From 05f772b431f9c77a2fb37736fc4f801d84cac365 Mon Sep 17 00:00:00 2001 From: Matthew Chapman Date: Wed, 24 Feb 1999 01:52:30 +0000 Subject: Win9x user level security. * Added SAMR_LOOKUP_DOMAIN (-> SamrLookupDomainInSamServer) * Added real SAMR_ENUM_DOM_GROUPS (corresponding to SamrEnumerateGroupsInDomain). The existing one is just an alias for SamrQueryDisplayInformation (see below). * Added three extra info levels to SAMR_QUERY_DISPINFO. Info level 3 is what was previously SAMR_ENUM_DOM_GROUPS; info levels 4 and 5 are simple user/group list requests used by Win9x and I suspect (haven't checked) the "low speed connection" User Manager. * Added another two aliases for SAMR_QUERY_DISPINFO, opcodes 0x30 and 0x33. Usually the first is with info level 3 and the second 4 but there is some overlap so indeed these should be implemented as just aliases. * Return ERRDOS/ERRmoredata on extra data instead of STATUS_BUFFER_OVERFLOW for Win95's benefit. On a named pipe this results in an SMBreadX as usual. Still need to fix SAMR_QUERY_DOMAIN_INFO which has a hard-coded number of users and groups - which Win95 proceeds to truncate at. (This used to be commit 7d03e6e21908f3a759a4e65c5edd850622335e3e) --- source3/include/proto.h | 55 +++++++---- source3/include/rpc_samr.h | 225 +++++++++++++++++++++++++++++++-------------- 2 files changed, 195 insertions(+), 85 deletions(-) (limited to 'source3/include') diff --git a/source3/include/proto.h b/source3/include/proto.h index edc087be3f..f31d178842 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1731,6 +1731,9 @@ BOOL samr_set_groupinfo(struct cli_state *cli, uint16 fnum, BOOL samr_open_domain(struct cli_state *cli, uint16 fnum, POLICY_HND *connect_pol, uint32 flags, DOM_SID *sid, POLICY_HND *domain_pol); +BOOL samr_query_lookup_domain(struct cli_state *cli, uint16 fnum, + POLICY_HND *pol, const char *dom_name, + DOM_SID *dom_sid); BOOL samr_query_lookup_names(struct cli_state *cli, uint16 fnum, POLICY_HND *pol, uint32 flags, uint32 num_names, const char **names, @@ -2160,6 +2163,10 @@ void smb_io_rpc_auth_ntlmssp_chk(char *desc, RPC_AUTH_NTLMSSP_CHK *chk, prs_stru void make_samr_q_close_hnd(SAMR_Q_CLOSE_HND *q_c, POLICY_HND *hnd); void samr_io_q_close_hnd(char *desc, SAMR_Q_CLOSE_HND *q_u, prs_struct *ps, int depth); void samr_io_r_close_hnd(char *desc, SAMR_R_CLOSE_HND *r_u, prs_struct *ps, int depth); +void make_samr_q_lookup_domain(SAMR_Q_LOOKUP_DOMAIN *q_u, + POLICY_HND *pol, const char *dom_name); +void samr_io_q_lookup_domain(char *desc, SAMR_Q_LOOKUP_DOMAIN *q_u, prs_struct *ps, int depth); +void samr_io_r_lookup_domain(char *desc, SAMR_R_LOOKUP_DOMAIN *r_u, prs_struct *ps, int depth); void make_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN *q_u, POLICY_HND *connect_pol, uint32 flags, DOM_SID *sid); @@ -2201,17 +2208,29 @@ void make_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS *r_u, uint32 num_sam_entries, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES], uint32 status); void samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struct *ps, int depth); void make_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_e, POLICY_HND *pol, - uint16 switch_level, uint32 start_idx, uint32 size); + uint16 switch_level, uint32 start_idx, + uint32 max_entries); void samr_io_q_query_dispinfo(char *desc, SAMR_Q_QUERY_DISPINFO *q_e, prs_struct *ps, int depth); -void make_sam_info_2(SAM_INFO_2 *sam, uint32 acb_mask, - uint32 start_idx, uint32 num_sam_entries, - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]); -void make_sam_info_1(SAM_INFO_1 *sam, uint32 acb_mask, - uint32 start_idx, uint32 num_sam_entries, - SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]); +void make_sam_dispinfo_1(SAM_DISPINFO_1 *sam, uint32 *num_entries, + uint32 *data_size, uint32 start_idx, + SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]); +void make_sam_dispinfo_2(SAM_DISPINFO_2 *sam, uint32 *num_entries, + uint32 *data_size, uint32 start_idx, + SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]); +void make_sam_dispinfo_3(SAM_DISPINFO_3 *sam, uint32 *num_entries, + uint32 *data_size, uint32 start_idx, + DOMAIN_GRP *grp); +void make_sam_dispinfo_4(SAM_DISPINFO_4 *sam, uint32 *num_entries, + uint32 *data_size, uint32 start_idx, + SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]); +void make_sam_dispinfo_5(SAM_DISPINFO_5 *sam, uint32 *num_entries, + uint32 *data_size, uint32 start_idx, + DOMAIN_GRP *grp); void make_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO *r_u, - uint16 switch_level, SAM_INFO_CTR *ctr, uint32 status); -void samr_io_r_query_dispinfo(char *desc, SAMR_R_QUERY_DISPINFO *r_u, prs_struct *ps, int depth); + uint32 num_entries, uint32 data_size, + uint16 switch_level, SAM_DISPINFO_CTR *ctr, + uint32 status); +void samr_io_r_query_dispinfo(char *desc, SAMR_R_QUERY_DISPINFO *r_u, prs_struct *ps, int depth); void make_samr_q_open_group(SAMR_Q_OPEN_GROUP *q_c, POLICY_HND *hnd, uint32 unk, uint32 rid); void samr_io_q_open_group(char *desc, SAMR_Q_OPEN_GROUP *q_u, prs_struct *ps, int depth); @@ -2266,20 +2285,18 @@ void samr_io_q_query_groupmem(char *desc, SAMR_Q_QUERY_GROUPMEM *q_u, prs_struc void make_samr_r_query_groupmem(SAMR_R_QUERY_GROUPMEM *r_u, uint32 num_entries, uint32 *rid, uint32 *attr, uint32 status); void samr_io_r_query_groupmem(char *desc, SAMR_R_QUERY_GROUPMEM *r_u, prs_struct *ps, int depth); -void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, - uint16 switch_level, uint32 start_idx, uint32 size); -void samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth); -void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, - uint32 start_idx, uint32 num_sam_entries, - DOMAIN_GRP *grp, - uint32 status); -void samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth); void make_samr_q_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u, POLICY_HND *hnd); void samr_io_q_query_usergroups(char *desc, SAMR_Q_QUERY_USERGROUPS *q_u, prs_struct *ps, int depth); void make_samr_r_query_usergroups(SAMR_R_QUERY_USERGROUPS *r_u, uint32 num_gids, DOM_GID *gid, uint32 status); void samr_io_r_query_usergroups(char *desc, SAMR_R_QUERY_USERGROUPS *r_u, prs_struct *ps, int depth); +void make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, uint32 size); +void samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth); +void make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, + uint32 num_sam_entries, DOMAIN_GRP *grps, + uint32 status); +void samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth); void make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol, uint32 size); void samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_struct *ps, int depth); void make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, @@ -2432,7 +2449,8 @@ void samr_io_r_chgpasswd_user(char *desc, SAMR_R_CHGPASSWD_USER *r_u, prs_struct void init_sec_access(SEC_ACCESS *t, uint32 mask); BOOL sec_io_access(char *desc, SEC_ACCESS *t, prs_struct *ps, int depth); -void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag); +void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, + uint8 flag); BOOL sec_io_ace(char *desc, SEC_ACE *psa, prs_struct *ps, int depth); void free_sec_acl(SEC_ACL **ppsa); BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth); @@ -2696,6 +2714,7 @@ void cmd_reg_shutdown(struct client_info *info); void cmd_sam_ntchange_pwd(struct client_info *info); void cmd_sam_test(struct client_info *info); +void cmd_sam_lookup_domain(struct client_info *info); void cmd_sam_del_aliasmem(struct client_info *info); void cmd_sam_delete_dom_alias(struct client_info *info); void cmd_sam_add_aliasmem(struct client_info *info); diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index d70702f8a6..ea6a1f7919 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -81,11 +81,13 @@ SamrTestPrivateFunctionsUser #define SAMR_CLOSE_HND 0x01 #define SAMR_UNKNOWN_3 0x03 +#define SAMR_LOOKUP_DOMAIN 0x05 #define SAMR_OPEN_DOMAIN 0x07 #define SAMR_QUERY_DOMAIN_INFO 0x08 #define SAMR_CREATE_DOM_GROUP 0x0a +#define SAMR_ENUM_DOM_GROUPS 0x0b #define SAMR_ENUM_DOM_USERS 0x0d #define SAMR_CREATE_DOM_ALIAS 0x0e #define SAMR_ENUM_DOM_ALIASES 0x0f @@ -117,8 +119,11 @@ SamrTestPrivateFunctionsUser #define SAMR_QUERY_DISPINFO 0x28 #define SAMR_UNKNOWN_2C 0x2c -#define SAMR_ENUM_DOM_GROUPS 0x30 +#define SAMR_QUERY_DISPINFO3 0x30 /* Alias for SAMR_QUERY_DISPINFO + with info level 3 */ #define SAMR_UNKNOWN_32 0x32 +#define SAMR_QUERY_DISPINFO4 0x33 /* Alias for SAMR_QUERY_DISPINFO + with info level 4 */ #define SAMR_UNKNOWN_34 0x34 #define SAMR_CHGPASSWD_USER 0x37 @@ -446,6 +451,28 @@ typedef struct r_samr_query_domain_info } SAMR_R_QUERY_DOMAIN_INFO; +/* SAMR_Q_LOOKUP_DOMAIN - obtain SID for a local domain */ +typedef struct q_samr_lookup_domain_info +{ + POLICY_HND connect_pol; + + UNIHDR hdr_domain; + UNISTR2 uni_domain; + +} SAMR_Q_LOOKUP_DOMAIN; + + +/* SAMR_R_LOOKUP_DOMAIN */ +typedef struct r_samr_lookup_domain_info +{ + uint32 ptr_sid; + DOM_SID2 dom_sid; + + uint32 status; + +} SAMR_R_LOOKUP_DOMAIN; + + /**************************************************************************** SAMR_Q_OPEN_DOMAIN - unknown_0 values seen associated with SIDs: @@ -481,6 +508,7 @@ typedef struct samr_entry_info } SAM_ENTRY; + /* SAMR_Q_ENUM_DOM_USERS - SAM rids and names */ typedef struct q_samr_enum_dom_users_info { @@ -516,37 +544,15 @@ typedef struct r_samr_enum_dom_users_info } SAMR_R_ENUM_DOM_USERS; -typedef struct samr_entry_info3 -{ - uint32 grp_idx; - - uint32 rid_grp; - uint32 attr; - - UNIHDR hdr_grp_name; - UNIHDR hdr_grp_desc; - -} SAM_ENTRY3; - -typedef struct samr_str_entry_info3 -{ - UNISTR2 uni_grp_name; - UNISTR2 uni_grp_desc; - -} SAM_STR3; - /* SAMR_Q_ENUM_DOM_GROUPS - SAM rids and names */ typedef struct q_samr_enum_dom_groups_info { POLICY_HND pol; /* policy handle */ - /* these are possibly an enumeration context handle... */ - uint16 switch_level; /* 0x0003 */ - uint16 unknown_0; /* 0x0000 */ - uint32 start_idx; /* presumably the start enumeration index */ - uint32 unknown_1; /* 0x0000 07d0 */ + /* this is possibly an enumeration context handle... */ + uint32 unknown_0; /* 0x0000 0000 */ - uint32 max_size; /* 0x0000 7fff */ + uint32 max_size; /* 0x0000 ffff */ } SAMR_Q_ENUM_DOM_GROUPS; @@ -554,24 +560,24 @@ typedef struct q_samr_enum_dom_groups_info /* SAMR_R_ENUM_DOM_GROUPS - SAM rids and names */ typedef struct r_samr_enum_dom_groups_info { - uint32 unknown_0; /* 0x0000 0492 or 0x0000 00be */ - uint32 unknown_1; /* 0x0000 049a or 0x0000 00be */ - uint32 switch_level; /* 0x0000 0003 */ - uint32 num_entries; uint32 ptr_entries; uint32 num_entries2; + uint32 ptr_entries2; - SAM_ENTRY3 sam[MAX_SAM_ENTRIES]; - SAM_STR3 str[MAX_SAM_ENTRIES]; + uint32 num_entries3; + + SAM_ENTRY sam[MAX_SAM_ENTRIES]; + UNISTR2 uni_grp_name[MAX_SAM_ENTRIES]; + + uint32 num_entries4; uint32 status; } SAMR_R_ENUM_DOM_GROUPS; - /* SAMR_Q_ENUM_DOM_ALIASES - SAM rids and names */ typedef struct q_samr_enum_dom_aliases_info { @@ -584,6 +590,7 @@ typedef struct q_samr_enum_dom_aliases_info } SAMR_Q_ENUM_DOM_ALIASES; + /* SAMR_R_ENUM_DOM_ALIASES - SAM rids and names */ typedef struct r_samr_enum_dom_aliases_info { @@ -605,20 +612,7 @@ typedef struct r_samr_enum_dom_aliases_info } SAMR_R_ENUM_DOM_ALIASES; - -/* SAMR_Q_QUERY_DISPINFO - SAM rids, names and descriptions */ -typedef struct q_samr_query_disp_info -{ - POLICY_HND pol; /* policy handle */ - - uint16 switch_level; /* 0x0001 and 0x0002 seen */ - uint16 unknown_0; /* 0x0000 and 0x2000 seen */ - uint32 start_idx; /* presumably the start enumeration index */ - uint32 unknown_1; /* 0x0000 07d0, 0x0000 0400 and 0x0000 0200 seen */ - - uint32 max_size; /* 0x0000 7fff, 0x0000 7ffe and 0x0000 3fff seen*/ - -} SAMR_Q_QUERY_DISPINFO; +/* -- Level 1 Display Info - User Information -- */ typedef struct samr_entry_info1 { @@ -644,15 +638,13 @@ typedef struct samr_str_entry_info1 typedef struct sam_entry_info_1 { - uint32 num_entries; - uint32 ptr_entries; - uint32 num_entries2; - SAM_ENTRY1 sam[MAX_SAM_ENTRIES]; SAM_STR1 str[MAX_SAM_ENTRIES]; +} SAM_DISPINFO_1; -} SAM_INFO_1; + +/* -- Level 2 Display Info - Trust Account Information -- */ typedef struct samr_entry_info2 { @@ -676,36 +668,135 @@ typedef struct samr_str_entry_info2 typedef struct sam_entry_info_2 { - uint32 num_entries; - uint32 ptr_entries; - uint32 num_entries2; - SAM_ENTRY2 sam[MAX_SAM_ENTRIES]; SAM_STR2 str[MAX_SAM_ENTRIES]; -} SAM_INFO_2; +} SAM_DISPINFO_2; + -typedef struct sam_info_ctr_info +/* -- Level 3 Display Info - Domain Group Information -- */ + +typedef struct samr_entry_info3 +{ + uint32 grp_idx; + + uint32 rid_grp; + uint32 attr; /* SE_GROUP_xxx, usually 7 */ + + UNIHDR hdr_grp_name; + UNIHDR hdr_grp_desc; + +} SAM_ENTRY3; + +typedef struct samr_str_entry_info3 +{ + UNISTR2 uni_grp_name; + UNISTR2 uni_grp_desc; + +} SAM_STR3; + +typedef struct sam_entry_info_3 +{ + SAM_ENTRY3 sam[MAX_SAM_ENTRIES]; + SAM_STR3 str[MAX_SAM_ENTRIES]; + +} SAM_DISPINFO_3; + + +/* -- Level 4 Display Info - User List (ASCII) -- */ + +typedef struct samr_entry_info4 +{ + uint32 user_idx; + STRHDR hdr_acct_name; + +} SAM_ENTRY4; + +typedef struct samr_str_entry_info4 +{ + STRING2 acct_name; + +} SAM_STR4; + +typedef struct sam_entry_info_4 +{ + SAM_ENTRY4 sam[MAX_SAM_ENTRIES]; + SAM_STR4 str[MAX_SAM_ENTRIES]; + +} SAM_DISPINFO_4; + + +/* -- Level 5 Display Info - Group List (ASCII) -- */ + +typedef struct samr_entry_info5 +{ + uint32 grp_idx; + STRHDR hdr_grp_name; + +} SAM_ENTRY5; + +typedef struct samr_str_entry_info5 +{ + STRING2 grp_name; + +} SAM_STR5; + +typedef struct sam_entry_info_5 +{ + SAM_ENTRY5 sam[MAX_SAM_ENTRIES]; + SAM_STR5 str[MAX_SAM_ENTRIES]; + +} SAM_DISPINFO_5; + + +typedef struct sam_dispinfo_ctr_info { union { - SAM_INFO_1 *info1; /* server info */ - SAM_INFO_2 *info2; /* user info */ + SAM_DISPINFO_1 *info1; /* users/names/descriptions */ + SAM_DISPINFO_2 *info2; /* trust accounts */ + SAM_DISPINFO_3 *info3; /* domain groups/descriptions */ + SAM_DISPINFO_4 *info4; /* user list (ASCII) - used by Win95 */ + SAM_DISPINFO_5 *info5; /* group list (ASCII) */ void *info; /* allows assignment without typecasting, */ } sam; -} SAM_INFO_CTR; +} SAM_DISPINFO_CTR; + + +/* SAMR_Q_QUERY_DISPINFO - SAM rids, names and descriptions */ +typedef struct q_samr_query_disp_info +{ + POLICY_HND domain_pol; + + uint16 switch_level; /* see SAM_DISPINFO_CTR above */ + /* align */ + + uint32 start_idx; /* start enumeration index */ + uint32 max_entries; /* maximum number of entries to return */ + uint32 max_size; /* recommended data size; if exceeded server + should return STATUS_MORE_ENTRIES */ -/* SAMR_R_QUERY_DISPINFO - SAM rids, names and descriptions */ +} SAMR_Q_QUERY_DISPINFO; + + +/* SAMR_R_QUERY_DISPINFO */ typedef struct r_samr_query_dispinfo_info { - uint32 unknown_0; /* container length? 0x0000 0492 or 0x0000 00be */ - uint32 unknown_1; /* container length? 0x0000 049a or 0x0000 00be */ - uint16 switch_level; /* 0x0001 or 0x0002 */ - /*uint8 pad[2] */ + uint32 total_size; /* total data size for all matching entries + (0 = uncalculated) */ + uint32 data_size; /* actual data size returned = size of SAM_ENTRY + structures + total length of strings */ + + uint16 switch_level; /* see SAM_DISPINFO_CTR above */ + /* align */ + + uint32 num_entries; /* number of entries returned */ + uint32 ptr_entries; + uint32 num_entries2; - SAM_INFO_CTR *ctr; + SAM_DISPINFO_CTR *ctr; uint32 status; -- cgit