERR_ACCESS_DENIED; + } + + /* Create the list of shares for the response. */ + init_srv_r_net_share_enum(p, r_u, + q_u->ctr.info_level, + get_enum_hnd(&q_u->enum_hnd), True); + + DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + Net share enum. +********************************************************************/ + +WERROR _srv_net_share_enum(pipes_struct *p, SRV_Q_NET_SHARE_ENUM *q_u, SRV_R_NET_SHARE_ENUM *r_u) +{ + DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__)); + + if (!pipe_access_check(p)) { + DEBUG(3, ("access denied to srv_net_share_enum\n")); + return WERR_ACCESS_DENIED; + } + + /* Create the list of shares for the response. */ + init_srv_r_net_share_enum(p, r_u, + q_u->ctr.info_level, + get_enum_hnd(&q_u->enum_hnd), False); + + DEBUG(5,("_srv_net_share_enum: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + Net share get info. +********************************************************************/ + +WERROR _srv_net_share_get_info(pipes_struct *p, SRV_Q_NET_SHARE_GET_INFO *q_u, SRV_R_NET_SHARE_GET_INFO *r_u) +{ + fstring share_name; + + DEBUG(5,("_srv_net_share_get_info: %d\n", __LINE__)); + + /* Create the list of shares for the response. */ + unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name)); + init_srv_r_net_share_get_info(p, r_u, share_name, q_u->info_level); + + DEBUG(5,("_srv_net_share_get_info: %d\n", __LINE__)); + + return r_u->status; +} + +/******************************************************************* + Check a given DOS pathname is valid for a share. +********************************************************************/ + +static char *valid_share_pathname(char *dos_pathname) +{ + pstring saved_pathname; + pstring unix_pathname; + char *ptr; + int ret; + + /* Convert any '\' paths to '/' */ + unix_format(dos_pathname); + unix_clean_name(dos_pathname); + + /* NT is braindead - it wants a C: prefix to a pathname ! So strip it. */ + ptr = dos_pathname; + if (strlen(dos_pathname) > 2 && ptr[1] == ':' && ptr[0] != '/') + ptr += 2; + + /* Only abolute paths allowed. */ + if (*ptr != '/') + return NULL; + + /* Can we cd to it ? */ + + /* First save our current directory. */ + if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL) + return False; + + pstrcpy(unix_pathname, ptr); + + ret = chdir(unix_pathname); + + /* We *MUST* be able to chdir back. Abort if we can't. */ + if (chdir(saved_pathname) == -1) + smb_panic("valid_share_pathname: Unable to restore current directory.\n"); + + return (ret != -1) ? ptr : NULL; +} + +/******************************************************************* + Net share set info. Modify share details. +********************************************************************/ + +WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, SRV_R_NET_SHARE_SET_INFO *r_u) +{ + struct current_user user; + pstring command; + fstring share_name; + fstring comment; + pstring pathname; + int type; + int snum; + int ret; + char *ptr; + SEC_DESC *psd = NULL; + + DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); + + unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name)); + + r_u->parm_error = 0; + + if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global")) + return WERR_ACCESS_DENIED; + + snum = find_service(share_name); + + /* Does this share exist ? */ + if (snum < 0) + return WERR_INVALID_NAME; + + /* No change to printer shares. */ + if (lp_print_ok(snum)) + return WERR_ACCESS_DENIED; + + get_current_user(&user,p); + + if (user.uid != sec_initial_uid()) + return WERR_ACCESS_DENIED; + + switch (q_u->info_level) { + case 1: + pstrcpy(pathname, lp_pathname(snum)); + unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(comment)); + type = q_u->info.share.info2.info_2.type; + psd = NULL; + break; + case 2: + unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(comment)); + unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(pathname)); + type = q_u->info.share.info2.info_2.type; + psd = NULL; + break; +#if 0 + /* not supported on set but here for completeness */ + case 501: + unistr2_to_ascii(comment, &q_u->info.share.info501.info_501_str.uni_remark, sizeof(comment)); + type = q_u->info.share.info501.info_501.type; + psd = NULL; + break; +#endif + case 502: + unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(comment)); + unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(pathname)); + type = q_u->info.share.info502.info_502.type; + psd = q_u->info.share.info502.info_502_str.sd; + map_generic_share_sd_bits(psd); + break; + case 1004: + pstrcpy(pathname, lp_pathname(snum)); + unistr2_to_ascii(comment, &q_u->info.share.info1004.info_1004_str.uni_remark, sizeof(comment)); + type = STYPE_DISKTREE; + break; + case 1005: + case 1006: + case 1007: + return WERR_ACCESS_DENIED; + break; + case 1501: + pstrcpy(pathname, lp_pathname(snum)); + fstrcpy(comment, lp_comment(snum)); + psd = q_u->info.share.info1501.sdb->sec; + map_generic_share_sd_bits(psd); + type = STYPE_DISKTREE; + break; + default: + DEBUG(5,("_srv_net_share_set_info: unsupported switch value %d\n", q_u->info_level)); + return WERR_UNKNOWN_LEVEL; + } + + /* We can only modify disk shares. */ + if (type != STYPE_DISKTREE) + return WERR_ACCESS_DENIED; + + /* Check if the pathname is valid. */ + if (!(ptr = valid_share_pathname( pathname ))) + return WERR_OBJECT_PATH_INVALID; + + /* Ensure share name, pathname and comment don't contain '"' characters. */ + string_replace(share_name, '"', ' '); + string_replace(ptr, '"', ' '); + string_replace(comment, '"', ' '); + + DEBUG(10,("_srv_net_share_set_info: change share command = %s\n", + lp_change_share_cmd() ? lp_change_share_cmd() : "NULL" )); + + /* Only call modify function if something changed. */ + + if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) { + if (!lp_change_share_cmd() || !*lp_change_share_cmd()) + return WERR_ACCESS_DENIED; + + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", + lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); + + DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command )); + if ((ret = smbrun(command, NULL)) != 0) { + DEBUG(0,("_srv_net_share_set_info: Running [%s] returned (%d)\n", command, ret )); + return WERR_ACCESS_DENIED; + } + + /* Tell everyone we updated smb.conf. */ + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + + } else { + DEBUG(10,("_srv_net_share_set_info: No change to share name (%s)\n", share_name )); + } + + /* Replace SD if changed. */ + if (psd) { + SEC_DESC *old_sd; + size_t sd_size; + + old_sd = get_share_security(p->mem_ctx, snum, &sd_size); + + if (old_sd && !sec_desc_equal(old_sd, psd)) { + if (!set_share_security(p->mem_ctx, share_name, psd)) + DEBUG(0,("_srv_net_share_set_info: Failed to change security info in share %s.\n", + share_name )); + } + } + + DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); + + return WERR_OK; +} + +/******************************************************************* + Net share add. Call 'add_share_command "sharename" "pathname" "comment" "read only = xxx"' +********************************************************************/ + +WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_SHARE_ADD *r_u) +{ + struct current_user user; + pstring command; + fstring share_name; + fstring comment; + pstring pathname; + int type; + int snum; + int ret; + char *ptr; + SEC_DESC *psd = NULL; + + DEBUG(5,("_srv_net_share_add: %d\n", __LINE__)); + + r_u->parm_error = 0; + + get_current_user(&user,p); + + if (user.uid != sec_initial_uid()) { + DEBUG(10,("_srv_net_share_add: uid != sec_initial_uid(). Access denied.\n")); + return WERR_ACCESS_DENIED; + } + + if (!lp_add_share_cmd() || !*lp_add_share_cmd()) { + DEBUG(10,("_srv_net_share_add: No add share command\n")); + return WERR_ACCESS_DENIED; + } + + switch (q_u->info_level) { + case 0: + /* No path. Not enough info in a level 0 to do anything. */ + return WERR_ACCESS_DENIED; + case 1: + /* Not enough info in a level 1 to do anything. */ + return WERR_ACCESS_DENIED; + case 2: + unistr2_to_ascii(share_name, &q_u->info.share.info2.info_2_str.uni_netname, sizeof(share_name)); + unistr2_to_ascii(comment, &q_u->info.share.info2.info_2_str.uni_remark, sizeof(share_name)); + unistr2_to_ascii(pathname, &q_u->info.share.info2.info_2_str.uni_path, sizeof(share_name)); + type = q_u->info.share.info2.info_2.type; + break; + case 501: + /* No path. Not enough info in a level 501 to do anything. */ + return WERR_ACCESS_DENIED; + case 502: + unistr2_to_ascii(share_name, &q_u->info.share.info502.info_502_str.uni_netname, sizeof(share_name)); + unistr2_to_ascii(comment, &q_u->info.share.info502.info_502_str.uni_remark, sizeof(share_name)); + unistr2_to_ascii(pathname, &q_u->info.share.info502.info_502_str.uni_path, sizeof(share_name)); + type = q_u->info.share.info502.info_502.type; + psd = q_u->info.share.info502.info_502_str.sd; + map_generic_share_sd_bits(psd); + break; + + /* none of the following contain share names. NetShareAdd does not have a separate parameter for the share name */ + + case 1004: + case 1005: + case 1006: + case 1007: + return WERR_ACCESS_DENIED; + break; + case 1501: + /* DFS only level. */ + return WERR_ACCESS_DENIED; + default: + DEBUG(5,("_srv_net_share_add: unsupported switch value %d\n", q_u->info_level)); + return WERR_UNKNOWN_LEVEL; + } + + if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global")) + return WERR_ACCESS_DENIED; + + snum = find_service(share_name); + + /* Share already exists. */ + if (snum >= 0) + return WERR_ALREADY_EXISTS; + + /* We can only add disk shares. */ + if (type != STYPE_DISKTREE) + return WERR_ACCESS_DENIED; + + /* Check if the pathname is valid. */ + if (!(ptr = valid_share_pathname( pathname ))) + return WERR_OBJECT_PATH_INVALID; + + /* Ensure share name, pathname and comment don't contain '"' characters. */ + string_replace(share_name, '"', ' '); + string_replace(ptr, '"', ' '); + string_replace(comment, '"', ' '); + + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", + lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); + + DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); + if ((ret = smbrun(command, NULL)) != 0) { + DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret )); + return WERR_ACCESS_DENIED; + } + + if (psd) { + if (!set_share_security(p->mem_ctx, share_name, psd)) + DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", + share_name )); + } + + /* Tell everyone we updated smb.conf. */ + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + + /* + * We don't call reload_services() here, the message will + * cause this to be done before the next packet is read + * from the client. JRA. + */ + + DEBUG(5,("_srv_net_share_add: %d\n", __LINE__)); + + return WERR_OK; +} + +/******************************************************************* + Net share delete. Call "delete share command" with the share name as + a parameter. +********************************************************************/ + +WERROR _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_SHARE_DEL *r_u) +{ + struct current_user user; + pstring command; + fstring share_name; + int ret; + int snum; + + DEBUG(5,("_srv_net_share_del: %d\n", __LINE__)); + + unistr2_to_ascii(share_name, &q_u->uni_share_name, sizeof(share_name)); + + if (strequal(share_name,"IPC$") || strequal(share_name,"ADMIN$") || strequal(share_name,"global")) + return WERR_ACCESS_DENIED; + + snum = find_service(share_name); + + if (snum < 0) + return WERR_NO_SUCH_SHARE; + + /* No change to printer shares. */ + if (lp_print_ok(snum)) + return WERR_ACCESS_DENIED; + + get_current_user(&user,p); + + if (user.uid != sec_initial_uid()) + return WERR_ACCESS_DENIED; + + if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) + return WERR_ACCESS_DENIED; + + slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", + lp_delete_share_cmd(), dyn_CONFIGFILE, lp_servicename(snum)); + + DEBUG(10,("_srv_net_share_del: Running [%s]\n", command )); + if ((ret = smbrun(command, NULL)) != 0) { + DEBUG(0,("_srv_net_share_del: Running [%s] returned (%d)\n", command, ret )); + return WERR_ACCESS_DENIED; + } + + /* Delete the SD in the database. */ + delete_share_security(snum); + + /* Tell everyone we updated smb.conf. */ + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + + lp_killservice(snum); + + return WERR_OK; +} + +WERROR _srv_net_share_del_sticky(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_SHARE_DEL *r_u) +{ + DEBUG(5,("_srv_net_share_del_stick: %d\n", __LINE__)); + + return _srv_net_share_del(p, q_u, r_u); +} + +/******************************************************************* +time of day +********************************************************************/ + +WERROR _srv_net_remote_tod(pipes_struct *p, SRV_Q_NET_REMOTE_TOD *q_u, SRV_R_NET_REMOTE_TOD *r_u) +{ + TIME_OF_DAY_INFO *tod; + struct tm *t; + time_t unixdate = time(NULL); + + tod = (TIME_OF_DAY_INFO *)talloc(p->mem_ctx, sizeof(TIME_OF_DAY_INFO)); + if (!tod) + return WERR_NOMEM; + + ZERO_STRUCTP(tod); + + r_u->tod = tod; + r_u->ptr_srv_tod = 0x1; + r_u->status = WERR_OK; + + DEBUG(5,("_srv_net_remote_tod: %d\n", __LINE__)); + + t = gmtime(&unixdate); + + /* set up the */ + init_time_of_day_info(tod, + unixdate, + 0, + t->tm_hour, + t->tm_min, + t->tm_sec, + 0, + TimeDiff(unixdate)/60, + 10000, + t->tm_mday, + t->tm_mon + 1, + 1900+t->tm_year, + t->tm_wday); + + DEBUG(5,("_srv_net_remote_tod: %d\n", __LINE__)); + + return r_u->status; +} + +/*********************************************************************************** + Win9x NT tools get security descriptor. +***********************************************************************************/ + +WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC *q_u, + SRV_R_NET_FILE_QUERY_SECDESC *r_u) +{ + SEC_DESC *psd = NULL; + size_t sd_size; + DATA_BLOB null_pw; + pstring filename; + pstring qualname; + files_struct *fsp = NULL; + SMB_STRUCT_STAT st; + BOOL bad_path; + int access_mode; + int action; + NTSTATUS nt_status; + struct current_user user; + struct tcon_context *conn = NULL; + BOOL became_user = False; + + ZERO_STRUCT(st); + + r_u->status = WERR_OK; + + unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname)); + + /* Null password is ok - we are already an authenticated user... */ + null_pw = data_blob(NULL, 0); + + get_current_user(&user, p); + + become_root(); + conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status); + unbecome_root(); + + if (conn == NULL) { + DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname)); + r_u->status = ntstatus_to_werror(nt_status); + goto error_exit; + } + + if (!become_user(conn, conn->vuid)) { + DEBUG(0,("_srv_net_file_query_secdesc: Can't become connected user!\n")); + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + became_user = True; + + unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename)); + unix_convert(filename, conn, NULL, &bad_path, &st); + fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY), + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action); + + if (!fsp) { + /* Perhaps it is a directory */ + if (errno == EISDIR) + fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0, + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action); + + if (!fsp) { + DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename)); + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + } + + sd_size = conn->vfs_ops.get_nt_acl(fsp, fsp->fsp_name, &psd); + + if (sd_size == 0) { + DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename)); + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + + r_u->ptr_response = 1; + r_u->size_response = sd_size; + r_u->ptr_secdesc = 1; + r_u->size_secdesc = sd_size; + r_u->sec_desc = psd; + + psd->dacl->revision = (uint16) NT4_ACL_REVISION; + + close_file(fsp, True); + unbecome_user(); + close_cnum(conn, user.vuid); + return r_u->status; + +error_exit: + + if(fsp) { + close_file(fsp, True); + } + + if (became_user) + unbecome_user(); + + if (conn) + close_cnum(conn, user.vuid); + + return r_u->status; +} + +/*********************************************************************************** + Win9x NT tools set security descriptor. +***********************************************************************************/ + +WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_u, + SRV_R_NET_FILE_SET_SECDESC *r_u) +{ + BOOL ret; + pstring filename; + pstring qualname; + DATA_BLOB null_pw; + files_struct *fsp = NULL; + SMB_STRUCT_STAT st; + BOOL bad_path; + int access_mode; + int action; + NTSTATUS nt_status; + struct current_user user; + struct tcon_context *conn = NULL; + BOOL became_user = False; + + ZERO_STRUCT(st); + + r_u->status = WERR_OK; + + unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname)); + + /* Null password is ok - we are already an authenticated user... */ + null_pw = data_blob(NULL, 0); + + get_current_user(&user, p); + + become_root(); + conn = make_connection(qualname, null_pw, "A:", user.vuid, &nt_status); + unbecome_root(); + + if (conn == NULL) { + DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname)); + r_u->status = ntstatus_to_werror(nt_status); + goto error_exit; + } + + if (!become_user(conn, conn->vuid)) { + DEBUG(0,("_srv_net_file_set_secdesc: Can't become connected user!\n")); + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + became_user = True; + + unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename)); + unix_convert(filename, conn, NULL, &bad_path, &st); + + fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDWR), + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action); + + if (!fsp) { + /* Perhaps it is a directory */ + if (errno == EISDIR) + fsp = open_directory(conn, filename, &st,FILE_READ_ATTRIBUTES,0, + (FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action); + + if (!fsp) { + DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename)); + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + } + + ret = conn->vfs_ops.set_nt_acl(fsp, fsp->fsp_name, q_u->sec_info, q_u->sec_desc); + + if (ret == False) { + DEBUG(3,("_srv_net_file_set_secdesc: Unable to set NT ACL on file %s\n", filename)); + r_u->status = WERR_ACCESS_DENIED; + goto error_exit; + } + + close_file(fsp, True); + unbecome_user(); + close_cnum(conn, user.vuid); + return r_u->status; + +error_exit: + + if(fsp) { + close_file(fsp, True); + } + + if (became_user) + unbecome_user(); + + if (conn) + close_cnum(conn, user.vuid); + + return r_u->status; +} + +/*********************************************************************************** + It may be that we want to limit users to creating shares on certain areas of the UNIX file area. + We could define areas by mapping Windows style disks to points on the UNIX directory hierarchy. + These disks would the disks listed by this function. + Users could then create shares relative to these disks. Watch out for moving these disks around. + "Nigel Williams" <nigel@veritas.com>. +***********************************************************************************/ + +static const char *server_disks[] = {"C:"}; + +static uint32 get_server_disk_count(void) +{ + return sizeof(server_disks)/sizeof(server_disks[0]); +} + +static uint32 init_server_disk_enum(uint32 *resume) +{ + uint32 server_disk_count = get_server_disk_count(); + + /*resume can be an offset into the list for now*/ + + if(*resume & 0x80000000) + *resume = 0; + + if(*resume > server_disk_count) + *resume = server_disk_count; + + return server_disk_count - *resume; +} + +static const char *next_server_disk_enum(uint32 *resume) +{ + const char *disk; + + if(init_server_disk_enum(resume) == 0) + return NULL; + + disk = server_disks[*resume]; + + (*resume)++; + + DEBUG(10, ("next_server_disk_enum: reporting disk %s. resume handle %d.\n", disk, *resume)); + + return disk; +} + +WERROR _srv_net_disk_enum(pipes_struct *p, SRV_Q_NET_DISK_ENUM *q_u, SRV_R_NET_DISK_ENUM *r_u) +{ + uint32 i; + const char *disk_name; + TALLOC_CTX *ctx = p->mem_ctx; + uint32 resume=get_enum_hnd(&q_u->enum_hnd); + + r_u->status=WERR_OK; + + r_u->total_entries = init_server_disk_enum(&resume); + + r_u->disk_enum_ctr.unknown = 0; + + { + DISK_INFO *dinfo; + + int dinfo_size = MAX_SERVER_DISK_ENTRIES * sizeof(*dinfo); + + if(!(dinfo = talloc(ctx, dinfo_size))) { + return WERR_NOMEM; + } + + r_u->disk_enum_ctr.disk_info = dinfo; + } + + r_u->disk_enum_ctr.disk_info_ptr = r_u->disk_enum_ctr.disk_info ? 1 : 0; + + /*allow one DISK_INFO for null terminator*/ + + for(i = 0; i < MAX_SERVER_DISK_ENTRIES -1 && (disk_name = next_server_disk_enum(&resume)); i++) { + + r_u->disk_enum_ctr.entries_read++; + + /*copy disk name into a unicode string*/ + + init_unistr3(&r_u->disk_enum_ctr.disk_info[i].disk_name, disk_name); + } + + /* add a terminating null string. Is this there if there is more data to come? */ + + r_u->disk_enum_ctr.entries_read++; + + init_unistr3(&r_u->disk_enum_ctr.disk_info[i].disk_name, ""); + + init_enum_hnd(&r_u->enum_hnd, resume); + + return r_u->status; +} + +WERROR _srv_net_name_validate(pipes_struct *p, SRV_Q_NET_NAME_VALIDATE *q_u, SRV_R_NET_NAME_VALIDATE *r_u) +{ + int snum; + fstring share_name; + + r_u->status=WERR_OK; + + switch(q_u->type) { + + case 0x9: + + /*check if share name is ok*/ + /*also check if we already have a share with this name*/ + + unistr2_to_ascii(share_name, &q_u->uni_name, sizeof(share_name)); + snum = find_service(share_name); + + /* Share already exists. */ + if (snum >= 0) + r_u->status = WERR_ALREADY_EXISTS; + break; + + default: + /*unsupported type*/ + r_u->status = WERR_UNKNOWN_LEVEL; + break; + } + + return r_u->status; +} diff --git a/source4/rpc_server/srv_util.c b/source4/rpc_server/srv_util.c new file mode 100644 index 0000000000..4eba9c7d1f --- /dev/null +++ b/source4/rpc_server/srv_util.c @@ -0,0 +1,546 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1998 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1998, + * Copyright (C) Paul Ashton 1997-1998. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* this module apparently provides an implementation of DCE/RPC over a + * named pipe (IPC$ connection using SMBtrans). details of DCE/RPC + * documentation are available (in on-line form) from the X-Open group. + * + * this module should provide a level of abstraction between SMB + * and DCE/RPC, while minimising the amount of mallocs, unnecessary + * data copies, and network traffic. + * + * in this version, which takes a "let's learn what's going on and + * get something running" approach, there is additional network + * traffic generated, but the code should be easier to understand... + * + * ... if you read the docs. or stare at packets for weeks on end. + * + */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/* + * A list of the rids of well known BUILTIN and Domain users + * and groups. + */ + +rid_name builtin_alias_rids[] = +{ + { BUILTIN_ALIAS_RID_ADMINS , "Administrators" }, + { BUILTIN_ALIAS_RID_USERS , "Users" }, + { BUILTIN_ALIAS_RID_GUESTS , "Guests" }, + { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" }, + + { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" }, + { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" }, + { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" }, + { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" }, + { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" }, + { 0 , NULL } +}; + +/* array lookup of well-known Domain RID users. */ +rid_name domain_user_rids[] = +{ + { DOMAIN_USER_RID_ADMIN , "Administrator" }, + { DOMAIN_USER_RID_GUEST , "Guest" }, + { 0 , NULL } +}; + +/* array lookup of well-known Domain RID groups. */ +rid_name domain_group_rids[] = +{ + { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" }, + { DOMAIN_GROUP_RID_USERS , "Domain Users" }, + { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" }, + { 0 , NULL } +}; + +/******************************************************************* + gets a domain user's groups + ********************************************************************/ +NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid) +{ + SAM_ACCOUNT *sam_pass=NULL; + int i, cur_rid=0; + gid_t gid; + gid_t *groups = NULL; + int num_groups; + GROUP_MAP map; + DOM_SID tmp_sid; + fstring user_name; + fstring str_domsid, str_qsid; + uint32 rid,grid; + uint32 *rids=NULL, *new_rids=NULL; + gid_t winbind_gid_low, winbind_gid_high; + BOOL ret; + BOOL winbind_groups_exist; + + /* + * this code is far from perfect. + * first it enumerates the full /etc/group and that can be slow. + * second, it works only with users' SIDs + * whereas the day we support nested groups, it will have to + * support both users's SIDs and domain groups' SIDs + * + * having our own ldap backend would be so much faster ! + * we're far from that, but hope one day ;-) JFM. + */ + + *prids=NULL; + *numgroups=0; + + winbind_groups_exist = lp_winbind_gid(&winbind_gid_low, &winbind_gid_high); + + + DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", + sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid))); + + pdb_init_sam(&sam_pass); + become_root(); + ret = pdb_getsampwsid(sam_pass, q_sid); + unbecome_root(); + if (ret == False) { + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + fstrcpy(user_name, pdb_get_username(sam_pass)); + grid=pdb_get_group_rid(sam_pass); + gid=pdb_get_gid(sam_pass); + + become_root(); + /* on some systems this must run as root */ + num_groups = getgroups_user(user_name, &groups); + unbecome_root(); + if (num_groups == -1) { + /* this should never happen */ + DEBUG(2,("get_alias_user_groups: getgroups_user failed\n")); + pdb_free_sam(&sam_pass); + return NT_STATUS_UNSUCCESSFUL; + } + + for (i=0;i<num_groups;i++) { + if(!get_group_from_gid(groups[i], &map, MAPPING_WITHOUT_PRIV)) { + DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)groups[i])); + continue; + } + + /* if it's not an alias, continue */ + if (map.sid_name_use!=SID_NAME_ALIAS) { + DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); + continue; + } + + sid_copy(&tmp_sid, &map.sid); + sid_split_rid(&tmp_sid, &rid); + + /* if the sid is not in the correct domain, continue */ + if (!sid_equal(&tmp_sid, sid)) { + DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); + continue; + } + + /* Don't return winbind groups as they are not local! */ + if (winbind_groups_exist && (groups[i] >= winbind_gid_low) && (groups[i] <= winbind_gid_high)) { + DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name)); + continue; + } + + /* Don't return user private groups... */ + if (Get_Pwnam(map.nt_name) != 0) { + DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name)); + continue; + } + + new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1)); + if (new_rids==NULL) { + DEBUG(10,("get_alias_user_groups: could not realloc memory\n")); + pdb_free_sam(&sam_pass); + free(groups); + return NT_STATUS_NO_MEMORY; + } + rids=new_rids; + + sid_peek_rid(&map.sid, &(rids[cur_rid])); + cur_rid++; + break; + } + + free(groups); + + /* now check for the user's gid (the primary group rid) */ + for (i=0; i<cur_rid && grid!=rids[i]; i++) + ; + + /* the user's gid is already there */ + if (i!=cur_rid) { + DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n")); + goto done; + } + + DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name)); + + if(!get_group_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { + DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name)); + goto done; + } + + /* the primary group isn't an alias */ + if (map.sid_name_use!=SID_NAME_ALIAS) { + DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); + goto done; + } + + sid_copy(&tmp_sid, &map.sid); + sid_split_rid(&tmp_sid, &rid); + + /* if the sid is not in the correct domain, continue */ + if (!sid_equal(&tmp_sid, sid)) { + DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); + goto done; + } + + /* Don't return winbind groups as they are not local! */ + if (winbind_groups_exist && (gid >= winbind_gid_low) && (gid <= winbind_gid_high)) { + DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name )); + goto done; + } + + /* Don't return user private groups... */ + if (Get_Pwnam(map.nt_name) != 0) { + DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name )); + goto done; + } + + new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1)); + if (new_rids==NULL) { + DEBUG(10,("get_alias_user_groups: could not realloc memory\n")); + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_MEMORY; + } + rids=new_rids; + + sid_peek_rid(&map.sid, &(rids[cur_rid])); + cur_rid++; + +done: + *prids=rids; + *numgroups=cur_rid; + pdb_free_sam(&sam_pass); + + return NT_STATUS_OK; +} + + +/******************************************************************* + gets a domain user's groups + ********************************************************************/ +BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass) +{ + GROUP_MAP *map=NULL; + int i, num, num_entries, cur_gid=0; + struct group *grp; + DOM_GID *gids; + fstring user_name; + uint32 grid; + uint32 tmp_rid; + + *numgroups= 0; + + fstrcpy(user_name, pdb_get_username(sam_pass)); + grid=pdb_get_group_rid(sam_pass); + + DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name)); + + /* first get the list of the domain groups */ + if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) + return False; + DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries)); + + /* + * alloc memory. In the worse case, we alloc memory for nothing. + * but I prefer to alloc for nothing + * than reallocing everytime. + */ + gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * num_entries); + + /* for each group, check if the user is a member of*/ + for(i=0; i<num_entries; i++) { + if ((grp=getgrgid(map[i].gid)) == NULL) { + /* very weird !!! */ + DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid)); + continue; + } + + for(num=0; grp->gr_mem[num]!=NULL; num++) { + if(strcmp(grp->gr_mem[num], user_name)==0) { + /* we found the user, add the group to the list */ + sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid)); + gids[cur_gid].attr=7; + DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name)); + cur_gid++; + break; + } + } + } + + /* we have checked the groups */ + /* we must now check the gid of the user or the primary group rid, that's the same */ + for (i=0; i<cur_gid && grid!=gids[i].g_rid; i++) + ; + + /* the user's gid is already there */ + if (i!=cur_gid) { + /* + * the primary group of the user but be the first one in the list + * don't ask ! JFM. + */ + gids[i].g_rid=gids[0].g_rid; + gids[0].g_rid=grid; + goto done; + } + + for(i=0; i<num_entries; i++) { + sid_peek_rid(&map[i].sid, &tmp_rid); + if (tmp_rid==grid) { + /* + * the primary group of the user but be the first one in the list + * don't ask ! JFM. + */ + gids[cur_gid].g_rid=gids[0].g_rid; + gids[0].g_rid=tmp_rid; + gids[cur_gid].attr=7; + DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name)); + cur_gid++; + goto done; /* leave the loop early */ + } + } + + DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name)); + DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n")); + + + done: + *pgids=gids; + *numgroups=cur_gid; + safe_free(map); + + return True; +} + +/******************************************************************* + gets a domain user's groups from their already-calculated NT_USER_TOKEN + ********************************************************************/ +NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, + const NT_USER_TOKEN *nt_token, + int *numgroups, DOM_GID **pgids) +{ + DOM_GID *gids; + int i; + + gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids); + + if (!gids) { + return NT_STATUS_NO_MEMORY; + } + + *numgroups=0; + + for (i=PRIMARY_GROUP_SID_INDEX; i < nt_token->num_sids; i++) { + if (sid_compare_domain(domain_sid, &nt_token->user_sids[i])==0) { + sid_peek_rid(&nt_token->user_sids[i], &(gids[*numgroups].g_rid)); + gids[*numgroups].attr=7; + (*numgroups)++; + } + } + *pgids = gids; + return NT_STATUS_OK; +} + +/******************************************************************* + Look up a local (domain) rid and return a name and type. + ********************************************************************/ +NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type) +{ + int i = 0; + (*type) = SID_NAME_DOM_GRP; + + DEBUG(5,("lookup_group_name: rid: %d", rid)); + + while (domain_group_rids[i].rid != rid && domain_group_rids[i].rid != 0) + { + i++; + } + + if (domain_group_rids[i].rid != 0) + { + fstrcpy(group_name, domain_group_rids[i].name); + DEBUG(5,(" = %s\n", group_name)); + return NT_STATUS_OK; + } + + DEBUG(5,(" none mapped\n")); + return NT_STATUS_NONE_MAPPED; +} + +/******************************************************************* + Look up a local alias rid and return a name and type. + ********************************************************************/ +NTSTATUS local_lookup_alias_name(uint32 rid, char *alias_name, uint32 *type) +{ + int i = 0; + (*type) = SID_NAME_WKN_GRP; + + DEBUG(5,("lookup_alias_name: rid: %d", rid)); + + while (builtin_alias_rids[i].rid != rid && builtin_alias_rids[i].rid != 0) + { + i++; + } + + if (builtin_alias_rids[i].rid != 0) + { + fstrcpy(alias_name, builtin_alias_rids[i].name); + DEBUG(5,(" = %s\n", alias_name)); + return NT_STATUS_OK; + } + + DEBUG(5,(" none mapped\n")); + return NT_STATUS_NONE_MAPPED; +} + + +#if 0 /*Nobody uses this function just now*/ +/******************************************************************* + Look up a local user rid and return a name and type. + ********************************************************************/ +NTSTATUS local_lookup_user_name(uint32 rid, char *user_name, uint32 *type) +{ + SAM_ACCOUNT *sampwd=NULL; + int i = 0; + BOOL ret; + + (*type) = SID_NAME_USER; + + DEBUG(5,("lookup_user_name: rid: %d", rid)); + + /* look up the well-known domain user rids first */ + while (domain_user_rids[i].rid != rid && domain_user_rids[i].rid != 0) + { + i++; + } + + if (domain_user_rids[i].rid != 0) { + fstrcpy(user_name, domain_user_rids[i].name); + DEBUG(5,(" = %s\n", user_name)); + return NT_STATUS_OK; + } + + pdb_init_sam(&sampwd); + + /* ok, it's a user. find the user account */ + become_root(); + ret = pdb_getsampwrid(sampwd, rid); + unbecome_root(); + + if (ret == True) { + fstrcpy(user_name, pdb_get_username(sampwd) ); + DEBUG(5,(" = %s\n", user_name)); + pdb_free_sam(&sampwd); + return NT_STATUS_OK; + } + + DEBUG(5,(" none mapped\n")); + pdb_free_sam(&sampwd); + return NT_STATUS_NONE_MAPPED; +} + +#endif + +/******************************************************************* + Look up a local (domain) group name and return a rid + ********************************************************************/ +NTSTATUS local_lookup_group_rid(char *group_name, uint32 *rid) +{ + const char *grp_name; + int i = -1; /* start do loop at -1 */ + + do /* find, if it exists, a group rid for the group name*/ + { + i++; + (*rid) = domain_group_rids[i].rid; + grp_name = domain_group_rids[i].name; + + } while (grp_name != NULL && !strequal(grp_name, group_name)); + + return (grp_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED; +} + +/******************************************************************* + Look up a local (BUILTIN) alias name and return a rid + ********************************************************************/ +NTSTATUS local_lookup_alias_rid(const char *alias_name, uint32 *rid) +{ + const char *als_name; + int i = -1; /* start do loop at -1 */ + + do /* find, if it exists, a alias rid for the alias name*/ + { + i++; + (*rid) = builtin_alias_rids[i].rid; + als_name = builtin_alias_rids[i].name; + + } while (als_name != NULL && !strequal(als_name, alias_name)); + + return (als_name != NULL) ? NT_STATUS_OK : NT_STATUS_NONE_MAPPED; +} + +/******************************************************************* + Look up a local user name and return a rid + ********************************************************************/ +NTSTATUS local_lookup_user_rid(char *user_name, uint32 *rid) +{ + SAM_ACCOUNT *sampass=NULL; + BOOL ret; + + (*rid) = 0; + + pdb_init_sam(&sampass); + + /* find the user account */ + become_root(); + ret = pdb_getsampwnam(sampass, user_name); + unbecome_root(); + + if (ret == True) { + (*rid) = pdb_get_user_rid(sampass); + pdb_free_sam(&sampass); + return NT_STATUS_OK; + } + + pdb_free_sam(&sampass); + return NT_STATUS_NONE_MAPPED; +} diff --git a/source4/rpc_server/srv_wkssvc.c b/source4/rpc_server/srv_wkssvc.c new file mode 100644 index 0000000000..e0d662ea80 --- /dev/null +++ b/source4/rpc_server/srv_wkssvc.c @@ -0,0 +1,75 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997, + * Copyright (C) Anthony Liguori 2003. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the interface to the wks pipe. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/******************************************************************* + api_wks_query_info + ********************************************************************/ + +static BOOL api_wks_query_info(pipes_struct *p) +{ + WKS_Q_QUERY_INFO q_u; + WKS_R_QUERY_INFO r_u; + prs_struct *data = &p->in_data.data; + prs_struct *rdata = &p->out_data.rdata; + + ZERO_STRUCT(q_u); + ZERO_STRUCT(r_u); + + /* grab the net share enum */ + if(!wks_io_q_query_info("", &q_u, data, 0)) + return False; + + r_u.status = _wks_query_info(p, &q_u, &r_u); + + /* store the response in the SMB stream */ + if(!wks_io_r_query_info("", &r_u, rdata, 0)) + return False; + + return True; +} + + +/******************************************************************* + \PIPE\wkssvc commands + ********************************************************************/ + +#ifdef RPC_WKS_DYNAMIC +int init_module(void) +#else +int rpc_wks_init(void) +#endif +{ + static struct api_struct api_wks_cmds[] = + { + { "WKS_Q_QUERY_INFO", WKS_QUERY_INFO, api_wks_query_info } + }; + return rpc_pipe_register_commands("wkssvc", "ntsvcs", api_wks_cmds, + sizeof(api_wks_cmds) / sizeof(struct api_struct)); +} diff --git a/source4/rpc_server/srv_wkssvc_nt.c b/source4/rpc_server/srv_wkssvc_nt.c new file mode 100644 index 0000000000..2ca43e5d51 --- /dev/null +++ b/source4/rpc_server/srv_wkssvc_nt.c @@ -0,0 +1,79 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-1997, + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, + * Copyright (C) Paul Ashton 1997. + * Copyright (C) Jeremy Allison 2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +/* This is the implementation of the wks interface. */ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_RPC_SRV + +/******************************************************************* + create_wks_info_100 + ********************************************************************/ + +static void create_wks_info_100(WKS_INFO_100 *inf) +{ + pstring my_name; + pstring domain; + + DEBUG(5,("create_wks_info_100: %d\n", __LINE__)); + + pstrcpy (my_name, lp_netbios_name()); + strupper(my_name); + + pstrcpy (domain, lp_workgroup()); + strupper(domain); + + init_wks_info_100(inf, + 0x000001f4, /* platform id info */ + lp_major_announce_version(), + lp_minor_announce_version(), + my_name, domain); +} + +/******************************************************************* + wks_reply_query_info + + only supports info level 100 at the moment. + + ********************************************************************/ + +NTSTATUS _wks_query_info(pipes_struct *p, WKS_Q_QUERY_INFO *q_u, WKS_R_QUERY_INFO *r_u) +{ + WKS_INFO_100 *wks100 = NULL; + + DEBUG(5,("_wks_query_info: %d\n", __LINE__)); + + wks100 = (WKS_INFO_100 *)talloc_zero(p->mem_ctx, sizeof(WKS_INFO_100)); + + if (!wks100) + return NT_STATUS_NO_MEMORY; + + create_wks_info_100(wks100); + init_wks_r_query_info(r_u, q_u->switch_value, wks100, NT_STATUS_OK); + + DEBUG(5,("_wks_query_info: %d\n", __LINE__)); + + return r_u->status; +} |