From 633ee99afa1f25fcd16796bedec571471f3617ca Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Sun, 2 Dec 2001 01:45:50 +0000 Subject: added queryuseraliases to rpcclient and some comments to the samr server code, to explain what we should return here. J.F. (This used to be commit 06cb20a46d9d9f8abf0d92ba4cfa4d23187ad715) --- source3/libsmb/cli_samr.c | 49 +++++++++++++++++++++++++++++ source3/rpc_server/srv_samr_nt.c | 33 +++++++++++++++++++ source3/rpcclient/cmd_samr.c | 68 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 150 insertions(+) diff --git a/source3/libsmb/cli_samr.c b/source3/libsmb/cli_samr.c index d609572942..49010324e3 100644 --- a/source3/libsmb/cli_samr.c +++ b/source3/libsmb/cli_samr.c @@ -407,6 +407,55 @@ NTSTATUS cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } +/* Query user aliases */ + +NTSTATUS cli_samr_query_useraliases(struct cli_state *cli, TALLOC_CTX *mem_ctx, + POLICY_HND *user_pol, uint32 num_sids, DOM_SID2 *sid, + uint32 *num_aliases, uint32 **als_rids) +{ + prs_struct qbuf, rbuf; + SAMR_Q_QUERY_USERALIASES q; + SAMR_R_QUERY_USERALIASES r; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint ptr=1; + + ZERO_STRUCT(q); + ZERO_STRUCT(r); + + /* Initialise parse structures */ + + prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); + prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); + + /* Marshall data and send request */ + + init_samr_q_query_useraliases(&q, user_pol, num_sids, &ptr, sid); + + if (!samr_io_q_query_useraliases("", &q, &qbuf, 0) || + !rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &qbuf, &rbuf)) { + goto done; + } + + /* Unmarshall response */ + + if (!samr_io_r_query_useraliases("", &r, &rbuf, 0)) { + goto done; + } + + /* Return output parameters */ + + if (NT_STATUS_IS_OK(result = r.status)) { + *num_aliases = r.num_entries; + *als_rids = r.rid; + } + + done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + + return result; +} + /* Query user groups */ NTSTATUS cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index f791ba2e34..8882b0801a 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1849,6 +1849,19 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S struct samr_info *info = NULL; BOOL ret; + /* + * from the SID in the request: + * we should send back the list of DOMAIN GROUPS + * the user is a member of + * + * and only the DOMAIN GROUPS + * no ALIASES !!! neither aliases of the domain + * nor aliases of the builtin SID + * + * JFM, 12/2/2001 + */ + + r_u->status = NT_STATUS_OK; DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); @@ -2704,6 +2717,26 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, /* until i see a real useraliases query, we fack one up */ + /* I have seen one, JFM 2/12/2001 */ + /* + * Explanation of what this call does: + * for all the SID given in the request: + * return a list of alias (local groups) + * that have those SID as members. + * + * and that's the alias in the domain specified + * in the policy_handle + * + * if the policy handle is on an incorrect sid + * for example a user's sid + * we should reply NT_STATUS_OBJECT_TYPE_MISMATCH + */ + + + + + + rid[0] = BUILTIN_ALIAS_RID_USERS; init_samr_r_query_useraliases(r_u, num_rids, rid, NT_STATUS_OK); diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index 0b58d0ae4f..4ccd428576 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -538,6 +538,73 @@ static NTSTATUS cmd_samr_query_usergroups(struct cli_state *cli, return result; } +/* Query aliases a user is a member of */ + +static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli, + TALLOC_CTX *mem_ctx, + int argc, char **argv) +{ + POLICY_HND connect_pol, + domain_pol, + user_pol; + NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + uint32 user_rid, num_aliases, *alias_rids; + int i; + fstring server; + DOM_SID tmp_sid; + DOM_SID2 sid; + DOM_SID global_sid_Builtin; + + string_to_sid(&global_sid_Builtin, "S-1-5-32"); + + if (argc != 3) { + printf("Usage: %s builtin|domain rid\n", argv[0]); + return NT_STATUS_OK; + } + + sscanf(argv[2], "%i", &user_rid); + + slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost); + strupper (server); + + result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, + &connect_pol); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + if (StrCaseCmp(argv[1], "domain")==0) + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &domain_sid, &domain_pol); + else if (StrCaseCmp(argv[1], "builtin")==0) + result = cli_samr_open_domain(cli, mem_ctx, &connect_pol, + MAXIMUM_ALLOWED_ACCESS, + &global_sid_Builtin, &domain_pol); + else + return NT_STATUS_OK; + + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + sid_copy(&tmp_sid, &domain_sid); + sid_append_rid(&tmp_sid, user_rid); + init_dom_sid2(&sid, &tmp_sid); + + result = cli_samr_query_useraliases(cli, mem_ctx, &domain_pol, 1, &sid, &num_aliases, &alias_rids); + if (!NT_STATUS_IS_OK(result)) { + goto done; + } + + for (i = 0; i < num_aliases; i++) { + printf("\tgroup rid:[0x%x]\n", alias_rids[i]); + } + + done: + return result; +} + /* Query members of a group */ static NTSTATUS cmd_samr_query_groupmem(struct cli_state *cli, @@ -1163,6 +1230,7 @@ struct cmd_set samr_commands[] = { { "queryuser", cmd_samr_query_user, PIPE_SAMR, "Query user info", "" }, { "querygroup", cmd_samr_query_group, PIPE_SAMR, "Query group info", "" }, { "queryusergroups", cmd_samr_query_usergroups, PIPE_SAMR, "Query user groups", "" }, + { "queryuseraliases", cmd_samr_query_useraliases, PIPE_SAMR, "Query user aliases", "" }, { "querygroupmem", cmd_samr_query_groupmem, PIPE_SAMR, "Query group membership", "" }, { "queryaliasmem", cmd_samr_query_aliasmem, PIPE_SAMR, "Query alias membership", "" }, { "querydispinfo", cmd_samr_query_dispinfo, PIPE_SAMR, "Query display info", "" }, -- cgit