From 30038de4623bc827ee8019c569faf00583d1fe58 Mon Sep 17 00:00:00 2001
From: Luke Leighton <lkcl@samba.org>
Date: Sun, 29 Nov 1998 20:03:33 +0000
Subject: weekend work.  user / group database API.

- split sam_passwd and smb_passwd into separate higher-order function tables

- renamed struct smb_passwd's "smb_user" to "unix_user".  added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.

NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.

- added query_useraliases code to rpcclient.

- dealt with some nasty interdependencies involving non-smbd programs
and the password database API.  this is still not satisfactorily
resolved completelely, but it's the best i can do for now.

- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.

lots of debugging done, it's still not finished.  the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect.  the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
---
 source3/rpc_client/cli_login.c  |  8 ++---
 source3/rpc_client/cli_lsarpc.c |  2 +-
 source3/rpc_client/cli_samr.c   | 67 +++++++++++++++++++++++++++++++++++++++--
 3 files changed, 69 insertions(+), 8 deletions(-)

(limited to 'source3/rpc_client')

diff --git a/source3/rpc_client/cli_login.c b/source3/rpc_client/cli_login.c
index 3ce22fd854..c7a542577f 100644
--- a/source3/rpc_client/cli_login.c
+++ b/source3/rpc_client/cli_login.c
@@ -101,7 +101,7 @@ password equivalents, protected by the session key) is inherently insecure
 given the current design of the NT Domain system. JRA.
  ****************************************************************************/
 BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username, 
-                              uint32 smb_userid_low, char *password,
+                              uint32 luid_low, char *password,
                               NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
 {
   uchar lm_owf_user_pwd[16];
@@ -129,7 +129,7 @@ BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *usernam
 
   /* Create the structure needed for SAM logon. */
   make_id_info1(&ctr->auth.id1, domain, 0, 
-                smb_userid_low, 0,
+                luid_low, 0,
                 username, cli->clnt_name_slash,
                 (char *)cli->sess_key, lm_owf_user_pwd, nt_owf_user_pwd);
 
@@ -154,7 +154,7 @@ password equivalents over the network. JRA.
 ****************************************************************************/
 
 BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username, 
-                          uint32 smb_userid_low, char lm_chal[8], char lm_chal_resp[24],
+                          uint32 luid_low, char lm_chal[8], char lm_chal_resp[24],
                           char nt_chal_resp[24],
                           NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3)
 {
@@ -165,7 +165,7 @@ BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
 
   /* Create the structure needed for SAM logon. */
   make_id_info2(&ctr->auth.id2, domain, 0, 
-                smb_userid_low, 0,
+                luid_low, 0,
                 username, cli->clnt_name_slash,
                 (uchar *)lm_chal, (uchar *)lm_chal_resp, (uchar *)nt_chal_resp);
 
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 48dd90ffa9..e8f1cac19b 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -309,7 +309,7 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli,
 					fstrcpy(dom_name, unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer));
 					fstrcpy(name    , unistr2(t_names.uni_name[i].buffer));
 					
-					slprintf(full_name, sizeof(full_name), "\\%s\\%s",
+					slprintf(full_name, sizeof(full_name), "%s\\%s",
 						 dom_name, name);
 
 					(*names)[i] = strdup(full_name);
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 50e44f5138..c51fcd42e8 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -334,7 +334,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli,
 			for (i = 0; i < *num_sam_users; i++)
 			{
 
-				(*sam)[i].smb_userid = r_e.sam[i].rid;
+				(*sam)[i].user_rid = r_e.sam[i].rid;
 				if (r_e.sam[i].hdr_name.buffer)
 				{
 					char *acct_name = unistrn2(r_e.uni_acct_name[name_idx].buffer,
@@ -347,7 +347,7 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli,
 					bzero((*sam)[i].acct_name, sizeof((*sam)[i].acct_name));
 				}
 				DEBUG(5,("do_samr_enum_dom_users: idx: %4d rid: %8x acct: %s\n",
-				          i, (*sam)[i].smb_userid, (*sam)[i].acct_name));
+				          i, (*sam)[i].user_rid, (*sam)[i].acct_name));
 			}
 			valid_pol = True;
 		}
@@ -618,6 +618,67 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli,
 	return valid_query;
 }
 
+/****************************************************************************
+do a SAMR Query User Aliases
+****************************************************************************/
+BOOL do_samr_query_useraliases(struct cli_state *cli, 
+				POLICY_HND *pol, DOM_SID *sid,
+				uint32 *num_aliases, uint32 *rid)
+{
+	prs_struct data;
+	prs_struct rdata;
+
+	SAMR_Q_QUERY_USERALIASES q_o;
+	BOOL valid_query = False;
+
+	/* create and send a MSRPC command with api SAMR_QUERY_USERALIASES */
+
+	prs_init(&data , 1024, 4, SAFETY_MARGIN, False);
+	prs_init(&rdata, 0   , 4, SAFETY_MARGIN, True );
+
+	DEBUG(4,("SAMR Query User Aliases.\n"));
+
+	if (pol == NULL || sid == NULL || rid == NULL || num_aliases == 0) return False;
+
+	/* store the parameters */
+	make_samr_q_query_useraliases(&q_o, pol, sid);
+
+	/* turn parameters into data stream */
+	samr_io_q_query_useraliases("", &q_o,  &data, 0);
+
+	/* send the data on \PIPE\ */
+	if (rpc_api_pipe_req(cli, SAMR_QUERY_USERALIASES, &data, &rdata))
+	{
+		SAMR_R_QUERY_USERALIASES r_o;
+		BOOL p;
+
+		/* get user info */
+		r_o.rid = rid;
+
+		samr_io_r_query_useraliases("", &r_o, &rdata, 0);
+		p = rdata.offset != 0;
+		
+		if (p && r_o.status != 0)
+		{
+			/* report error code */
+			DEBUG(0,("SAMR_R_QUERY_USERALIASES: %s\n", get_nt_error_msg(r_o.status)));
+			p = False;
+		}
+
+		if (p && r_o.ptr != 0)
+		{
+			valid_query = True;
+			*num_aliases = r_o.num_entries;
+		}
+
+	}
+
+	prs_mem_free(&data   );
+	prs_mem_free(&rdata  );
+
+	return valid_query;
+}
+
 /****************************************************************************
 do a SAMR Query User Groups
 ****************************************************************************/
@@ -628,7 +689,7 @@ BOOL do_samr_query_usergroups(struct cli_state *cli,
 	prs_struct rdata;
 
 	SAMR_Q_QUERY_USERGROUPS q_o;
-    BOOL valid_query = False;
+	BOOL valid_query = False;
 
 	/* create and send a MSRPC command with api SAMR_QUERY_USERGROUPS */
 
-- 
cgit